OneSpan : Q126 Transcript

Published: 2026-05-04 14:38:06 ET OSPN

Published on 05/04/2026 at 02:38 pm EDT

OneSpan (Q1 2026)

April 30, 2026

Joe Maxa; OneSpan, Inc.; Vice President of Investor Relations

Victor Limongelli; OneSpan, Inc.; Chief Executive Officer

Jorge Martell; OneSpan, Inc.; Chief Financial Officer

Erik Suppiger; B. Riley Securities; Analyst

Rudy Kessinger; D.A. Davidson; Analyst

Gray Powell; BTIG; Analyst

Anja Soderstrom; Sidoti; Analyst

Catharine Trebnick; Rosenblatt; Analyst

PRESENTATION

Operator^ Good day and thank you for standing by. Welcome to the Q1 2026 OneSpan Earnings Conference Call. (Operator Instructions)

Please be advised that today's conference is being recorded.

I would now like to hand the conference over to your first speaker today, Joe Maxa, VP of Investor Relations. Please go ahead.

Joe Maxa^ Thank you, Operator. Hello, everyone. Thank you for joining the OneSpan first quarter 2026 earnings conference call.

This call is being webcast and can be accessed on the Investor Relations section of OneSpan's website at investors.onespan.com.

Joining me on the call today is Victor Limongelli, our Chief Executive Officer; and Jorge Martell our Chief Financial Officer.

This afternoon after market close, OneSpan issued a press release announcing results for our first quarter of 2026. To access a copy of the press release and other investor information, please visit our website. Following our prepared comments today, we will open the call for questions.

Please note that statements made during this conference call that relate to future plans, events or performance including the outlook for full year 2026 and other long-term financial targets are forward-looking statements. These statements involve risks and uncertainties, and are based on current assumptions. Consequently, actual results could differ materially from the expectations expressed in these forward-looking statements.

I direct your attention to today's press release and the company's filings with the U.S. Securities and Exchange Commission for a discussion of such risks and uncertainties.

Also note that financial measures that may be discussed on this call are expressed on a non-GAAP basis and have been adjusted from this related GAAP financial measure. We have provided an explanation for and reconciliations of these non-GAAP financial measures to the most directly comparable GAAP financial measures in the earnings press release and in the investor presentation available on our website.

In addition, please note that all growth rates discussed on this call refer to a year-over-year basis unless otherwise indicated.

The date of this conference call is April 30, 2026. Any forward-looking statements and related assumptions are made as of this date. Except as required by law, we undertake no obligation to update these statements as a result of new information or future events or for any other reason.

I will now turn the call to Victor.

Victor Limongelli^ Thank you, Joe. Hello, everyone. Thank you for joining us today.

We had a good first quarter with strong profitability and solid revenue growth. Indeed, subscription revenue grew 8% year-over-year, and our adjusted EBITDA margin was 32%.

I'm also happy to report that notwithstanding the doom and gloom you might hear about software, our gross revenue retention increased again in Q1, reaching 90% for the company as a whole and 94% for our Digital Agreements business.

We also generated healthy cash flows, and we returned capital to shareholders via share buybacks which have totaled approximately 1.5 million shares for more than $18 million over the past three quarters and via an increased quarterly dividend as well.

Before reviewing our results in more detail, I'd like to provide an update on our investments and how we are positioning the company for stronger growth over time.

First, in Q1, we completed the acquisition of Build38, which brings a fantastic team to OneSpan with deep expertise in mobile threats and mobile application protection, and provides customers with telemetry to help them understand the attacks targeting their mobile applications and the environment in which they operate. Keep in mind that the vast majority of consumer banking is now conducted through mobile banking applications, making this a critical attack surface for banks to protect.

We now offer post-compilation application protection, sometimes called post-compilation wrapping as well as an SDK-based approach through which customers can build an application protection and the telemetry necessary for visibility into the threat environment and overall operating environment.

With the addition of Build38's capabilities, I am happy to report that we now offer a comprehensive set of leading mobile application security technologies across the app shielding landscape.

