10-K 1 d664024d10k.htm FORM 10-K Form 10-K
Table of Contents

 

 

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION

Washington, D.C. 20549

 

 

FORM 10-K

FOR ANNUAL AND TRANSITION REPORTS PURSUANT TO

SECTIONS 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

(Mark One)

[x] ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(D) OF THE SECURITIES EXCHANGE ACT OF 1934

 

       FOR THE FISCAL YEAR ENDED DECEMBER 31, 2013

or

 

[    ] TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934

 

     FOR THE TRANSITION PERIOD FROM              TO            

Commission file number 000-24389

VASCO Data Security International, Inc.

(Exact Name of Registrant as Specified in Its Charter)

 

DELAWARE   36-4169320

(State or Other Jurisdiction of

Incorporation or Organization)

 

(IRS Employer

Identification No.)

1901 South Meyers Road, Suite 210

Oakbrook Terrace, Illinois 60181

(Address of Principal Executive Offices)(Zip Code)

Registrant’s telephone number, including area code:

(630) 932-8844

Securities registered pursuant to Section 12(b) of the Act:

 

Title of each class

 

Name of exchange on which registered

Common Stock, par value $.001 per share   NASDAQ Capital Market

Securities registered pursuant to Section 12(g) of the Act:

None

Indicate by check mark if the registrant is a well-known seasoned issuer, as defined by Rule 405 of the Securities Act.    Yes              No      X    

Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the act.    Yes              No      X    

Indicate by check mark whether the registrant: (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.    Yes      X        No          

Indicate by check mark whether the registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).    Yes      X        No          

Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.  [    ]

Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer or a smaller reporting company. See definition of “large accelerated filer,” “accelerated filer” and “smaller reporting company” in Rule 12b-2 of the Exchange Act.

Large accelerated filer               Accelerated filer      X        Non-accelerated filer               Smaller reporting company                                                                         (do not check if smaller reporting company)

Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).    Yes              No      X    

As of June 30, 2013, the aggregate market value of voting and non-voting common equity (based upon the last sale price of the common stock as reported on the NASDAQ Capital Market on June 28, 2013) held by non-affiliates of the registrant was $243,279,962 at $8.31 per share.

As of March 1, 2014, there were 39,688,730 shares of common stock outstanding.

DOCUMENTS INCORPORATED BY REFERENCE

Certain sections of the registrant’s Notice of Annual Meeting of Stockholders and Proxy Statement for its 2014 Annual Meeting of Stockholders are incorporated by reference into Part III of this report.

 

 

 


Table of Contents

TABLE OF CONTENTS

 

         PAGE  

PART I

  

Item 1.

  Business      2   

Item 1A.

  Risk Factors      17   

Item 1B.

  Unresolved Staff Comments      30   

Item 2.

  Properties      30   

Item 3.

  Legal Proceedings      30   

Item 4.

  Mine Safety Disclosures      30   

PART II

  

Item 5.

  Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities      31   

Item 6.

  Selected Financial Data      33   

Item 7.

  Management’s Discussion and Analysis of Financial Condition and Results of Operations      34   

Item 7A.

  Quantitative and Qualitative Disclosures About Market Risk      53   

Item 8.

  Financial Statements and Supplementary Data      54   

Item 9.

  Changes in and Disagreements with Accountants on Accounting and Financial Disclosures      54   

Item 9A.

  Controls and Procedures      54   

PART III

  

Item 10.

  Directors, Executive Officers and Corporate Governance      57   

Item 11.

  Executive Compensation      57   

Item 12.

  Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters      57   

Item 13.

  Certain Relationships and Related Transactions, and Director Independence      57   

Item 14.

  Principal Accounting Fees and Services      57   

PART IV

  

Item 15.

  Exhibits, Financial Statement Schedules      58   

CONSOLIDATED FINANCIAL STATEMENTS AND SCHEDULE

     F-1   

This report contains trademarks of VASCO Data Security International, Inc. and its subsidiaries, which include VASCO, the VASCO “V” design, Digipass as a Service (DPS), MYDIGIPASS.COM, DIGIPASS, VACMAN, aXsGUARD, Cronto and IDENTIKEY.


Table of Contents

Cautionary Statement for Purposes of the Safe Harbor Provisions of the Private Securities Litigation Reform Act of 1995

This Annual Report on Form 10-K, including Management’s Discussion and Analysis of Financial Condition and Results of Operations and Quantitative and Qualitative Disclosures About Market Risk contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended and Section 27A of the Securities Act of 1933, as amended concerning, among other things, our expectations regarding the prospects of, and developments and business strategies for, VASCO and our operations, including the development and marketing of certain new products and services and the anticipated future growth in certain markets in which we currently market and sell our products and services or anticipate selling and marketing our products or services in the future. These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective”, “goal”, “possible”, “potential”, “project”, and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. These risks, uncertainties and other factors have been described in greater detail in this Annual Report on Form 10-K and include, but are not limited to, (a) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasingly sophisticated hacking attempts, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks of general market conditions, including currency fluctuations and volatility in world economic and financial markets. Thus, the results that we actually achieve may differ materially from any anticipated results included in, or implied by these statements. Except for our ongoing obligations to disclose material information as required by the U.S. federal securities laws, we do not have any obligations or intention to release publicly any revisions to any forward-looking statements to reflect events or circumstances in the future or to reflect the occurrence of unanticipated events.

 

1


Table of Contents

PART I

Item 1 - Business

VASCO Data Security International, Inc. was incorporated in the State of Delaware in 1997 and is the successor to VASCO Corp., a Delaware corporation. Our principal executive offices are located at 1901 South Meyers Road, Suite 210, Oakbrook Terrace, Illinois 60181; the telephone number at that address is 630 932 8844. Our international headquarters in Europe is located at World-Wide Business Center, Balz-Zimmermannstrasse 7, CH-8152, Glattbrugg, Switzerland; the phone number at this location is 41 (0)43 555 3500. Our principal operations offices in Europe are located at Koningin Astridlaan 164, B-1780 Wemmel, Belgium and the telephone number at that address is 32 (0)2 609 9700. Unless otherwise noted, references in this Annual Report on Form 10-K to “VASCO”, “company”, “we”, “our”, and “us” refer to VASCO Data Security International, Inc. and its subsidiaries.

Additional information on the company, our products and services and our results, including the company’s annual report on Form 10-K, quarterly reports on our Form 10-Q, current reports on Form 8-K, and amendments to those reports filed with the Securities and Exchange Commission (the “SEC”) are available, free of charge, on our website at http://www.vasco.com. You may also read and copy any materials we file with the SEC at the SEC’s Public Reference Room at 100 F Street, NE, Washington, DC 20549. You may obtain information on the operation of the Public Reference Room by calling the SEC at 1-800-SEC-0330. Our reports are filed electronically with the SEC and are also available on the SEC’s website (http://www.sec.gov).

General

VASCO is a security company that designs, develops and markets security systems to secure and manage access to user digital assets of all kinds. Those security systems include both open standards-based and patented products and services used for “Strong User Authentication”, transaction signing and document signing for the Business-to-Business (“B2B”), Business-to-Employee (“B2E”) and Business-to-Consumer (“B2C”) markets.

Historically, we have focused on two target markets, the banking and financial services market (which we refer to as the “Banking Market” or “Banking”) and the enterprise and application security market (which we refer to as the “Enterprise and Application Security Market” or “Enterprise and Application Security”) . Our target markets are the applications and their several hundred million users that utilize fixed passwords as security.

In the era of the ‘Internet of Things,’ people have become more and more connected as devices of all types, especially mobile, proliferate. Service providers need to adapt to that reality. End users are no longer satisfied with service offerings that are limited to a single platform. Only cross-platform services that are accessible with any mobile connected device will prove to be viable. In this increasingly connected society, online and mobile will benefit from our expertise in strong user authentication, transaction signing and application security. Our convenient and proven solutions enable trusted interactions between businesses, employees and consumers across a multitude of online and mobile platforms.

In order to grow in this rapidly evolving society, VASCO has developed a clear strategy. We have created mobile solutions that move beyond pure authentication to risk-based solutions based on a scoring mechanism. This enables us to offer our customers security that is appropriate for their task or transaction. At the core of this is DIGIPASS for Application Perimeter Protection SDK (DIGIPASS for APPS) on the client-side, and VACMAN Controller on the server side, enhanced with a complete set of new functionalities in support of this new strategy.

 

2


Table of Contents

VASCO’s primary product and service lines include:

 

 

 

   

LOGO VACMAN: Core host system authentication platform, combining all technologies on one unique platform;

 

 

 

   

LOGO IDENTIKEY Authentication Server family: Adds full server functionality to the VACMAN core authentication platform;

 

 

 

   

LOGO DIGIPASS for APPS: Core client platform for mobile applications that combines multiple technologies and provides certain data that can be used for a scoring mechanism in risk-based solutions using attributes of the mobile device;

 

 

 

   

LOGO DIGIPASS clients: A suite of over 50 multi-application client e-signature software products, based on the world’s most widely spread electronic client platforms;

 

 

 

   

LOGO DIGIPASS as a Service (DPS) and MYDIGIPASS.COM (MDP): Cloud-based authentication services platform offering designed to provide enterprise employees, businesses and consumers secure access to multiple online and in-the-cloud applications.

Our security solutions are sold worldwide through our direct sales force, as well as through distributors, resellers and systems integrators. We currently have over 10,000 customers, including more than 1,700 financial institutions, in more than 100 countries. Representative customers of our products include HSBC, BNP-Paribas Fortis, Citibank, KBC and Blizzard Entertainment.

We offer our products in one of two models, an on-premise model and an in-the-cloud or services model:

 

  1. Our on-premise model, which is our traditional approach to the market, allows a customer to license our host system software for installation on their on-premise systems in their applications. Similarly, our customers would purchase or license hardware or software devices (which we refer to as “client devices”) that would be distributed to the users of their systems or applications. Our on-premise model is ideally suited to applications where the application owner needs to control all critical aspects of security, which is often the case where there is either a high transaction value or a high frequency of use. Under our traditional approach, the client devices can generally only be used with one host system application.

Banking

 

LOGO

 

3


Table of Contents

Enterprise – VPN access

 

 

LOGO

Enterprise – Secure Single Sign-On

 

 

LOGO

Application Security

 

 

LOGO

 

  2. Our in-the-cloud services model includes two product offerings that use the same operational platform;

 

  a. DIGIPASS as a Service (“DPS”) is our cloud-based service offering that was announced in October 2010 with a focus on the needs of customers in the Enterprise and Application Security market. By using our DPS authentication platform, business customers can deploy two-factor authentication more quickly and incur less upfront costs when compared to an on-premise solution. DPS is targeted towards B2B and B2E applications (e.g., employees of companies logging into third party applications operated in the cloud).

 

  b.

MYDIGIPASS.COM (“MDP”) is our cloud-based service offering that was announced in April 2012 with a focus on the needs of B2B and B2C. MDP facilitates password management while adding an additional level of security to the logon procedure. By using our MDP platform, consumers using B2C applications will have convenient access to those applications with increased security. Users can download a free DIGIPASS for Mobile application from our website that enables them to generate strong dynamic passwords on

 

4


Table of Contents
  their smart phone, tablet or other portable device. MDP provides a secure home page, the MYDIGIPASS.COM “launch pad”, from which users can quickly link to their frequently-used on-line sites.

 

LOGO

The launchpad can be customized

Our Background

Our predecessor company, VASCO Corp., entered the data security business in 1991 through the acquisition of a controlling interest in ThumbScan, Inc., which we renamed VASCO Corp. in 1993. In 1996, we began an expansion of our computer security business by acquiring Lintel Security NV/SA, a Belgian corporation, which included assets associated with the development of security tokens and security technologies for personal computers and computer networks. In addition, in 1996, we acquired Digipass NV/SA, a Belgian corporation, which was also a developer of security tokens and security technologies and whose name we changed to VASCO Data Security NV/SA in 1997.

On March 11, 1998, we completed a registered exchange offer with the holders of the outstanding securities of VASCO Corp. In December 2006, we opened our international headquarters in Zurich, Switzerland. In 2007, we established wholly-owned sales subsidiaries in Brazil and Japan. In 2008 and 2009, we established wholly-owned sales subsidiaries in Mumbai, India and Bahrain, respectively. In 2011, we completed the establishment of our wholly-owned sales subsidiary in China and received our trade license for a new subsidiary in Dubai, United Arab Emirates.

In January 2011, we acquired an internet trusted certificate authority/provider, in a two step process. In the first step, we acquired all of the intellectual property of DigiNotar Holding B.V. and its subsidiaries. In the second step we acquired 100% of the stock of DigiNotar B.V. and DigiNotar Notariaat B.V. (collectively, “DigiNotar”). The acquisition expanded the technological breadth of our product line by expanding our abilities to offer PKI technology throughout the product line.

In April 2011, we acquired Alfa & Ariss BV (“Alfa & Ariss”). Alfa & Ariss is an authority in the field of developing open identity and access management solutions. Alfa & Ariss brought additional important know-how and engineering capabilities in the fields of linking applications in-the-cloud. We believe that the acquisition of Alfa & Ariss will support the long-term growth strategy of our services and enterprise and application security businesses.

In May, 2013, we acquired Cronto Limited (“Cronto”), a provider of secure visual transaction authentication solutions for online banking. Cronto’s patented solution offers a robust, yet simple way to assure that a financial transaction has not been compromised, or “hacked.” The Cronto solution has been integrated into VACMAN Controller and IDENTIKEY Server, VASCO’s security platforms that support VASCO’s entire family of strong authentication and e-signature products.

 

5


Table of Contents

Since the 1998 exchange offer, including the acquisition of Cronto in 2013, we have engaged in nine acquisitions and one disposition.

In July 2011, DigiNotar B.V. detected an intrusion into its certificate authority infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains. On September 14, 2011, the Dutch Independent Post and Telecommunications Authority (OPTA) Commission terminated the registration of DigiNotar B.V. as a certification service provider that issues qualified certificates. As a result of the termination of its registration as a certification service provider, DigiNotar B.V. filed for bankruptcy on September 19, 2011 and the Haarlem District Court, The Netherlands declared DigiNotar B.V. bankrupt on September 20, 2011.

Following the bankruptcy of DigiNotar B.V., we discontinued the certificate authority business, which was DigiNotar B.V.’s core product. We have, however, utilized the intellectual property acquired from DigiNotar in the development of PKI-secured applications, such as document signing, registration and storage solutions, which we expect will strengthen our core authentication product line and expand opportunities for us on our services platform.

Industry Background

We believe that the growth in the number of people using the internet and the growth in the number of applications that are available to internet users are key drivers in the growth of the industry. As the number of people using the internet has grown, the number of criminal activities associated with identity theft and other forms of cyber attacks has also grown. The growth in electronic banking and electronic commerce, and the increasing use and reliance upon proprietary or confidential information by businesses, government and educational institutions that is remotely accessible by many users, has made information security a paramount concern. We believe that enterprises are seeking solutions that will continue to allow them to expand access to data and financial assets while maintaining network security.

Internet and Enterprise Security. With the advent of personal computers and distributed information systems in the form of wide area networks, intranets, local area networks and the internet, as well as other direct electronic links, many organizations have implemented applications to enable their work force and third parties, including vendors, suppliers and customers, to access and exchange data and perform electronic transactions. As a result of the increased number of users having direct and remote access to such enterprise applications, data and financial assets have become increasingly vulnerable to unauthorized access and misuse.

Cloud Computing. Cloud computing has grown in popularity over the past 10 years. Organizations are able to outsource many of their applications and access them over the internet (sometimes referred to as the “cloud”). Many such applications are not adequately secured and commonly use a traditional user name and password as security. As a result of the increased number of users having direct and remote access to such enterprise applications, data and financial assets in the cloud are similarly increasingly vulnerable to unauthorized access and misuse.

Individual (i.e., consumer) User Security. In addition to the need for enterprise-wide security, the proliferation of personal computers, mobile telephones, smart phones and tablets in both home and office settings, combined with widespread access to the internet, have created significant opportunities for electronic commerce by individual users, such as electronic bill payment, home banking and home shopping.

Fueled by well-publicized hacking incidents, including misappropriation of credit card information and commercial espionage, we believe there is a growing awareness of the need for consumers to have improved security in transmitting information via the internet. Accordingly, we believe that electronic commerce merchants and their customers will seek improved security measures that accurately identify users and reliably encrypt data transmissions over the internet. To minimize losses due to misappropriation of credit card information, many banks in European countries have issued smart cards (credit cards with a micro-chip) that are compliant with the EMV standard.

 

6


Table of Contents

Several governments worldwide have recognized the risk associated with using fixed passwords for internet applications and have issued specific rules requiring two-factor authentication for online banking security. We expect that trend to continue and that governments in many countries will prepare similar guidance and/or rules in order to protect their citizens’ online assets.

Components of Security. Data and financial asset security, and secured access to and participation in on-line commerce, generally consist of the following components:

 

   

Encryption: Maintains data privacy by converting information into an unreadable pattern and allowing only authorized parties to decrypt the data. Encryption can also maintain data integrity by creating digital signatures for transmitted data, enabling the recipient to check whether the data has been changed since or during transmission.

 

   

Identification and Authentication: Serves as the foundation for other security mechanisms by verifying that a user is who he or she claims to be. Identification and authentication mechanisms are often employed with encryption tools to authenticate users, to determine the proper encryption key for encrypting/decrypting data, or to enable users to digitally “sign” or verify the integrity of transmitted data.

 

   

Access Control: Software that provides authentication, authorization and accounting functions, controlling a user’s access to only that data or the financial assets which he or she is authorized to access, and that keeps track of a user’s activities after access has been granted.

 

   

Administration and Management Tools: Software that sets, implements, and monitors security policies, the access to which is typically regulated by access control systems. These tools are extremely important to the overall effectiveness of a security system.

The most effective security policies employ most, if not all, of the above components. Many companies, however, only implement a patchwork of these components, which could result in their security systems being compromised.

Our Solution

We have found that, to date, most approaches to network security, including internet security related to access to both internal applications and applications in the cloud, have been limited in scope and have failed to address all of the critical aspects of data security. We believe that an effective enterprise-wide solution must address and assimilate issues relating to the following:

 

   

Speed and ease of implementation, use and administration;

 

   

Reliability;

 

   

Interoperability within diverse enterprise environments, existing customer applications and the security infrastructure;

 

   

Interoperability within diverse applications in cloud processing environments;

 

   

Scalability; and

 

   

Overall cost of ownership.

Accordingly, we have adopted the following approach to data security:

 

   

In designing our products and services, we have sought to incorporate industry-accepted, open and non-proprietary protocols. This permits interoperability between our products and the multiple platforms, products and applications widely in use.

 

7


Table of Contents
   

We have designed our products and services to minimize their integration effort with, and disruption of, existing legacy applications and the security infrastructure. We provide customers with easier implementations and a more rapid means of implementing security across the enterprise, including the internet. With security being a critical enabling technology for on-line business initiatives, speed and ease of security implementation has become crucial to an organization’s success.

 

   

We design our products and services to have a more attractive total cost of ownership than competing products and services. We have found that product improvements and tools that lower a customer’s total cost of ownership create differentiating sales and marketing tools and also help in the development of a highly loyal customer base that is open to new solutions that we offer.

 

   

Our products and services operate on a wide variety of platforms used to gain access to applications through the internet including, but not limited to, personal computers, smart phones, tablets and other personal data devices. A user’s single identity credential can be used across most all of the platforms he or she might use when accessing the internet.

 

   

We provide products that are designed to provide a good balance between ease of use and the strength of the underlying authentication technology used. Our single-sign-on product allows users to access multiple applications using one credential, which is verified when the user first logs onto an application secured by our technology. Some of our client products use quick-response (“QR”) codes that allow a user to minimize key strokes by optically and quickly scanning a QR code that may be encrypted, thus increasing the strength of the security being used.

 

   

We are providing a choice to our customers with our services platform. By using our authentication platform, customers can deploy two-factor authentication more quickly, incur less upfront costs and be able to use strong authentication when logging onto a larger number of internet sites and applications. We expect those applications to include B2B, B2E, including employees of companies logging into third party applications operated in the cloud, and B2C applications. We believe that DPS and MDP have the potential for significant future growth as it will make two-factor authentication more affordable and readily available to consumers and application markets.

As a result of this approach, we believe that we are a leading provider of strong authentication security solutions that can be combined with electronic and digital signature (“e-signature”) capabilities for all types of on-line, risk-based transactions.

Our Strategy

We believe that we have one of the most complete lines of security products and services for strong user authentication, electronic signatures, and digital signatures available in the market today. We also believe that we can demonstrate to an increasing number of distributors, resellers and systems integrators that they can more effectively differentiate themselves in their marketplaces and increase the value of their products by incorporating our security products into their own products. On a broad basis, our strategy is to:

 

   

Continue our end-to-end authentication strategy by offering the financial services sector the full array of authentication products and services;

 

   

Expand our penetration in other traditional markets by selling the products offered in the financial services sector to other markets including, but not limited to, business enterprises and other vertical markets that center around core applications that are similar to the way that the financial services market operates (e.g., e-commerce applications and e-government applications);

 

   

Expand our penetration into new markets such as B2B, B2E and B2C by providing strong authentication through our services platform in the form of DPS and MDP;

 

8


Table of Contents
   

Expand the number of websites that use our two-factor authentication technology by both providing easy-to-use development tools to application owners and by embedding our technology into e-commerce platforms used by web developers as well as web site content management systems, and;

 

   

Expand our footprint in the market by creating hundreds of millions of dormant DIGIPASS client devices that can be activated by our customers or our customers’ end users electronically without the need to buy host system software or buy and deploy hardware DIGIPASS client devices.

We plan to bring dormant DIGIPASSES to end users in the following ways:

 

   

DIGIPASS Embedded Security Solutions, which we also refer to as “DESS”: a software DIGIPASS is natively embedded on a manufacturer’s hardware. Examples are our partnering relationships with Intel Corporation and Option N.V.,

 

   

DIGIPASS Plus: a DIGIPASS client device that is purchased by our customer that has more than one identity on the device. The first identity is used for our customer’s proprietary application and the second identity can be activated by our customer’s end user to secure access to third party applications through our services platform.

 

   

National ID cards: many countries are expected to roll out national ID cards that can be used as an authentication and PKI platform.

 

   

Mobile platform solutions: we expect that mobile software platform providers will embed DIGIPASSES in their applications.

 

   

DIGIPASS client devices sold in retail shops.

 

   

DIGIPASS client devices sold or downloaded from our web shop.

We believe that we have over 125 million dormant DIGIPASSES in the market and expect this number to grow significantly in the next two years.

Our strategy with the dormant DIGIPASSES represents both a top-down and a bottom-up approach to get DIGIPASSES to consumers, in many cases at no additional cost to the consumer. In the top-down approach, the consumer obtains the dormant DIGIPASS from a bank or other customer of VASCO. In the bottom-up approach, the DIGIPASS is embedded in the software of a device that the consumer is purchasing primarily for another purpose (for example, a personal computer). Once the dormant DIGIPASS is in the hands of the consumer, the consumer can decide if he or she wants to activate and use the DIGIPASS to secure other applications.

Additionally, we intend to continue to enhance and broaden our line of security products to meet the changing needs of our existing and potential customers by:

 

   

Building on our core software and hardware security expertise by continuing to expand our technology and services for use on different platforms, such as mobile phones , tablets and basically any device connected to the internet;

 

   

Embedding our core software into different platforms, such as chip sets used for PCs, mobile phones and any device connected to the internet;

 

   

Expanding our authentication services product offering;

 

   

Acquiring complementary technologies or businesses; and

 

   

Developing products for applications in new vertical markets.

 

9


Table of Contents

Our Products

VACMAN Product Line

The VACMAN product line incorporates a range of strong authentication utilities and solutions designed to allow organizations to add DIGIPASS strong authentication into their existing networks and applications.

In order to provide the greatest flexibility, without compromising on functionality or security, VACMAN solutions are designed to integrate with most popular hardware and software. Once integrated, the VACMAN components become largely transparent to the users, minimizing rollout and support issues.

VACMAN is the backbone of VASCO’s product strategy towards the banking and e-commerce markets. VACMAN encompasses all four authentication technologies (passwords, dynamic password technologies, certificates and biometrics) and allows our customers to use any combination of those technologies simultaneously. VACMAN is natively embedded in or compatible with the solutions of over 100 VASCO solution partners.

Designed by specialists in “system entry” security, VACMAN makes it easy to administer a high level of access control and allows our customers to match the level of authentication security used with their perceived risk for each user of their application. Our customer simply adds a field to his or her existing user database, describing the authentication technology used and, if applicable, the unique DIGIPASS assigned to the end user of their application. VACMAN takes it from there, automatically authenticating the logon request using the security sequence the user specifies, whether it’s a one-time password using either response-only or a challenge/response authentication scheme or an electronic signature.

VACMAN allows the user the freedom to provide secure remote access to virtually any type of application. VACMAN is a library requiring only a few days to implement in most systems and supports all DIGIPASS functionality. Once linked to an application, VACMAN automatically handles login requests from any users authorized to have a DIGIPASS.

IDENTIKEY Authentication Server

IDENTIKEY Authentication Server is an off-the-shelf centralized authentication server that supports the deployment, use and administration of DIGIPASS strong user authentication. IDENTIKEY is based on VASCO’s core VACMAN technology.

IDENTIKEY Authentication Server is available in a Banking Edition and three versions for the Enterprise and Application Security market that can be easily upgraded.

 

   

The Banking Edition is the complete and robust protection against man-in-the-middle (MITM) attacks. Offers the highest security and has been verified to fit into existing PCI-DSS environments without reducing compliancy. This version includes:

 

   

RADIUS functionality,

 

   

Web filter support for access to in-house applications (OWA, RDWA, CWI, Receiver),

 

   

Two-Factor Authentication for protection of access to internet banking applications,

 

   

e-signature for validation of financial transactions, and

 

   

Licenses for up to seven servers.

 

10


Table of Contents

The three versions available to the Enterprise and Application Security market include:

 

   

The Standard Edition includes Remote Authentication Dial In User Service (“RADIUS”) functionality for a single licensed server. It targets small and medium-sized business (“SMB”) wanting to secure their remote access infrastructure at the lowest total cost of ownership.

