--- ticker: CME company: CME Group Inc. filing_type: 10-K year_current: 2024 year_prior: 2023 risks_added: 1 risks_removed: 2 risks_modified: 1 risks_unchanged: 23 source: SEC EDGAR url: https://riskdiff.com/cme/2024-vs-2023/ markdown_url: https://riskdiff.com/cme/2024-vs-2023/index.md generated: 2026-05-10 --- # CME Group Inc.: 10-K Risk Factor Changes 2024 vs 2023 > Source: U.S. Securities and Exchange Commission (EDGAR) > Generated: 2026-05-10 > All data extracted directly from official filings. No hallucinated content. > **[AI-Generated Summary]** The paragraph below was produced by a language > model and may contain errors. All other content on this page is deterministically > extracted from the original SEC filing. > CME Group removed two outdated risks from its 2024 filing: the COVID-19 pandemic disclosure and the LIBOR-to-SOFR transition risk, both of which have been substantially resolved or completed. The company added a new cybersecurity risk focused on potential attacks on critical operations and systems, reflecting heightened focus on digital infrastructure threats. One risk concerning customer retention was substantively modified, suggesting CME refined its disclosure around competitive pressures and revenue dependence on trading volumes. --- ## Summary | Status | Count | |--------|-------| | New risks added | 1 | | Risks removed | 2 | | Risks modified | 1 | | Unchanged | 23 | --- ## New in Current Filing: operations, which could cause us to lose customers and trading volume and result in substantial liabilities. We also could be required to incur significant expense to protect or remediate damage to our systems and/or investigate any alleged attack. We regard the secure storage and transmission of data and the ability to continuously transact and clear on our electronic trading platforms as critical elements of our operations and our operational resiliency. Our technology, our customers, our people and our third-party service providers may be vulnerable to targeted attacks, such as "phishing" attacks, unauthorized access, fraud, computer viruses, denial of service attacks, terrorism, "ransomware" attacks, attacks created through artificial intelligence, firewall or encryption failures or other security or operational risks. Criminal groups, political activist groups and nation-state actors have targeted the financial services industry in general, including as a result of wars, and our role in the global marketplace places us at significant risk for a cyber attack and other information security threats. While to date we have not experienced cyber incidents that are individually, or in the aggregate, material, we and certain of our third party providers have experienced cyber attacks of varying degrees in the past. Our usage of mobile, web, and cloud technologies, such as those pursuant to our partnership with Google Cloud, may increase our risk of a cyber attack. Our security defenses may also be impacted or breached due to employee error, malfeasance, system errors or vulnerabilities. Additionally, outside parties may attempt to fraudulently induce employees, users, customers or our third party providers to disclose sensitive information in order to gain access to our technology systems and data, or our customers' data. Any such breach or unauthorized access could result in significant legal and financial exposure, damage to our reputation, and a loss of confidence in the services we provide that could potentially have an adverse effect on our business, while resulting in regulatory penalties or the imposition of additional obligations by regulators or others. The regulatory environment related to information security, privacy, data collection, data usage and use of artificial intelligence is increasingly rigorous and complex, and any failure to comply may carry significant penalties and reputational damage. We have designed our cyber defense program to mitigate such attacks and security risks through administrative, physical and technical safeguards. As part of our global information security and privacy programs, we employ resources to prevent, detect and respond to cyber attacks and security risks that could impact our people, processes and technology infrastructure, including rapid response to zero-day vulnerabilities. However, our security measures or those of our third-party providers, including any cloud-based technologies, such as those pursuant to our partnership with Google Cloud, may prove insufficient depending upon the attack or threat posed. Any security attack or breach could result in system failures and delays, malfunctions in our operations, loss of customers or lower trading volume, loss of competitive position, damage to our reputation, disruption of our business, legal liability or regulatory fines and significant costs, which in turn may cause our revenues and earnings to decline. We may be subject to litigation and financial losses that exceed our insurance policy limits or are not covered under any of our current policies. --- ## No Match in Current: The COVID-19 pandemic has negatively affected the global economy, including the U.S. economy and the global financial markets, and has disrupted our business and our clients' businesses. The ultimate impact from COVID-19, including duration, is unknown and could have an adverse effect on our business, financial condition and results of operations. *This section from the 2023 filing does not have a high-confidence textual match in 2024. It may have been removed, merged, or substantially reworded.