Second, I want to update you on the acquisition we completed last year of Nok Nok Labs, a pioneer of the FIDO Alliance and of password-less authentication. A fabulous team from Nok Nok joined our company.

Together, we have grown that business materially with ARR having increased about 20% in less than 10 months since closing, and it has broadened our product set as well. We now have the broadest B2B2C authentication offering, both hardware and software, cloud and on-prem and OTP and FIDO.

Third, we continue to invest in internal research and development. In our Digital Agreements business, we continue to make strides towards our goal of delivering secure, seamless agreement workflows purpose-built for the financial services industry, combining white label capabilities with embedded security, compliance and identity assurance across the eSignature journey.

We're also planning to integrate AI-driven capabilities to provide deeper insights, streamline decision-making and further simplify integration into our customers' existing environments.

Last but not least, I want to reiterate that neither our Digital Agreements business nor our Cybersecurity business has seat-based licensing as the primary revenue model.

In Cybersecurity, we sell to our customers based on the number of their end users and not based on the number of their employees or seats. Our licenses are tied to the number of consumers using strong authentication or app shielding solutions.

Similarly, in Digital Agreements, the vast majority of our business, about 97%, is priced based on the number of expected eSignature transactions or documents rather than customer employee counts or user counts. Turning to our results.

As mentioned, we started the year with a strong first quarter. We generated $21 million of adjusted EBITDA in the quarter or 32% of revenue.

We ended the first quarter with annual recurring revenue of $192 million, up 14% year-over-year, inclusive of the uplift from the two acquisitions in the past year. This strong ARR growth continues a positive trend as ARR is now up 24% since March 31, 2024. Total revenue grew 4% to $66 million, driven by 11% growth in Digital Agreements which had another strong quarter, and 2% growth in Cybersecurity.

Subscription revenue in Digital Agreements grew 11%, driven by demand for e-signatures, while subscription revenue in Cybersecurity grew about 6.5%, reflecting growth in cloud authentication, password-less authentication and app shielding. Both business units were solidly profitable at the division level.

Overall, the company generated $28 million in cash from operations during the quarter. Our Board remains committed to a balanced capital allocation strategy that considers shareholder returns, organic investment and targeted M&A.

In the first quarter, we invested nearly $35 million to acquire Build38 and returned more than

$10 million to shareholders through dividends and share repurchases following nearly $32 million returned in 2025. The Board has approved a quarterly dividend of $0.13 per share to be paid in the current quarter, and we'll continue to evaluate additional share repurchase opportunities.

In summary, we serve a diverse global customer base, and we deliver comprehensive offerings in strong B2B2C authentication, app shielding and e-signatures.

We are investing internally and through targeted M&A to strengthen our portfolio and go-to-market execution, and we continue to make solid progress in building a stronger foundation for growth. We remain committed to maintaining strong profitability, cash generation and returning capital to shareholders.

With that, I'll turn the call over to Jorge.

Jorge Martell^ Thanks, Victor, and good afternoon, everyone.

I'm pleased to report another strong quarter and continued progress in building a solid foundation for future growth.

I'm particularly excited about our acquisition of Build38, which strengthens our mobile application security offering and enhances our ability to protect customers and their customers from increasingly sophisticated AI-driven threats.

We acquired Build38 on February 27. And as such, our first quarter results include just over one month of Build38's financial contribution.

Before turning to our Q1 results, I'd like to briefly highlight a change we made this quarter to how we present revenue by operating segment. To better align with how we manage the business and our strategic focus on growing recurring revenues, we now include term maintenance revenue within subscription revenue.

As a result, subscription revenue now consists primarily of term licenses for on-prem software, the related maintenance and support revenue and SaaS revenue.

In addition, maintenance revenue associated with perpetual licenses and professional services is now presented together, better reflecting the continued evolution of our business away from perpetual license arrangements. These changes are presentation only and have no impact on total revenue, operating income or cash flows, and prior period results have been updated for comparability.

Additional details are included in the revenue tables in today's press release, our Form 10-Q and the investor presentation on our website.