 

   

The Gold Edition offers web filters to secure Outlook Web Access (“OWA”) and Citrix Web Interface (CWI”), additional to the RADIUS support. This version includes licenses for a primary and a back-up server. It is an ideal solution for SMBs that want to offer more functionality and assure availability for their employees.

 

   

The Enterprise Edition is the most comprehensive solution, offering:

 

   

RADIUS for remote access to the corporate network,

 

   

Web filter support for access to in-house applications (OWA, CWI),

 

   

Simple Object Access Protocol (“SOAP”) for protection of internet based business applications (e.g. portals, extranet, e-commerce websites, partner services, etc.), and

 

   

Licenses for up to seven servers.

The Enterprise Edition is the perfect solution for SMBs that want to secure more than remote access by using the same DIGIPASS device to secure additional applications at little to no extra cost. It also addresses the need of large enterprises to set up a pool of replication servers to share the authentication load and assure high-availability, especially when securing an increased number of customers and partners who use web-hosted applications.

IDENTIKEY Appliance and IDENTIKEY Virtual Appliance

IDENTIKEY Appliance is a standalone authentication solution that offers strong two-factor authentication for remote access to a corporate network or to web-based in-house business applications. It comes in a standard 19 inch rack mountable “slim fit” design. The appliance verifies DIGIPASS/IDENTIKEY authentication requests from RADIUS clients and web filters and can easily be integrated with any infrastructure. It features a web based administration interface as well as an auditing and reporting console.

IDENTIKEY Virtual Appliance is a virtualized authentication appliance that secures remote access to corporate networks and web-based applications.

IDENTIKEY Federation Server

IDENTIKEY Federation Server is a server appliance that provides an identity & access management platform. It is used to validate user credentials across multiple applications and disparate networks. The solution validates users and creates an identity ticket enabling web single sign-on for different applications across organizational boundaries. IDENTIKEY Federation Server works as an Identity Provider within the local organization, but can also delegate authentication requests (for unknown users) to other Identity Providers. In a Federated Model, IDENTIKEY Federation Server does not only delegate but also receives authentication requests from other Identity Providers, when local users want to access applications from other organizations within the same federated infrastructure.

DIGIPASS for APPS

DIGIPASS for APPS is our core client platform for mobile applications. The solution offers a unique single framework with a comprehensive set of features that contains all necessary building blocks to secure applications at every level, from provisioning to human interface. DIGIPASS for APPS offers unique features to secure the environment in which the application resides, such as jailbreak and rootkit detection and geolocation.

 

11


Table of Contents

The SDK (software development kit) also provides a secure channel to ensure end-to-end encryption of business critical data whereby relying on mainstream technologies like HTTPS may not be enough. The secure channel offered by DIGIPASS for APPS can virtually encrypt anything, such as texts, photos or QR codes.

DIGIPASS for APPS enables application developers to streamline and manage the entire provisioning, deployment and lifecycle process offering several options for end user activation and device binding features that link a user to a specific device. The solution also foresees in the possibility for end users to use multiple devices for one application with a single license.

DIGIPASS Product Line

Our DIGIPASS product line, which exists as a family of software and hardware client authentication products and services, provides a flexible and affordable means of authenticating users to any network, including the internet and mobile applications.

Security can be broken into three factors:

 

   

What the user has (the DIGIPASS itself, in hardware, software, or embedded version);

 

   

What the user knows (the PIN code to activate the DIGIPASS); and

 

   

Who the user is (biometrics).

The DIGIPASS family is currently based on the first two factors. Using the DIGIPASS system, in order to enter a remote system or to digitally sign data, the user needs a:

 

   

Client authentication device, hardware DIGIPASS or DIGIPASS software downloaded onto an existing device. Without physical possession of the client authentication device the user will not be able to log on to the system; and

 

   

PIN code for the DIGIPASS; if the user does not know the appropriate code, he or she will not be able to use the applications stored inside.

Both factors help ensure that a natural person is authenticating (or signing), instead of a computer or another device. These factors also enable very high portability for security anytime and anywhere.

DIGIPASSES calculate dynamic signatures and passwords, also known as one-time passwords, to authenticate users on a computer network and for a variety of other applications. DIGIPASS software also offers the additional capacity to secure the platform itself with functionalities including secure storage, secure channel, secure provisioning, and device binding capabilities.

There are over 50 models of the DIGIPASS, each of which has its own distinct characteristics depending on the platform that it uses and the functions it performs. However, the DIGIPASS family is designed to work together and customers can switch their users’ devices without requiring any changes to the customers’ existing infrastructure. In addition, these devices can be used to calculate digital signatures, also known as electronic signatures or message authentication codes, to protect electronic transactions and the integrity of the contents of such transactions.

DIGIPASS technology is designed to operate on non-VASCO platforms such as desktop PCs or laptops. DIGIPASS technology is also available for any mobile device, smart phones and smart cards. For users of mobile phones, the virtual DIGIPASS generates one-time passwords that are sent to the mobile telephone user by SMS (Short Messaging System).

Other technologies such as PKI-enabled products are included in the DIGIPASS family, based on the same back-end VACMAN core technology.

 

12


Table of Contents

With the acquisition of Cronto, VASCO has also added visual cryptography to its product portfolio. Sensitive transaction data are captured in a cryptogram that resembles a matrix of colored dots. By scanning the image with a hardware or software authenticator, the data contained in the cryptogram are decrypted and the transaction details are presented to the user for verification.

DIGIPASS technology also combines the benefits of traditional password authenticators (authentication and digital signatures) with smart card readers. Together, they bring portability to smart cards and allow secure time-based algorithms.

Our Services Platform (DPS and MDP)

In October of 2010, we launched our DIGIPASS as a Service security platform to the market. Our initial DPS offering was directed at providing strong authentication for B2B and B2E applications. B2B applications are applications between two organizations that have an on-going relationship of some type. An example could be a manufacturer that has a web site through which a customer regularly purchases its products. VASCO’s DPS platform could be used to strongly authenticate the purchaser to prevent fraudulent activities. B2E applications are applications which have been outsourced by an organization. These could be sales reporting and forecasting applications, payroll and 401-(k) plan administration applications, human resource applications, etc. that are operated in the cloud.

We launched MYDIGIPASS.COM (“MDP”) in April 2012. MDP is directed at the B2B and B2C market. Our goal is to have the user securely access multiple applications with only one DIGIPASS. We believe that with this approach, we bring best-of-breed authentication into the reach of almost every online application.

We will continue to focus on activating the millions of end users that have a dormant DIGIPASS in their possession. We believe that this bottom up approach, as described above, will be very successful. We plan to put the initiative for better security in the hands of the consumers and the citizens and expect that they will drive demand for our strong authentication products and services.

The combination of our core business line and our service offering brings virtually every online application into VASCO’s reach. While revenues generated from DPS and MDP to date have been minimal, we believe DPS/MDP has the potential for significant future growth as it will make two-factor authentication more affordable and readily available to users and applications markets. We believe that this combination provides VASCO with a unique position in the market, giving us the opportunity to aim at every web application owner and offer their end users convenience and security.

Intellectual Property and Proprietary Rights and Licenses

We rely on a combination of patent, copyright, trademark and trade secret laws, as well as employee and third-party non-disclosure agreements to protect our proprietary rights. In particular, we hold several patents in the U.S. and in other countries, which cover multiple aspects of our technology. These patents expire between 2014 and 2031. We do not believe that we have any patents that will expire in 2014 that will affect business, profitability or increase competition. In addition to the issued patents, we also have several patents pending in the U.S., Europe and other countries. The majority of our issued and pending patents cover our DIGIPASS family and other authentication related technology. We believe these patents to be valuable property rights and we rely on the strength of our patents and on trade secret law to protect our intellectual property rights. To the extent that we believe our patents are being infringed upon, we intend to assert vigorously our patent protection rights, including but not limited to, pursuing all available legal remedies.

Research and Development

Our research and development efforts historically have been, and will continue to be, concentrated on product enhancement, new technology development and related new product introductions. We employ a team of

 

13


Table of Contents

full-time engineers and, from time to time, also engage independent engineering firms to conduct non-strategic research and development efforts on our behalf. We recorded $21.3 million, $18.8 million, and $18.6 million for fiscal years ended December 31, 2013, 2012, and 2011, respectively, on company-sponsored research and development.

Production

Our security hardware DIGIPASSES are manufactured by third party manufacturers pursuant to purchase orders that we issue. Our hardware DIGIPASSES are made primarily from commercially available electronic components that are purchased globally. Our software products, including software versions of our DIGIPASSES are produced in-house.

Hardware DIGIPASSES utilize commercially available programmable microprocessors, or chips. We use a limited number of microprocessors, made by Samsung, for the various hardware products we produce. The Samsung microprocessors are purchased from Samsung Semiconductor in Germany. The microprocessors are the only components of our security authenticators that are not commodity items readily available on the open market.

Orders of microprocessors generally require a lead-time of 12-16 weeks. We attempt to maintain a sufficient inventory of all parts to handle short-term increases in orders. Large orders that would significantly deplete our inventory are typically required to be placed with more than 12 weeks of lead-time, allowing us to make appropriate arrangements with our suppliers. We also place orders for microprocessors that may represent several years of supply in situations where we have been notified by Samsung that they do not plan to continue to manufacture the processor. While we can re-engineer our products to use other processors when notified that a processor will no longer be produced, we believe that it is generally more cost effective to carry a multiple year supply than to re-engineer the product.

We purchase the microprocessors and arrange for shipment to third parties for assembly and testing in accordance with our design specifications. The majority of our DIGIPASS products are assembled by one of three independent companies with headquarters in Hong Kong and production facilities in China. Purchases from these companies are made on a volume purchase order basis. Equipment designed to test product at the point of assembly is supplied by us and periodic visits are made by our personnel for purposes of quality assurance, assembly process review and supplier relations.

Competition

The market for computer and network security solutions is very competitive and, like most technology-driven markets, is subject to rapid change and constantly evolving products and services. Our main competitor is RSA Security, a subsidiary of EMC Corporation. Additional direct competitors include Gemalto and Kobil Systems. There are many other companies, such as SafeNet, Symantec and Entrust that offer authentication hardware, software and services that range from simple locking mechanisms to sophisticated encryption technologies. We believe that competition in this market is likely to intensify as a result of increasing demand for security products. Visibility of global competitors and their planned actions has diminished over the last several years due to the fact that some of our competitors have been acquired by larger corporations (e.g., EMC’s acquisition of RSA in 2006) or private equity firms (e.g., SafeNet, which was acquired by Vector Capital in 2007).

We believe that the principal competitive factors affecting the market for computer and network security products include the strength and effectiveness of the solution, technical features, ease of use, quality/reliability, customer service and support, name recognition, customer base, distribution channels and the total cost of ownership of the authentication solution. Although we believe that our products currently compete

 

14


Table of Contents

favorably with respect to such factors, other than name recognition in certain markets, there can be no assurance that we can maintain our competitive position against current and potential competitors, especially those with significantly greater financial, marketing, service, support, technical and other competitive resources.

Some of our present and potential competitors have significantly greater financial, technical, marketing, purchasing and other resources than we do, and as a result, may be able to respond more quickly to new or emerging technologies and changes in customer requirements, or to devote greater resources to the development, promotion and sale of products, or to deliver competitive products at a lower end-user price. Current and potential competitors have established or may establish cooperative relationships among themselves or with third parties to increase the ability of their products to address the needs of our prospective customers. It is possible that new competitors or alliances may emerge and rapidly acquire significant market share. Accordingly, we have forged, and will continue to forge, our own partnerships to offer a broader range of products and capabilities to the market.

Our products are designed to allow authorized users access to a computing environment, in some cases using patented technology, as a replacement for the static password. Although certain of our security token technologies are patented, there are other organizations that offer token-type password generators incorporating challenge-response or response-only approaches that employ different technological solutions and compete with us for market share.

Sales and Marketing

Our traditional security solutions are sold through our direct sales force, as well as through approximately 55 distributors, their reseller networks and systems integrators. A sales staff of 111 coordinates our sales activity through both our sales channels and our strategic partners’ sales channels and makes direct sales calls either alone or with sales personnel of vendors of computer systems. Our sales staff also provides product education seminars to sales and technical personnel of vendors and distributors with whom we have working relationships and to potential end-users of our products.

VASCO secures and trains its channel. Over 1,200 staff members of our channel partners have become VASCO certified engineers.

Our DPS solution will be sold primarily by our direct sales force calling on Enterprise and Application Security customers. Our sales force is able to offer each customer a choice of an on-site implementation using our traditional on-premise model or a cloud implementation using our services platform.

Our MDP solution will also be sold primarily by our direct sales force and marketed to application owners. We will work with the application owners to develop marketing programs that will encourage users of the application to access that application through our services platform.

Part of our expanded selling effort includes approaching our existing strategic partners to find additional applications for our security products. In addition, our marketing plan calls for the identification of new business opportunities that may require enhanced security over the transmission of electronic data or transactions where we do not currently market our products. Our efforts also include various activities to increase market awareness of the MDP/DPS solutions as well as preparation and dissemination of white papers prepared by our support engineers that explain how we believe our security products can add value or otherwise be beneficial.

Customers and Markets

Customers for our products include some of the world’s most recognized names: HSBC, BNP-Paribas Fortis, Blizzard Entertainment, VTB 24 (Russia), STB (Tunisia), BetClic (Malta), OHFA (U.S.A.), Crédit

 

15


Table of Contents

Agricole (Belgium), Virginia Heritage Bank (U.S.), PartyGaming (Gibraltar), Konami Digital Entertainment Co. Ltd. (Japan), Caixa Geral de Depositos (France), Indiana University (U.S.), University of Colorado (U.S.), Volunteer Corporate Credit Union (U.S.), and Adapti (Belgium).

Our top 10 customers contributed 40%, 37%, and 47%, in 2013, 2012, and 2011, respectively, of total worldwide revenue. In 2013, 2012 and 2011, HSBC, our largest customer, contributed approximately 18%, 10%, and 17% of our worldwide revenue, respectively.

A significant portion of our sales is denominated in foreign currencies and changes in exchange rates impact results of operations. To mitigate exposure to risks associated with fluctuations in currency exchange rates, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against operating expenses being incurred in that currency. For additional information regarding how currency fluctuations can affect our business, please refer to “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and “Quantitative and Qualitative Disclosures about Market Risk.”

We also experience seasonality in our business. Historically, these seasonal trends are most notable in the summer months, particularly in Europe, when many businesses defer purchase decisions; however, given the relatively small size of our business, the timing of any one or more large orders may temper or offset this seasonality.

We organize our sales group and report our results in two vertical markets:

 

   

Banking and Financial Institutions: Traditionally our largest market where we believe that there are substantial opportunities for future growth.

 

   

Enterprise and Application Security: A significant market that includes:

 

  -  

Corporations seeking secure internal and remote network access: We have enjoyed growing success in this market and have developed new products that we believe will allow us to compete more effectively for both SME (small and medium enterprises) as well as large corporations.

 

  -  

Other application-specific markets: Our products are being used in more than 50 different applications and we believe that we will be able to identify and leverage our knowledge with those applications to increase our penetration in the more promising markets.

 

  -  

E-commerce: Both business-to-business and business-to-consumer e-commerce are becoming ever more important for us.

 

  -  

E-government: Our revenue in this market is still small, but we are ready to take advantage of the market’s evolution.

Our channel partners are critical to our success in the Enterprise and Application Security markets. We serve this market exclusively via our two-tier indirect sales channel. We train employees of our resellers and distributors on-site and in our offices. In addition, we have developed online video training software that allows us to train people worldwide, resulting in cost and time benefits.

We invest in and support our channel with marketing and public relations actions. Distributors and resellers get the tools they need to be successful, such as campaigns, case studies, marketing funds and more. We expect our Enterprise and Application Security market to become even more successful in the future.

Backlog

Our backlog at December 31, 2013 was approximately $42 million compared to $45 million at December 31, 2012. We anticipate that substantially all of the backlog at the end of 2013 will be shipped in 2014.

 

16


Table of Contents

We do not believe that the specific amount of backlog at any point in time is indicative of the trends in our markets or the expected results of our business. Given the relatively small size of our business and the large size of potential orders, the backlog number can change significantly with the receipt of a new order or modification of an existing order, for example, shipment timing.

Financial Information Relating to Foreign and Domestic Operations

For financial information regarding VASCO, see our Consolidated Financial Statements and the related Notes, which are included in this Annual Report on Form 10-K. We have a single reportable segment for all our products and operations. See Note 12 in the Notes to Consolidated Financial Statements for a breakdown of revenue and long-lived assets between U.S. and foreign operations.

Employees

As of December 31, 2013, we had 396 total employees, which included 387 full-time employees. Of the total employees, 41 were located in the U.S., 321 in EMEA (Europe, the Middle East and Africa), 14 in the Asia Pacific Rim countries and 20 in other countries, including Australia, Latin America, India and Central Asia. Of the total employees, 193 were involved in sales, marketing, operations and customer support, 143 in research and development and 60 in general and administration.

Item 1A - Risk Factors

RISK FACTORS

You should carefully consider the following risk factors, which we consider the most significant, as well as other information contained in this Annual Report on Form 10-K. In addition, there are a number of less significant and other general risk factors that could affect our future results. If any of the events described in the risk factors were to occur, our business, financial condition or operating results could be materially and adversely affected. We have grouped our Risk Factors under captions that we believe describe various categories of potential risk. For the reader’s convenience, we have not duplicated risk factors that could be considered to be included in more than one category.

Risks Related to Our Business

A significant portion of our sales are to a limited number of customers. The loss of substantial sales to any one of them could have an adverse effect on revenues and profits.

We derive a substantial portion of our revenue from a limited number of customers, most of which are European or Asian headquartered banks. The loss of substantial sales to any one of them could adversely affect our operations and results. In fiscal 2013, 2012 and 2011, our top 10 largest customers contributed 40%, 37% and 47%, respectively, of total worldwide revenue. HSBC, our largest customer, contributed approximately 18%, 10% and 17%, respectively, of total worldwide revenue.

The return of a worldwide recession and/or an increase in the concern over the European sovereign debt crisis may further impact our business.

Our business is subject to economic conditions that may fluctuate in the major markets in which we operate. Factors that could cause economic conditions to fluctuate include, without limitation, recession, inflation, higher interest borrowing rates, higher levels of unemployment, higher consumer debt levels, general weakness in retail or commercial markets and changes in consumer or business purchasing power or preferences.

 

17


Table of Contents

While it appears that circumstances that led to the sovereign debt crisis have abated, many significant economic issues have not been addressed fully. As a result, we expect that Europe will continue to face difficult economic conditions in 2014. If global economic and financial market conditions remain uncertain and/or weak for an extended period of time, any of the following factors, among others, could have a material adverse effect on our financial condition and results of operations:

 

   

slower consumer or business spending may result in reduced demand for our products, reduced orders from customers for our products, order cancellations, lower revenues, increased inventories, and lower gross margins;

 

   

continued volatility in the global markets and fluctuations in exchange rates for foreign currencies and contracts or purchase orders in foreign currencies could negatively impact our reported financial results and condition;

 

   

continued volatility in the prices for commodities and raw materials we use in our products could have a material adverse effect on our costs, gross margins, and ultimately our profitability;

 

   

if our customers experience declining revenues, or experience difficulty obtaining financing in the capital and credit markets to purchase our products, this could result in reduced orders for our products, order cancellations, inability of customers to timely meet their payment obligations to us, extended payment terms, higher accounts receivable, reduced cash flows, greater expense associated with collection efforts and increased bad debt expense;

 

   

in the event of a contraction of our sales, dated inventory may result in a need for increased obsolescence reserves;

 

   

a severe financial difficulty experienced by our customers may cause them to become insolvent or cease business operations, which could reduce the availability of our products to consumers; and

 

   

any difficulty or inability on the part of manufacturers of our products or other participants in our supply chain in obtaining sufficient financing to purchase raw materials or to finance general working capital needs may result in delays or non-delivery of shipments of our products.

While we believe that many of the effects of the recession and credit crisis have abated, we are unable to predict potential future economic conditions, disruptions in the sovereign debt markets or other financial markets, the Euro Monetary Union or the European Union, or the effect of any such disruption or disruptions on our business and results of operations, but the consequences may be materially adverse. We believe that our business in the Banking market in Europe would be impacted most directly by any such disruption and that the consequences may be materially adverse, as approximately 62% of our consolidated revenues originated in the EMEA region in 2013.

Disruptions in markets or the European Union may affect our liquidity and capital resources.

We believe our financial resources and current borrowing arrangements are adequate to meet our operating needs. However, difficult economic conditions existing on a worldwide basis today may require us to modify our business plans. Disruptions in the sovereign debt markets or other financial markets, the Euro Monetary Union or the European Union, could materially adversely affect our liquidity and capital resources and expose us to additional currency fluctuation risk.

Furthermore, in the current economic environment there is a risk that customers may delay their orders until the economic conditions improve further. If a significant number of orders are delayed for an indefinite period of time, our revenue and cash receipts may not be sufficient to meet the operating needs of the business. If this is the case, we may need to significantly reduce our workforce, sell certain of our assets, enter into strategic relationships or business combinations, discontinue some or all of our operations, or take other similar restructuring actions. While we expect that these actions would result in a reduction of recurring costs, they also may result in a reduction of recurring revenue and cash receipts. It is also likely that we would incur substantial non-recurring costs to implement one or more of these restructuring actions.

 

18


Table of Contents

We have a long operating history, but only a modest accumulated profit.

Although we have reported net income of $11.1 million, $15.6 million, and $18.1 million for the years ended December 31, 2013, 2012, and 2011, respectively, our retained earnings were only $92.4 million at December 31, 2013. Over our 21 year operating history, we have operated at a loss for many of those years. In the current uncertain economic environment, it may be difficult for us to sustain our recent levels of profitability.

We derive revenue from a limited number of products and do not have a broadly-diversified product base.

Substantially all of our revenue is derived from the sale of authentication products. We also anticipate that a substantial portion of our future revenue, if any, will also be derived from these products and related services. If the sale of these products and services is impeded for any reason and we have not diversified our product offerings, our business and results of operations would be negatively impacted.

The sales cycle for our products and technology is long, and we may incur substantial expenses for sales that do not occur when anticipated.

The sales cycle for our products, which is the period of time between the identification of a potential customer and completion of the sale, is typically lengthy and subject to a number of significant risks over which we have little control. If revenue falls significantly below anticipated levels, our business would be seriously harmed.

A typical sales cycle in the Banking market is often six months or more. Larger Banking transactions may take up to 18 months or more. Purchasing decisions for our products and systems may be subject to delays due to many factors that are not within our control, such as:

 

   

The time required for a prospective customer to recognize the need for our products;

 

   

The significant expense of many data security products and network systems;

 

   

Customers’ internal budgeting processes; and

 

   

Internal procedures customers may require for the approval of large purchases.

As our operating expenses are based on anticipated revenue levels, a small fluctuation in the timing of sales can cause our operating results to vary significantly between periods.

We have a great dependence on a limited number of suppliers and the loss of their manufacturing capability could materially impact our operations.

In the event that the supply of components or finished products is interrupted or relations with any of our principal vendors is terminated, there could be a considerable delay in finding suitable replacement sources to manufacture our products at the same cost or at all. The majority of our products are manufactured by four independent vendors, a processor manufacturer headquartered in Europe and the three manufacturers of finished goods in Hong Kong. Our hardware DIGIPASSES are assembled at facilities in mainland China. The importation of these products from China exposes us to the possibility of product supply disruption and increased costs in the event of changes in the policies of the Chinese government, political unrest or unstable economic conditions in China or developments in the United States that are adverse to trade, including enactment of protectionist legislation.

We order processors well in advance of expected use and produce finished goods prior to the receipt of customer orders. If orders are not received, we could suffer losses related to the write down or write off of inventory that cannot be sold at full value.

In an attempt to minimize the risk of not having an adequate supply of component parts to meet demand, especially in situations where we have been notified that key processors will no longer be manufactured,

 

19


Table of Contents

we purchase multiple years’ supply of processors based on internal forecasts of demand. In addition, to meet customers’ demands for accelerated delivery of product, we produce finished product for existing customers before we receive the order from the customer. Should our forecasts of future demand be inaccurate or if we produce product that is never ordered, we could incur substantial losses related to the write down or write off of our inventory.

Our customers have the ability to reschedule their deliveries.

Prior to 2009, a major portion of our business was scheduled by our customers under purchase orders which called for multiple shipments over the course of 12 months. Typically, these were firm orders with specific requests for shipments on specified dates. Historically, a customer may have requested that a shipment be accelerated and delivered earlier than scheduled or, conversely, delayed and delivered later than originally scheduled, or in rare cases, cancelled. In 2009 and in 2010, we experienced instances in which customers delayed delivery shipments or placed smaller orders covering shorter periods of time. In 2011, 2012, and 2013, many of our larger customers returned to order patterns more similar to their earlier historical patterns. However, in the future, they may delay shipments or order small quantities covering shorter periods of time. Our results may differ substantially from period to period based on orders delivered in that period.

Our success depends on establishing and maintaining strategic relationships with other companies to develop, market and distribute our technology and products and, in some cases, to incorporate our technology into their products.

Part of our business strategy is to enter into strategic alliances and other cooperative arrangements with other companies in our industry. We currently are involved in cooperative efforts with respect to the incorporation of our products into products of others, research and development efforts, marketing efforts and reseller arrangements. None of these relationships are exclusive, and some of our strategic partners also have cooperative relationships with certain of our competitors. If we are unable to enter cooperative arrangements in the future or if we lose any of our current strategic or cooperative relationships, our business could be harmed. We do not control the time and resources devoted to such activities by parties with whom we have relationships. In addition, we may not have the resources available to satisfy our commitments, which may adversely affect these relationships. These relationships may not continue, may not be commercially successful, or may require our expenditure of significant financial, personnel and administrative resources from time to time. Further, certain of our products and services compete with the products and services of our strategic partners.

We may not be able to maintain effective product distribution channels, which could result in decreased revenue.

We rely on both our direct sales force and an indirect channel distribution strategy for the sale and marketing of our products. We may be unable to attract distributors, resellers and integrators, as planned, that can market our products effectively and provide timely and cost-effective customer support and service. There is also a risk that some or all of our distributors, resellers or integrators may be acquired, may change their business models or may go out of business, any of which could have an adverse effect on our business. Further, our distributors, integrators and resellers may carry competing lines of products. The loss of important sales personnel, distributors, integrators or resellers could adversely affect us.