* The COVID-19 pandemic continues to cause disruptions in the international and U.S. economies and financial markets. The spread of COVID-19 has caused illness, quarantines, cancellation of events and travel, business and school shutdowns, reduction in business activity and financial transactions, labor shortages, employee attrition, supply chain interruptions and overall economic and financial market instability in the U.S. Similar impacts also had been experienced throughout the world, including in every country in which we do business. Given the unique and unpredictable nature of this event, future impacts to our business are unknown and could be material. Those impacts may include, among others, the following: •Disruption to our business and operations; •Key members of senior management or a significant number of our employees being unable to work as a result of contracting COVID-19 or related illnesses; •Impacts on our third-party suppliers and their ability to fulfill their obligations to us; •Decreased trading volume and unprecedented market stresses in global financial markets; •Changes in demand for our products and services, based upon fiscal, monetary, and trade policies adopted in response to the economic impact of the pandemic; •Reduced economic activity generally, which could cause businesses to have less need to hedge in our markets; and •Increased financial and operational stress experienced by our clearing firm members due to unprecedented volatility or downturn, including significant losses that may result in a reduction of business or a default. These potential impacts may exist for a significant period of time and may adversely affect our business, financial condition, and results of operations even if the COVID-19 pandemic becomes endemic. Moreover, since implementing broad work-from-home measures during the pandemic, we have an increased dependency on remote equipment and connectivity infrastructure to access critical business systems that may be subject to failure or disruption of availability, which could negatively impact our business operations. Further, we have been subject to increased phishing and other social engineering attempts by malicious actors to manipulate individuals into divulging confidential or personal information or access to our networks. If our cybersecurity diligence and efforts to offset the increased risks associated with this greater reliance on mobile, collaborative and remote technologies are not effective or successful, we will be at increased risk for cyber security or data privacy incidents. The extent to which COVID-19 further impacts our business, results of operations or financial condition will depend on future developments, which are highly uncertain and difficult to predict, but may include, among others, the duration and spread of the 19 19 19 Table of Contents Table of Contents virus, including through new variant strains, its severity, the actions taken by governments and other third parties to contain the virus or treat its impact, such as vaccination, and the effect of such actions on our business practices, the impact of any future federal stimulus measures, and the pace at which, and the extent to which, normal economic and operating conditions resume. In addition, many of the other risk factors described herein could be heightened by the effects of COVID-19 and related economic conditions, which could result in a material impact on our results of operations, financial condition and liquidity. --- ## No Match in Current: Our Three-Month Eurodollar futures and options contracts are based on the three-month U.S. Dollar London Interbank Offered Rate (LIBOR) underlying rate and will be transitioned to the three-month Secured Overnight Financing Rate (SOFR) futures and options in the first half of 2023. To the extent trading in Eurodollar contracts decreases ahead of this transition or our alternative contracts are not successful, our revenues would be negatively impacted. Certain of our other businesses could also be negatively affected by changes to LIBOR. *This section from the 2023 filing does not have a high-confidence textual match in 2024. It may have been removed, merged, or substantially reworded.* Our Eurodollar futures and options contracts are based on the three-month U.S. Dollar ICE LIBOR underlying rate. In 2022, average trading volume in our Eurodollar contracts was 2.4 million contracts and open interest was 17 million contracts and our average trading volume in our SOFR contracts was 2.2 million contracts and open interest was 29.3 million contracts. The U.K. FCA, which regulates LIBOR, announced its intention to phase out the use of LIBOR with the cessation of one-week and two-month USD LIBOR, as well as non-USD LIBOR tenors, after December 31, 2021, and the cessation of publication of the remaining USD LIBOR settings in a "representative" form (including three-month USD LIBOR) after June 30, 2023. In 2021, the U.S. Federal Reserve Board and other regulatory bodies issued guidance encouraging banks and other financial market participants to cease entering into new contracts that use USD LIBOR as a reference rate no later than December 31, 2021, and in March 2022, the Adjustable Interest Rate (LIBOR) Act was signed into law, establishing a framework for the replacement of LIBOR as a benchmark interest rate in U.S. contracts that do not provide for the use of a clearly defined and practicable benchmark replacement rate following the cessation of publication or publication in a "representative" form. In light of these developments, financial institutions that currently report information used to set USD LIBOR are expected to stop doing so during 2023, and we expect banks and other financial market participants to continue to cease