{ "ticker": "FIS", "company": "Fidelity National Information Services Inc.", "filing_type": "10-K", "year_current": "2025", "year_prior": "2024", "summary": { "added": 0, "removed": 1, "modified": 9, "unchanged": 25, "total_current": 34, "total_prior": 35 }, "source": "SEC EDGAR", "url": "https://riskdiff.com/fis/2025-vs-2024/", "markdown_url": "https://riskdiff.com/fis/2025-vs-2024/index.md", "json_url": "https://riskdiff.com/fis/2025-vs-2024/index.json", "generated": "2026-05-10", "ai_summary": "Fidelity National Information Services removed its Future Forward cost savings target risk, indicating completion or de-prioritization of that program. Nine risks were substantively modified, including heightened concerns around debt service obligations and their impact on financial flexibility, as well as increased emphasis on digital banking security breaches affecting consumer behavior and transaction volumes. The company refined its disclosure of privacy and data protection risks, reflecting evolving regulatory pressures in this area.", "risks": [ { "status": "REMOVED", "current_title": null, "prior_title": "We may not be able to achieve the cost savings target of our Future Forward program.", "prior_body": "One of the goals of our ongoing Future Forward initiative is to achieve significant cost savings across the enterprise. We have reiterated a cash savings target of $1 billion, of which over 75 percent represents run-rate cash savings, on a continuing operations basis exiting 2024. We may not be able to achieve this cost savings target on our desired timeframe, or at all, for many reasons, including contractual constraints, potential operational disruptions to our business, or unanticipated business costs or inefficiencies. If we are unable to achieve the financial goals set by Future Forward, or if our efforts as part of Future Forward result in unintended disruptions to our business, our business, financial condition or results of operations could be adversely affected." }, { "status": "MODIFIED", "current_title": "Our existing debt levels and future levels under existing facilities and debt service requirements may adversely affect us, including our financial condition or business flexibility, and prevent us from fulfilling our obligations under our outstanding indebtedness.", "prior_title": "Our existing debt levels and future levels under existing facilities and debt service requirements may adversely affect FIS, including our financial condition or business flexibility, and prevent us from fulfilling our obligations under our outstanding indebtedness.", "similarity_score": 0.896, "confidence": "high", "key_changes": [ "Reworded sentence: \"As of December 31, 2024, we had total debt of approximately $11.3 billion.\"" ], "current_body": "As of December 31, 2024, we had total debt of approximately $11.3 billion. Our level of debt, or any increase in our debt level, could adversely affect our business, financial condition, operating results and operational flexibility, including as follows: (i) the debt level may cause us to have difficulty borrowing money in the future for working capital, capital expenditures, acquisitions or other purposes; (ii) our debt level may limit operational flexibility and our ability to pursue business opportunities and implement certain business strategies; (iii) some of our debt has a variable rate of interest, which exposes us to the risk of increased interest rates; (iv) we have a higher level of debt than some of our competitors or potential competitors, which may cause a competitive disadvantage and may reduce flexibility in responding to changing business and economic conditions, including increased competition and vulnerability to general adverse economic and industry conditions; (v) there are significant debt maturities or maturities that may need to be refinanced, potentially at higher rates; and (vi) failure to satisfy our obligations under our outstanding debt or failure to comply with the financial or other restrictive covenants contained in the indenture governing our senior notes or in our credit facility could result in an event of default that could cause all of our debt to become due and payable. 24 24 24 Table of Contents Table of Contents", "prior_body": "As of December 31, 2023, we had total debt of approximately $19.1 billion. On January 31, 2024, we completed the Worldpay Sale. We intend to the use a portion of the proceeds from the sale to repay or otherwise retire approximately $9.0 billion of debt during 2024. However, there can be no assurance that we will be able to complete any such repayment transactions on terms acceptable to us, or at all. Our level of debt or any increase in our debt level could adversely affect our business, financial condition, operating results and operational flexibility, including the following: (i) the debt level may cause us to have difficulty borrowing money in the future for working capital, capital expenditures, acquisitions or other purposes; (ii) our debt level may limit operational flexibility and our ability to pursue business opportunities and implement certain business strategies; (iii) some of our debt has a variable rate of interest, which exposes us to the risk of increased interest rates; (iv) we have a higher level of debt than some of our competitors or potential competitors, which may cause a competitive disadvantage and may reduce flexibility in responding to changing business and economic conditions, including increased competition and vulnerability to general adverse economic and industry conditions; (v) there are significant maturities on our debt that we may not be able to repay at maturity or that may be refinanced at higher rates; and (vi) if we fail to satisfy our obligations under our outstanding debt or fail to comply with the financial or other restrictive covenants contained in the indenture governing our senior notes, or our credit facility, an event of default could result that could cause all of our debt to become due and payable." }, { "status": "MODIFIED", "current_title": "High profile digital banking security breaches or information system failures could impact consumer payment behavior patterns in the future and reduce our transaction volumes.", "prior_title": "High profile digital banking security breaches could impact consumer payment behavior patterns in the future and reduce our transaction volumes.", "similarity_score": 0.865, "confidence": "high", "key_changes": [ "Reworded sentence: \"We are unable to predict whether or when high profile digital banking security breaches or other information system failures will occur and, if they occur, whether consumers will reduce their digital banking service.\"", "Added sentence: \"18 18 18 Table of Contents Table of Contents\"" ], "current_body": "We are unable to predict whether or when high profile digital banking security breaches or other information system failures will occur and, if they occur, whether consumers will reduce their digital banking service. If consumers reduce digital banking services, and we are not able to adapt to offer our clients alternative technologies, then our revenue and related earnings could be adversely affected. 18 18 18 Table of Contents Table of Contents", "prior_body": "We are unable to predict whether or when high profile digital banking security breaches will occur and if they occur, whether consumers will reduce their digital banking service. If consumers reduce digital banking services, and we are not able to adapt to offer our clients alternative technologies, then our revenue and related earnings could be adversely affected." }, { "status": "MODIFIED", "current_title": "Constantly evolving global privacy, data protection, cybersecurity, cyber resilience, and AI laws and regulations require the Company to adopt new business practices, update contractual provisions in existing and new contracts, and constantly update our global Privacy and Data Protection Program and our global Information Security Program, which may require transitional and incremental expenses and may impact our future operating results.", "prior_title": "Constantly evolving global privacy, data protection and cybersecurity laws require the Company to adopt new business practices, update contractual provisions in existing and new contracts, and constantly update our global Privacy and Data Protection Program and our global Information Security Program, which may require transitional and incremental expenses and may impact our future operating results.", "similarity_score": 0.863, "confidence": "high", "key_changes": [ "Reworded sentence: \"The Company is subject to numerous global privacy, data protection, cybersecurity, cyber resilience, and AI laws and regulations, which are continuing to change in ways that impose increasingly complex and costly compliance obligations on us and that have had, and are expected to continue to have, a significant impact on our operations.\"", "Reworded sentence: \"As a result, we expect that a more substantial compliance effort with varying regimes in different jurisdictions will continue to be necessary in the future, which has the potential to further increase the cost and complexity of our business.\"", "Reworded sentence: \"Data localization requirements in evolving privacy, data protection, cybersecurity, cyber resilience, and AI laws could also increase the cost and alter the approach to housing data around the world.\"", "Reworded sentence: \"Furthermore, compliance with these laws and regulations may indirectly impact us in circumstances where we act as a third-party service provider to clients, who are themselves subject to these laws and regulations and who will expect us to take appropriate steps to support them in achieving compliance.\"" ], "current_body": "The Company is subject to numerous global privacy, data protection, cybersecurity, cyber resilience, and AI laws and regulations, which are continuing to change in ways that impose increasingly complex and costly compliance obligations on us and that have had, and are expected to continue to have, a significant impact on our operations. Failure to comply with new and evolving laws and regulations in these areas could result in significant penalties, damage to our reputation, and loss of business. We have incurred, and will continue to incur, costs to comply with these new laws and regulations. There are also several additional laws being considered by state legislatures, the U.S. Congress, and governments around the world. As a result, we expect that a more substantial compliance effort with varying regimes in different jurisdictions will continue to be necessary in the future, which has the potential to further increase the cost and complexity of our business. Moreover, privacy, data protection, cybersecurity, cyber resilience, and AI laws may be interpreted and applied inconsistently from country to country and may impose inconsistent or conflicting requirements. Complying with varying jurisdictional requirements could increase the costs and complexity of compliance and associated recordkeeping costs or require us to change our business practices in a manner adverse to our business and to incur additional costs. Data localization requirements in evolving privacy, data protection, cybersecurity, cyber resilience, and AI laws could also increase the cost and alter the approach to housing data around the world. In addition, our businesses are increasingly subject to laws and regulations relating to digital transformation, surveillance, encryption, and data onshoring in the jurisdictions in which we operate. For example, under DORA, E.U. regulators are increasingly seeking to mitigate cyber threats and enhance digital resilience within the financial system through new regulations targeting the provision of critical third-party technology services. Compliance with these laws and regulations may require us to change our technology for information security, operational infrastructure, policies, and procedures, which could be time-consuming and costly and may result in additional regulatory burdens for the Company. Furthermore, compliance with these laws and regulations may indirectly impact us in circumstances where we act as a third-party service provider to clients, who are themselves subject to these laws and regulations and who will expect us to take appropriate steps to support them in achieving compliance.", "prior_body": "The Company is subject to numerous global privacy, data protection and cybersecurity laws, which are continuing to change in ways that impose increasingly complex and costly compliance obligations on FIS and that have had, and are expected to continue to have, a significant impact on FIS' operations. Failure to comply with new and evolving laws in these areas could result in significant penalties, damage to our brand, and loss of business. FIS has incurred, and will continue to incur, costs to comply with these new laws. There are also several additional laws being considered by state legislatures, the U.S. Congress, and governments around the world. As a result, a more substantial compliance effort with varying regimes in different jurisdictions is expected to continue in the future, which has the potential to further increase the costs and complexities of FIS' business. Moreover, privacy, data protection and cybersecurity laws may be interpreted and applied inconsistently from country to country and impose inconsistent or conflicting requirements. Complying with varying jurisdictional requirements could increase the costs and complexity of compliance and associated recordkeeping costs or require us to change our business practices in a manner adverse to our business and to incur additional costs. Data localization requirements in evolving privacy, data protection and cybersecurity laws could also increase the cost and alter the approach to housing data around the world. In addition, our businesses are increasingly subject to laws and regulations relating to digital transformation, surveillance, cyber resilience, encryption, and data onshoring in the jurisdictions in which we operate. In particular, U.K. and European regulators are increasingly seeking to mitigate cyber threats and enhance digital resilience within the financial system through new regulations targeting the provision of critical third-party technology services. Compliance with these laws and regulations may require us to change our technology for information security, operational infrastructure, policies, and procedures, which could be time-consuming and costly and may result in additional regulatory burdens for the Company. Furthermore, compliance with these laws and regulations may indirectly impact the Company in circumstances where it acts as a third-party service provider to clients, who are themselves subject to these laws and regulations, and will expect the Company to take appropriate steps to support them in achieving compliance." }, { "status": "MODIFIED", "current_title": "Our business, financial condition or results of operations could be adversely affected by business interruptions, errors or failures in connection with our or third-party information technology and communication systems and other software and hardware used in connection with our business, or by design errors in the software solutions we offer, or more generally, by the unavailability of third-party vendors' services that we need to operate our business effectively.", "prior_title": "Our business, financial condition or results of operations could be adversely affected if we experience business interruptions, errors or failure in connection with our or third-party information technology and communication systems and other software and hardware used in connection with our business, if we experience defects or design errors in the software solutions we offer, or more generally, if the third-party vendors we rely upon are unwilling or unable to provide the services we need to operate our business effectively.", "similarity_score": 0.862, "confidence": "high", "key_changes": [ "Reworded sentence: \"Finally, our systems and operations have been, and in the future could be, exposed to damage or interruption from fire, floods, severe weather events, natural disasters, power loss, telecommunications failure, unauthorized entry and computer viruses.