We depend on our key personnel for the success of our business and the loss of one or more of our key personnel could have an adverse effect on our ability to manage our business or could be negatively perceived in the capital markets.

Our success and our ability to manage our business depend, in large part, upon the efforts and continued service of our senior management team. The loss of one or more of our key personnel could have a material adverse effect on our business and operations. It could be difficult for us to find replacements for our key personnel, as competition for such personnel is intense. Further, such a loss could be negatively perceived in the capital markets, which could reduce the market value of our securities.

 

20


Table of Contents

If we fail to continue to attract and retain qualified personnel, our business may be harmed.

Our future success depends upon our ability to continue to attract and retain highly qualified scientific, technical, sales and managerial personnel. Competition for such personnel is intense and there can be no assurance that we can attract other highly qualified personnel in the future. If we cannot retain or are unable to hire such key personnel, our business, financial condition and results of operations could be significantly adversely affected.

Changes in our effective tax rate may have an adverse effect on our results of operations.

Our future effective tax rates may be adversely affected by a number of factors including the distribution of income among the various countries in which we operate, changes in the valuation of our deferred tax assets, increases in expenses not deductible for tax purposes, including the impairment of goodwill in connection with acquisitions, changes in share-based compensation expense, and changes in tax laws or the interpretation of such tax laws and changes in generally accepted accounting principles. Any significant increase in our future effective tax rates could adversely impact net income for future periods.

Our worldwide income tax provisions and other tax accruals may be insufficient if any taxing authorities assume taxing positions that are contrary to our positions.

Significant judgment is required in determining our provision for income taxes and other taxes such as sales and VAT taxes. There are many transactions for which the ultimate tax outcome is uncertain. Some of these uncertainties arise as a consequence of intercompany agreements to purchase intellectual properties, allocate revenue and allocate costs, each of which could ultimately result in changes once the arrangements are reviewed by taxing authorities. Although we believe that our approach to determining the amount of such arrangements is reasonable, we cannot be certain that the final tax authority review of these matters will not differ materially from what is reflected in our historical income tax provisions and other tax accruals. Such differences could have a material effect on our income tax provisions or benefits, or other tax accruals, in the period in which such determination is made, and consequently, on our results of operations for such period.

Any acquisitions we make could disrupt our business and harm our financial condition or results.

We may make investments in complementary companies, products or technologies. Should we do so, our failure to successfully structure or manage future acquisitions could seriously harm our financial condition or operating results. The expected benefits of any acquisition may not be realized. In the event of any future purchases, we will face additional financial and operational risks, including:

 

   

Difficulty in assimilating the operations, technology and personnel of acquired companies;

 

   

Disruption in our business because of the allocation of resources to consummate these transactions and the diversion of management’s attention from our existing business;

 

   

Difficulty in retaining key technical and managerial personnel from acquired companies;

 

   

Dilution of our stockholders, if we issue equity to fund these transactions;

 

   

Reduced liquidity, increased debt and higher amortization expenses;

 

   

Assumption of operating losses, increased expenses and liabilities;

 

   

Our relationships with existing employees, customers and business partners may be weakened or terminated as a result of these transactions;

 

   

Discovery of unanticipated issues and liabilities;

 

   

Failure to meet expected returns; and

 

   

Failure to cause acquired financial reporting and internal control processes to be compliant with requirements applicable to companies subject to SEC reporting.

 

21


Table of Contents

Reported revenue may fluctuate widely due to the interpretation or application of accounting rules.

Our sales arrangements often include multiple elements, including hardware, software and maintenance. The accounting rules for such arrangements are complex and subject to change from time to time. Small changes in circumstances could cause wide deviations in the timing of reported revenue.

Indemnity provisions in various agreements potentially expose us to substantial liability for intellectual property infringement and other losses.

Our agreements with customers, solution partners and channel partners include indemnification provisions under which we agree to indemnify them for losses suffered or incurred as a result of claims of intellectual property infringement and, in some cases, for damages caused by us to property or persons. Large indemnity payments could harm our business, operating results and financial condition.

Risks Related to the Market

We face significant competition and if we lose or fail to gain market share our financial results will suffer.

The market for computer and network security products and services is highly competitive. Our competitors include organizations that provide computer and network security products based upon approaches similar to and different from those that we employ. Many of our competitors have significantly greater financial, marketing, technical and other competitive resources than we do. As a result, our competitors may be able to adapt more quickly to new or emerging technologies and changes in customer requirements, or to devote greater resources to the promotion and sale of their products.

A decrease of average selling prices for our products and services could adversely affect our business.

The average selling prices for our solution offerings may decline as a result of competitive pricing pressures or a change in our mix of products, software and services. In addition, competition continues to increase in the market segments in which we participate and we expect competition to further increase in the future, thereby leading to increased pricing pressures. Furthermore, we anticipate that the average selling prices and gross profits for our products will decrease over product life cycles. To realize higher prices and gross margins, we must continue to develop and introduce new products and services that incorporate new technologies or increased functionality. If we experience pricing pressures or fail to develop new products, our revenue and gross margins could decline, which could harm our business, financial condition and results of operations.

We may need additional capital in the future and our failure to obtain capital would interfere with our growth strategy.

Our ability to obtain financing will depend on a number of factors, including market conditions, our operating performance and investor interest. These factors may make the timing, amount, terms and conditions of any financing unattractive. They may also result in our incurring additional indebtedness or accepting stockholder dilution. If adequate funds are not available or are not available on acceptable terms, we may have to forego strategic acquisitions or investments, defer our product development activities, or delay the introduction of new products.

We experience variations in quarterly operating results and sales are subject to seasonality, both of which may result in a volatile stock price.

In the future, as in the past, our quarterly operating results may vary significantly, resulting in a volatile stock price. Factors affecting our operating results include:

 

   

The level of competition;

 

22


Table of Contents
   

The size, timing, cancellation or rescheduling of significant orders;

 

   

New product announcements or introductions by competitors;

 

   

Technological changes in the market for data security products including the adoption of new technologies and standards;

 

   

Changes in pricing by competitors;

 

   

Our ability to develop, introduce and market new products and product enhancements on a timely basis, if at all;

 

   

Component costs and availability;

 

   

Our success in expanding our sales and marketing programs;

 

   

Market acceptance of new products and product enhancements;

 

   

Changes in foreign currency exchange rates; and

 

   

General economic conditions in the countries in which we operate.

We also experience seasonality in all markets. These seasonal trends are most notable in the summer months, particularly in Europe, when many businesses defer purchase decisions.

Our stock price may be volatile for reasons other than variations in our quarterly operating results.

The market price of our common stock may fluctuate significantly in response to factors, some of which are beyond our control, including the following:

 

   

Actual or anticipated fluctuations in our quarterly or annual operating results;

 

   

Differences between actual operating results and results estimated by analysts that follow our stock and provide estimates of our results to the market;

 

   

Differences between guidance relative to financial results, if given, and actual results;

 

   

Changes in market valuations of other technology companies;

 

   

Announcements by us or our competitors of significant technical innovations, contracts, acquisitions, strategic partnerships, joint ventures or capital commitments;

 

   

Additions or departures of key personnel;

 

   

Future sales of common stock;

 

   

Trading volume fluctuations; and

 

   

Reactions by investors to uncertainties in the world economy and financial markets.

A small group of persons control a substantial amount of our common stock and could delay or prevent a change of control.

Our Board of Directors, our officers and their immediate families and related entities beneficially own approximately 26%, with Mr. T. Kendall Hunt beneficially owning approximately 23%, of the outstanding shares of our common stock. As the Chairman of the Board of Directors, Chief Executive Officer and our largest stockholder, Mr. Hunt may exercise substantial control over our future direction and operation and such concentration of control may have the effect of discouraging, delaying or preventing a change in control and may also have an adverse effect on the market price of our common stock.

 

23


Table of Contents

Certain provisions of our charter and of Delaware law make a takeover of our company more difficult.

Our corporate charter and Delaware law contain provisions, such as a class of authorized but unissued preferred stock which may be issued by our board without stockholder approval that might enable our management to resist a takeover of our company. Delaware law also limits business combinations with interested stockholders. These provisions might discourage, delay or prevent a change in control or a change in our management. These provisions could also discourage proxy contests, and make it more difficult for you and other stockholders to elect directors and take other corporate actions. The existence of these provisions could limit the price that investors might be willing to pay in the future for shares of our common stock.

Future issuances of blank check preferred stock may reduce voting power of common stock and may have anti-takeover effects that could prevent a change in control.

Our corporate charter authorizes the issuance of up to 500,000 shares of preferred stock with such designations, rights, powers and preferences as may be determined from time to time by our Board of Directors, including such dividend, liquidation, conversion, voting or other rights, powers and preferences as may be determined from time to time by the Board of Directors without further stockholder approval. The issuance of preferred stock could adversely affect the voting power or other rights of the holders of common stock. In addition, the authorized shares of preferred stock and common stock could be utilized, under certain circumstances, as a method of discouraging, delaying or preventing a change in control.

Risks Related to Technology and Intellectual Property

Technological changes occur rapidly in our industry and our development of new products is critical to maintain our revenue.

The introduction by our competitors of products embodying new technologies and the emergence of new industry standards could render our existing products obsolete and unmarketable. Our future revenue growth and operating profit will depend in part upon our ability to enhance our current products and develop innovative products to distinguish ourselves from the competition and to meet customers’ changing needs in the data security industry. We cannot assure you that security-related product developments and technology innovations by others will not adversely affect our competitive position or that we will be able to successfully anticipate or adapt to changing technology, industry standards or customer requirements on a timely basis.

Our business could be negatively impacted by cyber security incidents and other disruptions.

Our use of technology is increasing and is critical in three primary areas of our business:

 

  1. Software and information systems that we use to help us run our business more efficiently and cost effectively;

 

  2. The products we have traditionally sold and continue to sell to our customers for integration into their software applications contain technology that incorporates the use of secret numbers and encryption technology; and

 

  3. Products and services providing security through our servers (or in the cloud from our customers’ perspective).

A cyber incident in any of these areas of our business could disrupt our ability to take orders or deliver product to our customers, cause us to suffer significant monetary and other losses and significant reputational harm, or substantially impair our ability to grow the business. We expect that there are likely to be hacking attempts intended to impede the performance of our products, disrupt our services and harm our reputation as a company, as the processes used by computer hackers to access or sabotage technology products, services and networks are rapidly evolving in sophistication.

 

24


Table of Contents

In July 2011, we experienced a cyber incident related to DigiNotar B.V. Please see Part I. Item 1 – Business – Our Background, Part II. Item 7 – Management’s Discussion and Analysis of Financial Condition and Results of Operations, and Note 3 to our consolidated financial statements for a description of the hacking incident at DigiNotar B.V., the termination of DigiNotar B.V’s registration as a certification service provider and DigiNotar B.V.’s bankruptcy. Please see Part I. Item 3 – Legal Proceedings for a description of legal proceedings related to the cyber security incident at DigiNotar B.V. Our losses from discontinued operations resulting from these events may increase as a result of unanticipated costs associated with DigiNotar B.V.’s bankruptcy, potential claims that may arise in connection with the hacking incidents, further impairment of our investment in DigiNotar, the time frame in which the additional costs may be incurred, our inability to recover amounts held in escrow relating to our acquisition of DigiNotar, our inability to offset amounts that may be owed to DigiNotar B.V. by other VASCO affiliates against amounts owed to VASCO affiliates by DigiNotar B.V., and our inability to effectively integrate certain intellectual property acquired from DigiNotar into our operations.

Our products contain third-party, open-source software and failure to comply with the terms of the underlying open-source software licenses could restrict our ability to sell our products or otherwise result in claims of infringement.

Our products are distributed with software programs licensed to us by third-party authors under “open-source” licenses, which may include the GNU General Public License, the GNU Lesser Public License, the BSD License and the Apache License. These open-source software programs include, without limitation, Linux, Apache, Openssl, IPTables, Tcpdump, Postfix, Cyrus, Perl, Squid ,Snort, Ruby, Rails, PostgreSQL, MongoDB and Puppet. These third-party, open-source programs are typically licensed to us for no fee and the underlying license agreements generally require us to make available to users the source code for such programs, as well as the source code for any modifications or derivative works we create based on these third-party, open-source software programs.

We do not believe that we have created any modifications or derivative works to, an extended version of, or works based on, any open-source software programs referenced above. We include instructions to users on how to obtain copies of the relevant open-source code and licenses.

We do not provide end users a copy of the source code to our proprietary software because we believe that the manner in which our proprietary software is aligned or communicates with the relevant open-source programs does not create a modification, derivative work or extended version of, or a work based on, that open-source program requiring the distribution of our proprietary source code.

Our ability to commercialize our products by incorporating third-party, open-source software may be restricted because, among other reasons:

 

   

the terms of open-source license agreements are unclear and subject to varying interpretations, which could result in unforeseen obligations regarding our proprietary products or claims of infringement;

 

   

it may be difficult to determine the developers of open-source software and whether such licensed software infringes another party’s intellectual property rights;

 

   

competitors will have greater access to information by obtaining these open source products, which may help them develop competitive products; and

 

   

open-source software potentially increases customer support costs because licensees can modify the software and potentially introduce errors.

 

25


Table of Contents

We must continue to attract and retain highly skilled technical personnel for our research and development department.

The market for highly skilled technicians in Europe, Asia, Australia and the United States is highly competitive. If we fail to attract, train, assimilate and retain qualified technical personnel for our research and development department, we will experience delays in introductions of new or modified products, loss of clients and market share and a reduction in revenue.

We cannot be certain that our research and development activities will be successful.

While management is committed to enhancing our current product offerings and introducing new products, we cannot be certain that our research and development activities will be successful. Furthermore, we may not have sufficient financial resources to identify and develop new technologies and bring new products to market in a timely and cost effective manner, and we cannot ensure that any such products will be commercially successful if and when they are introduced.

We depend significantly upon our proprietary technology and intellectual property and the loss of or the successful challenge to our proprietary rights could require us to redesign our products or require us to enter into royalty or licensing agreements, any of which could reduce revenue and increase our operating costs.

We currently rely on a combination of patent, copyright and trademark laws, trade secrets, confidentiality agreements and contractual provisions to protect our proprietary rights. We seek to protect our software, documentation and other written materials under trade secret and copyright laws, which afford only limited protection, and generally enter into confidentiality and nondisclosure agreements with our employees and with key vendors and suppliers.

There has been substantial litigation in the technology industry regarding intellectual property rights, and we may have to litigate to protect our proprietary technology.

We expect that companies in the computer and information security market will increasingly be subject to infringement claims as the number of products and competitors increases. Any such claims or litigation may be time-consuming and costly, cause product shipment delays, require us to redesign our products or require us to enter into royalty or licensing agreements, harm our reputation, cause our customers to use our competitors’ products or divert the efforts and attention of our management and technical personnel from normal business operations, any of which could reduce revenue and increase our operating costs.

Our patents may not provide us with competitive advantages.

We hold several patents in the United States and in other countries, which cover multiple aspects of our technology. The majority of our patents cover the DIGIPASS product line. These patents expire between 2014 and 2027. We do not believe that patents expiring in 2014 will affect revenues, profitability, or increase competition. In addition to the issued patents, we also have several patents pending in the United States, Europe and other countries. There can be no assurance that we will continue to develop proprietary products or technologies that are patentable, that any issued patent will provide us with any competitive advantages or will not be challenged by third parties, or that patents of others will not hinder our competitive advantage. Although certain of our security token technologies are patented, there are other organizations that offer token-type password generators incorporating challenge-response or response-only approaches that employ different technological solutions and compete with us for market share.

We are subject to warranty and product liability risks.

A malfunction of or design defect in our products which results in a breach of a customer’s data security could result in tort or warranty claims against us. We seek to reduce the risk of these losses by

 

26


Table of Contents

attempting to negotiate warranty disclaimers and liability limitation clauses in our sales agreements. However, these measures may ultimately prove ineffective in limiting our liability for damages. We do not presently maintain product liability insurance for these types of claims.

In addition to any monetary liability for the failure of our products, an actual or perceived breach of network or data security at one of our customers could adversely affect the market’s perception of us and our products, and could have an adverse effect on our reputation and the demand for our products. Similarly, an actual or perceived breach of network or data security within our own systems could damage our reputation and have an adverse effect on the demand for our products.

There is significant government regulation of technology exports and to the extent we cannot meet the requirements of the regulations we may be prohibited from exporting some of our products, which could negatively impact our revenue.

Our international sales and operations are subject to risks such as the imposition of government controls, new or changed export license requirements, restrictions on the export of critical technology, trade restrictions and changes in tariffs. If we become unable to obtain foreign regulatory approvals on a timely basis our business in those countries would no longer exist and our revenue would decrease dramatically. Certain of our products are subject to export controls under U.S. law. The list of products and countries for which export approval is required, and the regulatory policies with respect thereto may be revised from time to time and our inability to obtain required approvals under these regulations could materially and adversely affect our ability to make international sales.

We employ cryptographic technology in our authentication products that uses complex mathematical formulations to establish network security systems.

Many of our products are based on cryptographic technology. With cryptographic technology, a user is given a key that is required to encrypt and decode messages. The security afforded by this technology depends on the integrity of a user’s key and in part on the application of algorithms, which are advanced mathematical factoring equations. These codes may eventually be broken or become subject to government regulation regarding their use, which would render our technology and products less effective. The occurrence of any one of the following could result in a decline in demand for our technology and products:

 

   

Any significant advance in techniques for attacking cryptographic systems, including the development of an easy factoring method or faster, more powerful computers;

 

   

Publicity of the successful decoding of cryptographic messages or the misappropriation of keys; and

 

   

Increased government regulation limiting the use, scope or strength of cryptography.

Risks Related to International Operations

We face a number of risks associated with our international operations, any or all of which could result in a disruption in our business and a decrease in our revenue.

In 2013, approximately 93% of our revenue and approximately 82% of our operating expenses were generated/incurred outside of the U.S. In 2012, approximately 93% of our revenue and approximately 81% of our operating expenses were generated/incurred outside of the U.S. A severe economic decline in any of our major foreign markets could adversely affect our results of operations and financial condition.

In addition to exposures to changes in the economic conditions of our major foreign markets, we are subject to a number of risks any or all of which could result in a disruption in our business and a decrease in our revenue. These include:

 

   

Inconsistent regulations and unexpected changes in regulatory requirements;

 

27


Table of Contents
   

Export controls relating to our technology;

 

   

Difficulties and costs of staffing and managing international operations;

 

   

Potentially adverse tax consequences;

 

   

Wage and price controls;

 

   

Uncertain protection for intellectual property rights;

 

   

Imposition of trade barriers;

 

   

Differing technology standards;

 

   

Uncertain demand for electronic commerce;

 

   

Linguistic and cultural differences;

 

   

Political instability; and

 

   

Social unrest.

We are subject to foreign exchange risks, and improper management of that risk could result in large cash losses.

Because a significant number of our principal customers are located outside the United States, we expect that international sales will continue to generate a significant portion of our total revenue. We are subject to foreign exchange risks because the majority of our costs are denominated in U.S. Dollars, whereas a significant portion of the sales and expenses of our foreign operating subsidiaries are denominated in various foreign currencies. A decrease in the value of any of these foreign currencies relative to the U.S. Dollar could affect the profitability in U.S. Dollars of our products sold in these markets. We do not currently hold forward exchange contracts to exchange foreign currencies for U.S. Dollars to offset currency rate fluctuations.

We must comply with governmental regulations setting environmental standards.

Governmental regulations setting environmental standards influence the design, components or operation of our products. New regulations and changes to current regulations are always possible and, in some jurisdictions, regulations may be introduced with little or no time to bring related products into compliance with these regulations. Our failure to comply with these regulations may prevent us from selling our products in a certain country. In addition, these regulations may increase our cost of supplying the products by forcing us to redesign existing products or to use more expensive designs or components. In these cases, we may experience unexpected disruptions in our ability to supply customers with products, or we may incur unexpected costs or operational complexities to bring products into compliance. This could have an adverse effect on our revenues, gross profit margins and results of operations and increase the volatility of our financial results.

Over the last several years, we have become subject to the Restriction on the Use of Hazardous Substances Directive 2002/95/EC (also known as the “RoHS Directive”) and the Waste Electrical and Electronic Equipment Directive (also known as the “WEEE Directive”). These directives restrict the distribution of products containing certain substances, including lead, within applicable geographies and require a manufacturer or importer to recycle products containing those substances.

These directives affect the worldwide electronics and electronics components industries as a whole. If we or our customers fail to comply with such laws and regulations, we could incur liabilities and fines and our operations could be suspended.

 

28


Table of Contents

We or our suppliers may be impacted by new regulations related to climate change.

In addition to the European environmental regulations noted above, we or our suppliers may become subject to new laws enacted with regards to climate change. In the event that new laws are enacted or current laws are modified in countries in which we or our suppliers operate, our flow of product may be impacted and/or the costs of handling the potential waste associated with our products may increase dramatically, either of which could result in a significant negative impact on our ability to operate or operate profitably.

The effects of new regulations relating to conflict minerals may adversely affect our business.

The Dodd-Frank Wall Street Reform and Consumer Protection Act contains provisions to improve transparency and accountability concerning the supply of certain minerals and derivatives referred to as “conflict minerals” which may originate from the conflict zones of the Democratic Republic of Congo (DRC) and adjoining countries. As a result, in August 2012 the SEC established new annual disclosure and reporting requirements for those companies who use “conflict” minerals in their products, whether or not the products are manufactured by third parties. These new requirements will require due diligence efforts for the 2013 calendar year, including country of origin inquiries to determine the sources of conflict minerals used in our products and other potential changes to products, processes or sources of supply as a consequence of such verification activities, with initial disclosure requirements beginning in May 2014. We have determined we are subject to these new disclosure requirements, as the types of minerals covered by these rules are present in most electronic devices.

Since we are subject to these new requirements, we will incur additional costs associated with complying with the disclosure requirements, such as costs related to determining the source of any conflict minerals used in our products. As these new requirements are implemented, they could affect the pricing, sourcing and availability of minerals used in the manufacture of components in our devices, and in turn could affect the costs and availability of such components. Our supply chain is complex and we may be unable to verify the origins for all metals used in our products. We may also encounter challenges with our customers and stakeholders if we are unable to certify that our products are conflict free.

U.S. investors may have difficulties in making claims for any breach of their rights as holders of shares because some of our assets and executives are not located in the United States.

Several of our executives and key employees are residents of foreign countries, and a substantial portion of our assets and those of some of our executives and key employees are located in foreign countries. As a result, it may not be possible for investors to effect service of process on those persons located in foreign countries, or to enforce judgments against some of our executives and key employees based upon the securities or other laws of jurisdictions in those foreign countries.

Our business in countries with a history of corruption and transactions with foreign governments increase the risks associated with our international activities.

As we operate and sell internationally, we are subject to the U.S. Foreign Corrupt Practices Act (FCPA), and other laws that prohibit improper payments or offers of payments to foreign governments and their officials and political parties by U.S. and other business entities for the purpose of obtaining or retaining business. We have operations, deal with and make sales to governmental or quasi-governmental customers in countries known to experience corruption, particularly certain countries in the Middle East, Africa, East Asia and South America, and further expansion of our international selling efforts may involve additional regions. Our activities in these countries create the risk of unauthorized payments or offers of payments by one of our employees, consultants, sales agents or channel partners that could be in violation of various laws, including the FCPA and the U.K. Bribery Act, even though these parties are not always subject to our control. Violations of the FCPA may result in severe criminal or civil sanctions, including suspension or debarment from U.S. government contracting, and we may be subject to other liabilities, which could negatively affect our business, operating

 

29


Table of Contents

results and financial condition. Violations of the U.K. Bribery Act may result in severe criminal or civil sanctions and we may be subject to other liabilities which could negatively affect our business operating results and financial condition.

Item 1B - Unresolved Staff Comments

None.

Item 2 - Properties

Our corporate headquarters is located in Oakbrook Terrace, Illinois, and our U.S. sales office is located in Marlborough, Massachusetts.

Our international headquarters is in Zurich, Switzerland. Our European operational headquarters is located in a suburb of Brussels, Belgium. We conduct sales and marketing, research and development and customer support activities from our operational headquarters. Also in Belgium are our logistics facility in Mollem, and an operations facility in Mechelen. In the Netherlands, we have two research and development facilities, one of which also houses a sales office. Additionally, we have research and development facilities in Cambridge, United Kingdom, Bordeaux, France and Vienna, Austria.

Our Australian sales office is located in Sydney.

In the Asia/Pacific region we currently have sales offices in Singapore, Beijing, China, and Tokyo, Japan as well as a liaison office in Shanghai, China.

We have sales offices in Mumbai, India, Sao Paulo, Brazil, Dubai, and London, United Kingdom, and conduct sales activities through liaison offices and agents in Germany, Turkey, Russia, Mexico, and Colombia.

All of our properties are leased and we believe that these facilities are adequate for our present growth plans.

Item 3 - Legal Proceedings

On September 19, 2011, one of our wholly-owned subsidiaries, DigiNotar B.V., a company organized and existing in The Netherlands, filed a bankruptcy petition under Article 4 of the Dutch Bankruptcy Act in the Haarlem District Court, The Netherlands. On September 20, 2011, the court declared DigiNotar B.V. bankrupt and appointed a bankruptcy trustee and a bankruptcy judge to manage all affairs of DigiNotar B.V. through the bankruptcy process. The trustee took over management of DigiNotar B.V.’s business activities and is responsible for the administration and liquidation of DigiNotar B.V. In connection with the bankruptcy of DigiNotar B.V., subsequent to September 20, 2011, a number of claims and counter-claims have been filed in The Netherlands related to discontinued assets and liabilities and other remedies available to us.

On September 26, 2011, we received a Civil Investigative Demand from the Federal Trade Commission (FTC) in connection with its non-public investigation of the hacking incidents at DigiNotar B.V. In March 2012, we were informed by the FTC that the investigation had been completed. The FTC has not alleged any wrongdoing on our part.