With that context, let me turn to our first quarter results. Annual recurring revenue, or ARR, increased 14.1% year-over-year to $192.1 million, inclusive of the two acquisitions.

Our net retention rate was 105%, benefiting from customer expansion contracts. ARR also benefited from new customer additions and M&A.

First quarter revenue was $65.9 million, an increase of 4.1% compared to last year's Q1, driven by 5.8% growth in software and services revenues, partially offset by a 4.3% decline in hardware revenue. Continuing a long-term declining trend in Q1, hardware comprised only 16% of our overall revenue. Subscription revenue grew 8.2% to $52.7 million and accounted for 80% of total revenue. Gross margin was approximately 74%, consistent with the prior year period.

I'll provide additional detail on these metrics as I review each business division in a couple of minutes.

First quarter GAAP operating income was $14.8 million compared to $17.2 million in Q1 of last year. The year-over-year decline in operating income primarily reflects increased operating costs

related to the acquisition of Nok Nok and Build38 including headcount and nonrecurring acquisition-related consulting costs as well as certain costs related to organic investments, partially offset by lower share-based compensation expenses. GAAP net income per share was

$0.30 compared to $0.37 a year ago. Non-GAAP net income per share was $0.39 compared to

$0.45 in prior year period.

First quarter adjusted EBITDA and adjusted EBITDA margin was $21 million and 31.9% compared to $23 million and 36.4% in the first quarter of last year.

Turning to our Cybersecurity division. Cybersecurity ARR grew 16.5% year-over-year to $124.6 million, again inclusive of the two acquisitions in the past year.

First quarter revenue increased 1.7% to $48.5 million. Subscription revenue grew 6.6% to $35.3 million, driven by customer expansions, new logos and M&A, partially offset by lower multiyear term license revenue. Hardware revenue declined 4.3% which was less than expected due to the earlier-than-anticipated delivery of certain customer shipments.

As expected, perpetual maintenance and services revenue declined as we continue to transition legacy perpetual contracts to term-based arrangements. Gross margin for the Cybersecurity division was 74% compared to 76% in the prior year quarter, primarily reflecting incremental third-party license costs as well as subscription and professional services costs.

Operating income was $20.8 million or 43% of revenue compared to $24.2 million or 51% of revenue in last year's Q1, driven by increased operating expenses from the acquisitions, the incremental cost of revenues just discussed, higher nonrecurring acquisition-related consulting costs and increased investments.

Now turning to Digital Agreements. ARR grew 9.9% year-over-year to $67.5 million.

First quarter revenue grew 11.2% to $17.4 million, driven by expansion of renewal contracts, new customer additions and overage fees. Gross margin improved to 72.5%, up from 70.3% in the prior year period, reflecting higher revenues and greater efficiency in our cloud infrastructure costs.

Operating income was $5.3 million or 30.4% of revenue compared to $3.4 million or 21.5% in the same period last year, driven by revenue growth, higher gross margins and a modest decline in operating expenses. Turning to our balance sheet.

We ended the first quarter with $49.8 million in cash and cash equivalents compared to $70.5 million at the end of 2025.

We generated $28.2 million in operating cash flows during the quarter. Uses of cash included $5 million for our quarterly dividend, $5.4 million to repurchase approximately 510,000 shares of common stock, $34.6 million related to the Build38 acquisition and $2.6 million in capital software development costs, among other things.

We ended the quarter with no long-term debt. Geographically, revenue in the first quarter of 2026 was 43% for EMEA, 38% from the Americas, 19% from Asia Pacific compared to 49%, 33% and 18% from the same regions in the first quarter of 2025, respectively. Year-over-year changes reflect growth in Digital Agreements and Cybersecurity software revenue in the Americas, lower Cybersecurity hardware and software revenue in EMEA, and increased hardware revenue in Asia Pacific.

Now turning to some modeling notes and our outlook. We are pleased with our first quarter results and the progress we've made in positioning the company for long-term growth. We are affirming our full year 2026 guidance for revenue and adjusted EBITDA, and we are raising our guidance for ARR. We expect continued growth in software and services revenue, driven by solid performance in Digital Agreements and moderate growth in Cybersecurity.