\"", "Reworded sentence: \"We cannot be certain that control measures, including system redundancies, security controls, and application development and testing controls, will be successful in preventing disruption or limiting our exposure.\"", "Reworded sentence: \"In our development of updates and enhancements to our software solutions, we may make a major design error that causes the solution to operate incorrectly or less efficiently.\"", "Reworded sentence: \"If our vendors, or in certain cases vendors of our customers, fail to meet their obligations, provide poor or untimely service or suffer operational disruptions, and we are unable to make alternative arrangements for the provision of these services, then we may in turn fail to provide our services or to meet our obligations to our customers, and our business, financial condition or results of operations could be adversely affected.\"" ], "current_body": "Many of our services are based on sophisticated software and computing systems, and we may encounter delays when developing new technology solutions and services. Further, the technology solutions underlying our services have occasionally contained, and may in the future contain, undetected errors or defects when first introduced or when new versions are released. In addition, we may experience difficulties in installing or integrating our technologies on platforms used by our clients, or our clients may cancel a project after we have expended significant effort and resources to complete an installation. Finally, our systems and operations have been, and in the future could be, exposed to damage or interruption from fire, floods, severe weather events, natural disasters, power loss, telecommunications failure, unauthorized entry and computer viruses. Defects in 14 14 14 Table of Contents Table of Contents our technology solutions or those of our third-party partners or elsewhere in the global cyber environment, errors or delays in the processing of electronic transactions, or other difficulties have resulted, and in the future could result, in (i) interruption of business operations; (ii) delay in market acceptance; (iii) additional development and remediation costs; (iv) diversion of technical and other resources; (v) loss of clients; (vi) negative publicity; or (vii) exposure to liability claims. Any one or more of the foregoing could have an adverse effect on our business, financial condition or results of operations. We cannot be certain that control measures, including system redundancies, security controls, and application development and testing controls, will be successful in preventing disruption or limiting our exposure. Further, most of the solutions we offer are very complex software systems that are regularly updated. No matter how careful the design and development, complex software often contains errors and defects when first introduced and when major new updates or enhancements are released. If errors or defects are discovered in current or future solutions, then we may not be able to correct them in a timely manner, if at all. In our development of updates and enhancements to our software solutions, we may make a major design error that causes the solution to operate incorrectly or less efficiently. The failure of software to perform properly could result in the Company and its clients being subjected to losses or liability, including censures, fines, or other sanctions by the applicable regulatory authorities, and we could be liable to parties who are financially harmed by those errors. In addition, such errors could cause the Company to lose revenue, lose clients or suffer damage to its reputation. In addition, we generally depend on a number of third parties, both in the United States and internationally, to supply elements of our systems, computers, research and market data, connectivity, communication network infrastructure, other equipment and related support and maintenance. We cannot be certain that any of these third parties will be able to continue providing these services to meet our evolving needs effectively. If our vendors, or in certain cases vendors of our customers, fail to meet their obligations, provide poor or untimely service or suffer operational disruptions, and we are unable to make alternative arrangements for the provision of these services, then we may in turn fail to provide our services or to meet our obligations to our customers, and our business, financial condition or results of operations could be adversely affected.", "prior_body": "Many of our services are based on sophisticated software and computing systems, and we may encounter delays when developing new technology solutions and services. Further, the technology solutions underlying our services have occasionally contained, and may in the future contain, undetected errors or defects when first introduced or when new versions are released. In addition, we may experience difficulties in installing or integrating our technologies on platforms used by our clients, or our clients may cancel a project after we have expended significant effort and resources to complete an installation. Finally, our systems and operations could be exposed to damage or interruption from fire, floods, hurricanes, earthquakes, tornadoes, typhoons, drought, high-winds, severe weather events, other natural disasters, power loss, telecommunications failure, unauthorized entry and computer viruses. Defects in our technology solutions, errors or delays in the processing of electronic transactions, or other difficulties could result in (i) interruption of business operations; (ii) delay in market acceptance; (iii) additional development and remediation costs; (iv) diversion of technical and other resources; (v) loss of clients; (vi) negative publicity; or (vii) exposure to liability claims. Any one or more of the foregoing could have an adverse effect on our business, financial condition or results of operations. Although we attempt to limit our potential liability through controls, including system redundancies, security controls, application development and testing controls, and disclaimers and limitation-of-liability provisions in our license and client agreements, we cannot be certain that these measures will always be successful in preventing disruption or limiting our liability. Further, most of the solutions we offer are very complex software systems that are regularly updated. No matter how careful the design and development, complex software often contains errors and defects when first introduced and when major new updates or enhancements are released. If errors or defects are discovered in current or future solutions, then we may not be able to correct them in a timely manner, if at all. In our development of updates and enhancements to our software solutions, we may make a major design error that makes the solution operate incorrectly or less efficiently. The failure of software to properly perform could result in the Company and its clients being subjected to losses or liability, including censures, fines, or other sanctions by the applicable regulatory authorities, and we could be liable to parties who are financially harmed by those errors. In addition, such errors could cause the Company to lose revenue, lose clients or damage its reputation. In addition, we generally depend on a number of third parties, both in the United States and internationally, to supply elements of our systems, computers, research and market data, connectivity, communication network infrastructure, other equipment and related support and maintenance. We cannot be certain that any of these third parties will be able to continue providing these services to meet our evolving needs effectively. If our vendors, or in certain cases vendors of our customers, fail to meet their obligations, provide poor or untimely service, or we are unable to make alternative arrangements for the provision of these services, then we may in turn fail to provide our services or to meet our obligations to our customers, and our business, financial condition or results of operations could be adversely affected." }, { "status": "MODIFIED", "current_title": "Risks Related to Our Business and Operations", "prior_title": "Security breaches, privacy breaches, cyberattacks, unintentional disclosures of confidential information, third-party breaches, or a failure to comply with information security laws or regulations, contractual provisions or industry security requirements by FIS, or our vendors, or technology partners, could harm our business by disrupting delivery of services, damaging our reputation and resulting in a breach of one or more client contracts or regulatory investigations, enforcement actions or fines.", "similarity_score": 0.77, "confidence": "high", "key_changes": [ "Reworded sentence: \"Security breaches, privacy breaches, cyberattacks, unintentional disclosures of confidential information, third-party breaches, service outages, or a failure to comply with information security laws or regulations, contractual provisions, or industry security requirements by us, our vendors, clients, or technology partners could harm our business by disrupting delivery of services, exposing sensitive or confidential information, or damaging our reputation, any of which could result in a breach of one or more client contracts or regulatory investigations, enforcement actions, fines or litigation.\"", "Reworded sentence: \"We also collect personal data from our employees and contractors as necessary to support those relationships, comply with legal obligations, manage our workforce, and provide compensation and benefits.\"", "Reworded sentence: \"Implementation challenges in timely completing these tasks can lead to security vulnerabilities that expose us, our systems and data to potential compromise or interruption.\"", "Reworded sentence: \"jurisdiction in or from which we serve clients, or by a specific industry body, those changes could have an adverse impact on our Company through increased costs or by imposing changes or inefficiencies on business processes.\"", "Reworded sentence: \"If we are unable, or appears to be unable, to prevent cybersecurity or privacy breaches, we risk reputational damage.\"" ], "current_body": "Security breaches, privacy breaches, cyberattacks, unintentional disclosures of confidential information, third-party breaches, service outages, or a failure to comply with information security laws or regulations, contractual provisions, or industry security requirements by us, our vendors, clients, or technology partners could harm our business by disrupting delivery of services, exposing sensitive or confidential information, or damaging our reputation, any of which could result in a breach of one or more client contracts or regulatory investigations, enforcement actions, fines or litigation. Cybersecurity is fundamental to our complex, global business. We and our vendors, service providers, technology partners, and clients electronically receive, process, store and transmit sensitive and confidential information of our business partners, clients and such clients' customers. We collect consumer personal data, such as names and addresses, Social Security Numbers, driver’s license numbers, financial account numbers, transactional history, cardholder data and payment history records. Such information is necessary to support our clients' transaction processing and to conduct our check authorization and collection businesses. We also collect personal data from our employees and contractors as necessary to support those relationships, comply with legal obligations, manage our workforce, and provide compensation and benefits. Our information systems and networks are dependent upon hardware, software, communication infrastructure and other technological components that are both developed by us and provided by third parties. These components sometimes require patches, updates, or remediation of known or potential vulnerabilities. Implementation challenges in timely completing these tasks can lead to security vulnerabilities that expose us, our systems and data to potential compromise or interruption. Our information systems are also 12 12 12 Table of Contents Table of Contents vulnerable to human error as well as malicious insider threats. Finally, the systems we rely on, which include hardware and software manufactured, developed or operated by third-party vendors and service providers, have in the past been subject to, and may in the future be subject to, cyber attacks or security incidents due to employee error or malfeasance, software bugs, hardware malfunctions or other security vulnerabilities. The uninterrupted operation of information systems operated by us, our vendors and service providers, and other third parties, as well as the confidentiality of the customer or consumer information that resides on such systems, is critical to the successful operation of our Company. For that reason, security or privacy breaches are some of the principal operational risks we face as a provider of services to financial institutions and businesses. Like other such providers, we are a regular target of attempts to identify and exploit system vulnerabilities and/or penetrate or bypass our security measures to gain unauthorized access to our networks and systems. If we fail to maintain an adequate security infrastructure, adapt to emerging security threats (such as the use of artificial