We are from time to time involved in litigation incidental to the conduct of our business. Excluding matters related to DigiNotar B.V. discussed above, we are not currently a party to any lawsuit or proceeding which, in the opinion of management, is likely to have a material adverse effect on our business, financial condition or results of operations.

Item 4 - Mine Safety Disclosures

Not applicable.

 

30


Table of Contents

PART II

Item 5 - Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

Our common stock, par value $0.001 per share, trades on the NASDAQ Capital Market under the symbol VDSI.

The following table sets forth the range of high and low daily closing prices of our common stock on the NASDAQ Capital Market for the past two years.

 

2013

   High      Low  
     

Fourth quarter

   $ 7.95       $ 7.20   

Third quarter

     8.96         7.86   

Second quarter

     8.66         8.11   

First quarter

     8.75         7.60   

2012

   High      Low  

Fourth quarter

   $ 9.35       $ 6.99   

Third quarter

     10.25         7.14   

Second quarter

     10.79         6.85   

First quarter

     10.92         6.52   

On March 1, 2014, there were 89 registered holders and approximately 7,300 street name holders of the company’s common stock.

We have not paid any dividends on our common stock since incorporation. The declaration and payment of dividends will be at the sole discretion of the Board of Directors and subject to certain limitations under the General Corporation Law of the State of Delaware. The timing, amount and form of dividends, if any, will depend, among other things, on the company’s results of operations, financial condition, cash requirements, plans for expansion and other factors deemed relevant by the Board of Directors. The company intends to retain any future earnings for use in its business and therefore does not anticipate paying any cash dividends in the foreseeable future.

Recent Sales of Unregistered Securities

None

Issuer Purchases of Equity Securities

None

 

31


Table of Contents

Stock Performance Graph

The Stock Performance Graph below compares the cumulative total return through December 31, 2013, assuming reinvestment of dividends, by an investor who invested $100.00 on December 31, 2008, in each of (i) our common stock, (ii) the Russell 2000 index, (iii) the Standard Industrial Code Index 3577 – Computer Peripheral Equipment, NEC and (iv) a comparable industry (the peer group) index selected by the company. The peer group for this purpose consists of: Accelrys, Inc., Actuate Corporation, American Software, Inc., CommVault Systems, Inc., EBIX, Inc., Fortinet, Inc., Guidance Software, Inc., Interactive Intelligence Group, Inc., Monotype Imaging Holdings, Inc., PROS Holdings, Inc., QAD Inc., and Seachange International, Inc. The stock price performance shown on the graph below is not necessarily indicative of future price performance.

LOGO

 

     Dec-08      Dec-09      Dec-10      Dec-11      Dec-12      Dec-13  

VASCO Data Security International, Inc.

     100.00         60.79         78.70         63.12         78.99         74.83   

Russell 2000 Index

     100.00         127.09         161.17         154.44         179.75         249.53   

3577 Computer Peripheral Equipment NEC

     100.00         145.90         129.82         115.09         125.82         154.57   

Peer Group

     100.00         164.49         235.99         286.95         335.89         398.92   

 

32


Table of Contents

Item 6 - Selected Financial Data (in thousands, except per share data)

 

     Year ended December 31,  
     2013      2012     2011     2010      2009  

Statements of Operations Data:

            

Revenue

   $ 155,047       $ 154,029      $ 168,082      $ 107,963       $ 101,695   

Operating income from continuing operations

     13,712         21,027        24,765        12,390         12,643   

Net income from continuing operations

     10,967         16,229        24,251        10,806         11,862   

Net income (loss) from discontinued operations

     180         (630     (6,118     0         0   

Net income available to common stockholders

     11,147         15,599        18,113        10,806         11,862   

Diluted income from continuing operations per common share

     0.28         0.42        0.63        0.28         0.31   

Diluted (loss) from discontinued operations per common share

     0.00         (0.02     (0.16     0.00         0.00   

Diluted net income per common share

     0.28         0.40        0.47        0.28         0.31   

Balance Sheet Data:

            

Cash and equivalents

   $ 98,607       $ 106,469      $ 84,497      $ 85,533       $ 67,601   

Working capital

     124,538         129,487        108,590        96,889         87,632   

Total assets

     211,877         186,506        168,923        142,941         132,724   

Long term obligations

     493         238        1,956        683         1,095   

Total stockholders equity

     174,278         156,320        135,799        116,493         108,376   

Cash dividends declared per common share

     0         0        0        0         0   

 

33


Table of Contents

Item 7 - Management’s Discussion and Analysis of Financial Condition and Results of Operations

(in thousands, except head count, ratios, time periods and percentages)

Unless otherwise noted, references in this Annual Report on Form 10-K to “VASCO”, “company”, “we”, “our”, and “us” refer to VASCO Data Security International, Inc. and its subsidiaries.

Cautionary Note Regarding Forward-Looking Statements

This Annual Report on Form 10-K, including Management’s Discussion and Analysis of Financial Condition and Results of Operations and Quantitative and Qualitative Disclosures About Market Risk contains forward-looking statements within the meaning of Section 21E of the Securities Exchange Act of 1934, as amended and Section 27A of the Securities Act of 1933, as amended concerning, among other things, our expectations regarding the prospects of, and developments and business strategies for, VASCO and our operations, including the development and marketing of certain new products and services and the anticipated future growth in certain markets in which we currently market and sell our products and services or anticipate selling and marketing our products or services in the future. These forward-looking statements (1) are identified by use of terms and phrases such as “expect”, “believe”, “will”, “anticipate”, “emerging”, “intend”, “plan”, “could”, “may”, “estimate”, “should”, “objective”, “goal”, “possible”, “potential”, “projected” and similar words and expressions, but such words and phrases are not the exclusive means of identifying them, and (2) are subject to risks and uncertainties and represent our present expectations or beliefs concerning future events. VASCO cautions that the forward-looking statements are qualified by important factors that could cause actual results to differ materially from those in the forward-looking statements. Factors that could cause actual results to differ materially from those contemplated above include, among others, our ability to integrate and effectively sell Cronto’s technology, our ability to recover amounts held in escrow related to our acquisition of DigiNotar and unanticipated costs associated with DigiNotar’s bankruptcy or potential claims that may arise in connection with the hacking incidents at DigiNotar. These additional risks, uncertainties and other factors have been described in greater detail in this Annual Report on Form 10-K and include, but are not limited to, (a) risks specific to VASCO, including, demand for our products and services, competition from more established firms and others, pressures on price levels and our historical dependence on relatively few products, certain suppliers and certain key customers, (b) risks inherent to the computer and network security industry, including rapidly changing technology, evolving industry standards, increasingly sophisticated hacking attempts, increasing numbers of patent infringement claims, changes in customer requirements, price competitive bidding, and changing government regulations, and (c) risks of general market conditions, including currency fluctuations and the uncertainties resulting from turmoil in world economic and financial markets. Thus, the results that we actually achieve may differ materially from any anticipated results included in, or implied by these statements. Except for our ongoing obligations to disclose material information as required by the U.S. federal securities laws, we do not have any obligations or intention to release publicly any revisions to any forward-looking statements to reflect events or circumstances in the future or to reflect the occurrence of unanticipated events.

General

The following discussion is based upon our consolidated results of operations for the years ended December 31, 2013, 2012 and 2011 (percentages in the discussion, except for returns on average net cash balances, are rounded to the closest full percentage point) and should be read in conjunction with our consolidated financial statements included elsewhere in this Annual Report on Form 10-K.

We design, develop, market and support open standards-based hardware and software security systems that manage and secure access to information assets. We also design, develop, market and support patented strong user authentication products and services for e-business and e-commerce. Our products enable secure financial transactions to be made over private enterprise networks and public networks, such as the internet. Our strong user authentication is delivered via our hardware and software DIGIPASS security products, many of which incorporate an electronic and digital signature capability, which further protects the integrity of electronic transactions and data transmissions. Some of our DIGIPASSES are compliant with the Europay MasterCard Visa

 

34


Table of Contents

(“EMV”) standard and are compatible with the MasterCard and VISA Chip Authentication Program (“CAP”). Some of our DIGIPASSES comply with the Initiative for Open Authentication (“OATH”). As evidenced by our current customer base, most of our products are purchased by businesses and, depending on the application, are distributed to either their employees or their customers. Those customers may be other businesses or, as an example in the case of internet banking, our customer banks’ corporate and retail customers. In future years, we expect that our customers will increasingly use our cloud-based service offering, DIGIPASS as a Service (“DPS”) or MYDIGIPASS.COM (“MDP”) or together (“DPS/MDP”) as described below.

Our target market is any business process that uses some form of electronic interface, particularly the internet, where the owner of that process is at risk if unauthorized users can gain access to its process and either obtain proprietary information or execute transactions that are not authorized. Our products can not only increase the security associated with accessing the business process, thereby reducing the losses from unauthorized access, but also, in many cases, can reduce the cost of the process itself by automating activities that were previously performed manually.

We offer our products either through: (a) a product sales and licensing model or (b) through our services platform, which includes both our DPS product offering, which was first made available in the fourth quarter of 2010, and our MDP product offering, which was introduced in April 2012. DPS/MDP is our cloud-based authentication platform. Our product license and sales model is expected to be used in situations where the application owner wants to control all of the critical aspects of the authentication process. We expect that our services platform will be used by: (a) companies lacking technical resources or expertise to implement a full authentication process or preferring to focus their primary attention on other aspects of their business rather than on the authentication process or (b) consumers that are aware of the dangers posed by identity theft.

By using our DPS/MDP authentication platform, business customers can deploy two-factor authentication more quickly, incur less upfront costs and be able to use strong authentication when logging onto a larger number of internet sites and applications. We expect those applications using DPS/MDP to include B2B applications and B2E applications (e.g., employees of companies logging into third party applications operated in the cloud). We believe that corporations or application service providers will pay us a fee based on either the number of users accessing their application through our platform or the number of authentication clicks consumed by their users when accessing their application.

While there were minimal revenues generated from the services platform to date, we expect that DPS/MDP will start making a contribution in 2014. We believe that DPS/MDP has the potential for significant future growth as it will make two-factor authentication more affordable and readily available to users and application markets.

In January 2011, we acquired an internet trusted certificate authority/provider, in a two-step process. In the first step, we acquired all of the intellectual property of DigiNotar Holding B.V. and its subsidiaries. In the second step we acquired 100% of the stock of DigiNotar B.V. and DigiNotar Notariaat B.V. (collectively, “DigiNotar”). In July 2011, DigiNotar B.V. detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains. On September 14, 2011, the Dutch Independent Post and Telecommunications Authority (OPTA) Commission terminated the registration of DigiNotar B.V. as a certification service provider that issues qualified certificates. As a result of the termination of its registration as a certification service provider, DigiNotar B.V. filed for bankruptcy and the Haarlem District Court, The Netherlands declared DigiNotar B.V. bankrupt on September 20, 2011.

Following the bankruptcy of DigiNotar B.V., we have not and do not plan to participate in the certificate authority business, which was DigiNotar B.V.’s core product. We have, however, been able to use the intellectual property acquired from DigiNotar and DigiNotar Holding B.V. to create our own PKI-secured applications, such as document signing, registration and storage solutions, which we believe have strengthened our core authentication product line and expanded opportunities for us on our DPS/MDP platform.

 

35


Table of Contents

In April 2011, we acquired Alfa & Ariss, an authority in the field of developing open identity and access management solutions. Alfa & Ariss brought additional important know-how and engineering capabilities in the fields of linking applications in the cloud. We believe that the acquisition of Alfa & Ariss will support the long-term growth strategy of our services and enterprise and application security businesses.

In May 2013, we acquired Cronto, a provider of secure visual transaction authentication solutions for online banking. Using the patented Cronto technology, customers can establish a secure optical communication channel with their client and display the details of a transaction in an encrypted graphical cryptogram consisting of a matrix of colored dots, which are displayed on the end user’s screen. Account holders can simply “scan” the image with our device to verify the transaction details and respond with an electronic signature, if needed. We believe that the acquisition of Cronto will support the long-term growth strategy of all of our businesses.

Industry Growth: We do not believe that there are any accurate measurements of the total industry’s size or the industry’s growth rate. We believe, however, that the industry using our product sales and licensing model will grow at a significant rate as the use of the internet increases and the awareness of the risks of using the internet become more prevalent among application owners. We also believe that a market will develop for our cloud-based service offering and grow at a significant rate as business owners and consumers become more aware of the risks involved in conducting business over the internet. We expect that growth will be driven by new government regulations, growing awareness of the impact of identity theft, and the growth in commerce that is transacted electronically. The issues driving the growth are global issues and the rate of adoption in each country is a function of that country’s culture, the competitive position of businesses operating in that country, the country’s overall economic conditions and the degree to which businesses and consumers within the country use technology.

Economic Conditions: Our revenue may vary significantly with changes in the economic conditions in the countries in which we currently sell products. With our current concentration of revenue in Europe and specifically in the banking/finance vertical market, significant changes in the economic outlook for the European Banking market may have a significant effect on our revenue.

There continues to be significant global economic uncertainty, including Europe, our most important market. While it appears that circumstances that led to the sovereign debt crisis have abated, many significant economic issues have not been addressed fully. As a result, we expect that Europe will continue to face difficult economic conditions in 2014. We believe that the current economic conditions in Europe may limit our growth opportunities in the Enterprise and Application Security market, but do not expect that the economic conditions will have a significant impact on the Banking market. Should the sovereign debt issue escalate, especially to the point that a country defaults on its debt or the European Union, or Euro Monetary Union, either disbands or is re-formulated, we expect that the resulting economic difficulties would have a major negative impact on the global economy, not just the economies of Western Europe, and our business.

Cyber security: Our use of technology is increasing and is critical in three primary areas of our business:

 

  1. Software and information systems that we use to help us run our business more efficiently and cost effectively;

 

  2. The products we have traditionally sold and continue to sell to our customers for integration into their software applications contain technology that incorporates the use of secret numbers and encryption technology; and

 

  3. Products and services, such as DPS/MDP, providing authentication services through our servers (or in the cloud from our customers’ perspective).

We believe that the risks and consequences of potential incidents in each of the above areas are different.

 

36


Table of Contents

In the case of the information systems we use to help us run our business, we believe that an incident could disrupt our ability to take orders or deliver product to our customers, but such a delay in these activities would not have a material impact on our overall results. To minimize this risk, we actively use various forms of security and monitor the use of our systems regularly to detect potential incidents as soon as possible.

In the case of products that we have traditionally sold, we believe that the risk of a potential cyber incident is minimal. We offer our customers the ability to either create the secret numbers themselves or have us create the numbers on their behalf. When asked to create the numbers, we do so in a secure environment with limited physical access and store the numbers on a system that is not connected to any other network, including other VASCO networks, and similarly, is not connected to the internet.

In the case of our new products and services, which involve the active daily processing of the secret numbers on our servers or servers managed by others in a hosted environment, we believe a cyber incident could have a material impact on our future business. We also believe that these products may be more susceptible to cyber attacks than our traditional products since it involves the active processing of transactions using the secret numbers. While we do not have a significant amount of revenue from these products today, we believe that these products have the potential to provide substantial future growth. A cyber incident involving these products in the future could substantially impair our ability to grow the business and we could suffer significant monetary and other losses and significant reputational harm.

To minimize the risk, we review our security procedures on a regular basis. Our reviews include the processes and software programs we are currently using as well as new forms of cyber incidents and new or updated software programs that may be available in the market that would help mitigate the risk of incidents. While we do not have insurance of any kind against cyber incidents today, we would likely review insurance policies related to our new product offering in the future. Overall, we expect the cost of securing our networks will increase in future periods, whether through increased staff, systems or insurance coverage.

In July 2011, we experienced a cyber incident related to DigiNotar B.V. We expect that there are likely to be other hacking attempts intended to impede the performance of our products, disrupt our services and harm our reputation as a company, as the processes used by computer hackers to access or sabotage technology products, services and networks are rapidly evolving. As discussed above, our business could be subject to significant disruption, and we could suffer monetary and other losses and reputational harm, in the event of such incidents.

While we did not experience any cyber incident in 2013 or 2012 that had a significant impact on our business or receive any significant claims in 2013 or 2012 related to the bankruptcy of DigiNotar in 2011, it is possible that we could receive a claim or could experience an incident in 2014, which could result in unanticipated costs.

Our losses from discontinued operations resulting from the these events may be exceeded as a result of unanticipated costs associated with DigiNotar B.V.’s bankruptcy, potential claims that may arise in connection with the hacking incidents, further impairment of our investment in DigiNotar, the timeframe in which the impairment costs will be incurred or our inability to recover amounts held in escrow relating to our acquisition of DigiNotar.

See Note 3 to the financial statements for additional information associated with a cyber security incident involving DigiNotar B.V. that we experienced in July 2011. See also Part I, Item 3 - Legal Proceedings for a description of legal proceedings related to the cyber security incident in 2011.

Income Taxes: Our effective tax rate reflects our global structure related to the ownership of our intellectual property (“IP”). All our IP is owned by two subsidiaries, one in the U.S. and one in Switzerland. These two subsidiaries have entered into agreements with most of the other VASCO entities under which those

 

37


Table of Contents

other entities provide services to our U.S. and Swiss subsidiaries on either a percentage of revenue or on a cost plus basis or both. Under this structure, the earnings of our service provider subsidiaries are relatively constant. These service provider companies tend to be in jurisdictions with higher effective tax rates. Fluctuations in earnings tend to flow to the U.S. company and Swiss company. Earnings flowing to the U.S. company are expected to be taxed at a rate of 35% to 40%, while earnings flowing to the Swiss company are expected to be taxed at a rate ranging from 8% to 12%.

With the majority of our revenues being generated outside of the U.S., our consolidated effective tax rate is strongly influenced by the effective tax rate of our foreign operations. Changes in the effective rate related to foreign operations reflect changes in the geographic mix of where the earnings are realized and the tax rates in each of the countries in which it is earned. The statutory tax rate for the primary foreign tax jurisdictions ranges from 8% to 35%.

The geographic mix of earnings of our foreign subsidiaries will primarily depend on the level of our service provider subsidiaries’ pretax income, which is recorded as an expense by the U.S. and Swiss subsidiaries and the benefit that is realized in Switzerland through the sales of product. The level of pretax income in our service provider subsidiaries is expected to vary based on:

 

  1. the staff, programs and services offered on a yearly basis by the various subsidiaries as determined by management, or

 

  2. the changes in exchange rates related to the currencies in the service provider subsidiaries, or

 

  3. the amount of revenues that the service provider subsidiaries generate.

For items 1 and 2 above, there is a direct impact in the opposite direction on earnings of the U.S. and Swiss entities. Any change from item 3 is generally expected to result in a larger change in income in the U.S. and Swiss entities in the direction of the change (increased revenues expected to result in increased margins/pretax profits and conversely decreased revenues expected to result in decreased margins/pretax profits).

In addition to the provision of services, the intercompany agreements transfer the majority of the business risk to our U.S. and Swiss subsidiaries. As a result, the contracting subsidiaries’ pretax income is reasonably assured while the pretax income of the U.S. and Swiss subsidiaries varies directly with our overall success in the market.

Currency Fluctuations. In 2013, approximately 93% of our revenue and approximately 82% of our operating expenses were generated/incurred outside of the U.S. In 2012, approximately 93% of our revenue and approximately 81% of our operating expenses were generated/incurred outside of the U.S. As a result, changes in currency exchange rates, especially the Euro to U.S. Dollar, can have a significant impact on revenue and expenses. To minimize the net impact of currency on operating earnings, we attempt to denominate an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency. If our revenue in Europe continues as it is now, where Euro-based operating expenses exceed Euro-denominated revenues, we do not expect that we will be able to balance fully the exposures of currency exchange rates on revenue and operating expenses. In periods in which the U.S. Dollar is weakening, we expect that our operating income will increase as a result of the change in currency exchange rates. Conversely, in periods in which the U.S. Dollar is strengthening, we expect that our operating income will decrease as a result of the change in currency exchange rates.

In 2013 compared to 2012, the U.S. Dollar, on average, weakened approximately 3% against the Euro and strengthened approximately 7% against the Australian Dollar. In 2012 compared to 2011, on average, the U.S. Dollar strengthened approximately 9% against the Euro, but was essentially flat against the Australian Dollar. We estimate that the net impact of the change in currency rates in 2013 compared to 2012 resulted in an increase in revenue of approximately $708 and an increase in operating expenses of $1,280. We also estimate that the change in currency rates in 2012 compared to 2011 resulted in a decrease in revenue of approximately $4,005 and a decrease in operating expenses of $4,553.

 

38


Table of Contents

The financial position and the results of operations of most of our foreign subsidiaries, with the exception of our subsidiaries in Switzerland and Singapore, are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates generated other comprehensive income of $1,906 and $1,677 in 2013 and 2012, respectively, and a loss of $2,120 in 2011. These amounts are included as a separate component of stockholders’ equity. The functional currency for both our subsidiaries in Switzerland and Singapore is the U.S. Dollar.

Gains and losses resulting from foreign currency transactions are included in the consolidated statements of operations as other non-operating income/expense. In 2013, 2012 and 2011, we reported foreign exchange transaction losses of $624, $410 and $760, respectively.

Revenue

Revenue by Geographic Regions: We classify our sales by customers’ location in four geographic regions: 1) EMEA, which includes Europe, the Middle East and Africa; 2) the United States, which for our purposes includes sales in Canada; 3) Asia Pacific Rim; and 4) Other Countries, including Australia, Latin America and India. The breakdown of revenue in each of our major geographic areas was as follows:

 

Year

   Europe, Middle
East, Africa
(EMEA)
    United
States
    Asia
Pacific
    Other
Countries
    Total  

Total Revenue:

          

2013

   $ 95,794      $ 11,781      $ 27,356      $ 20,116      $ 155,047   

2012

     94,992        11,143        32,783        15,111        154,029   

2011

     111,575        16,025        14,738        25,744        168,082   

Percent of Total:

          

2013

     62     7     18     13     100

2012

     62     7     21     10     100

2011

     66     10     9     15     100

2013 Compared to 2012

Total revenue in 2013 increased $1,018 (or 1%) from 2012. The increase in total revenue was primarily attributable to an increase in non-hardware products sold to the Banking market and the strengthening of the Euro as compared to the U.S. Dollar, as noted above, partially offset by a decrease in hardware products sold to the both the Banking and Enterprise and Application Security markets. Please see the discussion below under “Revenue by Target Market” for additional information regarding the changes in revenue from the Banking market and the Enterprise and Application Security market.

Revenue generated in EMEA for the full-year 2013 was $802 (or 1%) higher in 2013 than in 2012. The increase reflected an increase of approximately 2% in revenue from the Banking market partially offset by a decrease of 3% in revenue from the Enterprise and Application Security market. We estimate that the change in currency rates increased revenues in EMEA by $1,080 compared to 2012. Had currency exchange rates in 2013 remained unchanged from 2012, revenues in EMEA would have been less than 1% lower than in full-year 2012.

Revenue generated in the United States for the full-year 2013 was $638 (or 6%) higher in 2013 than in 2012. Revenue was approximately 9% higher in the Banking market, but flat in the Enterprise and Application Security market when compared to the revenue for full-year 2012. In 2013, the U.S. market continued to defer the adoption of two factor authentication for retail internet banking applications. The results in the U.S. also reflected strong competition, especially in the Enterprise and Application Security market.

 

39


Table of Contents

Revenue generated in Asia Pacific for the full-year 2013 was $5,427 (or 17%) lower in 2013 than in 2012. Revenue was approximately 22% lower in the Banking market and 55% higher in the Enterprise and Application Security market when compared to the revenue for full-year 2012. We believe the region offers substantial opportunities for future growth as our sales offices in Japan and Beijing mature and the two-factor authentication market expands.

Revenue generated in other countries for the full-year 2013 was $5,005 (or 33%) higher in 2013 than in 2012. Revenue in other countries was approximately 53% higher in the Banking market and 58% lower in the Enterprise and Application Security market when compared to the revenue for full-year 2012. We estimate that the change in currency rates decreased revenues in other countries by $301 compared to 2012 due in large part to the strengthening of the U.S. Dollar compared to the Australian Dollar. Had currency exchange rates in 2013 remained unchanged from 2012, revenues in other countries would have been approximately 35% higher than in full-year 2012. We expect that revenue from other countries will be more volatile than our other regions given the earlier stage of development of the authentication market in those countries. VASCO, however, plans to continue to invest in new markets based on our estimates of the market’s demand for strong user authentication.

Given the relatively small size of the revenue in regions other than EMEA, the results may vary substantially year-to-year on both an absolute and on a percentage basis depending upon the timing of the receipt and delivery of a large new order or the completion of a large rollout. We believe that the variability in results will lessen as we develop a larger base of Banking customers and further develop our distribution channel and direct touch sales model for the Enterprise and Application Security market.

2012 Compared to 2011

Total revenue in 2012 decreased $14,053 or 8% from 2011. The decrease in total revenue was primarily attributable to a decrease in hardware products sold to both the Banking and Enterprise and Application Security markets and the strengthening of the U.S. Dollar as compared to the Euro, as noted above, partially offset by an increase in non-hardware products sold to the both the Banking and Enterprise and Application Security markets.

Revenue generated in EMEA for the full-year 2012 was $16,583 (or 15%) lower in 2012 than in 2011. The decrease reflected a decrease of approximately 18% in revenue from the Banking market and a decrease of 3% in revenue from the Enterprise and Application Security markets. We estimate that the change in currency rates decreased revenues in EMEA by $3,983 compared to 2011. Had currency exchange rates in 2012 remained unchanged from 2011, revenues in EMEA would have been approximately 11% lower than in full-year 2011.

Revenue generated in the United States for the full-year 2012 was $4,882 (or 30%) lower in 2012 than in 2011. Revenue was approximately 33% lower in the Banking market and 27% lower in the Enterprise and Application Security markets than in full-year 2011.

Revenue generated in Asia Pacific for the full-year 2012 was $18,045 (or 122%) higher in 2012 than in 2011. Revenue was approximately 153% higher in the Banking market and 19% lower in the Enterprise and Application Security markets than in full-year 2011.

Revenue generated in other countries for the full-year 2012 was $10,633 (or 41%) lower in 2012 than in 2011. Revenue in other countries was approximately 48% lower in the Banking market and 61% higher in the Enterprise and Application Security markets.