entering into new contracts based on USD LIBOR. There is no guarantee that these market participants will adopt reference rates associated with our alternative products. The U.S. Federal Reserve, in conjunction with the Alternative Reference Rates Committee, a steering committee comprised of large U.S. financial institutions, has recommended replacing USD LIBOR with SOFR. However, it is unknown whether SOFR will attain the same level of market acceptance as a replacement for LIBOR. The transition away from LIBOR to alternative reference rates is complex and could have a material adverse effect on our business, financial condition and results of operations. We have closely engaged with the industry, regulators and market participants to launch products using alternative reference rates, including our SOFR and Sterling Overnight Index Average (SONIA) futures contracts, and we have announced that our Eurodollar futures and options contracts will be transitioned to SOFR futures and options in the first half of 2023. While these actions have resulted in an increase in market acceptance of 22 22 22 Table of Contents Table of Contents SOFR, there is no guarantee that this transition will be successful, maintain current market structure, or replace the revenue we derive from our Eurodollar contracts if trading volume were to decline or discontinue altogether. --- ## Modified: Our trading volume, and consequently our revenues and profits, would be adversely affected if we are unable to retain our current customers at substantially similar trading levels or attract new customers. **Key changes:** - Reworded sentence: "For example, some of our competitors have engaged in aggressive pricing strategies in the past, such as lowering the fees they charge for taking liquidity and increasing liquidity payments or rebates." - Removed sentence: "Our role in the global marketplace places us at greater risk than other public companies for a cyber attack and other cyber-security risks." - Removed sentence: "Our technology, our customers and our people and those of our third-party service providers may be vulnerable to cyber-security threats, which could result in wrongful use of our data or our customers' data or cause interruptions in our operations that cause us to lose customers and trading volume and result in substantial liabilities." - Removed sentence: "We also could be required to incur significant expense to protect or remediate damage to our systems and/or investigate any alleged attack." - Removed sentence: "We regard the secure storage and transmission of data and the ability to continuously transact and clear on our electronic trading platforms as critical elements of our operations and our operational resiliency." **Prior (2023):** The success of our business depends, in part, on our ability to maintain and increase trading volume in our markets. To do so, we must maintain and expand our product offerings, our customer base and our trade execution facilities, our pre-and post-trade services and clearing facilities. Our success also depends on our ability to offer competitive prices and services in an increasingly price-sensitive business. For example, some of our competitors have engaged in aggressive pricing strategies in the 17 17 17 Table of Contents Table of Contents past, such as lowering the fees they charge for taking liquidity and increasing liquidity payments or rebates. We cannot provide assurances that we will be able to continue to expand our products and services, that we will be able to retain our current customers or attract new customers or that we will not be required to modify our pricing structure to compete effectively. Changes in our pricing structure may result in a decrease in our profit margin. Our clearing firm clients must meet certain capital requirements and must deposit collateral to meet performance bond and guaranty fund requirements. There is no guarantee the collateral deposited will continue to maintain its value. To the extent a clearing firm were to experience a decrease in capital and be unable to meet requirements, it may be required to decrease its trading activity. Additionally, from time to time, certain customers may represent a significant portion of the open interest in our individual product lines or contracts, and a substantial decrease in their trading activity could have a negative impact on the liquidity of the particular product line or contract. If we fail to maintain trading volume, as a result of a loss of customers or decrease in trading activity; expand our product offerings or execution facilities; or are unable to attract new customers, our business and revenues will be adversely affected. Declines in trading volume may also negatively impact market liquidity, which could lead to further loss of trading volume. Because our cost structure is largely fixed, if demand for our products and services and our resulting revenues decline, we may not be able to adjust our cost structure on a timely basis, and our profitability could be adversely affected. Our role in the global marketplace places us at greater risk than other public companies for a cyber attack and other cyber-security risks. Our technology, our customers and our people and those of our third-party service providers may be vulnerable to cyber-security threats, which could result in wrongful use of our data or our customers' data or cause interruptions in our operations that cause us to lose customers and trading volume and result in substantial liabilities. We also could be required to incur significant expense to protect or remediate damage to our systems and/or investigate any alleged