Some good commentary here. But I don't think the single greatest risk (outside of obvious legislative concerns) has been mentioned -- leadership! Both existing and future. I will elaborate.

Key person dependency (a cohort of a few) is a problem for me -- not for the running of the business itself but both culture and capital management decisions. There is no denying that Paul and co have done a sensational job over the last few years -- conservatively growing this business from a 50m enterprise to one nearing 400m. Over extension is a big risk, even with them at the helm, but I consider Paul, his broader management team and the board to be sensible capital allocators and decision makers that actually give a shit about their shareholders. This business would be very easy to grow quickly (incentives are everything) via aggressive acquisitions and expansion -- but that doesn't mean that will be a good result for shareholders. Their expansion has been sensible, measured and well considered. Most of it organic or sensible acquisitions that don't involve software bloat or anything similar. The recent shift into the US is a big shift in the game plan, and one that we should remain alert to, but at the same time their track record is bloody impressive. They have earnt my trust in this regard.

Two key members for me are Paul (CEO) and Chris (Chairman), and to a lesser extent Richard (CFO). They have all been involved with this business for over a decade. That is quite incredible in itself. They understand the industry, risks and players involved and presumably each have similar perspectives about strategy (otherwise they would have splintered and gone separate ways long ago). They are all important members for both historical and future performance. I am watching this very closely and outside of legislative risk it is my biggest concern. Like I said, this business would be easy to burn up in flames from a shareholder perspective -- coincidentally it would also be easy to increase revenues significantly without much care for sustainability and reputation.

Outside of the above, another concern (but perhaps less critical) is the risk of growing pains. For those familiar with the Smart Parking of old (pre 2020) there were some previous concerns with non-compliance within the British management team as an example. As Smart Parking grows, their business model (worldwide) becomes more difficult to control/oversee for Paul and co. As a business that is heavily reliant on isolated sales silos, it is something to monitor.

Nice thesis summary @jcmleng - first time I'm reading your post without the month delay!

On risks, concentration on the UK market (although much improved) is a still a big risk.

I agree on the major risk being regulatory and the potential for regulatory contagion mikebrisy mentions, NZ often follows UK/Australia on policy. I think if the PBN charges are seen as reasonable by customers then it's less likely e.g. PBN charge total should scale with time parked - not sure how they work in practice. They spend some time discussing the UK regulatory environment in the FY25 commentary suggesting it's more favourable than before. The reality is, with some bad media coverage - a few punters getting charged unreasonable parking fines, with the flick of politicians pen - things can change.

My other main risk is the USA segment. I wouldn't call it a success yet, there's a big chunk of goodwill (39m) on this acquisition so want to see continued payoff here. I know management knew the US sellers for some years before the acquisition but I've also seen things change after the sellers get their earnout so watching that too. Early signs are positive though, liked how they say that capex is usually done by the customer in the US.

I would also draw attention to the German situation. Why? They've been there since 2022 and it has similar revenue/site ratio to NZ but it's still a drag (not sure why, I assume higher capex). Germany and Denmark (and Switzerland) will likely be adjusted EBITDA negative in FY26 too. None of Europe apart from UK is positive yet. Perhaps this a consequence of the 'land grab' race to reach site targets approach.

Overall, I agree with the grow sites approach, my thesis was it's a simple business and doesn't require genius. Grow sites, grow PBNs, low to moderate capital spend, half-decent management and the cash should flow. The regulatory pitfall will always be there, and must discount for this.

@jcmleng one risk I would add is PR/reputation risk. For example, if it turns out the company mishandles an appeal from a member of the public, and it then turns into one of those stories the press love (think ABC Four Corners) and as a result it damages brand and willingness of customers to stay or sign up with $SPZ for fear of brand damage by association.

Another risk is data Security. For example, if private details of a car park user are mis-used or stolen. This could also play into the PR/Reputation risk.

Paul Gillespie will rely on high quality Country Managers to ensure the culture of compliance and adherence to key controls is maintained. And as the business scales, that gets harder to assure. This is especially true if he adopts a regional structure. Sure, his regional MD’s might be good, but each of these has to make good country manager appointments below them. A good CEO will remain directly involved in those next level appointments.

These things can be very important particularly in businesses where staff are incentivised to hit aggressive growth targets. Treating car park users fairly is vitally important.

Interestingly, in QLD, when a public outcry arose over parking operators issuing PBNs, it was found the law for access to number plate data and then the issuing of a PBN was using a legal loophole. Rather than fix the flaw to allow parking operators to issue legally enforceable PBNs, because of a fear of public backlash, in March 2025, the QLD Govt. Closed the loophole - which killed any prospect of an SPZ business in QLD using its ANPR/PBN model. Unless of course there is a bigger legislative change. But no such change is on the government’s agenda, as far as I know.

I think that’s why $SPZ are now going to remove the QLD sites from the site count and redeploy the equipment to NZ, giving the Kiwi’s a “capex holiday.” (Love that term!!)

it is also why I am concerned (given that there appears to be from what I can find out) this recent negative development in QLD, that Paul did not address this head on in the results. “Good news” CEOs worry me. And this is an orange flag that I want to do more digging on. (Maybe see how he handles a question on this at the AGM or next Strawman meeting.)

So, the regulatory risk you’ve mentioned is the biggie, and it is the reason I will not add anymore to my current position size.

And then (just to really scare you off), the nightmare risk is Regulatory Contagion. This is where an adverse regulatory development in one jurisdiction is adopted elsewhere. Regulators monitor developments in other countries and consider whether they might be beneficial in their jurisdiction. So, hypothetically, what if the UK regulator studied what happened in QLD and decided there are valid learnings for the UK. And so on. Then it doesn’t matter how diversified $SPZ has become.

I obviously believe the risk of that happening is very low, otherwise I wouldn’t own $SPZ. But I can’t ignore it.

All our businesses have scary risks if we put our minds to it. As an investor in SPZ I believe the rewards are there. But it is important to understand the risks.

Hope that helps, and interested in the views of others.