Revenue by Target Market: Revenue is generated currently from two primary markets, (1) Banking and (2) Enterprise and Application Security, through the use of both direct and indirect sales channels. The Enterprise and Application Security market includes products used by employees of corporations to secure their internal networks (the Enterprise Security market) and business-to-business, business-to-consumer, e-commerce,

 

40


Table of Contents

e-government, e-gaming and other vertical applications (the Application Security market) that are not related to banking or finance. In addition, revenues from services-related activities, such as maintenance and support are included in the Enterprise and Application Security market. Management currently views the Enterprise and Application Security market as one market because the same products are sold using the same methods to both groups (i.e., a direct touch model and channel distribution model). Sales to the Enterprise and Application Security market are generally for smaller quantities and higher prices than sales made to the Banking market. The breakdown of revenue between the two primary markets is as follows:

 

Year

   Banking     Enterprise &
Application
Security
    Total  

Total Revenue:

      

2013

   $ 126,781      $ 28,266      $ 155,047   

2012

     124,676        29,353        154,029   

2011

     136,975        31,107        168,082   

Percent of Total:

      

2013

     82     18     100

2012

     81     19     100

2011

     81     19     100

2013 Compared to 2012

Revenue for the full year 2013 from the Banking market increased $2,105 (or 2%) from 2012 and revenue from the Enterprise and Application Security market decreased $1,087 or 4% in the same period.

The increase in the Banking market reflects an increase in non-hardware revenue and the benefit of currency exchange rates partially offset by a decline in revenue from hardware products. The decline in revenue from the Enterprise and Application Security market reflects a decrease in both hardware and non-hardware products sold partially offset by the benefit of currency exchange rates.

The changes in revenue in both markets reflects the transaction nature of our business where the absolute amount of revenue reported in any given period is a reflection of transactions closed in that period. Also, given the sustainable, repeatable nature of our revenue model, we believe that the growth over a longer period of time reflects the growth in our customer base, which we expect will lead to continued increases in revenues in future years, albeit with uneven growth reported annually. We expect that customers that have purchased our products in prior years will replace those products in future years for several reasons, including but not limited to;

 

   

upgrading to products that provide a higher level of security (e.g., our products with electronic or digital signing capability) to counteract the increasing sophistication of parties attempting to steal their customers’ identities or conduct man-in-the-middle attacks,

 

   

establishing a competitive advantage in their market place by providing technology that differs from their competitors,

 

   

expanding the use of our products to provide security over new applications that may be offered by the bank, and

 

   

replacing existing products that may have been lost or are reaching the end of their useful lives.

2012 Compared to 2011

Revenue for the full year 2012 from the Banking market decreased $12,299 (or 9%) from 2011 and revenue from the Enterprise and Application Security market decreased $1,754 or 6% in the same period.

 

41


Table of Contents

The decrease in both the Banking and Enterprise and Application Security markets reflects a decrease in hardware products sold and a decrease in revenue resulting from the strengthening of the U.S. Dollar as compared to the Euro, as previously noted, partially offset by an increase in non-hardware related revenues in both the Banking and Enterprise and Application Security markets.

Gross Profit and Operating Expenses

The following table sets forth, for the periods indicated, certain consolidated financial data as a percentage of revenue from continuing operations for the years ended December 31, 2013, 2012 and 2011.

 

     Percentage of Revenue Year
Ended December 31,
 
     2013     2012     2011  

Revenue

     100.0     100.0     100.0

Cost of goods sold

     35.6        35.4        35.7   
  

 

 

   

 

 

   

 

 

 

Gross profit

     64.4        64.6        64.3   

Operating costs

      

Sales and marketing

     26.0        24.5        24.0   

Research and development

     13.8        12.2        11.1   

General and administrative

     13.7        13.0        13.3   

Amortization of purchased intangible assets

     2.1        1.2        1.2   
  

 

 

   

 

 

   

 

 

 

Total operating costs

     55.6        50.9        49.6   
  

 

 

   

 

 

   

 

 

 

Operating income

     8.8        13.7        14.7   

Interest income, net

     0.1        0.2        0.3   

Other income (expense), net

     0.2        0.2        0.3   
  

 

 

   

 

 

   

 

 

 

Income before income taxes

     9.1        14.1        15.3   

Provision for income taxes

     2.0        3.6        0.9   
  

 

 

   

 

 

   

 

 

 

Net income

     7.1        10.5        14.4   
  

 

 

   

 

 

   

 

 

 

Gross Profit

2013 Compared to 2012

Consolidated gross profit for 2013 was $99,871, an increase of $306, or less than 1%, from the $99,565 reported for 2012. Gross profit as a percentage of revenue (“gross profit margin”) was 64% in 2013 compared to 65% in 2012. The decrease in the gross profit margin was primarily attributable to the following factors:

 

   

an unfavorable mix of products sold, with revenues from the Enterprise and Application Security market decreasing from 19% to 18% of our total revenue, and

 

   

a decline in the gross margins from hardware products sold in the Banking market, which were

partially offset by

 

   

an increase in non-hardware revenues as a percentage of total revenues,

 

   

a reduction in the amount of inventory written down to our estimate of lower of cost or market, and

 

   

lower non-product costs such as freight and customization costs.

Gross margin on product sold reflects the specific mix of product and quantities sold in each period. As the size of deals increase, the gross margin generally declines. For 2013, gross margin from product sold in the Banking market was approximately 2.1 percentage points lower than in 2012. Gross margins from product sold in the Enterprise and Application Security market was approximately 0.2 percentage points higher in 2013 compared to 2012.

 

42


Table of Contents

We experienced an increase in the gross profit margin in 2013 due to an increase in non-hardware related revenues. Non-hardware revenue as a percentage of total revenue was approximately 28% in 2013 compared to 24% in 2012. The amount of non-hardware revenue increased by approximately 15% in 2013 compared to 2012. Non-hardware revenue can have a gross profit margin that is approximately 20 to 30 percentage points higher than hardware-related revenue, depending on the model and quantity of the hardware units sold.

We monitor our inventory levels on a regular basis and write down the value of selected inventory items to their expected net realizable value when it appears that the value of the item may not be realized through the ultimate sale of a finished product. The total amount of the inventory write down was approximately $1,095 for the full-year 2013 compared to $2,176 for full-year 2012. Going forward, we believe that similar adjustments may be needed reflecting the risk associated with making estimates of future demand and buying inventory to meet that demand on a recurring basis.

The cost of shipping our products to customers was lower in 2013 than in 2012. We continue to work with our customers to plan deliveries in such a way that we can minimize our freight costs, typically by using a non-expedited shipment process such as by sea rather than by air. We estimate that the reduction in shipping costs increased our gross margin as a percent of revenue by approximately 0.4 percentage points.

Changes in currency exchange rates had a positive impact on our gross profit margins in 2013. The majority of our inventory purchases are denominated in U.S. Dollars. As previously noted, our sales are denominated in various currencies, including the Euro and Australian Dollar. As the U.S. Dollar strengthened in 2013 when compared to the Euro in 2012, revenue as measured in U.S. Dollars increased from sales made in Euros, without a corresponding decrease in cost of goods sold. The impact from changes in currency rates, as noted above, is estimated to have increased revenue and gross margin by approximately $708 for the full year 2013. Had the currency rates in 2013 been equal to the rates in 2012, the gross profit margin would have been approximately 0.2 percentage points lower for the year ended December 31, 2013.

2012 Compared to 2011

Consolidated gross profit for 2012 was $99,565, a decrease of $8,547, or 8%, from the $108,112 reported for 2011. Gross profit as a percentage of revenue (“gross profit margin”) was 65% in 2012 compared to 64% in 2011. The increase in the gross profit margin was primarily attributable to the following factors:

 

   

an increase in non-hardware revenues as a percentage of total revenues,

 

   

a reduction in card readers as a percentage of total revenue, and

 

   

lower non-product costs such as freight and customization costs,

partially offset by

 

   

an increase in provision for inventory obsolescence, and

 

   

a decline in the gross margins related to the strengthening of the U.S. Dollar compared to other currencies.

We experienced an increase in the gross profit margin from non-hardware related revenues generated in both the Banking and the Enterprise and Application Security markets. Non-hardware revenue as a percentage of total revenue was approximately 24% in 2012 compared to 21% in 2011. The amount of non-hardware revenue increased by approximately 4% in 2012 compared to 2011. Non-hardware revenue can have a gross profit margin that is approximately 20 to 30 percentage points higher than hardware-related revenue, depending on the model and quantity of the hardware units sold.

 

43


Table of Contents

Card readers represented 14% of our total revenue in 2012 as compared to 19% of our total revenue in 2011. Card readers generally have a gross profit margin that is approximately 25 to 35 percentage points lower than other hardware-related margins, due to competitive pricing pressures. There are a number of competitors in the EMV market that produce card reader products with fewer features at a lower cost than our products.

The cost of shipping our products to customers was lower in 2012 than in 2011. In the first half of 2011, we incurred increased costs associated with shipping our products on an expedited basis to ensure that we met our delivery commitments to customers. As we worked through 2011, we reduced the number of expedited shipments to a more normalized level and maintained that program throughout 2012. We estimate that the reduction in shipping costs increased our gross margin as a percent of revenue by approximately 1.9 percentage points.

We monitor our inventory levels on a quarterly basis and write down the value of selected inventory items to their expected net realizable value when it appears that the value of the item may not be realized through the ultimate sale of a finished product. The total amount of the inventory write down was approximately $2,176 for the full-year 2012 compared to $1,558 for full-year 2011. Going forward, we believe that similar adjustments may be needed reflecting the risk associated with making estimates of future demand and buying inventory to meet that demand on a recurring basis.

Changes in currency exchange rates had a negative impact on our gross profit margins in 2012. The majority of our inventory purchases are denominated in U.S. Dollars. As previously noted, our sales are denominated in various currencies, including the Euro and Australian Dollar. As the U.S. Dollar strengthened in 2012 when compared to the Euro in 2011, revenue as measured in U.S. Dollars decreased from sales made in Euros, without a corresponding decrease in cost of goods sold. The impact from changes in currency rates, as noted above, is estimated to have decreased revenue by approximately $4,405 for the full year 2012. Had the currency rates in 2012 been equal to the rates in 2011, the gross profit margin would have been approximately 0.9 percentage points higher for the year ended December 31, 2012.

Operating Expenses

Our operating expenses are generally based on anticipated revenue levels and the majority of such expenses are fixed over short periods of time. As a result, small variations in the amount of revenue recognized in any given period could cause significant variations in the period-to-period comparisons of either the absolute amounts of operating income or operating income as a percentage of revenue. There are three primary factors that impact our operating expenses: our headcount levels, our stock-based incentive plan compensation expenses and the impact of changes in foreign exchange rates.

Generally, the most significant factor driving our operating expenses is our headcount. Direct compensation and benefit plan expenses generally represent between 55% and 65% of our operating expenses. In addition, a number of other expense categories are directly related to headcount. We attempt to manage our headcount within the context of the economic environments in which we operate and the investments that we believe we need to make to help ensure that our infrastructure is able to support future growth and ensure that our products are competitive. The headcount from continuing operations for 2010 through 2013 is recapped in the following table:

 

     Headcount at
December 31,
     % Increase (Decrease)
in Headcount
    Average Headcount
for Full Year*
     % Increase (Decrease)
in Average Headcount
 

2010

     342         16     319         6

2011

     358         5     355         11

2012

     374         4     367         3

2013

     396         6     392         7

 

  * Average is based on the headcount at the end of five consecutive quarters.

 

44


Table of Contents

In 2013, we increased our headcount, primarily in Sales and Marketing (“S&M”) in large part to focus on sales to into the Enterprise and Application Security market with a particular emphasis on our services platform. In addition, we announced the closure of our research and development facility in Brisbane, Australia as part of our effort to consolidate our research and development resources and improve efficiency. For 2014, we have made some additional staff reductions and, while we do not have plans to make any significant changes in our headcount, we plan to monitor our staffing levels in relation to our performance.

The comparison of operating expenses in both 2013 to 2012 and 2012 to 2011 were impacted by adjustments to our stock-based incentive plan compensation expenses. Stock-based incentive plan compensation expenses generally relate to stock-based, long-term performance incentives. For the full year of 2013, operating expenses included $2,587 of expense related to long-term incentive plans compared to expense of $3,726 in 2012 and expense of $6,117 in 2011.

In 2013, 2012 and 2011, we recorded adjustments to the accrual each year for such plans based on management’s determination of whether it was probable that the performance criteria for each plan outstanding at the end of each period would be met. With the shortfall to our performance targets in both 2013 and 2012, we did not record any costs associated with long-term, performance-based incentives awards in either year. With our strong performance in 2011, we achieved the performance targets that had been set in the 2009 plan awards for which management had determined in the fourth quarter of 2010, and maintained such determination through the end of the third quarter 2011, that it was improbable that we would meet the targets. As a result of achieving the targets, expense increased by $2,493 in the fourth quarter of 2011.

Sales and Marketing Expenses

2013 Compared to 2012

Consolidated sales and marketing expenses for the year ended December 31, 2013 were $40,323, an increase of $2,555, or 7%, from $37,768 reported for 2012. This increase in sales and marketing expenses primarily relates to:

 

   

higher compensation expenses of approximately $3,621, including the unfavorable impact of changes in currency exchange rates and an increase in average sales and marketing staff in 2013, and

 

   

expenses of approximately $256 related to Cronto, which was acquired in May 2013,

partially offset by

 

   

a decrease in long-term incentive compensation expenses of approximately $628.

We estimate that the sales and marketing expenses increased approximately $738 in 2013 primarily as a result of the strengthening of the Euro to the U.S. Dollar.

Our average full year headcount increased 9% in 2013 compared to 2012. The average full-time sales, marketing and operations employee headcount was 187 in 2013 compared to 171 in 2012. At year-end 2013, 2012 and 2011, the company employed 193, 172 and 167 sales, marketing and operations employees, respectively.

2012 Compared to 2011

Consolidated sales and marketing expenses for the year ended December 31, 2012 were $37,768, a decrease of $2,526, or 6%, from $40,294 reported for 2011. This decrease in sales and marketing expenses primarily relates to:

 

   

the benefit of $2,305 resulting from the strengthening of the U.S. Dollar primarily to the Euro, and

 

   

a decrease in long-term incentive compensation expenses of approximately $709.

 

45


Table of Contents

Our average full year headcount was essentially flat in 2012 compared to 2011.

Research and Development Expenses

2013 Compared to 2012

Consolidated research and development costs for the year ended December 31, 2013 were $21,315, an increase of $2,521, or 13%, from the $18,794 reported for 2012. The increase in research and development was primarily attributable to:

 

   

higher compensation expenses of approximately $1,614, including the unfavorable impact of changes in currency exchange rates and an increase in average research and development staff in 2013,

 

   

redundancy costs associated with the closure of the facility in Brisbane, Australia of $645, and

 

   

expenses of approximately $391 related to Cronto, which was acquired in May 2013,

partially offset by

 

   

a decrease in long-term incentive compensation expenses of approximately $221.

We estimate that the research and development expenses increased approximately $264 in 2013 primarily as a result of the strengthening of the Euro to the U.S. Dollar.

The average research and development headcount increased approximately 4% to 145 in 2013 from 140 in 2012. At year-end 2013, 2012 and 2011, the company employed 143, 143 and 136 research and development employees, respectively. The reduction in headcount related to the closure of the Brisbane, Australia research and development facility offset by increases in staff in other locations and research and development staff at Cronto, acquired in May 2013.

2012 Compared to 2011

Consolidated research and development costs for the year ended December 31, 2012 were $18,794, an increase of $158, or 1%, from the $18,636 reported for 2011. The increase in research and development was primarily attributable to:

 

   

higher compensation expenses of approximately $410, net of the beneficial impact of changes in currency exchange rates, primarily related to an increase in research and development staff in 2012,

partially offset by

 

   

the benefit of $1,272 resulting from the strengthening of the U.S. Dollar primarily to the Euro, and

 

   

a decrease in long-term incentive compensation expenses of approximately $278.

The average research and development headcount increased approximately 10% to 140 in 2012 from 128 in 2011.

General and Administrative Expenses

2013 Compared to 2012

Consolidated general and administrative expenses for the year ended December 31, 2013 were $21,196, an increase of $1,125 or 6%, from the $20,071 reported for 2012. The increase in general and administrative expense was primarily attributable to:

 

   

higher compensation expenses of approximately $1,225, including the unfavorable impact of changes in currency exchange rates, primarily related to an increase in average general and administrative staff in 2013,

 

46


Table of Contents

partially offset by

 

   

a decrease in long-term incentive compensation expenses of approximately $290.

We estimate that the research and development expenses increased approximately $278 in 2013 primarily as a result of the strengthening of the Euro to the U.S. Dollar.

The average full-time general and administrative employee headcount increased approximately 5% to 59 persons in 2013 from 56 persons in 2012. At year-end 2013, 2012 and 2011, the company employed 60, 59 and 55 general and administrative employees, respectively.

2012 Compared to 2011

Consolidated general and administrative expenses for the year ended December 31, 2012 were $20,071, a decrease of $2,379 or 11%, from the $22,450 reported for 2011. The decrease in general and administrative expense was primarily attributable to:

 

   

the benefit of $976 resulting from the strengthening of the U.S. Dollar primarily to the Euro, and

 

   

a decrease in long-term incentive compensation expenses of approximately $1,379.

The average full-time general and administrative employee headcount was flat with 56 persons in 2012 and 2011.

Amortization Expense

2013 Compared to 2012

Amortization expense for 2013 was $3,325, an increase of $1,420 or 75% from $1,905 reported for 2012. The increase was primarily related to the amortization of intangible assets associated with our acquisition of Cronto. in May 2013.

2012 Compared to 2011

Amortization expense for 2012 was $1,905, a decrease of $62 or 3% from $1,967 reported for 2011. The decrease was primarily due to the impact of changes in foreign exchange rates.

Interest Income, Net

2013 Compared to 2012

Consolidated net interest income was $162 in 2013 compared to $261 in 2012. The decrease in net interest income reflected a decrease in the average return on invested balances partially offset by an increase in the average net cash balance. Our return on average net cash balances was 0.2% in 2013 compared to 0.3% in 2012. Average net cash balances were $97,327 in 2013, an increase of $4,586 or 5% from $92,741 in 2012. We expect that the rates of return on invested cash will continue to be minimal in 2014.

2012 Compared to 2011

Consolidated net interest income was $261 in 2012 compared to $543 in 2011. The decrease in net interest income reflected a decrease in the average return on invested balances partially offset by an increase in the average net cash balance. Our return on average net cash balances was 0.3% in 2012 compared to 0.7% in 2011. Average net cash balances were $92,741 in 2012, an increase of $10,366 or 13% from $82,375 in 2011.

 

47


Table of Contents

Other Income (Expense), net

2013 Compared to 2012

Other income (expense), net in 2013 primarily included exchange gains (losses) on transactions that are denominated in currencies other than a subsidiary’s functional currency and subsidies received from foreign governments related to increasing trade in other countries or increasing spending on research and development. Other income was $240 in 2013 compared to $409 in 2012. The decrease in other income primarily reflects an increase in exchange losses. Exchange losses were $624 in 2013 compared to exchange losses of $410 in 2012.

2012 Compared to 2011

Other income (expense), net in 2012 primarily included exchange gains (losses) on transactions that are denominated in currencies other than a subsidiary’s functional currency and subsidies received from foreign governments related to increasing trade in other countries or increasing spending on research and development. Other income was $409 in 2012 compared to $500 in 2011. The decrease in other income primarily reflects a decline in government subsidies partially offset by a decrease in exchange losses. Exchange losses were $410 in 2012 compared to exchange losses of $760 in 2011.

Income Taxes

2013 Compared to 2012

Income tax expense for 2013 was $3,147, compared to $5,468 in 2012. The effective tax rate in 2013 was 22%, a decrease of 3 percentage points from 25% in 2012. The decrease in the rate in 2013 is primarily attributable to the fact that final payments were made by our Swiss and U.S. companies to purchase intellectual property from our other subsidiaries in 2012. As a result, income in higher tax foreign countries was lower in 2013 than in 2012.

2012 Compared to 2011

Income tax expense for 2012 was $5,468, compared to $1,557 in 2011. The effective tax rate in 2012 was 25%, an increase of 19 percentage points from 6% in 2011. The increase in the rate in 2012 is primarily attributable to the fact that 2011 included a significant benefit from the use of net operating loss carryforwards in the U.S., including the reversal of a valuation allowance related to the use of remaining U.S. net operating loss carryforwards in future years. The effective tax rate also increased slightly in 2012 as a result of having a higher percentage of our earnings subject to tax at the U.S. rate, which increases our overall effective tax rate.

Foreign Tax Credit and Loss Carryforwards Available

At December 31, 2013, we had foreign tax credit carryforwards of $5,058. Foreign tax credits of $944 expire in 2015 and the remaining $4,114 expire in 2023. We have not provided a valuation reserve for the foreign tax credits because we believe that it is more likely than not that they will be realized.

At December 31, 2013, we also had foreign NOL carryforwards of $5,093 and other foreign deductible carryforwards of $3,898. The foreign NOL carryforwards have no expiration dates and the other deductible carryforwards expire from 2016 to 2020. At December 31, 2013, we had a valuation allowance of $2,399 for certain foreign deferred tax assets. The reduction in the valuation allowance would decrease income tax expense in the period it is reduced. See Note 7 to the consolidated financial statements for more information on tax loss carryforwards.

 

48


Table of Contents

Income/Loss from Discontinued Operations

We had income from discontinued operations of $180 in 2013 compared to a loss of $630 for the full-year 2012. The income reported in 2013 reflected a change in the estimated cost to settle certain liabilities accrued in previous periods. Losses in 2012 primarily reflect the ongoing legal and other third party costs associated with the bankruptcy of DigiNotar in 2011.

Note 3 of the consolidated financial statements contains additional information about the discontinued operations. See Part 1, Item 1A – Risk Factors and Part 1, Item 3 - Legal Proceedings for additional information related to DigiNotar B.V.

Liquidity and Capital Resources

At December 31, 2013, we had net cash balances (total cash, cash equivalents and restricted cash less bank borrowings), totaling $98,607. We had no outstanding debt or restricted cash at December 31, 2013.

At December 31, 2013, we held $51,030 of cash in banks in the United States and $47,577 of cash in banks outside of the United States. Of that amount, $46,644 is not subject to significant repatriation restrictions, but would be subject to taxes upon repatriation. We have provided $380 of U.S. tax on foreign earnings of $46,012 available for repatriation. We have not provided U.S. tax on unremitted foreign earnings of $50,398 considered permanently invested.

Cash provided by operating activities was $10,331 during the year ended December 31, 2013. During 2013, we used $20,467 for investing activities, including $19, 495 for the purchase of Cronto and $944 for additions to property and equipment. Financing activities provided $2,435, primarily stock option proceeds and tax benefits.

Cash provided by operating activities was $23,035 during the year ended December 31, 2012. During 2012, we used $1,546 for investing activities, primarily for additions to property and equipment, and provided $441 from financing activities, primarily consisting of proceeds from the exercise of stock options. Capital expenditures were $1,337 for the year ended December 31, 2012.

The net effect of 2013 activity resulted in a decrease in net cash of $7,862 and a net cash balance of $98,607 at December 31, 2013, compared to $106,469 at the end of 2012. Our working capital at December 31, 2013 was $124,539, a decrease of $4,948 or 4% from $129,487 at December 31, 2012. The change is primarily attributable to the purchase of Cronto partially offset by the generation of positive cash flow from operations in 2013. Our current ratio was 4.3 to 1.0 at December 31, 2013.

The net effect of 2012 activity resulted in an increase in net cash of $21,972 and a net cash balance of $106,469 at December 31, 2012, compared to $84,497 at the end of 2011. Our working capital at December 31, 2012 was $129,487, an increase of $20,897 or 19% from $108,590 at December 31, 2011. The change is primarily attributable to the generation of positive cash flow from operations in 2012. Our current ratio was 5.3 to 1.0 at December 31, 2012.

We believe that our financial resources are adequate to meet our operating needs over the next twelve months.

While we believe that our financial resources are adequate to meet our operating needs over the next twelve months, the difficult current economic conditions that exist on a worldwide basis today may require us to modify our business plans. In the current economic environment there is a risk that customers may delay their orders until the economic conditions stabilize or improve further. If a significant number of orders are delayed for an indefinite period of time, our revenue and cash receipts may not be sufficient to meet the operating needs

 

49


Table of Contents

of the business. If this is the case, we may need to significantly reduce our workforce, sell certain of our assets, enter into strategic relationships or business combinations, discontinue some or all of our operations, or take other similar restructuring actions. While we expect that these actions would result in a reduction of recurring costs, they also may result in a reduction of recurring revenue and cash receipts. It is also likely that we would incur substantial non-recurring costs to implement one or more of these restructuring actions. See our “Risks Related to Our Business” in Item 1A, Risk Factors.

Off-Balance Sheet Arrangements

The company has no off-balance sheet arrangements.

Contractual Obligations

The company has the following contractual obligations:

 

     Payments due by period  
     Total      1 year      2-3
years
     4-5
years
     More than
5 years
 

Operating lease obligations

   $ 13,148       $ 3,858       $ 6,014       $ 2,802       $ 474   

Purchase obligations

     14,150         14,150         0         0         0   

Warranty reserve

     116         116         0         0         0   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 
   $ 27,414       $ 18,124       $ 6,014       $ 2,802       $ 474   
  

 

 

    

 

 

    

 

 

    

 

 

    

 

 

 

Purchase obligations are primarily for inventory. As further described in our Critical Accounting Policies, we regularly monitor inventories to ensure they are realizeable at stated values.

The company had $560 of unrecognized tax benefits as of both December 31, 2013 and 2012, which have been set aside in a reserve in accordance with ASC 740-10. These amounts are not included in the above table as the timing of payment of such obligations, if any, is not determinable.

Critical Accounting Policies and Estimates

Management’s Discussion and Analysis of Financial Condition and Results of Operations discusses our consolidated financial statements, which have been prepared in accordance with accounting principles generally accepted in the U.S. The preparation of these financial statements requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and the disclosure of contingent assets and liabilities at the date of the consolidated financial statements and the reported amounts of revenue and expenses during the reporting period.

