{ "ticker": "GPN", "company": "Global Payments Inc.", "filing_type": "10-K", "year_current": "2024", "year_prior": "2023", "summary": { "added": 13, "removed": 1, "modified": 7, "unchanged": 24, "total_current": 44, "total_prior": 32 }, "source": "SEC EDGAR", "url": "https://riskdiff.com/gpn/2024-vs-2023/", "markdown_url": "https://riskdiff.com/gpn/2024-vs-2023/index.md", "json_url": "https://riskdiff.com/gpn/2024-vs-2023/index.json", "generated": "2026-05-10", "ai_summary": "Global Payments Inc. reorganized its Risk Factors section with a new categorical framework, adding 13 new risk categories including dedicated sections for cybersecurity threats, third-party risks, and board oversight processes, while removing only one Consumer Solutions segment-specific risk. The company significantly expanded its cybersecurity risk disclosures by introducing five new subsections covering threat identification, incident management, and executive oversight, reflecting heightened focus on this area. These structural additions resulted in a net increase of 19 new risk factor entries, with 7 existing risks being substantively modified while 24 risks remained unchanged.", "risks": [ { "status": "ADDED", "current_title": "Risks Factors Summary", "prior_title": null, "current_body": "The following is a summary of the principal risks that could materially and adversely affect our business, financial condition, liquidity, results of operations and/or cash flows." }, { "status": "ADDED", "current_title": "Risks Related to Our Business Model and Operations", "prior_title": null, "current_body": "•Our inability to protect our systems and data from continually evolving cybersecurity threats or other technological risks could adversely affect our ability to deliver our services; damage our reputation among our customers, card issuers, financial institutions, card networks, partners and cardholders; adversely affect our continued card network registration or membership and financial institution sponsorship; and expose us to penalties, fines, liabilities, legal claims and defense costs. •Software and hardware defects, failures, undetected errors, and development delays could affect our ability to deliver our services, damage customer relations, expose us to liability and have an adverse effect on our business, financial condition and results of operations. •Our systems or our third-party providers' systems may fail, which could interrupt our service, cause us to lose business, increase our costs and expose us to liability. •The payments technology industry is highly competitive and highly innovative, and some of our competitors have greater financial and operational resources than we do, which may give them an advantage with respect to the pricing of services offered to customers and the ability to develop new and disruptive technologies. •In order to remain competitive and to continue to increase our revenues and earnings, we must continually and quickly update our services, a process that could result in higher costs and the loss of revenues, earnings and customers if the new services do not perform as intended or are not accepted in the marketplace. •Our revenues from the sale of services to merchants that accept Visa and Mastercard are dependent upon our continued Visa and Mastercard registrations, financial institution sponsorship and, in some cases, continued membership in certain card networks. •We rely on various financial institutions to provide clearing services in connection with our settlement activities. If we are unable to maintain clearing services with these financial institutions and are unable to find a replacement, our business may be adversely affected. •Increased merchant, referral partner, ISO or payment facilitator attrition could cause our financial results to decline. •Our future growth depends in part on the continued expansion within markets in which we already operate, the emergence of new markets, and the continued availability of alliance relationships and strategic acquisition opportunities. •There may be a decline in the use of cards and other digital payments as a payment mechanism for consumers or other adverse developments with respect to the card industry in general. •Consolidation among financial institutions or among retail customers, including the merger of our customers with entities that are not our customers or the sale of portfolios by our customers to entities that are not our customers, could affect our financial condition, results of operations and cash flows. •If we do not renew or renegotiate our agreements on favorable terms with our customers within the Issuer Solutions segment, our business will suffer. The timing of the conversions or deconversions of card portfolios could also affect our revenues and expenses. 16 16 16 Table of Contents Table of Contents •We incur chargeback losses when our merchants refuse or cannot reimburse us for chargebacks resolved in favor of their customers. Any increase in chargebacks not paid by our merchants could adversely affect our business, financial condition, results of operations and cash flows. •Fraud by merchants or others and losses from overdrawn cardholder accounts could have an adverse effect on our financial condition, results of operations and cash flows. •Increases in card network fees may result in the loss of customers and/or a reduction in our earnings. •The integration and conversion of our acquired operations or other future acquisitions, if any, could result in increased operating costs if the anticipated synergies of operating these businesses as one are not achieved, a loss of strategic opportunities if management is distracted by the integration process, and a loss of customers if our service levels drop during or following the integration process. •Our inability to complete certain divestitures or the effects of divesting a business could have a material adverse effect on our business and financial results." }, { "status": "ADDED", "current_title": "Legal, Regulatory Compliance and Tax Risks", "prior_title": null, "current_body": "•Our business is subject to government regulation and oversight. Any new implementation of or changes made to laws, regulations or other industry standards affecting our business in any of the geographic regions in which we operate may require significant development and compliance efforts or have an unfavorable effect on our ability to continue to offer certain services, or on our financial results and our cash flows. •New or revised tax regulations, unfavorable resolution of tax contingencies or changes to enacted tax rates could adversely affect our tax expense. •Our risk management policies and procedures may not be fully effective in mitigating our risk exposure in all market environments or against all types of risk." }, { "status": "ADDED", "current_title": "Financial Risks", "prior_title": null, "current_body": "•We are subject to risks associated with changes in interest rates or currency exchange rates, which could adversely