In Cybersecurity, we anticipate a second quarter ARR headwind of approximately $3 million from two contracts not expected to renew. In both cases, the customer is not a bank or a financial institution, and the majority of that total is from a customer moving to password-less authentication with a decision taken a year ago before we had acquired Nok Nok Labs.

Indeed, this reinforces our belief that adding Nok Nok to our product portfolio was the right strategic move as we expect password-less authentication to only grow going forward. As such, we expect ARR to grow in the second half of the year with most of that growth occurring in the fourth quarter.

Finally, we also expect the secular shift away from consumer banking hardware tokens to continue.

For the full year 2026, we expect total revenue to be in the range of $244 million to $249 million. We expect software and services revenue to be in the range of $201 million to $204 million. We expect hardware revenue to be in the range of $43 million to $45 million. We expect ARR to be in the range of $194 million to $198 million as compared to our previous guidance range of $192 million to $196 million. We expect adjusted EBITDA in the range of $64 million to $68 million. That concludes my remarks.

I will now turn the call back to Victor.

Victor Limongelli^ Thanks, Jorge. To recap, we delivered a strong first quarter and over the past year, we have better positioned the company to deliver value to customers and create value for shareholders.

While we know there is more work ahead that one good quarter does not make an excellent year, we are encouraged by the progress we have made. Jorge and I will now be happy to take your questions.

QUESTIONS AND ANSWERS

Operator^ (Operator Instructions) Our first question comes from the line of Erik Suppiger of B. Riley Securities.

Erik Suppiger^ First off, when will we start to realize some of the returns that you're making on the -- in the operations over the course of 2026?

When can we anticipate some acceleration in top line?

And do you have a timeframe when you can get back to a Rule of 40 -- delivering on the Rule of 40?

Victor Limongelli^ Yes. Thanks, Erik.

I think before getting to the exact timeline for the Rule of 40, it's important to highlight the progress we've made.

If you look at where we were on the Rule of 40 metrics in 2023, I believe the number was 12 on a combined basis, not for one of the metrics. And for the most recent quarter, we were at 36 and 32 last year.

So we've definitely made progress.

I don't want to pin an exact date on when we'll be at exactly 40, but we're making progress. You see it in our ARR growth. You see it in our subscription growth.

Of course, for quite a long time we've had a consumer banking token decline, and you saw hardware decline again year-over-year. It's now only 16% of our revenue.

We feel like we've made some good progress. We've added some real key functionality to our product set.

We're investing in go-to-market as well to continue to try to drive that subscription growth and try to drive the ARR forward.

Operator^ Our next question comes from the line of Rudy Kessinger of D.A. Davidson.

Rudy Kessinger^ First one for me on ARR, just so we can try to get to an organic ARR growth rate.

What was the Nok Nok ARR and Build38 ARR as of the end of Q1?

Jorge Martell^ Rudy, thanks for the question.

So as of the end of Q1, Nok Nok's ARR was $9.7 million, which is an increase from the $8.1 million that we acquired, really nine months ago which we feel pretty good about. And Victor alluded to that 20% growth over the last nine and change months, nine-ish months. The Build38 ARR that we acquired was $2.8 million, Rudy.

So combined, it's about $10.9 million, call it, $11 million. And so when you look at ARR growth organic, it's about 7% to 8%.

Rudy Kessinger^ Got it. That's super helpful.

The growth on Nok Nok is good to see. Obviously you lapped that next quarter as far as organic goes.

Then second question for me. Obviously just given your guys' significant EMEA mix, I'm curious what impacts, if any, maybe you saw in the quarter or you're seeing in current deal conversations just given the conflict in the Middle East right now?

Victor Limongelli^ Yes. Thanks, Rudy. The Middle East itself -- well the Gulf region itself is a small part of our business, only about 4% of revenue. We're obviously keeping an eye on it like many people are.