On an on-going basis, management evaluates its estimates and judgments, including those related to bad debts, net realizable value of inventory and intangible assets. Management bases its estimates and judgments on historical experience and on various other factors that are believed to be reasonable under the circumstances, the results of which form the basis for making judgments about the carrying values of assets and liabilities that are not readily apparent from other sources. Actual results may differ from these estimates under different assumptions or conditions. Management believes the following critical accounting policies, among others, affect its more significant judgments and estimates used in the preparation of its consolidated financial statements.

Revenue Recognition

We recognize revenue in accordance with Financial Accounting Standards Board (“FASB”) Accounting Standards Codification (“ASC”) 985-605, Software – Revenue Recognition, ASC 985-605-25, Revenue Recognition – Multiple Element Arrangements and Staff Accounting Bulletin 104.

 

50


Table of Contents

Revenue is recognized when there is persuasive evidence that an arrangement exists, delivery has occurred, the fee is fixed or determinable and collection of the revenue is probable.

In multiple-element arrangements, some of our products are accounted for under the software provisions of ASC 985-605 and others under the provisions that relate to the sale of non-software products.

In our typical multiple-element arrangement, the primary deliverables include:

 

  1. a client component (i.e., an item that is used by the person being authenticated in the form of either a new standalone hardware device or software that is downloaded onto a device the customer already owns),

 

  2. host system software that is installed on the customer’s systems (i.e., software on the host system that verifies the identity of the person being authenticated) or licenses for additional users on the host system software if the host system software had been installed previously, and

 

  3. post contract support (PCS) in the form of maintenance on the host system software or support.

Our multiple-element arrangements may also include other items that are usually delivered prior to the recognition of any revenue and incidental to the overall transaction such as initialization of the hardware device, customization of the hardware device itself or the packaging in which it is delivered, deployment services where we deliver the device to our customer’s end-use customer or employee and, in some limited cases, professional services to assist with the initial implementation of a new customer.

In multiple-element arrangements that include a hardware client device, we allocate the selling price among all elements, delivered and undelivered, based on our internal price lists and the percentage of the selling price of that element, per the price list, to the total of the estimated selling price of all of the elements per the price list. Our internal price lists for both delivered and undelivered elements were determined to be reasonable estimates of the selling price of each element based on a comparison of actual sales made to the price list for each item delivered and to vendor specific objective evidence (VSOE) for undelivered items.

Undelivered elements primarily are PCS. The method by which we determine VSOE has validated that the price lists are reasonable estimates of the selling price for PCS. The estimated selling price of PCS items is based on an established percentage of the user license fee attributable to the specific software and is applied consistently to all PCS arrangements. The percentage we use to establish VSOE, which is also generally consistent with the percentage used in the price list, is developed using the “bell curve method”. This method relies on historical data to show that at least 80% of all our renewals are within 15% of the median renewal percentage rate.

In multiple-element arrangements that include a software client device, we continue to account for each element under the current standards of ASC 985-605 related to software. When software client device and host software are delivered elements, we use the Residual Method (ASC 605-25) for determining the amount of revenue to recognize for token and software licenses if we have VSOE for all of the undelivered elements. Any discount provided to the customer is applied fully to the delivered elements in such an arrangement. VSOE of fair value of PCS agreements is based on customer renewal transactions on a worldwide basis. In sales arrangements where VSOE of fair value has not been established, revenue for all elements is deferred and amortized over the life of the arrangement.

For transactions other than multiple-element arrangements, we recognize revenue as follows:

 

  1. Hardware Revenue and License Fees: Revenue from the sale of computer security hardware or the license of software is recorded upon shipment or, if an acceptance period is allowed, at the latter of shipment or customer acceptance. No significant obligations or contingencies exist with regard to delivery, customer acceptance or rights of return at the time revenue is recognized.

 

51


Table of Contents
  2. Maintenance and Support Agreements: Maintenance and support agreements generally call for us to provide software updates and technical support, respectively, to customers. Revenue on maintenance and technical support is deferred and recognized ratably over the term of the applicable maintenance and support agreement.

 

  3. Services: Subscription revenue is recognized ratably over the period in which the service is provided.

 

  4. Consulting and Education Services: We provide consulting and education services to our customers. Revenue from such services is recognized during the period in which the services are performed.

We recognize revenue from sales to distributors and resellers on the same basis as sales made directly to customers. We recognize revenue when there is persuasive evidence that an arrangement exists, delivery has occurred, the fee is fixed or determinable and collection of the revenue is probable.

For large-volume transactions, we may negotiate a specific price that is based on the number of users of the software license or quantities of hardware supplied. The per unit prices for large-volume transactions are generally lower than transactions for smaller quantities and the price differences are commonly referred to as volume-purchase discounts.

All revenue is reported on a net basis, excluding any sales taxes or value added taxes.

Allowance for Doubtful Accounts

We maintain allowances for doubtful accounts for estimated losses resulting from the inability of our customers to make payments for goods and services. We analyze accounts receivable, customer credit-worthiness, current economic trends and changes in our customer payment terms when evaluating the adequacy of the allowance for doubtful accounts. The allowance is based on a specific review of all significant past-due accounts. If the financial condition of our customers deteriorates, resulting in an impairment of their ability to make payments, additional allowances may be required.

Net Realizable Value of Inventory

We write down inventory where it appears that the carrying cost of the inventory may not be recovered through subsequent sale of the inventory. We analyze the quantity of inventory on hand, the quantity sold in the past year, the anticipated sales volume in the form of sales to new customers as well as sales to previous customers, the expected sales price and the cost of making the sale when evaluating the valuation of our inventory. If the sales volume or sales price of a specific model declines significantly, additional write-downs may be required.

Valuation of Goodwill and Other Intangible Assets and Software Development Costs

Impairment of Long-Lived and Intangible Assets:

Definite-lived intangible assets include proprietary technology and other intangible assets. Intangible assets other than patents with definite lives are amortized over the useful life, generally three to seven years for proprietary technology. Patents are amortized over the life of the patent, generally 20 years in the U.S.

Long-lived assets, including property, plant and equipment, definite-lived intangible assets being amortized and capitalized software costs, are reviewed for impairment in accordance with ASC 360-10, Property, Plant and Equipment, whenever events or changes in circumstances indicate that the carrying amount of the long-lived asset may not be recoverable. An impairment loss shall be recognized if the carrying amount of a

 

52


Table of Contents

long-lived asset exceeds the sum of the undiscounted cash flows expected to result from the use and eventual disposition of the asset. If it is determined that an impairment loss has occurred, the loss is measured as the amount by which the carrying amount of the long-lived asset exceeds its fair value. Long-lived assets held for sale are reported at the lower of carrying value or fair value less cost to sell.

Goodwill and other Intangible Assets:

We account for goodwill and indefinite-lived intangible assets in accordance with ASC 350-20, Intangibles-Goodwill and Other. We assess the impairment of goodwill and intangible assets with indefinite lives each November or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. Factors considered important which could trigger an impairment review include significant underperformance relative to expected historical or projected future operating results, significant changes in the manner of our use of the acquired assets or the strategy for our overall business, and significant negative industry or economic trends. Once identified, the amount of the impairment is computed by comparing the carrying value of the assets to the fair value, which is based on the discounted estimated future cash flows.

As further described in Note 3 to the consolidated financial statements, the bankruptcy of DigiNotar B.V. triggered an impairment review in 2011. As a result of the impairment review, we concluded that goodwill and other intangibles of DigiNotar were impaired and recorded pre-tax non-cash impairment charges of $2,873 for goodwill and $2,307 for other intangibles as they had not yet been fully integrated into our business. We have not recognized any impairment for the years ended December 31, 2013 or 2012 as the fair value of our reporting unit substantially exceeded the carrying amount.

Income Taxes:

At December 31, 2013, we had foreign tax credit carryforwards of $5,058 and foreign NOL carryforwards of $5,093. In addition, at December 31, 2013, we had other deductible carryforwards of $3,898. ASC 740-10 requires that valuation allowances be established for deferred tax assets if it is more likely than not that the assets will not be realized. We have provided valuation allowances against certain foreign deferred tax assets. (See Note 7 to the consolidated financial statements for more information regarding the NOL and valuation allowance.)

Also in accordance with ASC 740-10, we have unrecognized tax benefits related to uncertain tax positions. We have identified one exposure concerning cost allocations used in the implementation of our worldwide strategy related to the ownership of our intellectual property for which we had an unrecognized tax benefit of $560 at both December 31, 2013 and 2012, which is an offset to our U.S. deferred tax asset at the end of each respective period.

Recently Issued Accounting Pronouncements

From time to time, new accounting pronouncements are issued by the FASB or other standard setting bodies that are adopted by us as of the specified effective date. Unless otherwise discussed, our management believes that the impact of recently issued standards that are not yet effective will not have a material impact on our consolidated financial statements upon adoption.

Item 7A - Quantitative and Qualitative Disclosures about Market Risk (In thousands)

Foreign Currency Exchange Risk – In 2013, approximately 92% of our business was conducted outside the United States, primarily in Europe, Latin America and Asia/Pacific. A significant portion of our business operations is transacted in foreign currencies. As a result, we have exposure to foreign exchange fluctuations. We are affected by both foreign currency translation and transaction adjustments. Translation adjustments result from the conversion of the foreign subsidiaries’ balance sheets and income statements to U.S. Dollars at year-end

 

53


Table of Contents

exchange rates and weighted average exchange rates, respectively. Translation adjustments resulting from this process are recorded directly into stockholders’ equity. Transaction adjustments result from currency exchange movements when one of our companies transacts business in a currency that differs from its local currency. These adjustments are recorded as gains or losses in our statements of operations. Our business transactions are spread across numerous countries and currencies. This geographic diversity reduces the risk to our operating results. As noted in Management’s Discussion and Analysis above, we attempt to minimize the net impact of currency on operating earnings by denominating an amount of billings in a currency such that it would provide a hedge against the operating expenses being incurred in that currency.

Interest Rate Risk – We have minimal interest rate risk. We had no debt outstanding at December 31, 2013. Our cash is invested in short-term instruments at current market rates. If rates were to increase or decrease by one percentage point, the company’s interest income would increase or decrease approximately $986 annually.

Impairment Risk – At December 31, 2013, we had goodwill of $23,532 and other intangible assets of $16,733, primarily related to the acquisition of the stock of Cronto in 2013, the acquisition of the intellectual property of DigiNotar and the acquisition of the stock of Alfa & Ariss in 2012 and the acquisition of the stock of Logico Smart Card Solutions GmbH and its subsidiary, Logico Vertriebs GmbH, and Able N.V. in 2006. We assess the net realizable value of goodwill at least annually, and we assess the net realizable value of other intangible assets whenever events or circumstances change indicating that the carrying value may not be recoverable. As noted above in the discussion of Loss from Discontinued Operations in Management’s Discussion and Analysis, we experienced an impairment in 2011 in the value of the certain intangible assets related to DigiNotar due to termination of DigiNotar B.V.’s registration as a certificate service provider and the bankruptcy filing of DigiNotar B.V. See Note 3 to the consolidated financial statements for additional information on the impairment. We may incur additional impairment charges in future periods.

Item 8 - Financial Statements and Supplementary Data

The information in response to this item is included in our consolidated financial statements, together with the report thereon of KPMG LLP, appearing on pages F-1 through F-27 of this Form 10-K, and in Item 7 under the heading Management’s Discussion and Analysis of Financial Condition and Results of Operations.

Item 9 - Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

None.

Item 9A - Controls and Procedures

Evaluation of Disclosure Controls and Procedures

Our management, with the participation of our Chief Executive Officer and Chief Financial Officer, who, respectively, are our principal executive officer and principal financial officer, conducted an evaluation of the effectiveness of our disclosure controls and procedures (as defined in Rule 13a-15(e) and Rule 15d-15(e) under the Securities Exchange Act of 1934, as amended (the “Exchange Act”)) as of the end of the fiscal quarter ended December 31, 2013. Based on that evaluation, our Chief Executive Officer and Chief Financial Officer concluded that as of the end of the fiscal quarter ended December 31, 2013, our disclosure controls and procedures were effective to provide assurance that (i) the information required to be disclosed by us in our reports that we file or submit under the Exchange Act is recorded, processed, summarized and reported within the time periods specified in the SEC’s rules and forms, and (ii) information required to be disclosed by us in our reports that we file or submit under the Exchange Act is accumulated and communicated to our management, including our principal executive and principal financial officers, or persons performing similar functions, as appropriate to allow timely decisions regarding required disclosure.

 

54


Table of Contents

Changes in Internal Controls

There were no changes in the company’s internal control over financial reporting (as defined in Rule 13a-15(f) and 15d-15(f) under the Exchange Act) during the fiscal year ended December 31, 2013, that have materially affected, or are reasonably likely to materially affect, the company’s internal control over financial reporting.

Management’s Annual Report on Internal Control over Financial Reporting

The management of VASCO Data Security International, Inc. is responsible for establishing and maintaining adequate internal control over financial reporting. Our internal control system was designed to provide reasonable assurance to the company’s management and board of directors regarding the preparation and fair presentation of published financial statements. Internal control over financial reporting is defined in Rule 13a-15(f) or 15d-15(f) promulgated under the Exchange Act as a process designed by, or under the supervision of, the company’s principal executive and principal financial officers and effected by the company’s board of directors, management and other personnel, to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles and includes those policies and procedures that:

 

   

Pertain to the maintenance of records that in reasonable detail accurately and fairly reflect the transactions and dispositions of the assets of the company;

 

   

Provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and

 

   

Provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use or disposition of the company’s assets that could have a material effect on the financial statements.

Our management, including our Chief Executive Officer and Chief Financial Officer, do not expect that our disclosure controls and procedures or internal control over financial reporting will prevent all error and all fraud. While our disclosure controls and procedures and internal control over financial reporting are designed to provide reasonable assurance that their objectives are met, they cannot provide absolute assurance. The design of a control system must reflect the fact that there are resource constraints, and the benefits of controls must be considered relative to their costs. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues within a company are detected. The inherent limitations include the realities that judgments in decision-making can be faulty, and that breakdowns can occur because of simple errors or mistakes. Controls can also be circumvented by the individual acts of some persons, by collusion of two or more people or by management override of the controls. Because of the inherent limitations in a cost-effective control system, misstatements due to error or fraud may occur and may not be detected.

Notwithstanding the limitations noted above, our principal executive officer and principal financial officer have both concluded that our disclosure controls and procedures and internal control over financial reporting were effective at a reasonable level of assurance as of December 31, 2013.

Our management assessed the effectiveness of its internal control over financial reporting as of December 31, 2013. In making this assessment, it used the criteria based on the framework set forth by the Committee of Sponsoring Organizations of the Treadway Commission on Internal Controls (COSO) – Integrated Framework (1992). Based on our assessments we believe that, as of December 31, 2013, our internal control over financial reporting is effective based on those criteria.

Our independent registered public accounting firm, KPMG LLP, has issued an audit report on the effectiveness of our internal control over financial reporting. This report appears below.

 

55


Table of Contents

Report of Independent Registered Public Accounting Firm

The Board of Directors and Stockholders

VASCO Data Security International, Inc.:

We have audited VASCO Data Security International, Inc.’s internal control over financial reporting as of December 31, 2013, based on criteria established in Internal Control—Integrated Framework (1992) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). VASCO Data Security International, Inc.’s management is responsible for maintaining effective internal control over financial reporting and for its assessment of the effectiveness of internal control over financial reporting, included in the accompanying Management’s Annual Report on Internal Control over Financial Reporting. Our responsibility is to express an opinion on the Company’s internal control over financial reporting based on our audit.

We conducted our audit in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether effective internal control over financial reporting was maintained in all material respects. Our audit included obtaining an understanding of internal control over financial reporting, assessing the risk that a material weakness exists, and testing and evaluating the design and operating effectiveness of internal control based on the assessed risk. Our audit also included performing such other procedures as we considered necessary in the circumstances. We believe that our audit provides a reasonable basis for our opinion.

A company’s internal control over financial reporting is a process designed to provide reasonable assurance regarding the reliability of financial reporting and the preparation of financial statements for external purposes in accordance with generally accepted accounting principles. A company’s internal control over financial reporting includes those policies and procedures that (1) pertain to the maintenance of records that, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the company; (2) provide reasonable assurance that transactions are recorded as necessary to permit preparation of financial statements in accordance with generally accepted accounting principles, and that receipts and expenditures of the company are being made only in accordance with authorizations of management and directors of the company; and (3) provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition, use, or disposition of the company’s assets that could have a material effect on the financial statements.

Because of its inherent limitations, internal control over financial reporting may not prevent or detect misstatements. Also, projections of any evaluation of effectiveness to future periods are subject to the risk that controls may become inadequate because of changes in conditions, or that the degree of compliance with the policies or procedures may deteriorate.

In our opinion, VASCO Data Security International, Inc. maintained, in all material respects, effective internal control over financial reporting as of December 31, 2013, based on criteria established in Internal Control—Integrated Framework (1992) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the consolidated balance sheets of VASCO Data Security International, Inc. and subsidiaries as of December 31, 2013 and 2012, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2013, and our report dated March 12, 2014 expressed an unqualified opinion on those consolidated financial statements.

/s/ KPMG LLP

Chicago, Illinois

March 12, 2014

 

56


Table of Contents

PART III

Item 10 - Directors, Executive Officers and Corporate Governance

All information in response to this Item is incorporated by reference to the “Directors and Executive Officers” and “Section 16(a) Beneficial Ownership Compliance” sections of VASCO’s Proxy Statement for the 2014 Annual Meeting of Stockholders.

Item 11 - Executive Compensation

The information in response to this Item is incorporated by reference to the “Executive Compensation” section of VASCO’s Proxy Statement for the 2014 Annual Meeting of Stockholders.

Item 12 - Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

The information in response to this Item is incorporated by reference to the “Security Ownership of Certain Beneficial Owners, Directors and Management” section of VASCO’s Proxy Statement for the 2014 Annual Meeting of Stockholders.

Item 13 - Certain Relationships and Related Transactions, and Director Independence

The information in response to this Item is incorporated by reference to the “Directors and Executive Officers” and “Transactions with Related Persons” sections of VASCO’s Proxy Statement for the 2014 Annual Meeting of Stockholders.

Item 14 - Principal Accounting Fees and Services

The information in response to this Item is incorporated by reference to the “Report of the Audit Committee” section of VASCO’s Proxy Statement for the 2014 Annual Meeting of Stockholders.

 

57


Table of Contents

PART IV

Item 15 - Exhibits and Financial Statement Schedules

(a) The following documents are filed as part of this Form 10-K.

(1) The following consolidated financial statements and notes thereto, and the related independent auditors’ report, are included on pages F-1 through F-24 of this Form 10-K:

Report of Independent Registered Public Accounting Firm

Consolidated Balance Sheets as of December 31, 2013 and 2012

Consolidated Statements of Operations for the Years Ended December 31, 2013, 2012 and 2011

Consolidated Statements of Comprehensive Income for the Years Ended December 31, 2013, 2012 and 2011

Consolidated Statements of Stockholders’ Equity for the Years Ended December 31, 2013, 2012 and 2011

Consolidated Statements of Cash Flows for the Years Ended December 31, 2013, 2012 and 2012

Notes to Consolidated Financial Statements

(2) The following consolidated financial statement schedule of the company is included on page F-25 of this Form 10-K:

Schedule II – Valuation and Qualifying Accounts

All other financial statement schedules are omitted because such schedules are not required or the information required has been presented in the aforementioned consolidated financial statements.

(3) The following exhibits are filed with this Form 10-K or incorporated by reference as set forth at the end of the list of exhibits:

 

Exhibit
Number

  

Description

2.1    IP Purchase Agreement between VASCO Data Security International GmbH and DigiNotar Technologie B.V., DigiNotar Notariaat B.V., DigiNotar B.V., and DigiNotar Holding B.V. dated January 10, 2011. (Incorporated by reference - Form 8K filed January 14, 2011.)
2.2    Share Sale and Purchase Agreement between VASCO Data Security International GmbH and DigiNotar Holding B.V., DigiNotar B.V., and DigiNotar Notariaat B.V. dated January 10, 2011. (Incorporated by reference—Form 8K filed January 14, 2011.)
2.3    Agreement between VASCO Data Security International GmbH and D.B.A. ten Burg Holding B.V. and Bosco Holding B.V. dated January 10, 2011. (Incorporated by reference—Form 8K filed January 14, 2011.)
2.4    Agreement for the Sale and Purchase of the Entire Issued Capital of Cronto Limited dated May 20, 2013. (Incorporated by reference – Form 8K filed May 23, 2013.)
3.1    Certificate of Incorporation of Registrant, as amended. (Incorporated by reference to the Registrant’s Registration Statement on Form S-4, as amended (Registration No. 333-35563), originally filed on September 12, 1997.)
3.2    Bylaws of Registrant, as amended and restated December 12, 2007. (Incorporated by reference—Form 8-K filed on December 18, 2007.)

 

58


Table of Contents

Exhibit
Number

  

Description

4.1    Specimen of Registrant’s Common Stock Certificate. (Incorporated by reference to the Registrant’s Registration Statement on Form S-4, as amended (Registration No. 333-35563), originally filed on September 12, 1997.)
4.2*    Form of Award Agreement for Stock Option Grant under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan, as Amended and Restated. (Incorporated by reference—Form 10-K filed March 14, 2008.)
4.3*    Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan, as Amended and Restated (time-based vesting) with respect to awards granted on January 9, 2008. (Incorporated by reference—Form 8-K/A filed January 16, 2008.)
4.4*    Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan as Amended and Restated (performance-based vesting) with respect to awards granted on January 9, 2008. (Incorporated by reference—Form 8-K/A filed January 16, 2008.)
4.5*    Form of Award Agreement for Deferred Stock under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan, as Amended and Restated (performance-based vesting). (Incorporated by reference—Form 10-K filed March 14, 2008.)
4.6*    Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan, as Amended and Restated (time-based vesting) with respect to awards granted on or after January 8, 2009. (Incorporated by reference—Form 8K filed January 14, 2009.)
4.7*    Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan as Amended and Restated (performance-based vesting) with respect to awards granted on or after January 8, 2009. (Incorporated by reference—Form 8-K filed January 14, 2009.)
4.8*    Form of Option Agreement under the VASCO Data Security International, Inc. 1997 Stock Compensation Plan as Amended and Restated with respect to awards granted prior to January 9, 2008. (Incorporated by reference to the Registrant’s Registration Statement on Form S-4, as amended (Registration No. 333-35563), originally filed with the Securities and Exchange Commission on September 12, 1997.)
4.9*    Form of Award Agreement for Deferred Stock under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan. (Incorporated by reference—Form 10-K filed March 16, 2010.)
4.10*    Form of Award Agreement for Restricted Shares under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan. (Incorporated by reference—Form 10-K filed March 16, 2010.)
4.11*    Form of Award Agreement for Performance Shares under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted in 2010. (Incorporated by reference—Form 10-K filed March 16, 2010.)
4.12*    Form of Award Agreement for Performance Shares under the VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted in 2011. (Incorporated by reference—Form 10-K filed March 11, 2011.)
4.13*    Form of Award Agreement for Performance Shares under VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted in 2012. (Incorporated by reference—Form 10-K filed March 9, 2012.)

 

59


Table of Contents

Exhibit
Number

  

Description

4.14*    Form of Award Agreement for Performance Shares under VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted in 2013. (Incorporated by reference—Form 10-K filed March 8, 2013.)
4.15*    Form of Award Agreement for Performance Shares under VASCO Data Security International, Inc. 2009 Equity Incentive Plan with respect to awards granted in 2014.
10.1*    1997 VASCO Data Security International, Inc. Stock Compensation Plan, as Amended and Restated. (Incorporated by reference to the Registrant’s Definitive Proxy Statement pursuant to Schedule 14A, filed with the SEC on April 30, 1999.)
10.3*    Employment agreement with Clifford Bown. (Incorporated by reference to the Registrant’s Annual Report on Form 10-K, originally filed with the Securities and Exchange Commission on March 31, 2003.)
10.4    Share Sale and Purchase Agreement by and among VASCO Data Security International, Inc., A.O.S. Holding B.V., Filipan Beheer B.V., Mr. Mladen Filipan and Pijnenburg Beheer N.V., dated February 4, 2005 (Incorporated by reference—Form 8-K filed February 8, 2005.)
10.5*    Employment Agreement by and between VASCO Data Security International, Inc. and Jan Valcke effective as of January 1, 2005. (Incorporated by reference—Form 8-K filed July 1, 2005.)
10.6*    Letter agreement dated February 26, 2007, supplementing the Employment Agreement dated January 1, 2003, between the company and Clifford K. Bown. (Incorporated by reference—Form 8K filed March 2, 2007.)
10.7*    Letter agreement dated January 8, 2009, supplementing the Employment Agreement dated January 1, 2003, between the company and Clifford K. Bown. (Incorporated by reference—Form 8K filed January 14, 2009.)
10.9*    Employment Agreement Amendment, dated December 31, 2008 by and between VASCO Data Security International, Inc. and Clifford K. Bown (Incorporated by reference—Form 8-K filed January 14, 2009.)
10.10*    Amendment to the VASCO Data Security International, Inc. 1997 Stock Compensation Plan, dated December 19, 2008. (Incorporated by reference—Form 8-K filed January 14, 2009.)
10.11*    VASCO Data Security International, Inc. 2009 Equity Incentive Plan, effective December 19, 2008. (Incorporated by reference to the Registrant’s Definitive Proxy Statement pursuant to Schedule 14A, filed with the SEC on April 30, 2009.)
10.12*    VASCO Data Security International, Inc. Executive Incentive Compensation Plan, effective December 19, 2008. (Incorporated by reference to the Registrant’s Definitive Proxy Statement pursuant to Schedule 14A, filed with the SEC on April 30, 2009.)
10.13*    Amended and Restated Employment Agreement effective as of January 1, 2011 between VASCO Data Security International, Inc. and T. Kendall Hunt. (Incorporated by reference—Form 8-K filed December 21, 2010.)
10.14*    Letter Agreement dated February 15, 2011, by and between VASCO Data Security International, Inc. and T. Kendall Hunt. (Incorporated by reference—Form 8-K filed February 22, 2011.)
14.1    VASCO Data Security International, Inc. and Subsidiaries Code of Conduct and Ethics. (Incorporated by reference—Form 8-K filed March 12, 2008.)
14.2    Amended VASCO Data Security International, Inc. and Subsidiaries Code of Conduct and Ethics. (Incorporated by reference—Form 8-K filed April 27, 2010.)