intelligence by threat actors in furtherance of cyber attacks), regularly identify security vulnerabilities, prevent unauthorized access, identity theft or other cybersecurity risks (e.g., distributed denial of service, ransomware, and other cyber attacks), manage vendor or supply chain cybersecurity risks, adequately train users of our information systems, or implement sufficient security standards and technology to protect against security or privacy breaches, then the confidentiality, integrity or availability of the information we secure could be compromised. Unauthorized access to, or abuse of authorized access to, our computer systems or databases or our vendors' computer systems or databases could result in the theft or publication of confidential information and personal data, the deletion or modification of records, disruption of service delivery, installation of malware, and the potential need to pay ransom or otherwise cause interruptions in our operations. These issues could give rise to legal actions from clients and/or such clients' customers, regulatory investigations or enforcement activity, losses and expenses associated with such events, and damage to our reputation. Because we serve a diverse client base with different technology and service needs, we must continue to enhance our ability to manage the risks from the resulting diversity in potential security attacks. As a provider of services to financial institutions and businesses, we are bound by many of the same limitations on disclosure of the information we receive from clients that apply to the clients themselves. If we fail to comply with these regulations and industry security requirements, including those imposed by the payment card industry through its digital security standards and other rules, we could be exposed to damages from legal actions from clients and/or their customers, governmental proceedings, public disclosure and consumer notification requirements, and the imposition of significant fines or prohibitions on providing services. We operate in a highly regulated environment and are subject to a myriad of complex, evolving regulations and standards, including cybersecurity and privacy laws, regulations and industry standards. In addition, if more restrictive privacy laws, data protection rules or industry security requirements are adopted in the future on the federal or state level, or by a non-U.S. jurisdiction in or from which we serve clients, or by a specific industry body, those changes could have an adverse impact on our Company through increased costs or by imposing changes or inefficiencies on business processes. A material privacy or security incident would trigger SEC disclosure obligations and could trigger other applicable disclosure requirements, or be disclosed publicly, even if there is no legally required disclosure. Incident disclosure may increase the risks of private lawsuits or government enforcement action related to incidents, increase attention from malicious actors, and lead to greater regulatory scrutiny. The occurrence of any such incidents, and the related responses (if any) by regulators or third parties, may result in adverse publicity and reputational harm to us. If we are unable, or appears to be unable, to prevent cybersecurity or privacy breaches, we risk reputational damage. Our existing clients could lose confidence in our information systems and consequently choose to terminate their agreements with us. Such reputational harm could also inhibit our ability to attract new clients; potentially increase government, regulatory, or media scrutiny; or give rise to new regulatory requirements that adversely affect our ability to do business in one or more parts of the world.", "prior_body": "Cybersecurity is fundamental to FIS' complex, global business. FIS and its vendors and technology partners electronically receive, process, store and transmit sensitive and confidential information of FIS' clients, such clients' customers and business partners. FIS collects consumer personal data, such as names and addresses, Social Security Numbers, driver’s license numbers, financial account numbers, transactional history, cardholder data and payment history records. Such information is necessary to support our clients' transaction processing and to conduct our check authorization and collection businesses. Our information systems are dependent upon hardware, software, and other technological components that are both developed by FIS and provided by third parties. These components sometimes require patches, updates, or remediation of known or potential vulnerabilities. Implementation challenges in timely completing these tasks can lead to security vulnerabilities that expose FIS, its systems and data to potential compromise or interruption. The uninterrupted operation of information systems operated by FIS and others, as well as the confidentiality of the customer/consumer information that resides on such systems, is critical to the successful operation of FIS. For that reason, security or privacy breaches are some of the principal operational risks FIS faces as a provider of services to financial institutions and businesses, and, like other such providers, FIS is a regular target of third-party attempts to identify and exploit system vulnerabilities and/or penetrate or bypass our security measures in order to gain unauthorized access to our networks and systems. If FIS fails to maintain an adequate security infrastructure, adapt to emerging security threats (such as the use of artificial intelligence by threat actors in furtherance of cyber attacks), identify security vulnerabilities, prevent unauthorized access, identity theft or other cybersecurity risks (e.g., distributed denial of service, ransomware, and other cyber attacks), manage vendor or supply chain cybersecurity risks, or implement sufficient security standards and technology to protect against security or privacy breaches, the confidentiality of the information FIS 12 12 12 Table of Contents Table of Contents secures could be compromised. Unauthorized access to or abuse of authorized access to the computer systems or databases of FIS or our vendors could result in the theft or publication of confidential information and personal data, the deletion or modification of records, disruption of service delivery, installation of malware, and the potential need to pay ransom, or otherwise cause interruptions in FIS’ operations. These issues in turn could give rise to legal actions from clients and/or such clients' customers, regulatory investigation or enforcement activity, losses and expenses associated with such events, and damage to FIS' reputation. Because FIS serves a diverse client base with different technology and service needs, we must continue to work to enhance our ability to manage the risks from the resulting diversity in potential security attacks. As a provider of services to financial institutions and businesses, FIS is bound by many of the same limitations on disclosure of the information FIS receives from clients as apply to the clients themselves. If FIS fails to comply with these regulations and industry security requirements, including those imposed by the payment card industry through its digital security standards and other rules, it could be exposed to damages from legal actions from clients and/or their customers, governmental proceedings, governmental notice requirements, and the imposition of significant fines or prohibitions on providing services. FIS is a highly regulated entity and is subject to a myriad of complex, evolving regulations and standards, including cybersecurity and privacy laws, regulations and industry standards. In addition, if more restrictive privacy laws, data protection rules or industry security requirements are adopted in the future on the federal or state level, or by a non-U.S. jurisdiction in or from which we serve clients, or by a specific industry body, those changes could have an adverse impact on FIS through increased costs or by imposing changes or inefficiencies on business processes. A material privacy or security incident may trigger SEC disclosure obligations, other applicable disclosure requirements, or be disclosed publicly even if there is no legally required disclosure. Incident disclosure may increase the risks of lawsuits or government enforcement action related to incidents, increase attention to malicious actors, and lead to greater regulatory scrutiny more generally. The occurrence of any such incidents, and the related responses (if any) by regulators or third parties, may result in adverse publicity and reputational harm to us. If FIS is unable, or appears to be unable, to prevent cybersecurity or privacy breaches, we risk reputational damage. Our existing clients could lose confidence in FIS' systems and thus choose to terminate their agreements with FIS. Such reputational harm could also inhibit FIS' ability to attract new clients; potentially increase government, regulatory, or media scrutiny; or give rise to new regulatory requirements that adversely affect FIS' ability to do business in one or more parts of the world." }, { "status": "MODIFIED", "current_title": "The direct and indirect effects of climate change, including increased legal and regulatory requirements and stakeholder expectations, could adversely affect our business.", "prior_title": "The direct and indirect effects of climate change, including increased legal and regulatory scrutiny, could adversely affect our business.", "similarity_score": 0.746, "confidence": "medium", "key_changes": [ "Reworded sentence: \"We may be subject to increased costs, regulations, reporting or other requirements, standards or expectations regarding sustainability and climate change-driven impacts on our business.\"", "Added sentence: \"Further, there is increased scrutiny, including by governments, regulators, investors, employees, clients and other stakeholders, on sustainability matters, which has resulted in new or additional legal and regulatory requirements and may require increased compliance and operational costs.\"", "Added sentence: \"In addition, if we fail to comply with applicable legal requirements and maintain practices that meet our stakeholders' evolving expectations, it could harm our reputation, adversely affect our ability to attract and retain clients and expose us to increased scrutiny from investors and regulatory authorities.\"" ], "current_body": "We may be subject to increased costs, regulations, reporting or other requirements, standards or expectations regarding sustainability and climate change-driven impacts on our business. While we seek to mitigate our business risks associated with climate change, this may require us to incur substantial costs and some of these risks may persist. Changing market dynamics, global policy developments, heightened focus from governmental, media, community, industry and investor stakeholders, and increasing frequency and impact of extreme weather events all have the potential to disrupt our business or the businesses of our customers, vendors and technology partners. Further, there is increased scrutiny, including by governments, regulators, investors, employees, clients and other stakeholders, on sustainability matters, which has resulted in new or additional legal and regulatory requirements and may require increased compliance and operational costs. In addition, if we fail to comply with applicable legal requirements and maintain practices that meet our stakeholders' evolving expectations, it could harm our reputation, adversely affect our ability to attract and retain clients and expose us to increased scrutiny from investors and regulatory authorities. Any of these developments could adversely affect our business, financial condition or results of operations.", "prior_body": "We may be subject to increased costs, regulations, reporting requirements, standards or expectations regarding climate change-driven impacts on our business. While we seek to mitigate our business risks associated with climate change as part of our sustainability, environmental, social and governance (ESG) strategy, some of these risks may persist. Changing market dynamics, global policy developments, heightened focus from governmental, media, community, industry and investor stakeholders, and increasing frequency and impact of extreme weather events all have the potential to disrupt our business or the businesses of our customers, vendors and technology partners. Any of these developments could adversely affect our business, financial condition or results of operations." }, { "status": "MODIFIED", "current_title": "Using and/or incorporating AI technologies into our business poses additional risks and uncertainties that have the potential to harm our reputation and could have a material adverse effect on our business, financial condition or results of operations.", "prior_title": "Using and/or incorporating AI technologies into our business poses additional risks and uncertainties that could have the potential to harm our reputation and could have a material adverse effect on our business, financial condition or results of operations.", "similarity_score": 0.637, "confidence": "medium", "key_changes": [ "Reworded sentence: \"Incorporating AI technologies into our business offers significant potential to enhance the value of the solutions and services we provide to our clients.\"" ], "current_body": "Incorporating AI technologies into our business offers significant potential to enhance the value of the solutions and services we provide to our clients. If we are unsuccessful in identifying opportunities to expand our portfolio with AI capabilities to strengthen or maintain our market position or enhance our customers' experiences, we may have a competitive disadvantage in developing new products and operating our business. However, AI algorithms may produce unfair, unintended, inaccurate, biased or discriminatory outcomes which could be difficult to detect or explain. Further, the training data underlying third-party AI models may also inadvertently breach intellectual property, privacy or other rights and result in the unauthorized use of confidential information. The integration of AI introduces a variety of risks and uncertainties that may harm our reputation, expose us to lawsuits from consumers or other third parties, introduce security vulnerabilities to our information systems, or have other unintended consequences if we are not successful in mitigating such risks. AI systems may have unintended societal impacts and negative outcomes, such as algorithmic errors that result in inadvertent discrimination or bias. Ensuring that our AI systems are used ethically and in a way that aligns with societal values is critical to maintaining trust with our clients, their customers, and regulators, and will likely be required under laws and regulations governing AI systems. 