attack. We regard the secure storage and transmission of data and the ability to continuously transact and clear on our electronic trading platforms as critical elements of our operations and our operational resiliency. Our technology, our customers, our people and those of our third-party service providers may be vulnerable to targeted attacks, such as "phishing" attacks, unauthorized access, fraud, computer viruses, denial of service attacks, terrorism, "ransomware" attacks, firewall or encryption failures or other security or operational risks. Criminal groups, political activist groups and nation-state actors have targeted the financial services industry in general, including as a result of the Russian and Ukraine war, and our role in the global marketplace places us at greater risk than other public companies for a cyber attack and other information security threats. While we have not experienced cyber incidents that are individually, or in the aggregate, material, we have experienced cyber attacks of varying degrees in the past. Our usage of mobile, web, and cloud technologies, such as those pursuant to our partnership with Google Cloud, may increase our risk of a cyber attack. Our security defenses may also be impacted or breached due to employee error, malfeasance, system errors or vulnerabilities. Additionally, outside parties may attempt to fraudulently induce employees, users, or customers to disclose sensitive information in order to gain access to our technology systems and data, or our customers' data. Any such breach or unauthorized access could result in significant legal and financial exposure, damage to our reputation, and a loss of confidence in the services we provide that could potentially have an adverse effect on our business, while resulting in regulatory penalties or the imposition of additional obligations by regulators or others. The regulatory environment related to information security, privacy, data collection and data usage is increasingly rigorous and complex, and any failure to comply may carry significant penalties and reputational damage. We have designed our cyber defense program to mitigate such attacks and security risks through administrative, physical and technical safeguards. As part of our global information security and privacy programs, we employ resources to prevent, detect and respond to cyber-attacks and security risks that could impact our people, processes and technology infrastructure, including rapid response to zero-day vulnerabilities. However, our security measures or those of our third-party providers, including any cloud-based technologies, such as those pursuant to our partnership with Google Cloud, may prove insufficient depending upon the attack or threat posed. Any security attack or breach could result in system failures and delays, malfunctions in our operations, loss of customers or lower trading volume, loss of competitive position, damage to our reputation, disruption of our business, legal liability or regulatory fines and significant costs, which in turn may cause our revenues and earnings to decline. Though we have insurance against certain cyber and privacy risks and attacks, we may be subject to litigation and financial losses that exceed our policy limits or are not covered under any of our current insurance policies. **Current (2024):** The success of our business depends, in part, on our ability to maintain and increase trading volume in our markets. To do so, we must maintain and expand our product offerings, our customer base and our trade execution facilities, our pre-and post-trade services and clearing facilities. Our success also depends on our ability to offer competitive prices and services in an increasingly price-sensitive business. For example, some of our competitors have engaged in aggressive pricing strategies in the past, such as lowering the fees they charge for taking liquidity and increasing liquidity payments or rebates. We cannot provide assurances that we will be able to continue to expand our products and services, that we will be able to retain our current customers or attract new customers or that we will not be required to modify our pricing structure to compete effectively. Changes in our pricing structure may result in a decrease in our profit margin. Our clearing firm clients must meet certain capital requirements and must deposit collateral to meet performance bond and guaranty fund requirements. There is no guarantee the collateral deposited will continue to maintain its value. To the extent a clearing firm were to experience a decrease in capital and be unable to meet requirements, it may be required to decrease its trading activity. Additionally, from time to time, certain customers may represent a significant portion of the open interest in our individual product lines or contracts, and a substantial decrease in their trading activity could have a negative impact on the liquidity of the particular product line or contract. If we fail to maintain trading volume, as a result of a loss of customers or decrease in trading activity; expand our product offerings or execution facilities; or are unable to attract new customers, our business and revenues will be adversely affected. Declines in trading volume may also negatively impact market liquidity, which could lead to further loss of trading volume. Because our cost structure is largely fixed, if demand for our products and services and our resulting revenues decline, we may not be able to adjust our cost structure on a timely basis, and our profitability could be adversely affected. --- *Data sourced from SEC EDGAR. Last updated 2026-05-10.*