For Europe, I think you'll see in the geographic mix or Jorge talked about the geographic mix, EMEA is a little bit of a smaller portion compared to growth in the Americas. Part of that strategic, we do think we're under-indexed to North America when it comes to security in particular.

So we feel like we're going to grow faster in North America than we had in the past. And also the DA business has been doing well and that's largely a North American business.

Overall, we're optimistic, I would say, about EMEA and cautiously watching the Middle East situation.

Operator^ Our next question comes from the line of Gray Powell of BTIG.

Gray Powell^ I just had a couple here.

So it's good to hear the commentary on Nok Nok. Where are you seeing the strongest pull with Nok Nok within your installed base?

Then just when a customer decides to take a product set, just how should we think of the upsell opportunity?

Victor Limongelli^ Nok Nok, I think, is an upsell opportunity because people are going to move to password-less over the coming years.

So having that capability is a core part of our offering.

So some of that is customer retention. We talked about GRR in the first quarter. It was at a very strong level, 94% for DA, but 88% for security, Cybersecurity, so higher than it had been in quite a while.

And there's also opportunity to get new customers with Nok Nok's offering as password-less becomes more and more prevalent, having a super strong offering, having the Board seat on the FIDO Alliance, having the history with FIDO that Nok Nok had brings a lot to the table.

Geographically, we have seen it so far be stronger in North America with strength in Japan as well.

But we expect it to grow in Europe, ultimately, to grow in Latin America and all over the world.

In five years, people -- everyone will use passkeys and passwords we'll see outdated.

Gray Powell^ Okay. That's really helpful. Then I just want to make sure I'm thinking about Build38 correctly.

So I mean it makes perfect sense on how it can make your existing products better. This might be a dumb question, but what was the acquisitions main purpose?

Is it simply to make you more competitive on the authentication side and to make your existing stuff more compelling?

Or is it going to ultimately result in another SKU that you can sell to customers and therefore, like I just said, something else that can generate revenue?

Victor Limongelli^ It broadens the offering.

So if you think about what our app shielding offering was, first of all, it was through a partner. We had a long partnership in that realm that was successful, but that offering was what is called a wrapping.

So you build the application and then after it's compiled, there's a wrapper or protection put around the app.

And it's useful; it locks attacks, but it doesn't give you as much information about what type of attacks are coming in, what the operating environment is.

The Build38 approach is different. It has an SDK-based implementation where the protection is built into the app, and it enables telemetry back from the applications. Remember, they don't control the devices. These are all consumer devices that are using mobile banking apps. It gives them lots of information about the devices themselves and about what attacks are happening.

So that has all kinds of implications to broaden the Cybersecurity solution that we're offering customers.

Operator^ Our next question comes from the line of Anja Soderstrom of Sidoti.

Anja Soderstrom^ Just curious, the contracts that are not renewing in the second quarter, how big of a shortfall is that?

And can you just double-click on what gives you confidence in raising the ARR guidance?

Victor Limongelli^ Sure. We've seen good progress with ARR. Those two accounts -- I mean one of them is about $2 million, right?

That decision was taken a year ago for them to move to password-less. This is a great -- it just underscores why the Nok Nok acquisition was important for us. We did not have an offering at the time.

So we didn't have the opportunity to even compete effectively as they move to password-less. We do now. Unfortunately, that decision had already been taken.

So in the short run, we're going to have a little bit of a hit, as mentioned, to ARR, but we do feel good about the growth that we've seen so far, the pipeline. And we do have seasonality in our business. We closed a lot more business in Q4 than we do in the summer, typically in most years.

So we think most of that ARR reinvigoration will happen in the latter part of the year, say September through December.

Anja Soderstrom^ Okay. And now when you have Nok Nok, do you feel you're getting better attention since you are having that offering or --

Victor Limongelli^ Well it's hard to put a precise quantification on it. But if you look at the growth in our GRR, I think we are positioned better with our customers.

Instead of having technology that maybe a few years ago, someone would have viewed as dated, we have up-to-date market-leading technology in critical areas.

So that helps customers feel that they should stick with you, that you're going to be a long-term solution.