19 19 19 Table of Contents Table of Contents Additionally, AI systems, whether developed internally or integrated from third-party suppliers, may be susceptible to security vulnerabilities. If these systems are targeted or exploited by cyberattacks, we may face financial and operational costs related to recovery and remediation, required public disclosure, as well as potential reputational damage. The increased sophistication of bad actors raises the risk of significant disruptions, which could impact our operations, as well as customer trust. The regulatory landscape surrounding AI is evolving quickly, and the jurisdictions in which we operate are increasingly implementing new, complex and sometimes conflicting compliance requirements. For instance, the E.U. AI Act imposes a number of requirements (some of which take effect in August 2025, August 2026 and August 2027) that differ depending on the type and use of a particular AI system, but which will at a minimum include extensive documentation and transparency requirements. These regulatory changes introduce additional risks, including the possibility of failing to meet compliance obligations, which could result in substantial fines, penalties or other regulatory actions. AI systems are also dependent on strong model governance, which includes the continuous monitoring, auditing and updating of models to reflect the continuous changes in laws, regulations, or legal precedent, and is paramount to managing these ethical and operational concerns. If we do not maintain an adequate model governance function, we may face regulatory risk, lawsuits, security vulnerabilities or other sources of liability and potentially diminish trust in our brand.", "prior_body": "While we believe AI has the potential to increase the value of the solutions and services we deliver to our clients, we recognize that incorporating AI technologies into our business generates a variety of risks and uncertainties. In particular, AI algorithms may generate inaccurate, unintended, unfair or discriminatory outcomes, which may not be easily detectable or explainable, and may inadvertently breach intellectual property, privacy or other rights, as well as confidential information. These outcomes, or the risk of these outcomes, may damage our reputation or have other unintended consequences if we are not successful in mitigating these emerging risks. Further, if we are unsuccessful in identifying opportunities to expand our portfolio with artificial intelligence capabilities to strengthen or maintain our market position or enhance our customers’ experiences, we may have a competitive disadvantage in developing new products and operating our business and our customers may prefer different solutions. These and other AI-related risks may emerge or change on a rapid timeframe that may make it difficult for us to predict or to respond to such risks." }, { "status": "MODIFIED", "current_title": "We have exposure to fluctuations in the Euro-USD exchange rates, which could negatively affect our cost to service or refinance our Euro-denominated debt securities.", "prior_title": "Our Euro- and GBP-denominated indebtedness has increased in recent years; accordingly, we have increased exposure to fluctuations in the Euro-USD and GBP-USD exchange rates, which could negatively affect our cost to service or refinance our Euro- and GBP-denominated debt securities.", "similarity_score": 0.632, "confidence": "medium", "key_changes": [ "Reworded sentence: \"At December 31, 2024, the Company had outstanding approximately €4.0 billion aggregate principal amount of Euro-denominated senior notes and approximately €0.1 billion aggregate principal amount of Euro-denominated commercial paper, or the combined equivalent of approximately $4.3 billion aggregate principal amount.\"", "Reworded sentence: \"We have utilized and expect to continue to utilize foreign currency forward contracts and other hedges in an effort to mitigate currency risk, but we cannot make assurances that such hedging arrangements will be effective or will remain available to us on acceptable terms, or at all.\"" ], "current_body": "At December 31, 2024, the Company had outstanding approximately €4.0 billion aggregate principal amount of Euro-denominated senior notes and approximately €0.1 billion aggregate principal amount of Euro-denominated commercial paper, or the combined equivalent of approximately $4.3 billion aggregate principal amount. A vast majority of this EUR denominated indebtedness has been economically converted into USD through derivative instruments (see \"Financial Instruments\" in note 15 to the consolidated financial statements). If our cash flows generated in foreign currencies are insufficient to settle our foreign currency denominated indebtedness, then we may need to exchange U.S. Dollars or funds in other currencies to make such payments, which could result in increased costs to us in the event of adverse changes in currency exchange rates. We have utilized and expect to continue to utilize foreign currency forward contracts and other hedges in an effort to mitigate currency risk, but we cannot make assurances that such hedging arrangements will be effective or will remain available to us on acceptable terms, or at all. In addition, we cannot predict economic and market conditions (including prevailing interest rates and foreign currency exchange rates) at the applicable times when our various series of Euro-denominated indebtedness are scheduled to mature, nor can there be any assurance that we would be able to refinance any series of our Euro-denominated indebtedness on acceptable terms at any such time, all of which could have an adverse financial impact on us.", "prior_body": "In recent years, our indebtedness denominated in Euro or GBP has significantly increased as a result of our issuance of senior notes of varying maturities and our issuance of Euro-denominated commercial paper. At December 31, 2023, the Company had outstanding approximately €4.5 billion aggregate principal amount of Euro-denominated senior notes, approximately €1.9 billion aggregate principal amount of Euro-denominated commercial paper and approximately £0.9 billion aggregate principal amount of GBP-denominated senior notes, or the combined equivalent of approximately $8.3 billion aggregate principal amount. We expect to reduce the aggregate principal amount of our Euro- and GBP-denominated debt in 2024 as we retire debt with a portion of the proceeds of the Worldpay Sale. 24 24 24 Table of Contents Table of Contents Although we currently have substantial available cash flows in excess of the projected debt service requirements on our existing Euro and GBP-denominated debt, we cannot assure that we will always be able to continue generating earnings in Euros and GBP in amounts sufficient, taking into account the funding requirements and other needs of our business, to make payments of interest and/or repayment of principal on our Euro and GBP senior debt, or to permit us to economically borrow in those currencies if needed to refinance our existing Euro and GBP debt. If our cash flows in Euros or GBP are insufficient for such purposes, we may need to exchange U.S. Dollars or funds in other currencies to make such payments, which could result in increased costs to us in the event of adverse changes in currency exchange rates. We have utilized and expect to continue to utilize foreign currency forward contracts and other hedges on a limited basis in an effort to mitigate currency risk, but we cannot assure that such hedging arrangements will be effective or will remain available to us on acceptable terms, or at all. In addition, we cannot predict economic and market conditions (including prevailing interest rates and foreign currency exchange rates) at the applicable times when our various series of Euro and GBP senior debt are scheduled to mature, nor can there be any assurance that we would be able to refinance any series of our Euro and GBP senior debt in those currencies on acceptable terms at any such time, all of which could have an adverse financial impact on us." }, { "status": "MODIFIED", "current_title": "We may not achieve the anticipated benefits of our recently completed Worldpay Sale, and we may also be exposed to new risks following the sale.", "prior_title": "We may not achieve the anticipated benefits of our recently completed Worldpay Sale, and we may also be exposed to new risks following the sale.", "similarity_score": 0.63, "confidence": "medium", "key_changes": [ "Reworded sentence: \"We may not achieve the anticipated benefits of our Worldpay Sale, which we completed in January 2024.\"" ], "current_body": "We may not achieve the anticipated benefits of our Worldpay Sale, which we completed in January 2024. The anticipated strategic, financial, and operational gains may not materialize, and costs or revenue dis-synergies could exceed expectations. Additionally, we have entered into ongoing arrangements with Worldpay for transition services which have required, and are expected to continue to require, significant resources and could offset the impact of our cost-saving initiatives. While we retain a 45% equity interest in Worldpay, we do not have control of Worldpay, exposing us to certain risks including risks related to Worldpay’s operations and merchant acquiring business. As a result of the Worldpay Sale, our revenue sources are less diversified, which could increase our exposure to adverse developments affecting financial institutions. Additionally, our common stock now represents a smaller company, with proportionally increased exposure to our remaining business risks.", "prior_body": "On January 31, 2024, we completed the Worldpay Sale. We may not realize the anticipated strategic, financial, operational or other benefits from the sale within the expected timeframe, in full or at all, and there can be no assurance that the costs or revenue or expense dis-synergies of the sale will not ultimately exceed anticipated amounts. The anticipated benefits to us from the sale, including our retention of a 45% equity interest in the Joint Venture that owns the assets and liabilities of the Worldpay 22 22 22 Table of Contents Table of Contents Merchant Solutions business, are based on a number of assumptions, some of which may prove incorrect. While we have certain governance rights in the form of board representation and veto rights over certain significant actions that enable us to exercise some influence, we no longer control the management or policies of the Worldpay business. To the extent of our investment in Worldpay, we are exposed to all of the business risks applicable to its results of operations and financial condition, many of which are similar to the risks to which our wholly-owned operations are subject, such as risks arising from economic conditions and reductions in consumer spending, as well as to other risks which apply specifically to the merchant acquiring business. As a result of the sale, our operational and financial profiles have changed. While the sale has enabled us to focus on our Banking Solutions and Capital Markets Solutions business, it has also made our revenue sources less diversified, and our results of operations, cash flows, working capital and financing requirements will be more exposed to developments affecting financial institutions as a result of the increased concentration of our business on serving such customers. Additionally, the shares of our common stock now represent an investment in a smaller company than existed prior to the completion of the sale, and our proportionate exposure to the risks inherent in our remaining businesses has increased. Further, we have incurred and will incur various one-time or ongoing costs in connection with, or as a result of, the sale. Those costs may exceed our estimates or could negate some of the benefits we expected to realize from the sale. We plan to use the net proceeds from the sale to retire debt and to return additional capital to shareholders through our existing share repurchase authorization, as well as for general corporate purposes, while maintaining an investment grade credit rating. These uses of the net proceeds of the sale may not improve our results of operations or cash flows or may not be achieved in the amounts or on the timelines anticipated. We are also potentially subject to unforeseen costs and expenses following the sale, including additional general and administrative costs, costs of dis-synergies, restructuring costs and other unanticipated costs and expenses. In addition, we have continuing operational and financial obligations to Worldpay pursuant to the commercial agreements and transition services agreements that were entered into between FIS and Worldpay at closing. These ongoing arrangements will require significant management and operational resources, will require us to incur costs to provide the transition services and other support we will provide to Worldpay in the near term and may reduce our ability to fully realize cost savings and efficiency initiatives that we would otherwise have been able to implement following the closing of the sale. There can be no assurance that the commercial arrangements with Worldpay, including those relating to client referrals, will result in revenue to us in anticipated amounts." }, { "status": "UNCHANGED", "current_title": "Rising interest rates could increase our borrowing costs.", "prior_title": "Rising interest rates could increase our borrowing costs.", "current_body": "Our exposure to market risk for changes in interest rates relates to our short-term commercial paper borrowings and Revolving Credit Facility. In the future, we may have additional borrowings under existing or new variable-rate debt. Increases in interest rates on variable-rate debt would increase our interest expense. A rising interest rate environment could increase the cost of refinancing existing debt and incurring new debt, which could have an adverse effect on our financing costs." }, { "status": "UNCHANGED", "current_title": "We have businesses in emerging markets that may experience significant economic volatility.", "prior_title": "We have businesses in emerging markets that may experience significant economic volatility.", "current_body": "We have operations in emerging markets, primarily in Latin America, India, Southeast Asia, the Middle East and Africa. These emerging market economies tend to be more volatile than the more established markets we serve in North America and Europe, which could add volatility to our future revenue and earnings." }, { "status": "UNCHANGED", "current_title": "Some of our solutions contain \"open source\" software, and any failure to comply with the terms of one or more of these open source licenses could adversely affect our business.", "prior_title": "Some of our solutions contain \"open source\" software, and any failure to comply with the terms of one or more of these open source licenses could adversely affect our business.", "current_body": "We use a limited amount of software licensed by its authors or other third parties under so-called \"open source\" licenses, and we may continue to use such software in the future. Some of these licenses contain requirements that we make available source code for modifications or derivative works we create based upon the open source software and that we license such modifications or derivative works under the terms of a particular open source license or other license granting third parties certain rights of further use. By the terms of certain open source licenses, we could be required to release the source code of our proprietary software if we combine our proprietary software with open source software in a certain manner. Additionally, the terms of many open source licenses have not been interpreted by U.S. or other courts, and there is a risk that these licenses could be construed in a manner that could impose unanticipated conditions or restrictions on our ability to commercialize our solutions. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of the software. We have established processes to help alleviate these risks, including a review process for screening requests from our development organizations for the use of open source, but we cannot be sure that all open source is submitted for approval prior to use in our solutions. In addition, many of the risks associated with the use of open source cannot be eliminated, and could, if not properly addressed, adversely affect our business." }, { "status": "UNCHANGED", "current_title": "Entity mergers or consolidations and business failures in the banking and financial services industry could adversely affect our business by eliminating some of our existing and potential clients and making us more dependent on a more limited number of clients.", "prior_title": "Entity mergers or consolidations and business failures in the banking and financial services industry could adversely affect our business by eliminating some of our existing and potential clients and making us more dependent on a more limited number of clients.", "current_body": "There has been, and may continue to be, substantial consolidation activity in the banking and financial services industry. In addition, certain financial institutions that experienced negative operating results, including some of our clients, have failed, leading to further consolidation. These consolidations, including those spurred by failures, reduce our number of potential clients and may reduce our number of existing clients, which could adversely affect our revenue, even if the events do not reduce the aggregate activities of the consolidated entities. Further, if our clients or our partners across any of our businesses fail, merge with or are acquired by other entities that are not our clients or our partners, or that use fewer of our services, they may discontinue or reduce use of our services. It is also possible that larger financial institutions resulting from consolidations would have greater leverage in negotiating terms or could decide to perform in-house some or all of the services we currently provide or could provide. Any of these developments could have an adverse effect on our business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "We have substantial goodwill and other intangible assets recorded as a result of acquisitions, and a severe or extended economic downturn could cause these assets to become impaired, requiring write-downs that would reduce our operating income.", "prior_title": "We have substantial goodwill and other intangible assets recorded as a result of acquisitions, and a severe or extended economic downturn could cause these assets to become impaired, requiring write-downs that would reduce our operating income.", "current_body": "As of December 31, 2024, goodwill aggregated to $17.3 billion, or 51% of total assets, and intangible assets aggregated to $1.3 billion, or 4% of total assets. Current accounting rules require goodwill to be assessed for impairment at least annually or whenever changes in circumstances indicate potential impairment and require intangible assets with finite useful lives to be reviewed for impairment whenever events or changes in circumstances indicate that the carrying amount may not be recoverable. Factors that may be considered a change in circumstance include significant underperformance relative to historical or projected future operating results, a significant decline in our stock price and market capitalization, and negative industry or economic trends. If worldwide or U.S. economic conditions decline significantly with prolonged negative impacts to bank spending and consumer behavior, or if other business or market changes significantly impact our outlook, then the remaining carrying amount of our goodwill and other intangible assets may no longer be recoverable, and we may be required to record an impairment charge, which would have a negative impact on our results of operations. We will continue to monitor the fair value of our reporting units and other intangible assets as well as our market capitalization and the impact of any prolonged economic downturn on our business to determine the likelihood of impairment." }, { "status": "UNCHANGED", "current_title": "Credit ratings, if lowered below investment grade, would adversely affect our cost of funds and liquidity.", "prior_title": "Credit ratings, if lowered below investment grade, would adversely affect our cost of funds and liquidity.", "current_body": "The Company maintains investment grade credit ratings from the major U.S. rating agencies on its senior unsecured debt (S&P BBB, Moody's Baa2, Fitch BBB), as well as its commercial paper program (S&P A-2, Moody's P-2, Fitch F2). Failure to maintain investment grade rating levels could adversely affect the Company's cost of funds and liquidity and access to certain capital markets but would not have an adverse effect on our ability to access our existing Revolving Credit Facility. Please note that a security rating is not a recommendation to buy, sell or hold securities, that it may be subject to revision or withdrawal at any time by the assigning rating organization, and that each rating should be evaluated independently of any other rating." }, { "status": "UNCHANGED", "current_title": "Failure to attract and retain talent, including senior management and highly skilled technology personnel, could harm our ability to grow.", "prior_title": "Failure to attract and retain talent, including senior management and highly skilled technology personnel, could harm our ability to grow.", "current_body": "Our future success depends upon our ability to attract and retain talent in a competitive market, including senior management personnel and highly-skilled technology personnel. The competitive nature of this market is also affected by wage inflation, which generally increases the cost of talent. Because the development of our solutions and services requires knowledge, skills and abilities to create, develop and implement our software solutions in new areas on a continuing basis, we are competing for talented people with such knowledge, skills and abilities in new and developing technologies. Competition for such technical personnel is intense, as is the competition for senior management to lead these efforts, and our failure to hire and retain talented personnel could have a material adverse effect on our business, financial condition or results of operations. Our future growth will also require sales and marketing, financial, legal and administrative personnel to develop and support new solutions and services, to enhance and support current solutions and services and to expand operational and financial systems. There can be no assurance that we will be able to attract and retain the necessary personnel to accomplish our growth strategies, and we may experience constraints that could adversely affect our ability to satisfy client demand in a timely fashion. Our ability to maintain compliance with applicable laws, rules and regulations and to manage and monitor the risks facing our business relies upon the ability to maintain skilled compliance, legal, security, risk and audit professionals. Competition for such skill sets is intense, and our failure to hire and retain talented personnel could have an adverse effect on our internal control environment and impact our operating results. Our senior management team has significant experience in the financial services industry, and the loss of this leadership could have an adverse effect on our business, operating results and financial condition. Further, the loss of this leadership may have an adverse impact on senior management's ability to provide effective oversight and strategic direction for all key functions within the Company, which could impact our future business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "If we fail to innovate or adapt our solutions to changes in technology or in the marketplace, or if our ongoing efforts to upgrade or implement our technology are not successful, we could lose clients, or our clients could lose customers, and we could have difficulty attracting new clients for our solutions.", "prior_title": "If we fail to innovate or adapt our solutions to changes in technology or in the marketplace, or if our ongoing efforts to upgrade or implement our technology are not successful, we could lose clients, or our clients could lose customers, and we could have difficulty attracting new clients for our solutions.", "current_body": "The markets for our solutions are characterized by constant technological changes, frequent introductions of new solutions and evolving industry standards. Our future success will be significantly affected by our ability to enhance our current solutions and develop and introduce new solutions and services that address the increasingly sophisticated needs of our clients and their customers. In addition, as more of our revenue and market demand shifts to software as a service (\"SaaS\"), business process as a service (\"BPaaS\"), cloud, and new emerging technologies, the need to keep pace with rapid technology changes becomes more acute. These initiatives carry the risks associated with any new solution development effort, including cost overruns, 13 13 13 Table of Contents Table of Contents delays in delivery and implementation, and performance issues. There can be no assurance that we will be successful in developing, marketing and selling new solutions or enhancements that meet these changing demands. If we are not successful in these efforts, we could lose clients, or our clients could lose customers, and we could have difficulty attracting new clients for our solutions. Any of these developments could have an adverse impact on our future revenue and/or business prospects." }, { "status": "UNCHANGED", "current_title": "A material weakness in our internal controls could have a material adverse effect on us.", "prior_title": "A material weakness in our internal controls could have a material adverse effect on us.", "current_body": "Effective internal controls are necessary for us to provide reasonable assurance with respect to our financial reports and to adequately mitigate the risk of fraud. If we cannot provide reasonable assurance with respect to our financial reports and adequately mitigate the risk of fraud, our reputation and results of operations could be harmed. Internal control over financial reporting may not prevent or detect misstatements because of its inherent limitations, including the possibility of human error, the circumvention or overriding of controls, or fraud. Therefore, even effective internal controls can provide only reasonable assurance with respect to the preparation and fair presentation of financial statements. In addition, projections of any evaluation of effectiveness of internal control over financial reporting to future periods are subject to the inherent risk that the control may become inadequate because of changes in conditions or because the degree of compliance with the policies or procedures may deteriorate. A material weakness is a deficiency, or combination of deficiencies, in internal control over financial reporting, such that there is a reasonable possibility that a material misstatement of the Company's annual or interim financial statements will not be prevented or detected on a timely basis. A material weakness in our internal control over financial reporting could adversely impact our ability to provide timely and accurate financial information. If we are unable to report financial information timely and accurately or to maintain effective disclosure controls and procedures, our business, financial condition or results of operations could be adversely affected." }, { "status": "UNCHANGED", "current_title": "Bank failures or sustained financial market disruptions could adversely affect our business, financial condition and results of operations.", "prior_title": "Bank failures or sustained financial market disruptions could adversely affect our business, financial condition and results of operations.", "current_body": "We regularly maintain domestic cash deposits in banks that are not subject to insurance protection against loss or exceed the deposit limits. We also maintain cash deposits in foreign banks where we operate, some of which are not insured or are only partially insured. The failure of a bank, or events involving limited liquidity, defaults, non-performance or other adverse conditions in the financial or credit markets impacting financial institutions at which we maintain balances, or concerns or 15 15 15 Table of Contents Table of Contents rumors about such events, may lead to disruptions in access to our bank deposits or otherwise adversely impact our liquidity and financial performance. There can be no assurance that our deposits in excess of the insurance limits will be backstopped by the U.S. or applicable foreign government, or that any bank or financial institution with which we do business will be able to obtain needed liquidity from other banks, government institutions or otherwise in the event of a failure or liquidity crisis. Our clients, including those of our clients that are banks, may be similarly adversely affected by any bank failure or other event affecting financial institutions. Any resulting adverse effects to our clients' liquidity or financial performance could reduce the demand for our services or affect our allowance for credit losses and collectability of trade receivables. A significant change in the liquidity or financial position of our clients could cause unfavorable trends in receivable collections and cash flows and may necessitate additional allowances