 

60


Table of Contents

Exhibit
Number

  

Description

14.3    Amended VASCO Data Security International, Inc. and Subsidiaries Code of Conduct and Ethics. (Incorporated by reference—Form 8-K filed June 21, 2013 and Form 8-K/A filed July 30, 2013.)
21    Subsidiaries of Registrant.
23    Consent of KPMG LLP.
31.1    Rule 13a-14(a)/15d-14(a) Certification of Principal Executive Officer pursuant to Section 302 of the Sarbanes-Oxley Act of 2002, dated March 12, 2014.
31.2    Rule 13a-14(a)/15d-14(a) Certification of Principal Financial Officer pursuant to Section 302 of the Sarbanes-Oxley Act of 2002, dated March 12, 2014.
32.1    Section 1350 Certification of Principal Executive Officer pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, dated March 12, 2014.
32.2    Section 1350 Certification of Principal Financial Officer pursuant to Section 906 of the Sarbanes-Oxley Act of 2002, dated March 12, 2014.
101.INS    XBRL Instance Document
101.SCH    XBRL Taxonomy Extension Schema Document
101.CAL    XBRL Taxonomy Extension Calculation Linkbase Document
101.LAB    XBRL Taxonomy Extension Label Linkbase Document
101.PRE    XBRL Taxonomy Extension Presentation Linkbase Document
101.DEF    XBRL Taxonomy Extension Definition Linkbase Document

 

* Management contract or compensatory plan or arrangement required to be filed as an exhibit to this Annual Report on Form 10-K.

VASCO Data Security International, Inc. will furnish any of the above exhibits to stockholders upon written request addressed to the Secretary at the address given on the cover page of this Form 10-K. The charge for furnishing copies of the exhibits is $0.25 per page, plus postage.

 

61


Table of Contents

VASCO Data Security International, Inc.

INDEX TO FINANCIAL STATEMENTS AND SCHEDULE

 

Financial Statements

  

Report of Independent Registered Public Accounting Firm

     F-2   

Consolidated Balance Sheets as of December 31, 2013 and 2012

     F-3   

Consolidated Statements of Operations for the Years Ended December 31, 2013, 2012 and 2011

     F-4   

Consolidated Statements of Comprehensive Income for the Years Ended December 31, 2013, 2012 and 2011

     F-5   

Consolidated Statements of Stockholders’ Equity for the Years Ended December  31, 2013, 2012 and 2011

     F-6   

Consolidated Statements of Cash Flows for the Years Ended December 31, 2013, 2012 and 2011

     F-7   

Notes to Consolidated Financial Statements

     F-8   

Financial Statement Schedule

  

The following financial statement schedule is included herein:

  

Schedule II – Valuation and Qualifying Accounts

     F-25   

All other financial statement schedules are omitted because they are not applicable or the required information is shown in the consolidated financial statements or notes thereto.

 

F-1


Table of Contents

Report of Independent Registered Public Accounting Firm

The Board of Directors and Stockholders

VASCO Data Security International, Inc.:

We have audited the accompanying consolidated balance sheets of VASCO Data Security International, Inc. and subsidiaries (the Company) as of December 31, 2013 and 2012, and the related consolidated statements of operations, comprehensive income, stockholders’ equity, and cash flows for each of the years in the three-year period ended December 31, 2013. In connection with our audits of the consolidated financial statements, we also have audited the accompanying consolidated financial statement Schedule II – Valuation and Qualifying Accounts. These consolidated financial statements and the consolidated financial statement schedule are the responsibility of the Company’s management. Our responsibility is to express an opinion on these consolidated financial statements and the consolidated financial statement schedule based on our audits.

We conducted our audits in accordance with the standards of the Public Company Accounting Oversight Board (United States). Those standards require that we plan and perform the audit to obtain reasonable assurance about whether the financial statements are free of material misstatement. An audit includes examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements. An audit also includes assessing the accounting principles used and significant estimates made by management, as well as evaluating the overall financial statement presentation. We believe that our audits provide a reasonable basis for our opinion.

In our opinion, the consolidated financial statements referred to above present fairly, in all material respects, the financial position of the Company as of December 31, 2013 and 2012, and the results of their operations and their cash flows for each of the years in the three-year period ended December 31, 2013, in conformity with U.S. generally accepted accounting principles. Also in our opinion, the related consolidated financial statement schedule, when considered in relation to the basic consolidated financial statements taken as a whole, presents fairly, in all material respects, the information set forth herein.

We also have audited, in accordance with the standards of the Public Company Accounting Oversight Board (United States), the Company’s internal control over financial reporting as of December 31, 2013, based on criteria established in Internal Control—Integrated Framework (1992) issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), and our report dated March 12, 2014 expressed an unqualified opinion on the effectiveness of the Company’s internal control over financial reporting.

/s/ KPMG LLP

Chicago, Illinois

March 12, 2014

 

F-2


Table of Contents

VASCO Data Security International, Inc.

CONSOLIDATED BALANCE SHEETS

(in thousands, except per share data)

 

     December 31,  
     2013     2012  

ASSETS

    

Current assets

    

Cash and equivalents

   $ 98,607      $ 106,469   

Accounts receivable, net of allowance for doubtful accounts of $650 in 2013 and $1,894 in 2012

     28,528        27,574   

Inventories

     25,653        18,675   

Prepaid expenses

     2,719        1,896   

Foreign sales tax receivable

     543        415   

Deferred income taxes

     1,634        1,714   

Other current assets

     2,051        41   

Assets of discontinued operations

     1,910        2,651   
  

 

 

   

 

 

 

Total current assets

     161,645        159,435   

Property and equipment:

    

Furniture and fixtures

     5,221        5,035   

Office equipment

     10,407        8,718   
  

 

 

   

 

 

 
     15,628        13,753   

Accumulated depreciation

     (12,483     (9,701
  

 

 

   

 

 

 

Property and equipment, net

     3,145        4,052   

Goodwill, net of accumulated amortization

     23,532        13,176   

Intangible assets, net of accumulated amortization

     16,733        6,507   

Other assets, net of accumulated amortization

     6,822        3,336   
  

 

 

   

 

 

 

Total assets

   $ 211,877      $ 186,506   
  

 

 

   

 

 

 

LIABILITIES AND STOCKHOLDERS’ EQUITY

    

Current liabilities

    

Accounts payable

   $ 6,378      $ 7,765   

Deferred revenue

     15,703        8,146   

Accrued wages and payroll taxes

     7,067        6,212   

Income taxes payable

     4,087        378   

Other accrued expenses

     3,841        3,688   

Deferred compensation

     0        2,424   

Liabilities of discontinued operations

     30        1,335   
  

 

 

   

 

 

 

Total current liabilities

     37,106        29,948   
  

 

 

   

 

 

 

Deferred compensation

     115        0   

Other long-term liabilities

     57        97   

Deferred income taxes

     321        141   
  

 

 

   

 

 

 

Total liabilities

     37,599        30,186   
  

 

 

   

 

 

 

Stockholders’ equity

    

Common stock: $.001 par value per share, 75,000 shares authorized; 39,619 and 39,205 shares issued and outstanding at December 31, 2013 and 2012, respectively

     40        39   

Preferred stock: 500 shares authorized, none issued and outstanding at December 31, 2013 or 2012

     0        0   

Additional paid-in capital

     79,871        74,965   

Accumulated income

     92,401        81,256   

Accumulated other comprehensive income

     1,966        60   
  

 

 

   

 

 

 

Total stockholders’ equity

     174,278        156,320   
  

 

 

   

 

 

 

Total liabilities and stockholders’ equity

   $ 211,877      $ 186,506   
  

 

 

   

 

 

 

See accompanying notes to consolidated financial statements.

 

F-3


Table of Contents

VASCO Data Security International, Inc.

CONSOLIDATED STATEMENTS OF OPERATIONS

(in thousands, except per share data)

 

     For the years ended December 31,  
     2013      2012     2011  

Revenue

   $ 155,047       $ 154,029      $ 168,082   

Cost of goods sold

     55,176         54,464        59,970   
  

 

 

    

 

 

   

 

 

 

Gross profit

     99,871         99,565        108,112   
  

 

 

    

 

 

   

 

 

 

Operating costs:

       

Sales and marketing

     40,323         37,768        40,294   

Research and development

     21,315         18,794        18,636   

General and administrative

     21,196         20,071        22,450   

Amortization of purchased intangible assets

     3,325         1,905        1,967   
  

 

 

    

 

 

   

 

 

 

Total operating costs

     86,159         78,538        83,347   
  

 

 

    

 

 

   

 

 

 

Operating income

     13,712         21,027        24,765   

Interest income, net

     162         261        543   

Other income, net

     240         409        500   
  

 

 

    

 

 

   

 

 

 

Income from continuing operations before income taxes

     14,114         21,697        25,808   

Provision for income taxes

     3,147         5,468        1,557   
  

 

 

    

 

 

   

 

 

 

Net income from continuing operations

     10,967         16,229        24,251   

Net (loss) from discontinued operations

     180         (630     (6,118
  

 

 

    

 

 

   

 

 

 

Net income

   $ 11,147       $ 15,599      $ 18,133   
  

 

 

    

 

 

   

 

 

 

Basic income (loss) per share:

       

Continuing operations

   $ 0.28       $ 0.43      $ 0.65   

Discontinued operations

     0.00         (0.02     (0.16
  

 

 

    

 

 

   

 

 

 

Total net income per share

   $ 0.28       $ 0.41      $ 0.48   
  

 

 

    

 

 

   

 

 

 

Diluted income (loss) per share:

       

Continuing operations

   $ 0.28       $ 0.42      $ 0.63   

Discontinued operations

     0.00         (0.02     (0.16
  

 

 

    

 

 

   

 

 

 

Total net income per share

   $ 0.28       $ 0.40      $ 0.47   
  

 

 

    

 

 

   

 

 

 

Weighted average common shares outstanding:

       

Basic

     38,873         38,068        37,555   
  

 

 

    

 

 

   

 

 

 

Diluted

     39,158         38,677        38,568   
  

 

 

    

 

 

   

 

 

 

See accompanying notes to consolidated financial statements.

 

F-4


Table of Contents

VASCO Data Security International, Inc.

CONSOLIDATED STATEMENTS OF COMPREHENSIVE INCOME

(in thousands)

 

     For the years ended December 31,  
     2013      2012      2011  

Net income

   $ 11,147       $ 15,599       $ 18,133   

Other comprehensive income (loss) - Currency translation adjustment

     1,906         1,677         (2,120
  

 

 

    

 

 

    

 

 

 

Comprehensive income

   $ 13,053       $ 17,276       $ 16,013   
  

 

 

    

 

 

    

 

 

 

See accompanying notes to consolidated financial statements.

 

F-5


Table of Contents

VASCO Data Security International, Inc.

CONSOLIDATED STATEMENTS OF STOCKHOLDERS’ EQUITY

(in thousands)

 

Description

   Common Stock      Additional
Paid-In

Capital
    Accumulated
Income
    Accumulated
Other
Comprehensive

Income (Loss)
    Total
Stockholders’

Equity
 
   Shares      Amount           

Balance at January 1, 2011

     37,640       $ 38       $ 68,428      $ 47,524      $ 503      $ 116,493   

Net income

     0         0         0        18,133        0        18,133   

Foreign currency translation adjustment

     0         0         0        0        (2,120     (2,120

Exercise of stock options

     160         0         153        0        0        153   

Restricted stock awards

     393         0         3,139        0        0        3,139   
  

 

 

    

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Balance at December 31, 2011

     38,193         38         71,720        65,658        (1,617     135,799   

Net income

     0         0         0        15,599        0        15,599   

Foreign currency translation adjustment

     0         0         0        0        1,677        1,677   

Exercise of stock options

     444         0         441        0        0        441   

Restricted stock awards

     568         1         2,803        0        0        2,804   
  

 

 

    

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Balance at December 31, 2012

     39,205         39         74,965        81,256        60        156,320   

Net income

     0         0         0        11,147        0        11,147   

Foreign currency translation adjustment

     0         0         0        (3     1,906        1,903   

Exercise of stock options

     163         0         114        0        0        114   

Restricted stock awards

     251         1         2,472        0        0        2,473   

Tax payments for stock issuances

     0         0         (998     0        0        (998

Stock option tax benefits

     0         0         3,318        0        0        3,318   
  

 

 

    

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

Balance at December 31, 2013

     39,619       $ 40       $ 79,871      $ 92,401      $ 1,966      $ 174,278   
  

 

 

    

 

 

    

 

 

   

 

 

   

 

 

   

 

 

 

See accompanying notes to consolidated financial statements.

 

F-6


Table of Contents

VASCO Data Security International, Inc.

CONSOLIDATED STATEMENTS OF CASH FLOWS

(in thousands)

 

     For the years ended December 31,  
     2013     2012     2011  

Cash flows from operating activities:

      

Net income from continuing operations

   $ 10,967      $ 16,229      $ 24,251   

Adjustments to reconcile net income from continuing operations to net cash provided by continuing operations:

      

Depreciation and amortization

     5,042        3,644        3,809   

Loss on disposal of assets

     275        0        0   

Deferred tax expense (benefit)

     (6,118     1,065        (4,332

Stock-based compensation

     2,587        3,726        6,117   

Changes in assets and liabilities:

      

Accounts receivable, net

     (39     4,530        (10,315

Inventories

     (6,492     (2,641     (5,323

Foreign sales tax receivable

     (135     264        1,600   

Other current assets

     (2,865     77        186   

Accounts payable

     (1,460     407        (1,569

Income taxes payable

     3,641        (1,589     (113

Accrued expenses

     565        (207     1,438   

Current deferred compensation

     (2,424     (1,933     0   

Deferred revenue

     6,787        (537     2,169   
  

 

 

   

 

 

   

 

 

 

Net cash provided by operating activities of continuing operations

     10,331        23,035        17,918   
  

 

 

   

 

 

   

 

 

 

Cash flows from investing activities of continuing operations:

      

Purchase of Alfa & Ariss

     0        0        (1,301

Purchase of Cronto

     (19,495     0        0   

Additions to property and equipment

     (944     (1,337     (1,132

Additions to intangible assets

     (294     (326     (7,287

Other assets

     267        117        (64
  

 

 

   

 

 

   

 

 

 

Net cash used in investing activities of continuing operations

     (20,466     (1,546     (9,784
  

 

 

   

 

 

   

 

 

 

Cash flows from financing activities of continuing operations:

      

Proceeds from exercise of stock options, net

     114        441        153   

Tax payments for stock issuances

     (998     0        0   

Stock option tax benefits

     3,318        0        0   
  

 

 

   

 

 

   

 

 

 

Net cash provided by (used in) financing activities of continuing operations

     2,434        441        153   
  

 

 

   

 

 

   

 

 

 

Cash flows used in discontinued operations:

      

Net cash used in operating activities of discontinued operations

     (306     (974     (1,310

Net cash used in investing activities of discontinued operations

     0        0        (5,761
  

 

 

   

 

 

   

 

 

 

Net cash used in discontinued operations

     (306     (974     (7,071
  

 

 

   

 

 

   

 

 

 

Effect of exchange rate changes on cash

     145        1,015        (2,252
  

 

 

   

 

 

   

 

 

 

Net increase (decrease) in cash

     (7,862     21,972        (1,036

Cash and equivalents, beginning of year

     106,469        84,497        85,533   
  

 

 

   

 

 

   

 

 

 

Cash and equivalents, end of year

   $ 98,607      $ 106,469      $ 84,497   
  

 

 

   

 

 

   

 

 

 

Supplemental cash flow disclosures:

      

Cash paid for income taxes

   $ 3,121      $ 6,005      $ 5,914   

Cash paid for interest

   $ 0      $ 0      $ 0   

See accompanying notes to consolidated financial statements.

 

F-7


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

(amounts in thousands, except per share data)

Unless otherwise noted, references in this Annual Report on Form 10-K to “VASCO”, “company”, “we”, “our” and “us” refer to VASCO Data Security International, Inc. and its subsidiaries.

Note 1 – Summary of Significant Accounting Policies

Nature of Operations

VASCO Data Security International, Inc. and its wholly owned subsidiaries design, develop, market and support hardware and software security systems that manage and secure access to information assets. VASCO has operations in Austria, Australia, Belgium, Brazil, China, France, India, Japan, The Netherlands, Singapore, Switzerland, the United Arab Emirates, the United Kingdom (U.K)., and the United States (U.S.).

Principles of Consolidation

The consolidated financial statements include the accounts of VASCO Data Security International, Inc. and its wholly owned subsidiaries. Intercompany accounts and transactions have been eliminated in consolidation.

As further described in Note 3, during January 2011 we acquired 100% of the stock of DigiNotar B.V. Effective September 20, 2011, DigiNotar B.V. was declared bankrupt in The Netherlands, transferring effective control over DigiNotar B.V. to the bankruptcy trustee. Accordingly, assets, liabilities and operating activities related to DigiNotar B.V. are reflected as discontinued operations.

Estimates and Assumptions

The preparation of financial statements in conformity with accounting principles generally accepted in the U.S. requires management to make estimates and assumptions that affect the reported amounts of assets and liabilities and disclosure of contingent assets and liabilities at the date of the financial statements and the reported amounts of revenue and expenses during the reporting period. Actual results could differ from those estimates.

Foreign Currency Translation and Transactions

The financial position and results of the operations of the majority of the company’s foreign subsidiaries are measured using the local currency as the functional currency. Accordingly, assets and liabilities are translated into U.S. Dollars using current exchange rates as of the balance sheet date. Revenues and expenses are translated at average exchange rates prevailing during the year. Translation adjustments arising from differences in exchange rates are charged or credited to other comprehensive income. Losses resulting from foreign currency transactions were $624, $410, and $760 in 2013, 2012, and 2011, respectively, and are included in other income (expense) in the consolidated statements of operations.

The financial position and results of our operations in Singapore and Switzerland are measured in U.S. Dollars. For these subsidiaries, gains and losses that result from foreign currency transactions are included in the consolidated statements of operations in other income (expense).

Revenue Recognition

We recognize revenue in accordance with Financial Accounting Standards Board (FASB) Accounting Standards Codification (ASC) 985-605, Software – Revenue Recognition, ASC 985-605-25, Revenue Recognition – Multiple Element Arrangements and Staff Accounting Bulletin 104.

 

F-8


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Revenue is recognized when there is persuasive evidence that an arrangement exists, delivery has occurred, the fee is fixed or determinable and collection of the revenue is probable.

In multiple-element arrangements, some of our products are accounted for under the software provisions of ASC 985-605 and others under the provisions that relate to the sale of non-software products.

In our typical multiple-element arrangement, the primary deliverables include:

 

  1. a client component (i.e., an item that is used by the person being authenticated in the form of either a new standalone hardware device or software that is downloaded onto a device the customer already owns),

 

  2. host system software that is installed on the customer’s systems (i.e., software on the host system that verifies the identity of the person being authenticated) or licenses for additional users on the host system software if the host system software had been installed previously, and

 

  3. post contract support (“PCS”) in the form of maintenance on the host system software or support.

Our multiple-element arrangements may also include other items that are usually delivered prior to the recognition of any revenue and incidental to the overall transaction such as initialization of the hardware device, customization of the hardware device itself or the packaging in which it is delivered, deployment services where we deliver the device to our customer’s end-use customer or employee and, in some limited cases, professional services to assist with the initial implementation of a new customer.

In multiple-element arrangements that include a hardware client device, we allocate the selling price among all elements, delivered and undelivered, based on our internal price lists and the percentage of the selling price of that element, per the price list, to the total of the estimated selling price of all of the elements per the price list. Our internal price lists for both delivered and undelivered elements were determined to be reasonable estimates of the selling price of each element based on a comparison of actual sales made to the price list for each item delivered and to vendor specific objective evidence (VSOE) for undelivered items.

Undelivered elements primarily are PCS. The method by which we determine VSOE has validated that the price lists are reasonable estimates of the selling price for PCS. The estimated selling price of PCS items is based on an established percentage of the user license fee attributable to the specific software and is applied consistently to all PCS arrangements. The percentage we use to establish VSOE, which is also generally consistent with the percentage used in the price list, is developed using the “bell curve method”. This method relies on historical data to show that at least 80% of renewals are within 15% of the median renewal percentage rate.

In multiple-element arrangements that include a software client device, we account for each element under the standards of ASC 985-605 related to software. When software client devices and host software are delivered elements, we use the Residual Method (ASC 605-25) for determining the amount of revenue to recognize for token and software licenses if we have VSOE for all of the undelivered elements. Any discount provided to the customer is applied fully to the delivered elements in such an arrangement. VSOE of fair value of PCS agreements is based on customer renewal transactions on a worldwide basis. In sales arrangements where VSOE of fair value has not been established, revenue for all elements is deferred and amortized over the life of the arrangement.

For transactions other than multiple-element arrangements, we recognize revenue as follows:

 

  1. Hardware Revenue and License Fees: Revenue from the sale of computer security hardware or the license of software is recorded upon shipment or, if an acceptance period is allowed, at the latter of shipment or customer acceptance. No significant obligations or contingencies exist with regard to delivery, customer acceptance or rights of return at the time revenue is recognized.

 

F-9


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

  2. Maintenance and Support Agreements: Maintenance and support agreements generally call for us to provide software updates and technical support, respectively, to customers. Revenue on maintenance and technical support is deferred and recognized ratably over the term of the maintenance and support agreement.

 

  3. Services: Revenue is recognized ratably over the period in which the service is provided.

 

  4. Consulting and Education Services: We provide consulting and education services to our customers. Revenue from such services is recognized during the period in which the services are performed.

We recognize revenue from sales to distributors and resellers on the same basis as sales made directly to customers. We recognize revenue when there is persuasive evidence that an arrangement exists, delivery has occurred, the fee is fixed or determinable and collection of the revenue is probable.

For large-volume transactions, we may negotiate a specific price that is based on the number of users of the software license or quantities of hardware supplied. The per unit prices for large-volume transactions are generally lower than transactions for smaller quantities and the price differences are commonly referred to as volume-purchase discounts.

All revenue is reported on a net basis, excluding any sales or value added taxes.

Cash and Cash Equivalents

Cash and cash equivalents are stated at cost plus accrued interest, which approximates fair value. Cash equivalents are high-quality short term money market instruments with original maturities of three months or less. Cash and cash equivalents are held by a number of U.S. and non-U.S. commercial banks and money market investment funds.

Accounts Receivable and Allowance for Doubtful Accounts

The credit worthiness of customers is reviewed prior to shipment. A reasonable assurance of collection is a requirement for revenue recognition. Verification of credit and/or the establishment of credit limits are part of the customer contract administration process. Credit limit adjustments for existing customers may result from the periodic review of outstanding accounts receivable. The company records trade accounts receivable at invoice values, which are generally equal to fair value.

We maintain allowances for doubtful accounts for estimated losses resulting from the inability of our customers to make payments for goods and services. We analyze accounts receivable balances, customer credit-worthiness, current economic trends and changes in our customer payment timing when evaluating the adequacy of the allowance for doubtful accounts. The allowance is based on a specific review of all significant past-due accounts. If the financial condition of our customers deteriorates, resulting in an impairment of their ability to make payments, additional allowances may be required.

Inventories

Inventories, consisting principally of hardware and component parts, are stated at the lower of cost or market. Cost is determined using the first-in-first-out (FIFO) method. We write down inventory where it appears that the carrying cost of the inventory may not be recovered through subsequent sale of the inventory. We analyze the quantity of inventory on hand, the quantity sold in the past year, the anticipated sales volume in the form of sales to new customers as well as sales to previous customers, the expected sales price and the cost of making the sale when evaluating the valuation of our inventory. If the sales volume or sales price of a specific model declines significantly, additional write downs may be required.

 

F-10


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Property and Equipment

Property and equipment are stated at cost. Depreciation is computed using the straight-line method over the estimated useful lives of the related assets ranging from three to seven years. Additions and improvements are capitalized, while expenditures for maintenance and repairs are charged to operations as incurred. Gains or losses resulting from sales or retirements are recorded as incurred, at which time related costs and accumulated depreciation are removed from the accounts.

Research and Development Costs

Costs for research and development, principally the design and development of hardware, and the design and development of software prior to the determination of technological feasibility, are expensed as incurred on a project-by-project basis.

Software Development Costs

We capitalize software development costs in accordance with ASC 985-20, Costs of Software to be Sold, Leased, or Marketed. Research costs and software development costs, prior to the establishment of technological feasibility, determined based upon the creation of a working model, are expensed as incurred. Our software capitalization policy currently defines technological feasibility as a functioning beta test prototype with confirmed manufacturability (a working model), within a reasonably predictable range of costs. Additional criteria include receptive customers, or potential customers, as evidenced by interest expressed in a beta test prototype, at some suggested selling price. Our policy is to amortize capitalized costs by the greater of (a) the ratio that current gross revenue for a product bear to the total of current and anticipated future gross revenue for that product or (b) the straight-line method over the remaining estimated economic life of the product, generally two to five years, including the period being reported on. No software development costs were capitalized in any of the years ending December 31, 2013, 2012, or 2011.

Income Taxes

We account for income taxes under the asset and liability method. Deferred tax assets and liabilities are recognized for the future tax consequences attributable to differences between the financial statement carrying amounts of existing assets and liabilities and their respective tax bases and operating loss and tax credit carryforwards. We measure deferred tax assets and liabilities using enacted tax rates expected to apply to taxable income in the years in which those temporary differences are expected to be recovered or settled. We recognize the effect of a change in tax rates on deferred tax assets and liabilities and in income in the period that includes the enactment date.

We monitor our potential income tax exposures as required by ASC 740-10, Income Taxes.

We have significant net operating loss and other deductible carryforwards in certain foreign jurisdictions available to reduce the liability on future taxable income. A valuation allowance has been provided to offset some of these future benefits because we have not determined that their realization is more likely than not.

Fair Value of Financial Instruments

At December 31, 2013, and 2012, our financial instruments were cash equivalents, accounts receivable, accounts payable and accrued liabilities. The estimated fair value of our financial instruments has been determined by using available market information and appropriate valuation methodologies, as described in Cash and Equivalents above. The fair values of the financial instruments were not materially different from their carrying amounts at December 31, 2013 and 2012.