We've seen our GRR go up. I don't think it's only as a result of that because our renewals team has done a great job. We've done better engagement with customers as well but I think it certainly helps.

Operator^ Our next question comes from the line of Erik Suppiger of B. Riley Securities.

Erik Suppiger^ A follow-up here. Of your FIDO2 customers, how many of them are buying both the Nok Nok back-end software as well as the tokens?

Victor Limongelli^ To date, not too many. It's -- the Nok Nok, of course, did not have a token business.

So most of them are pure software customers. That's another area that I think as we look ahead, we have an opportunity to do better in. It's something that we're hoping can blunt the decline in the consumer banking tokens as we move forward.

Having that broad offering does give flexibility to customers if they have a portion of their workforce that they want to have hardware authentication for. We can offer that without them needing to go to somebody else to a hardware-only vendor as an example.

But to date, we haven't had a ton of cross-sell on that. It is an opportunity rather than a material contributor at the moment.

Erik Suppiger^ Is it a synergistic sale where you're able to provide any advantage by using an end-to-end solution?

Or is it just simply standards-based and therefore there's no end-to-end benefit?

Victor Limongelli^ Well, the Nok Nok offering has advantages.

Of course, it is an open protocol, fire protocol, but the Nok Nok solution has additional technology built in to enable device binding of keys which financial institutions like a lot, not to get into too much into the weeds.

But sync keys sync to Google or other cloud providers can sometimes make banks nervous. The Nok Nok offering has the ability to have device bound key so that they're not synced on the software side.

On the hardware side, it is -- again it's an open protocol.

So they could buy hardware from someone else. It is advantageous in having the same vendor. We do very nice branding on the devices which we have history having done that with banks for many, many years.

So to the extent that they like that, it's an appealing offering. But again, open protocol, so it's not

-- there's not a vendor lock-in situation when it comes to hardware.

Operator^ Our next question comes from the line of Catharine Trebnick of Rosenblatt.

Catharine Trebnick^ Now with subscription revenue roughly 80% of total and you have a good track record or it seems like Digital Agreements and the Cybersecurity subscriptions growing, can you lay out a plan for -- will it always be 80%, 85%?

I mean what's going to happen with the hardware you think over the next 12 months? Because I know it's been lumpy and there's obvious some changes and just lay out a roadmap.

Victor Limongelli^ So let me just talk about the underlying business trends. The consumer banking tokens, we expect to continue to decline.

We don't think they'll go zero. We think there'll be some portion of consumers in Europe and Asia that are using tokens to authenticate because they're doing web banking and they're not

doing their banking through a mobile banking app. You ask banks, a lot of them will say 80% of their traffic is now through the mobile app versus laptops or desktops.

The hardware piece, the part that could offset that ongoing decline that's been going on for over a decade, is the FIDO2 security piece. If we can get that piece to grow, we could offset that growth and keep the hardware business at a stable rate.

Of course, most of our focus -- most of our attention is on growing the subscription, growing the ARR and driving value that way. Jorge, I don't know if you want to add anything on modeling, that would be helpful.

Jorge Martell^ Yes. So I think for purposes of '26, Catharine, we didn't change our guide for hardware. Where it goes in '27, '28, nobody has a crystal ball.

I think Victor have some input on that. It's obviously still in secular decline. But to Vic's point, we don't think it's going to go to zero, right?

There's going to be -- even corporate banking is still done through a hardware token is the safest way to do providers transactions and things of that nature.

So there will be specifically a pool and a target customer base that will continue to use that device, right, hardware token.

So I cannot add more to what you said, Vic, other than hopefully stabilizes and continue a new baseline soon.

Operator^ This concludes the question-and-answer session.

I would now like to turn it back to Joe Maxa for closing remarks.

Joe Maxa^ Thanks for joining today, everyone. We look forward to talking with you again next quarter.

Have a great evening.

Operator^ Thank you for your participation in today's conference. This does conclude the program.

You may now disconnect.

Disclaimer

Onespan Inc. published this content on May 04, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on May 04, 2026 at 18:37 UTC.