for anticipated losses. Any such additional allowances could materially and adversely affect our business, financial condition or results of operations. In addition, instability, liquidity constraints or other distress in the financial markets, including the effects of bank failures, defaults, non-performance or other adverse developments that affect financial institutions, could impair the ability of one or more of the banks participating in our current or any future credit facilities to honor their commitments. This could have an adverse effect on our business if we were not able to replace those commitments or to locate other sources of liquidity on acceptable terms." }, { "status": "UNCHANGED", "current_title": "Strategic transactions, including acquisitions and divestitures, involve significant risks and uncertainties that could adversely affect our business, financial condition, results of operations and cash flows.", "prior_title": "Strategic transactions, including acquisitions and divestitures, involve significant risks and uncertainties that could adversely affect our business, financial condition, results of operations and cash flows.", "current_body": "Strategic acquisitions and divestitures we have made in the past, and may make in the future, present significant risks and uncertainties that could adversely affect our business, financial condition, results of operations and cash flows. These risks include the following: •difficulty in evaluating potential acquisitions, including the risk that our due diligence does not identify or fully assess valuation issues, potential liabilities or other acquisition risks; •difficulty and expense in integrating newly acquired businesses and operations, including combining solution and service offerings, and in entering into new markets in which we are not experienced, in an efficient and cost-effective manner while maintaining adequate standards, controls and procedures, and the risk that we may encounter significant unanticipated costs or other problems associated with integration; •difficulty and expense in consolidating, integrating, and rationalizing IT infrastructure and integrating acquired software; •challenges in achieving strategic objectives, cost savings and other benefits expected from acquisitions; •risk that our markets do not evolve as anticipated and that the strategic acquisitions and divestitures do not prove to be those needed to be successful in those markets; •risk that acquired systems expose us to cybersecurity and other data security risks; 23 23 23 Table of Contents Table of Contents •costs to reach appropriate standards to protect against cybersecurity and other data security risks, or the timelines to achieve such standards, may exceed those estimated in diligence; •risk that acquired companies are subject to new regulatory regimes or oversight where we have limited experience, which may result in additional compliance costs and potential regulatory penalties; •risk that we assume or retain, or that companies we have acquired have assumed or retained or otherwise become subject to, significant liabilities that exceed the limitations of any applicable indemnification provisions or the financial resources of any indemnifying parties; •risk that indemnification related to businesses divested or spun-off that we may be required to provide or otherwise bear may be significant and could negatively impact our business; •risk of exposure to potential liabilities arising out of applicable state and federal fraudulent conveyance laws and legal distribution requirements from spin-offs in which we or companies we have acquired were involved; •risk that we may be responsible for unanticipated U.S. federal income tax liabilities related to acquisitions or divestitures; •risk that we are not able to complete strategic divestitures within expected time frames or on satisfactory terms and conditions, including obtaining enforceable non-competition arrangements applicable to certain of our business lines; •potential loss of key employees or customers of the businesses acquired or to be divested; and •risk of diverting the attention of senior management from our existing operations." }, { "status": "UNCHANGED", "current_title": "If our applications or services are found to infringe the proprietary rights of others, then we may be required to change our business practices and may also become subject to significant costs and monetary penalties.", "prior_title": "If our applications or services are found to infringe the proprietary rights of others, then we may be required to change our business practices and may also become subject to significant costs and monetary penalties.", "current_body": "As our information technology applications and services develop, we are increasingly subject to infringement claims. Any claims, whether with or without merit, could (i) be expensive and time-consuming to defend; (ii) result in an injunction or other equitable relief which could cause us to cease making, licensing or using applications that incorporate the challenged intellectual property; (iii) require us to redesign our applications, if feasible; (iv) divert management's attention and resources; and (v) require us to enter into royalty or licensing agreements in order to obtain the right to use necessary technologies or pay damages resulting from any infringing use." }, { "status": "UNCHANGED", "current_title": "We operate in a competitive business environment; if we are unable to compete effectively, our business, financial condition or results of operations may be adversely affected.", "prior_title": "We operate in a competitive business environment; if we are unable to compete effectively, our business, financial condition or results of operations may be adversely affected.", "current_body": "The market for our solutions is intensely competitive. Our competitors in Banking and Capital Markets vary in size and in the scope and breadth of the solutions and services they offer. Some of our competitors have substantial resources. We face direct competition from third parties, and because many of our larger potential clients have historically developed their key applications in-house and, therefore, view their system requirements from a make-versus-buy perspective, we also often compete against our potential clients' in-house capacities. In addition, the markets in which we compete have recently attracted increasing competition from smaller start-ups with emerging technologies which are receiving increasing investments, as well as global banks (and businesses controlled by combinations of global banks) and global internet companies that are introducing competitive solutions and services into the marketplace, particularly in the payments area. Emerging technologies and increased competition may also have the effect of unbundling bank solutions and may result in displacing solutions that we are currently providing from our legacy systems. International competitors are also now targeting and entering the U.S. market with greater force. There can be no assurance that we will be able to compete successfully against current or future competitors or that the competitive pressures we face in the markets in which we operate will not materially adversely affect our business, financial condition, or results of operations." }, { "status": "UNCHANGED", "current_title": "We are the subject of various legal proceedings that could have an adverse effect on us.", "prior_title": "We are the subject of various legal proceedings that could have an adverse effect on us.", "current_body": "We are involved in various litigation matters, including in some instances class-action cases and patent infringement litigation. If we are unsuccessful in our defense of litigation matters, we may be forced to pay damages and/or change our business practices, any of which could have an adverse effect on our business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "Failure to comply with anti-bribery and anti-corruption laws could subject us to penalties and other adverse consequences.", "prior_title": "Failure to comply with anti-bribery and anti-corruption laws could subject us to penalties and other adverse consequences.", "current_body": "We are subject to the FCPA, the U.K. Bribery Act, and other anti-bribery and anti-corruption laws in various countries around the world. The FCPA, the U.K. Bribery Act and similar applicable laws generally prohibit companies, as well as their officers, directors, employees and third-party intermediaries, business partners and agents, from making improper payments or providing other improper things of value to government officials or other persons for the purpose of obtaining or retaining business abroad or otherwise obtaining favorable treatment. The FCPA also requires that U.S. public companies maintain books and records that fairly and accurately reflect transactions and maintain an adequate system of internal accounting controls. We conduct business in foreign countries, including a number of countries with developing economies, and many of our employees, third-party intermediaries and agents in such countries may have direct or indirect interactions with officials and employees of government agencies, state-owned or affiliated entities and other third parties. We may be held liable if they take actions in violation of these laws, even if we do not explicitly authorize them. Although our policies and procedures require compliance with these anti-bribery and anti-corruption laws and are designed to facilitate such compliance, we do business in many countries and cannot make any assurances that our employees, contractors or agents somewhere in the world will not take actions in violation of applicable laws or our policies, for which we may ultimately be held responsible. In the event that we believe or have reason to believe that our employees, contractors or agents have or may have violated such laws, we may be required to investigate (or to have outside counsel investigate) the relevant facts and circumstances. Detecting, investigating and resolving actual or alleged violations can be an extensive process and require a significant diversion of time, resources and attention from senior management. Further, we cannot assure that any such investigation will successfully uncover all relevant facts and circumstances. Any violation of the FCPA, the U.K. Bribery Act or other applicable anti-bribery or anti-corruption laws could result in whistleblower complaints, adverse media coverage, investigations, loss of export privileges, and criminal or civil sanctions, penalties and fines, any of which could adversely affect our business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "Failure to obtain new clients or renew client contracts on favorable terms could adversely affect our business, financial condition or results of operations.", "prior_title": "Failure to obtain new clients or renew client contracts on favorable terms could adversely affect our business, financial condition or results of operations.", "current_body": "We may face pricing pressure in obtaining and retaining our clients. Larger clients may use their negotiating leverage to seek price reductions from us when they renew a contract, when a contract is extended, or when the client's business has significant volume changes. Larger clients may also reduce services if they decide to move services in-house. Further, our smaller and mid-size clients may also exert pricing pressure, particularly upon renewal, due to competition or other economic needs or pressures being experienced by the client. On some occasions, this pricing pressure results in lower revenue from a client than we had anticipated based on our previous agreement with that client. This reduction in revenue could adversely affect our business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "Unfavorable resolution of tax contingencies or unfavorable future tax law changes could adversely affect our tax expense.", "prior_title": "Unfavorable resolution of tax contingencies or unfavorable future tax law changes could adversely affect our tax expense.", "current_body": "Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense and could negatively impact our effective tax rate, financial position, results of operations and cash flows in the current and/or future periods. On December 15, 2022, the EU Member States formally adopted the EU’s Pillar Two Directive, which generally provides for a minimum effective tax rate of 15%, as established by the Organization for Economic Co-operation and Development Pillar Two Framework that was supported by over 130 countries worldwide. A significant number of countries are also implementing similar legislation. We are monitoring developments, including in countries that have enacted legislation, and do not currently expect a material adverse impact to the financial statements. We will continue to evaluate Pillar Two legislation and other future tax law changes 22 22 22 Table of Contents Table of Contents that could result in negative impacts. In addition, tax-law amendments in the U.S. and other jurisdictions could significantly impact how U.S. multinational corporations are taxed. Although we cannot predict whether or in what form such legislation will pass, if enacted it could have an adverse effect on our business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "The Company is subject to regulation, supervision, and enforcement authority of numerous governmental and regulatory bodies in the jurisdictions in which it operates.", "prior_title": "The Company is subject to regulation, supervision, and enforcement authority of numerous governmental and regulatory bodies in the jurisdictions in which it operates.", "current_body": "Because the Company is a technology service provider to U.S. financial institutions, it is subject to regular oversight and examination by the FBA, each agency of which is a member of the FFIEC, an interagency body of federal banking regulators. The FBA have broad discretion in the implementation, interpretation and enforcement of banking and consumer protection laws and use the FFIEC's uniform principles, standards and report forms in their review of bank service providers like FIS. A failure to comply with these laws, or a failure to meet the supervisory expectations of the banking regulators, could result in adverse action against the Company. The regulators have the authority to, among other things, enjoin \"unsafe or unsound\" practices; require affirmative actions to correct any violation or practice; issue administrative orders that can be judicially enforced; direct the sale of subsidiaries or other assets; and assess civil money penalties. The Company is also subject to ongoing supervision by regulatory and governmental bodies across the world, including economic and conduct regulators, such as OFAC, BIS