 

F-11


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Accounting for Leases

All of our leases are operating leases. Rent expense on facility leases is charged evenly over the life of the lease, regardless of the timing of actual payments.

Goodwill and Other Intangibles

We account for goodwill and indefinite-lived intangible assets in accordance with ASC 350-20. Indefinite-lived intangible assets include customer lists, proprietary technology and other intangible assets. Intangible assets other than patents with definite lives are amortized over the useful life, generally three to seven years for proprietary technology. Patents are amortized over the life of the patent, generally 20 years in the U.S.

We assess the impairment of goodwill and intangible assets with indefinite lives each November or whenever events or changes in circumstances indicate that the carrying value may not be recoverable. Factors considered important which could trigger an impairment review include significant underperformance relative to expected historical or projected future operating results, significant changes in the manner of our use of the acquired assets or the strategy for our overall business, and significant negative industry or economic trends. Once identified, the amount of the impairment is computed by comparing the carrying value of the assets to the fair value. Fair value for goodwill and intangible assets is determined using a market approach using our stock price which is a level 1 valuation, as defined by ASC 820-10, Fair Value Measurements and Disclosures. We did not recognize any impairment for the year ended December 31, 2013 as the fair value of our reporting unit substantially exceeded our carrying amount.

Stock-Based Compensation

We have stock-based employee compensation plans, which are described more fully in Note 9. ASC 718-10, Stock Compensation requires us to estimate the fair value of restricted stock granted to employees, directors and others and to record compensation expense equal to the estimated fair value. Compensation expense is recorded on a straight-line basis over the vesting period.

Warranty

Warranties are provided on the sale of certain of our products and an accrual for estimated future claims is recorded at the time revenue is recognized. We estimate the cost based on past claims experience, sales history and other considerations. We regularly assess the adequacy of our estimates and adjust the amounts as necessary. Our standard practice is to provide a warranty on our hardware products for either a one or two year period after the date of purchase. Customers may purchase extended warranties covering periods from one to four years after the standard warranty period. We defer the revenue associated with the extended warranty and recognize it into income on a straight-line basis over the extended warranty period. We have historically experienced minimal actual claims over the warranty period.

Note 2 – Inventories

Inventories, consisting principally of hardware and component parts, are stated at the lower of cost or market. Cost is determined using the first-in-first-out (FIFO) method.

Inventory is comprised of the following:

 

     As of December 31,  
     2013      2012  

Component parts

   $ 12,203       $ 6,613   

Work-in-process and finished goods

     13,450         12,062   
  

 

 

    

 

 

 

Total

   $ 25,653       $ 18,675   
  

 

 

    

 

 

 

 

F-12


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Note 3 – Discontinued Operations

During 2011, our wholly-owned Dutch subsidiary, DigiNotar B.V., was declared bankrupt. The court-appointed trustee is responsible for the business activities, administration and liquidation of DigiNotar B.V. Accordingly, related assets, liabilities and activities are reflected in discontinued operations.

Income (loss) from discontinued operations, net of tax, for the twelve months ended December 31, 2013, 2012, and 2011 was as follows:

 

     Years ended December 31,  
     2013      2012     2011  

Gain (Loss) from operations

   $       $      $ (1,595

Gain (Loss) on disposal

     180         (630     (4,523
  

 

 

    

 

 

   

 

 

 

Gain (Loss) from discontinued operations

   $ 180       $ (630   $ (6,118
  

 

 

    

 

 

   

 

 

 

DigiNotar revenues of $1,764 for the year ended December 31, 2011 are included in the loss from discontinued operations.

At December 31, 2013 and 2012, remaining assets and liabilities related to DigiNotar have been classified as assets of discontinued operations and liabilities of discontinued operations, respectively, in the consolidated balance sheets and consist of the following:

 

     As of December 31,  
     2013     2012  

Contingent consideration due from escrow

   $ 1,927      $ 1,851   

Due from DigiNotar net of allowance for doubtful account of $952

            423   

Income taxes receivable

     (17     377   
  

 

 

   

 

 

 

Assets of discontinued operations

   $ 1,910      $ 2,651   
  

 

 

   

 

 

 

Due to DigiNotar

   $      $ 1,301   

Accrued professional fees

     30        34   
  

 

 

   

 

 

 

Liabilities of discontinued operations

   $ 30      $ 1,335   
  

 

 

   

 

 

 

Assets of discontinued operations and certain portions of liabilities of discontinued operations are denominated in local currencies and are subject to currency fluctuation.

Note 4 – Acquisition of Cronto

To further increase our product offerings, on May 20, 2013, we acquired all of the stock of Cronto Limited, a private company organized and existing in the United Kingdom (“Cronto”), for initial consideration of EUR 15,000 ($19,611 at the exchange rate of 1.31 U.S. Dollars per Euro). The purchase price was subject to verification of certain balances resulting in an additional payment of GBP 358 in June 2013 (approximately $555 at an exchange rate of 1.55 U.S. Dollars per British Pound). Both payments were funded by our existing cash balances.

 

F-13


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Consideration was allocated to assets acquired and liabilities assumed based on their respective fair values as of the acquisition date as follows:

 

Cash

   $ 672   

Inventory

     486   

Other current assets

     116   

Property and equipment

     16   

Goodwill

     9,223   

Intangible assets

     13,257   

Customer deposits

     (624

Deferred income tax liabilities

     (2,790

Other current liabilities

     (190
  

 

 

 
   $ 20,166   
  

 

 

 

In addition to consideration detailed above, the transaction also includes contingent consideration of €2,000 ($2,620 at the exchange rate of 1.31 U.S. Dollars per Euro) subject to orders for Cronto products from new customers during the twenty-four months ended May 20, 2015 to be recorded as earned. As of December 31, 2013, we have accrued contingent consideration of $62, to be expensed in future periods concurrent with revenue recognition of the corresponding orders.

Acquired identifiable intangible assets totaling $13,257 are being amortized over their respective useful lives ranging from two to five years. Goodwill is attributable to expected increased revenues and reduced costs resulting from synergies of combined operations.

The acquisition is not material to our consolidated balance sheet and results of operations. The consolidated financial statements include the operating results of Cronto from the acquisition date.

Note 5 – Goodwill

Goodwill activity for the two years ended December 31, 2013 consisted of the following:

 

Net balance at December 31, 2011

   $ 12,910   

Net foreign currency translation

     266   
  

 

 

 

Net balance at December 31, 2012

     13,176   

Additions - Cronto

     9,223   

Net foreign currency translation

     1,133   
  

 

 

 

Net balance at December 31, 2013

   $ 23,532   
  

 

 

 

December 31, 2013 balance at cost

   $ 24,577   

Accumulated amortization

     (1,045
  

 

 

 

Net balance at December 31, 2013

   $ 23,532   
  

 

 

 

Additions-Cronto refers to goodwill related to the acquisition of Cronto described above.

Certain portions of goodwill are denominated in local currencies and are subject to currency fluctuations.

 

F-14


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Note 6 – Intangible Assets

Intangible asset activity for the two years ended December 31, 2013 is detailed in the following table.

 

     Capitalized
Technology
    Patents &
Trademarks
    Other     Total Intangible
Assets
 

Net balance at December 31, 2011

   $ 6,693      $ 1,361      $ 37      $ 8,091   

Additions-Other

     0        343          343   

Net foreign currency translation

     (17         (17

Amortization expense

     (1,829     (62     (19     (1,910
  

 

 

   

 

 

   

 

 

   

 

 

 

Net balance at December 31, 2012

     4,847        1,642        18        6,507   

Additions-Cronto

     11,937        235        1,085        13,257   

Additions-Other

     0        227        0        227   

Net foreign currency translation

     6        0        61        67   

Amortization expense

     (3,014     (143     (168     (3,325
  

 

 

   

 

 

   

 

 

   

 

 

 

Net balance at December 31, 2013

   $ 13,776      $ 1,961      $ 996      $ 16,733   
  

 

 

   

 

 

   

 

 

   

 

 

 

December 31, 2013 balance at cost

   $ 29,432      $ 2,271      $ 1,210      $ 32,913   

Accumulated amortization

     (15,656     (310     (214     (16,180
  

 

 

   

 

 

   

 

 

   

 

 

 

Net balance at December 31, 2013

   $ 13,776      $ 1,961      $ 996      $ 16,733   
  

 

 

   

 

 

   

 

 

   

 

 

 

Additions - Cronto refers to intangibles acquired in the acquisition of Cronto described above including capitalized technology, trademarks, customer relationships and non-compete agreements.

Certain intangible assets are denominated in local currencies and are subject to currency fluctuations.

Expected amortization of the intangible assets for the years ended:

 

December 31, 2014

   $ 4,464   

December 31, 2015

     4,022   

December 31, 2016

     3,078   

December 31, 2017

     2,659   

December 31, 2018

     1,147   

Thereafter

     428   
  

 

 

 

Subject to amortization

     15,798   

Trademarks

     935   
  

 

 

 

Total intangible assets

   $ 16,733   
  

 

 

 

Note 7 – Income Taxes

Income from continuing operations before income taxes was generated in the following jurisdictions. Domestic income excludes $30,752 of intercompany dividend income taxable in the US and eliminated in consolidation.

 

     For the years ended December 31,  
     2013     2012      2011  

Domestic

   $ (2,024   $ 1,492       $ 6,220   

Foreign

     16,138        20,205         19,588   
  

 

 

   

 

 

    

 

 

 

Total

   $ 14,114      $ 21,697       $ 25,808   
  

 

 

   

 

 

    

 

 

 

 

F-15


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

The provision for income taxes consists of the following:

 

     For the years ended December 31,  
     2013     2012      2011  

Current:

       

Federal

   $ 11      $       $ 244   

State

     22        1         443   

Foreign

     3,121        4,402         4,933   
  

 

 

   

 

 

    

 

 

 

Total current

     3,154        4,403         5,620   
  

 

 

   

 

 

    

 

 

 

Deferred:

       

Federal

     338        866         (4,543

State

     (289     93         (285

Foreign

     (56     106         765   
  

 

 

   

 

 

    

 

 

 

Total deferred

     (7     1,065         (4,063
  

 

 

   

 

 

    

 

 

 

Total

   $   3,147      $   5,468       $ 1,557   
  

 

 

   

 

 

    

 

 

 

The U.S. federal corporate tax rate varies with taxable income. In 2013, inclusion of the intercompany dividend increased our statutory rate to 35% from 34% in 2012 and 2011. The differences between the income tax provisions computed using the statutory federal income tax rate and the provisions for income taxes reported in the consolidated statements of operations are as follows:

 

     For the years ended December 31,  
     2013     2012     2011  

Expected tax at statutory rate

   $ 4,940      $ 7,377      $ 8,775   

Foreign taxes at other rates

     (2,520     (2,513     (1,758

US dividend income, net of foreign tax credit

     212                 

State income taxes, net of federal benefit

     (310     53          

Change in valuation allowance due to:

      

NOL valuation reserve adjustments

                   (1,639

Utilization of NOL carryforwards

            (43     (4,873

Generation of NOL carryforwards

     6               134   

Disallowed expenses and other

     819        594        918   
  

 

 

   

 

 

   

 

 

 

Total

   $ 3,147      $ 5,468      $ 1,557   
  

 

 

   

 

 

   

 

 

 

 

F-16


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Current deferred tax assets and long-term deferred tax liabilities are presented as separate line items in the balance sheet. Long-term deferred tax assets of $6,334 and $2,565 as of December 31, 2013 and 2012, respectively, are included in other assets, net of accumulated amortization. Current deferred tax liabilities were $726 in 2013 and $543 in 2012 and are included in other accrued liabilities. Deferred income tax balances are comprised of the following:

 

     As of December 31,  
     2013     2012  

Deferred tax assets:

    

U.S. foreign tax credit

   $ 5,058      $   

U.S. net operating loss carryforwards

            859   

Stock and long-term compensation plans

     1,318        2,410   

Foreign NOL & other carryforwards

     2,930        2,675   

US state income taxes

     574        285   

US alternative minimum tax

     395        456   

Deferred revenue

     965        255   

Reserve for uncertain tax issues

     (560     (560

US tax on unremitted foreign earnings

     (380       

Accrued expenses and other

     67        183   
  

 

 

   

 

 

 

Total gross deferred tax assets

     10,367        6,563   

Less: Valuation allowance

     (2,399     (2,284
  

 

 

   

 

 

 

Net deferred income tax assets

   $ 7,968      $ 4,279   
  

 

 

   

 

 

 

Deferred tax liabilities:

    

Swiss tax allowances

   $ 726      $ 543   

Intangible assets

     321        141   
  

 

 

   

 

 

 

Deferred tax liabilities

   $ 1,047      $ 684   
  

 

 

   

 

 

 

Prior to 2013, we considered our unremitted foreign earnings permanently invested and, consequently, did not provide deferred incremental U.S. taxes on them. In the fourth quarter of 2013, we determined that the earnings of certain subsidiaries are available for distribution.

In December 2013, a foreign subsidiary paid a dividend of €22,600 (approximately $30,752 at an exchange rate of 1.36 U.S. Dollars per Euro). At December 31, 2013, unremitted foreign earnings available for distribution at current exchange rates are $46,012. We have provided a deferred tax liability of $380 for the incremental U.S. tax to be paid upon remittance as dividends. The net effect on 2013 tax expense for the dividend policy change was $212.

The earnings of certain subsidiaries will remain permanently invested. At December 31, 2013, total unremitted foreign earnings considered permanently invested at current exchange rates are $50,398.

We utilized U.S. net operating loss (NOL) carryforwards of $10,586 in 2013 including $9,741 related to U.S. tax deductions for employee stock option gains. The stock option tax benefit of $3,318 was credited to additional paid-in capital.

Foreign tax credit carryforwards were $5,058 at December 31, 2013. Foreign tax credits of $944 expire in 2015 and the remaining $4,114 expire in 2023. We have not provided a valuation reserve for the foreign tax credits as we believe it is more likely than not they will be realized.

 

F-17


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

At December 31, 2013, we had foreign NOL carryforwards of $5,093 and other foreign deductible carryforwards of $3,898. The foreign NOL carryforwards have no expiration dates and the other deductible carryforwards expire from 2016 to 2020. At December 31, 2013, we had a valuation allowance of $2,399 for certain foreign deferred tax assets.

The net change in the valuation allowance for the years ended December 31, 2013, 2012, and 2011 were increases of $115 and $196 and a decrease of $5,625, respectively. This valuation allowance will be reviewed on a regular basis and adjustments made as appropriate. In addition to the utilization of NOLs as noted above, the change in the valuation allowance also reflects other factors including, but not limited to, changes in our assessment of our ability to use existing NOLs and other deduction carryforwards, changes in currency rates, and adjustments to reflect differences between the actual returns filed and the estimates we made at financial reporting dates. The company expects to generate adequate taxable income to realize deferred tax assets in foreign jurisdictions where no valuation reserve exists.

We had no accrued interest or penalties for income tax liabilities at December 31, 2013. Our policy is to record interest expense and penalties on income taxes as income tax expense.

ASC 740-10, Accounting for Uncertainty in Income Taxes sets a “more likely than not” criterion for recognizing the tax benefit of uncertain tax positions. We have identified one such exposure concerning cost allocations related to the implementation of our worldwide strategy related to the ownership of our intellectual property for which we had a reserve of $560 at December 31, 2013 and 2012. The reserve is an offset to our U.S. deferred tax asset.

Our primary tax jurisdictions and the earliest tax year subject to audit are presented in the following table.

 

Australia

     2005   

Austria

     2007   

Belgium

     2006   

Netherlands

     2008   

Singapore

     2007   

Switzerland

     2011   

United States

     2005   

Note 8 – Deferred Warranty Revenue and Warranty Reserve

Our standard practice is to provide a warranty on our DIGIPASS hardware for one to two years after the date of purchase. Customers may purchase extended warranties covering periods from one to four years after the standard warranty period. We defer the revenue associated with the extended warranty and recognize it into income on a straight-line basis over the extended warranty period. The estimated cost of providing warranty services during the extended warranty period is less than the revenue related to such warranty service.

Deferred warranty revenue at December 31, 2013, which will be recognized as revenue, is as follows:

 

Year

   Amount  

2014

   $ 30   

2015

     31   

2016

     14   

2017

     9   

2018

     3   
  

 

 

 

Total

   $ 87   
  

 

 

 

 

F-18


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

We maintain a reserve for the potential cost of future warranty claims related to products sold and recognized in revenue. The reserve is included in accrued expenses. Activity in the warranty reserve account during the three years ended December 31, 2013 was as follows:

 

     For the years ended Decenber 31,  
     2013     2012     2011  

Balance, beginning of period

   $ 45      $ 36      $ 61   

Provision for warranty claims

     216        139        59   

Product or cash issued to settle claims

     (145     (130     (84
  

 

 

   

 

 

   

 

 

 

Balance, end of period

   $     116      $         45      $     36   
  

 

 

   

 

 

   

 

 

 

Note 9 – Stock Compensation Plans

In June 2009, our stockholders approved the VASCO Data Security International, Inc. 2009 Equity Incentive Plan (the “2009 Equity Plan”). The 2009 Equity Plan permits the issuance of awards in a variety of forms, including (1) shares of our common stock, (2) nonqualified and incentive stock options for the purchase of our common stock, (3) stock appreciation rights, (4) deferred stock, (5) other stock-based awards (including restricted shares, performance shares, performance units and other stock unit awards), and (6) cash incentive awards.

Upon approval of the 2009 Equity Plan, our 1997 Stock Compensation Plan, as amended and restated (the “1997 Compensation Plan”) was suspended. No additional awards will be issued under the 1997 Compensation Plan, however, all outstanding awards under the 1997 Compensation Plan were unaffected by the approval of the 2009 Equity Plan. The 1997 Compensation Plan permitted the award of stock compensation in various forms.

The 2009 Equity Plan and the 1997 Compensation Plan were designed and intended to provide performance incentives to employees and non-employee directors, consultants and other key persons of the company. Both plans are administered by the Compensation Committee as appointed by the Board of Directors and are intended to be non-qualified plans.

As of December 31, 2013, the number of shares allowed to be issued under the 2009 Equity Plan was 6,618 shares of the company’s common stock, representing 16.7% of the issued and outstanding shares of the company as of such date.

The following table summarizes stock compensation expense recorded under the two plans.

 

     2013      2012      2011  

Compensation expense included in income:

        

Stock Option

   $       $       $   

Restricted stock

     2,472         2,804         3,140   

Other Long-term Stock Incentives

     115         922         2,977   
  

 

 

    

 

 

    

 

 

 

Total expense

   $ 2,587       $ 3,726       $ 6,117   
  

 

 

    

 

 

    

 

 

 

 

F-19


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Stock Options

We have not granted stock options since 2005. There is no stock option expense for the three years ended December 31, 2013. Options granted have terms of six to ten years and vesting periods of one to five years. The company may issue new shares or treasury shares for option exercises. The following table summarizes option activity for the year ended December 31, 2013. All options outstanding at December 31, 2013, 2012, and 2011 were fully vested.

 

     Shares     Weighted
Average
Exercise
Price
     Weighted
Average
Remaining
Term (Years)
     Aggregate
Intrinsic
Value
 

Outstanding at January 1, 2013

     299      $ 2.49         1.00       $ 1,695   

Exercised

     (277     2.48            1,429   

Expired

     (1     2.53         
  

 

 

         

Outstanding at December 31, 2013

     21        2.55         0.05         109   
  

 

 

         

At December 31, 2013:

          

Fully vested, exercisable options

     21      $ 2.55         0.05       $ 109   

Exercise of options to purchase 277 shares resulted in the issuance of 163 shares, net of shares withheld in satisfaction of exercise price and mandatory minimum tax withholdings.

The intrinsic value of options exercised and the fair value of shares vested over the last three years were:

 

     2013      2012      2011  

Intrinsic value of options exercised

   $ 1,429       $ 3,146       $ 1,094   

Fair value of shares vested

     0         0         0   

Time-Based Restricted Stock

Time-based restricted stock awards were granted to executive officers, employees and non-employee directors. Awards to non-employee directors vest on the first anniversary date of the grant. Awards to executive officers and employees vest annually over three or four year periods. Shares are subject to forfeiture if the service period requirement is not met. Compensation expense equal to the market value of the stock on the grant date is recorded on a straight-line basis over the vesting period as required by ASC 718-10. Compensation expense was $1,871, $1,849, and $1,415 for 2013, 2012, and 2011. The following table summarizes the time-based restricted stock activity for the year ended December 31, 2013:

 

     Shares     Weighted
average
remaining
term (years)
     Aggregate
intrinsic
value
 

Outstanding at January 1, 2013

     544        2.21       $ 4,436   

Shares vested

     (240        1,909   

Shares awarded and issued

     120           1,001   
  

 

 

      

Outstanding at December 31, 2013

     424        1.85       $ 3,277   
  

 

 

      

The unamortized future compensation expense for time-based restricted stock awards was $1,691 at December 31, 2013.

 

F-20


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Performance-Based Restricted Stock

Performance-based restricted stock awards granted to executive officers and employees were subject to achievement of one-year performance targets established by the Board of Directors. Earned shares vest annually over three or four years. Shares are subject to forfeiture if the service period requirement is not met.

The number of shares earned from awards granted in 2013, 2012, and 2011 were 0, 0, and 276, respectively. Compensation expense, equal to the market value of the stock on the grant date, is recorded on a straight-line basis over the vesting period at the performance level deemed probable, as required by ASC 718-10. Compensation expense in 2013, 2012, and 2011 was $600, $956, and $1,725. Unamortized future compensation expense for performance-based restricted stock was $592 at December 31, 2013.

The following table summarizes activity related to unvested performance restricted stock shares during 2013:

 

     Total Unvested
Shares
    Weighted
average
remaining
term (years)
     Aggregate
intrinsic
value
 

Outstanding at January 1, 2013

     521        1.37       $ 4,255   

Shares vested

     (290        2,532   

Shares forfeited

     (102     
  

 

 

      

Outstanding at December 31, 2013

     129        1.07       $ 997   
  

 

 

      

Other Long-term Stock Incentive Awards

During 2012 and 2010, other long-term stock incentive awards were granted to key employees, other than named executive officers subject to achievement of performance targets established by the Board of Directors. Awards are designated in U.S. Dollars however, at the option of the Company, may be paid in our common stock. Compensation expense equal to the award level deemed probable is recorded on a straight-line basis over the vesting period as required by ASC 718-10.

For awards granted in 2012, the one-year performance target was not met. Awards granted in 2010 vested at the end of the three-year performance period. At December 31, 2012, $0 was accrued for the 2012 awards and $2,424 was accrued for the 2010 awards. The 2010 awards were paid in cash during 2013. Accordingly, unamortized future compensation expense for the long-term incentive awards was $0 at December 31, 2013.

No long-term stock incentive awards were granted in 2013.

 

F-21


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Note 10 – Earnings per Common Share

Basic earnings per share is based on the weighted average number of shares outstanding and excludes the dilutive effect of unexercised common stock equivalents. Diluted earnings per share is based on the weighted average number of shares outstanding and includes the dilutive effect of unexercised common stock equivalents to the extent they are not anti-dilutive. A reconciliation of the shares included in the basic and fully diluted earnings per share calculations is as follows:

 

     For the years ended December 31,  
     2013      2012     2011  

Net income-continuing operations

   $ 10,967       $ 16,229      $ 24,251   

Net income (loss)-discontinued operations

     180         (630     (6,118
  

 

 

    

 

 

   

 

 

 

Net income

   $ 11,147       $ 15,599      $ 18,133   
  

 

 

    

 

 

   

 

 

 

Weighted average common shares outstanding

       

Basic

     38,873         38,068        37,555   

Incremental shares with dilutive effect:

       

Stock options

     152         422        824   

Restricted stock awards

     133         187        189   
  

 

 

    

 

 

   

 

 

 

Diluted

     39,158         38,677        38,568   
  

 

 

    

 

 

   

 

 

 

Basic income (loss) per share

       

Continuing Operations

   $ 0.28       $ 0.43      $ 0.65   

Discontinued Operations

     0.00         (0.02     (0.16
  

 

 

    

 

 

   

 

 

 

Total Net income per share

   $ 0.28       $ 0.41      $ 0.48   
  

 

 

    

 

 

   

 

 

 

Diluted income (loss) per share

       

Continuing Operations

   $ 0.28       $ 0.42      $ 0.63   

Discontinued Operations

     0.00         (0.02     (0.16
  

 

 

    

 

 

   

 

 

 

Total Net income per share

   $ 0.28       $ 0.40      $ 0.47   
  

 

 

    

 

 

   

 

 

 

Note 11 – Employee Benefit Plan

We maintain a defined contribution pension plan for our U.S. employees established pursuant to the provisions of Section 401(k) of the Internal Revenue Code, which provides benefits for eligible employees of the company and allows us to match employee contributions. For the years ended December 31, 2013, 2012, and 2011, we contributed $116, $111, and $100, respectively, to this plan as matching contributions.

We also maintain a pension plan for our Belgian employees, in compliance with Belgian law. The plan is a defined contribution plan, but has a minimum return guarantee under Belgian law. Returns guaranteed by the pension plan administrator are essentially equal to the legal requirement. For the years ended December 31, 2013, 2012, and 2011, the company contributed $655, $542, and $515, respectively, to the plan.

 

F-22


Table of Contents

VASCO DATA SECURITY INTERNATIONAL, INC.

NOTES TO CONSOLIDATED FINANCIAL STATEMENTS - (Continued)

(amounts in thousands, except per share data)

 

Note 12 – Geographic, Customer and Supplier Information

We classify our sales by our customers’ locations in four geographic regions: 1) EMEA, which includes Europe, the Middle East and Africa; 2) the United States, which for our purposes includes sales in Canada; 3) Asia Pacific Rim; and 4) Other Countries, including Australia, Latin America and India. Information regarding geographic areas for the years ended December 31, 2013, 2012, and 2011 is as follows:

 

     Europe,
Middle East,
Africa  (EMEA)
     United States      Asia Pacific      Other
Countries
     Total  

2013

              

Revenue

   $ 95,794       $ 11,781       $ 27,356       $ 20,116       $ 155,047   

Gross profit

     62,529         9,477         14,552         13,313   <