and FinCEN in the U.S., the FCA, OFSI and OTSI in the U.K., and regulatory and governmental bodies responsible for issuing anti-money laundering, anti-bribery, and global economic sanctions and export control regulations. These various regulatory regimes require compliance across many aspects of our activities. Among other things, such regulatory and financial crime compliance obligations require certain capital requirements; safeguarding, training, authorization, supervision and oversight of personnel, systems, processes, controls, and documentation; and reporting to government entities. As we continue to grow our global business around the world, we will become subject to additional countries' regulations governing critical third-party service providers, financial crime and other regulatory areas. Our failure to comply with any of these requirements could result in the suspension or revocation of a license, loss of consumer confidence, and/or the imposition of civil or criminal penalties. We also have business operations that store, process or transmit consumer information or have direct relationships with consumers. As such, we are obligated to comply with regulations, including, but not limited to, the FCRA, the Federal Fair Debt Collection Practices Act and applicable privacy requirements, and we are subject to examination and oversight by the CFPB. In addition, our wealth and retirement business holds a charter in the state of Georgia, which obligates us to comply with regulatory compliance requirements of the Georgia Department of Banking and Finance. Our U.S. wealth and retirement business is required to hold certain levels of regulatory capital as defined by the state banking regulator in Georgia. In the U.K., our Platform Securities and broker-dealer businesses are regulated by the FCA and are also subject to further regulatory capital requirements. The Consumer Financial Protection Bureau (\"CFPB\") continues to establish rules and regulations for regulating financial and non-financial institutions and providers to those institutions to ensure adequate protection of consumer privacy and to ensure consumers are not impacted by deceptive business practices, as well as to provide examination and supervisory authority over consumer reporting agencies, including ChexSystems. These rules and regulations govern our clients or potential clients and also govern certain of our businesses. These regulations have resulted, and may further result, in the need for us to make capital investments to modify our solutions to facilitate our clients' and potential clients' compliance, as well as to deploy additional processes or reporting to comply with these regulations. In the future, we may need to incur additional expenses to ensure continued compliance with applicable laws and regulations and to investigate, defend and/or remedy actual or alleged violations. Further, requirements of these regulations have resulted, and could further result, in changes in our business 16 16 16 Table of Contents Table of Contents practices, our clients' business practices and those of other marketplace participants that may alter the delivery of services to consumers, which have impacted, and could further impact, the demand for our solutions and services, as well as alter the types or volume of transactions that we process on behalf of our clients. As a result, these requirements, or proposed or future requirements, could have an adverse impact on our financial condition, revenue, results of operations, prospects for future growth and overall business. The New York Department of Financial Services has enacted rules that require covered financial institutions to establish and maintain cybersecurity programs. Other states also have data security laws that vary in several respects, including with regard to specificity and detail of requirements and the extent to which such requirements apply to the data we collect from individuals. These rules subject us to additional regulation and require us to adopt additional business practices that could also require additional capital expenditures or impact our operating results. Changes to state money transmission laws and regulations, including changing interpretations and the implementation of new or varying regulatory requirements, may result in the need for additional money transmitter licenses. These changes could result in increased costs of compliance, as well as fines or penalties. One of our subsidiaries is an SEC-registered broker-dealer in the U.S. and is subject to the financial and operational rules of FINRA, and others are authorized by the FCA to conduct certain regulated business in the U.K. Our transfer agent business is also regulated by the SEC and other regulators around the world. Domestic and foreign regulatory and self-regulatory organizations, such as the SEC, FINRA, and the FCA, can, among other things, fine, censure, issue cease-and-desist orders against, and suspend or expel a broker-dealer or its officers or employees for failure to comply with the many laws and regulations that govern brokerage activities. Regulations affecting the brokerage industry may change, which could adversely affect our business, financial condition or results of operations. We are exposed to certain risks relating to the execution services provided by our brokerage operations to our customers and counterparties, which include other broker-dealers, active traders, hedge funds, asset managers, and other institutional and non-institutional clients. These risks include, but are not limited to, customers or counterparties failing to pay for or deliver securities, trading errors, the inability or failure to settle trades, and trade execution system failures. As trading in the U.S. securities markets has become more automated, the potential impact of a trading error or a rapid series of errors caused by a computer or human error or a malicious act has increased. In our other businesses, we generally can disclaim liability for trading losses that may be caused by our software, but in our brokerage operations, we may not be able to limit our liability for trading losses or failed trades, even when we are not at fault. As a result, we may suffer losses that are disproportionately large compared to the relatively modest profit contributions of our brokerage operations. Moreover, the legislative and regulatory landscape continues to evolve, and we expect that it may cover alternative payment types, including digital and crypto currencies. Any failure to comply with such laws and regulations could expose us to liability, regulatory scrutiny and/or reputational damage. Financial crimes laws may be interpreted and applied inconsistently from country to country and may impose inconsistent or conflicting requirements. Complying with varying jurisdictional requirements could increase the costs and complexity of compliance, including associated recordkeeping costs, or could require us to change our business practices in a manner adverse to our business. Further, our business may be constrained by current and future laws and regulations governing the development, use and deployment of artificial intelligence (including machine learning) (\"AI\") technologies. These laws and regulations are continuously and rapidly evolving, and there is no single global regulatory framework for AI, creating further uncertainties regarding compliance with such laws and regulations. As a result, our ability to leverage AI could be restricted by burdensome and costly regulatory requirements. Additionally, in some markets in which we operate, our clients will require us to support them in achieving compliance with increasingly complex and prescriptive regulatory requirements relating to digital operational resilience. For example, under DORA, our E.U. financial entity clients will require us, as a third-party provider of information and communication technology services, to contract with and manage our relationships with such clients (and, where applicable, our relationships with critical third-party technology vendors in our supply chain) in accordance with the requirements of DORA. Failure to support our clients in achieving compliance with DORA and similar global regulatory regimes may cause us to lose revenue, clients, and/or result in damage to our reputation, and may also attract scrutiny from regulators. If we fail to comply with relevant laws or regulations, then we risk reputational damage, potential civil and criminal sanctions, fines or other action imposed by regulatory or governmental authorities, including the potential suspension or revocation of the permission-based regulatory licenses which authorize the Company to provide core services to customers. Regulatory authorities subject our businesses, from time to time, to regulatory investigations, reviews, examinations and 17 17 17 Table of Contents Table of Contents proceedings (both formal and informal), some of which have the potential to result in settlements, fines, penalties, injunctions or other adverse consequences to us. This could result in an adverse effect on FIS' business, reputation and customer relationships, which in turn could adversely affect its financial position and performance." }, { "status": "UNCHANGED", "current_title": "Many of our clients are subject to a regulatory environment and to industry standards that may change in a manner that reduces the types or volume of solutions or services we provide or may reduce the types or number of transactions in which our clients engage, and therefore reduce our revenue.", "prior_title": "Many of our clients are subject to a regulatory environment and to industry standards that may change in a manner that reduces the types or volume of solutions or services we provide or may reduce the type or number of transactions in which our clients engage, and therefore reduce our revenue.", "current_body": "Our clients are subject to many, varied and evolving government regulations and industry standards with which our solutions must comply. Our clients must ensure that our solutions and related services work within the extensive and evolving regulatory and industry requirements applicable to them. Federal, state, foreign or industry authorities could adopt laws, rules or regulations affecting our clients' businesses that could lead to increased operating costs and could reduce the convenience and functionality of our solutions, possibly resulting in reduced market acceptance. In addition, action by regulatory authorities relating to credit availability, data usage, privacy, or other related regulatory developments could have an adverse effect on our clients and, therefore, could have a material adverse effect on our financial condition, revenue, results of operations, prospects for future growth and overall business. Elimination of regulatory requirements could also adversely affect the sales of our solutions designed to help clients comply with complex regulatory environments." }, { "status": "UNCHANGED", "current_title": "Lack of system integrity, fraudulent payments, credit quality, and undetected errors related to funds settlement or the availability of clearing services could result in a financial loss.", "prior_title": "Lack of system integrity, fraudulent payments, credit quality, and undetected errors related to funds settlement or the availability of clearing services could result in a financial loss.", "current_body": "We settle funds on behalf of financial institutions, other businesses and consumers and receive funds from clients, card issuers, payment networks and consumers on a daily basis for a variety of transaction types. Transactions facilitated by us include debit card, credit card, electronic bill payment transactions, banking payments and check clearing that supports consumers, financial institutions and other businesses. These payment activities rely upon the technology infrastructure that facilitates the verification of activity with counterparties, the facilitation of the payment and the detection or prevention of fraudulent payments. A compromise of our continuity of operations, integrity of processing, or ability to detect or prevent fraudulent payments could result in a financial loss to us. In addition, we rely on various financial institutions to provide treasury services in support of funds settlement for certain of our solutions. An inability to obtain such treasury services in the future could have a material adverse effect on our business, financial condition or results of operations. Furthermore, if one of our clients, for which we facilitate settlement, defaults on settlement or suffers a fraudulent event due to a deficiency in their controls, then we may suffer a financial loss if the client does not have sufficient capital to cover the loss." }, { "status": "UNCHANGED", "current_title": "Our business is subject to the risks of international operations, including movements in foreign currency exchange rates.", "prior_title": "Our business is subject to the risks of international operations, including movements in foreign currency exchange rates.", "current_body": "Our international operations represented approximately 22% of our total 2024 revenue and are largely conducted in currencies other than the U.S. Dollar, including the British Pound Sterling, Euro, Brazilian Real, Australian Dollar, Swedish Krona, Swiss Franc and Indian Rupee. Our business, financial condition or results of operations could be adversely affected due to a variety of factors, including the following: •changes in a specific country or region's political and cultural climate or economic condition, including a change in governmental regime; •unexpected or unfavorable changes in foreign laws, regulatory requirements and related interpretations; •difficulty of effective enforcement of contractual provisions in local jurisdictions; •inadequate intellectual property protection in foreign countries; •trade-protection measures, import or export licensing requirements, such as Export Administration Regulations promulgated by the U.S. Department of Commerce, and fines, penalties or suspension or revocation of export privileges; •trade sanctions imposed by the U.S. or other governments with jurisdictional authority over our business operations; •the effects of applicable and potentially adverse foreign tax law changes; •significant adverse changes in foreign currency exchange rates; •lesser enforcement of intellectual property laws and protections internationally; •longer accounts receivable cycles; •managing a geographically dispersed workforce; •trade treaties, tariffs or agreements that could increase our costs or otherwise adversely affect our ability to do business in affected countries; and •compliance with the FCPA and OFAC regulations and other applicable anti-corruption and sanctions laws and regulations, particularly in emerging markets. 20 20 20 Table of Contents Table of Contents Our clients may pay us in foreign currencies. Conducting business in currencies other than the U.S. Dollar subjects us to foreign currency exchange rate fluctuations that can negatively impact our results, period to period, including relative to analyst estimates or guidance. Our primary exposure to movements in foreign currency exchange rates relates to the British Pound Sterling, Euro, Brazilian Real, Australian Dollar, Swedish Krona, Swiss Franc and Indian Rupee. The U.S. Dollar value of our net investments in foreign operations, the periodic conversion of foreign-denominated earnings to the U.S. Dollar (our reporting currency), and our results of operations and, in some cases, cash flows, could be adversely affected in a material manner by movements in foreign currency exchange rates. These risks could cause an adverse effect on our business, financial condition or results of operations. For more information on our exposure to foreign currency risk, see \"Foreign Currency Risk\" in \"Item 7A. Quantitative and Qualitative Disclosures About Market Risk.\"" }, { "status": "UNCHANGED", "current_title": "Misappropriation of and infringement on our intellectual property and proprietary rights, or a finding that our patents are invalid, could impair our competitive position.", "prior_title": "Misappropriation of our intellectual property and proprietary rights or a finding that our patents are invalid could impair our competitive position.", "current_body": "Our ability to compete depends in some part upon our proprietary solutions and technology. Despite our efforts to protect our proprietary rights, unauthorized parties may attempt to copy aspects of our solutions or to obtain and use information that we regard as proprietary or challenge the validity of our patents with governmental authorities. Policing unauthorized use of our proprietary rights is difficult. We cannot make any assurances that the steps we have taken will prevent misappropriation of, or infringement upon, technology or that the agreements entered into for that purpose will be enforceable. Effective patent, trademark, service mark, copyright, and trade secret protection may not be available in every country in which our applications and services are made available. Misappropriation of our intellectual property or potential litigation concerning such matters could have an adverse effect on our business, financial condition or results of operations. As we increase our international business, we are subject to further risks of misappropriation of, or infringement on, our intellectual property in countries which have laws that are less protective of intellectual property or are enforced in a less protective manner." }, { "status": "UNCHANGED", "current_title": "Statement Regarding Forward-Looking Information", "prior_title": "Statement Regarding Forward-Looking Information", "current_body": "The statements contained in this Form 10-K or in our other documents or in oral presentations or other management statements that are not purely historical are forward-looking statements within the meaning of the U.S. federal securities laws. Statements that are not historical facts, as well as other statements about our expectations, beliefs, intentions, or strategies regarding the future, or other characterizations of future events or circumstances, are forward-looking statements. Forward-looking statements include statements about anticipated financial outcomes, including any earnings outlook or projections, projected revenue or expense synergies or dis-synergies, business and market conditions, outlook, foreign currency exchange rates, deleveraging plans, expected dividends and share repurchases of the Company, the Company's sales pipeline and anticipated profitability and growth, plans, strategies and objectives for future operations, strategic value creation, risk profile and investment strategies, any statements regarding future economic conditions or performance and any statements with respect to the future impacts of the Worldpay Sale or any agreements or arrangements entered into in connection with such transaction. These statements may be identified by words such as \"expect,\" \"anticipate,\" \"intend,\" \"plan,\" \"believe,\" \"will,\" \"should,\" \"could,\" \"would,\" \"project,\" \"continue,\" \"likely,\" and similar expressions, and include statements reflecting future results or outlook, statements of outlook and various accruals and estimates. These statements relate to future events and our future results and involve a number of risks and uncertainties. Forward-looking statements are based on management's beliefs as well as assumptions made by, and information currently available to, management. Actual results, performance or achievement could differ materially from these forward-looking statements. The risks and uncertainties to which forward-looking statements are subject include the following, without limitation: •changes in general economic, business and political conditions, a recession, intensified or expanded international hostilities, acts of terrorism, increased rates of inflation or interest, changes in either or both the United States and international lending, capital and financial markets or currency fluctuations; 25 25 25 Table of Contents Table of Contents •the risk that acquired businesses will not be integrated successfully or that the integration will be more costly or more time-consuming and complex than anticipated; •the risk that cost savings and synergies anticipated to be realized from acquisitions may not be fully realized or may take longer to realize than expected or that costs may be greater than anticipated; •the risks of doing business internationally; •the effect of legislative initiatives or proposals, statutory changes, governmental or applicable regulations and/or changes in industry requirements, including privacy, data protection, cybersecurity, cyber resilience and AI laws and regulations; •our ability to comply with climate change legal and regulatory requirements and to maintain practices that meet our stakeholders' evolving expectations; •the risks of reduction in revenue from the elimination of existing and potential customers due to consolidation in, or new laws or regulations affecting, the banking, retail and financial services industries or due to financial failures or other setbacks suffered by firms in those industries; •changes in the growth rates of the markets for our solutions; •the amount, declaration and payment of future dividends is at the discretion of our Board of Directors and depends on, among other things, our investment opportunities, results of operations, financial condition, cash requirements, future prospects, and other factors that may be considered relevant by our Board of Directors, including legal and contractual restrictions; •the amount and timing of any future share repurchases is subject to, among other things, our share price, our other investment opportunities and cash requirements, our results of operations and financial condition, our future prospects and other factors that may be considered relevant by our Board of Directors and management; •failures to adapt our solutions to changes in technology or in the marketplace; •internal or external security or privacy breaches of our systems, including those relating to unauthorized access, theft, corruption or loss of personal information and computer viruses and other malware affecting our software or platforms, and the reactions of customers, card associations, government regulators and others to any such events; •the risk that implementation of software, including software updates, for customers or at customer locations or employee error in monitoring our software and platforms may result in the corruption or loss of data or customer information, interruption of business operations, outages, exposure to liability claims or loss of customers; •the risk that partners and third parties may fail to satisfy their legal obligations to us; •risks associated with managing pension cost, cybersecurity issues, IT outages experienced by us or by third parties and data privacy; •our ability to navigate the opportunities and risks associated with using and/or incorporating AI technologies into our business; •the reaction of current and potential customers to communications from us or regulators regarding information security, risk management, internal audit or other matters; •competitive pressures on pricing related to the decreasing number of community banks in the U.S., the development of new disruptive technologies competing with one or more of our solutions, increasing presence of international competitors in the U.S. market and the entry into the market by global banks and global companies with respect to certain competitive solutions, each of which may have the impact of unbundling individual solutions from a comprehensive suite of solutions we provide to many of our customers; •the failure to innovate in order to keep up with new emerging technologies, which could impact our solutions and our ability to attract new, or retain existing, customers; •an operational or natural disaster at one of our major operations centers; •failure to comply with applicable requirements of payment networks or changes in those requirements; •fraud by bad actors; and •other risks detailed elsewhere in the \"Risk Factors\" section and other sections of this report and in our other filings with the SEC. Other unknown or unpredictable factors also could have a material adverse effect on our business, financial condition, results of operations and prospects. Accordingly, readers should not place undue reliance on these forward-looking statements. These forward-looking statements are inherently subject to uncertainties, risks and changes in circumstances that are difficult to predict. Except as required by applicable law or regulation, we do not undertake (and expressly disclaim) any obligation and do not intend to publicly update or review any of these forward-looking statements, whether as a result of new information, future events or otherwise." }, { "status": "UNCHANGED", "current_title": "Global economic, political and other conditions, including business cycles and consumer confidence, as well as geopolitical conflicts, may adversely affect our clients or trends in consumer spending, which may adversely impact the demand for our services and our revenue and profitability.", "prior_title": "Global economic, political and other conditions, including business cycles and consumer confidence, as well as geopolitical conflicts, may adversely affect our clients or trends in consumer spending, which may adversely impact the demand for our services and our revenue and profitability.", "current_body": "A significant portion of our revenue is derived from transaction processing fees. The global transaction processing industries depend heavily upon the overall level of consumer, business and government spending. Any change in economic factors, including a sustained deterioration in general economic conditions or consumer confidence, particularly in the U.S., or inflation and increases in interest rates in key countries in which we operate may adversely affect consumer spending, consumer debt levels and credit and debit card usage, and as a result, adversely affect our financial performance by reducing the number or average purchase amount of transactions that we service. In addition, the direct and indirect effects of geopolitical conflicts, such as the Russia-Ukraine war and conflicts in the Middle East, have adversely affected global economic activity and transaction processing volumes (particularly in our former Merchant segment). Worsening, or future, geopolitical conflicts could materially adversely affect global economic activity and our transaction volumes in the future. When there is a slowdown or downturn in the economy, a drop in stock market levels or trading volumes, or an event that disrupts the financial markets, our business, financial condition or results of operations may suffer for a number of reasons. Customers may react to worsening conditions by reducing or delaying their capital expenditures in general or by specifically reducing or delaying their information technology spending. In addition, customers may seek to curtail trading operations or to lower their costs by renegotiating vendor contracts. Moreover, competitors may respond to market conditions and attempt to lure away our customers by lowering prices on existing solutions or by offering new, lower-cost solutions. Any further protective trade policies or actions taken by the U.S. may also result in other countries reducing, or making more expensive, services permitted to be provided by U.S.-based companies. If any of these circumstances remain in effect for an extended period of time, there could be a material adverse effect on our business, financial condition or results of operations." }, { "status": "UNCHANGED", "current_title": "Acts of war or terrorism, international conflicts, political instability, natural disasters, power or communications failures, or widespread outbreak of an illness could negatively affect various aspects of our business, including our workforce and our business partners, make it more difficult and expensive to meet our obligations to our customers, and result in reduced revenue from our customers.", "prior_title": "Acts of war or terrorism, international conflicts, political instability, natural disasters, or widespread outbreak of an illness could negatively affect various aspects of our business, including our workforce and our business partners, make it more difficult and expensive to meet our obligations to our customers, and result in reduced revenue from our customers.", "current_body": "Our global operations are susceptible to global events, including threats or acts of war, such as the Russia-Ukraine war and the Israel-Hamas conflict, threats or acts of terrorism, international conflicts, political instability, natural disasters, and power or communications failures. We are also susceptible to a widespread outbreak of an illness or other health issue, such as the COVID-19 pandemic. These events can spread to different locations across the globe and can have an adverse effect on the global economy, reducing consumer and corporate spending upon which our revenue depends. Individual employees can become ill, quarantined, or otherwise unable to work and/or travel due to health reasons or governmental restrictions. Some of our operations are in countries where the effects of a widespread illness could be magnified due to health care systems that are less well-developed than in the U.S. The occurrence of any of these events could have an adverse effect on our business, financial condition or results of operations. 21 21 21 Table of Contents Table of Contents" } ] }