affect our business, financial condition, results of operations and cash flows, and we may not effectively hedge against these risks. •A downgrade in the ratings of our debt could restrict our ability to access the debt capital markets and increase our interest costs. •Failure to maintain effective internal controls in accordance with Section 404 of the Sarbanes-Oxley Act could have a material adverse effect on our business." }, { "status": "ADDED", "current_title": "Intellectual Property Risks", "prior_title": null, "current_body": "•We may not be able to successfully manage our intellectual property and may be subject to infringement claims." }, { "status": "ADDED", "current_title": "Risks Related to Our Capital Structure", "prior_title": null, "current_body": "•Our substantial indebtedness could adversely affect us and limit our business flexibility. •We may not be able to raise additional funds to finance our future capital needs. •Our balance sheet includes significant amounts of goodwill and other intangible assets. The impairment of a portion of these assets could negatively affect our business, financial condition and results of operations. •We may not be able to, or we may decide not to, pay dividends or repurchase shares at a level anticipated by our shareholders, which could reduce shareholder returns. 17 17 17 Table of Contents Table of Contents" }, { "status": "ADDED", "current_title": "Risks Related to General Economic Conditions", "prior_title": null, "current_body": "•We are subject to economic and geopolitical risk, health and social events or conditions, the business cycles and credit risk of our customers and the overall level of consumer, business and government spending, which could negatively affect our business, financial condition, results of operations and cash flows." }, { "status": "ADDED", "current_title": "General Risk Factors", "prior_title": null, "current_body": "•If we lose key personnel or are unable to attract and hire additional qualified personnel as we grow, our business could be adversely affected. •The costs and effects of pending and future litigation, investigations or similar matters, or adverse facts and developments related thereto, could materially affect our business, financial condition, results of operations and cash flows." }, { "status": "ADDED", "current_title": "Processes for the Identification, Assessment, and Management of Material Risks from Cybersecurity Threats", "prior_title": null, "current_body": "Although Global Payments is unable to eliminate all risks associated with cybersecurity threats and we cannot provide full assurance that our cybersecurity risk management processes will be fully complied with or effective, we have adopted policies and procedures that are designed to facilitate the identification, assessment, and management of those risks, including any such risks that have the potential to be material. We use multiple mechanisms to identify risks associated with cybersecurity threats, including but not limited to the following: •Our information security program describes three levels of risk assessment exercises to be performed or obtained on a periodic basis by the Information Security function, ranging from enterprise-level to system-level risk assessments; •Our Information Security function also includes a threat intelligence team that performs continual threat monitoring activities; •Our Business Technology Services function includes teams that provide architectural review, security advisory, and application testing services in connection with the development of new products, applications, and integrations; •Our Internal Audit function performs annual reviews designed to evaluate selected systems’ compliance with our information security program and/or recognized external control frameworks; •Independent consultants and auditors evaluate selected systems and applications on an annual basis; and •All team members are empowered to submit self-identified information security risks for analysis by our internal risk management professionals. Cybersecurity risks identified through any of the foregoing mechanisms and submitted to our governance, risk, and compliance platform are assessed by our internal risk management professionals, in collaboration with appropriate subject-matter experts (\"SMEs\"), pursuant to standards established by our Enterprise Risk Management (\"ERM\") organization. Our internal risk management professionals work with the SMEs and other stakeholders to establish remediation plans for identified information security risks and to determine when risk acceptance might be a reasonable and appropriate solution. Issues relating to cybersecurity identified by Internal Audit are reported to the Technology Committee of our board of directors (\"Technology Committee\"). Our ERM organization, under the supervision of the Chief Risk Officer, leads our efforts to consider and assess threats to the Company and the risks that result therefrom, including cybersecurity threats and related risks. With support from Information Security, Legal, and the Privacy Office, ERM conducts periodic evaluations of our information security posture, manages regular meetings with the executive leadership team to discuss risk levels across the company, and maintains and monitors risk tolerances and escalation criteria that drive executive and the board of director communications, as further described in our disclosures related to the board of directors oversight of material risks associated with cybersecurity threats. We manage risks associated with cybersecurity threats first and foremost through our information security program. We have implemented a comprehensive, layered security approach, across our computing environment, that is designed to facilitate the reduction of cybersecurity risk through the establishment of technical, physical and administrative controls oriented towards the maintenance of the confidentiality, integrity and availability of our information and technical assets. The structure of the information security program is informed by the NIST Cybersecurity Framework, and the program includes controls designed to facilitate the compliance of our cardholder data environments with PCI-DSS. The information security program is under the responsibility of the Chief Information Security Officer (\"CISO\"), while governance and oversight is provided by the Technology Committee as set forth in the Technology Committee Charter. The CISO is responsible for the strategy, execution and administration of the program and reports directly to the Chief Information Officer (\"CIO\"), while also maintaining reporting lines to the Technology Committee, its chair and the full board of directors. We have also established a Management Risk Committee (\"MRC\"), composed primarily of executive management, that is responsible for identifying, assessing, prioritizing and monitoring action plans to mitigate key risks. The MRC meets regularly. To encourage alignment on risk identification, assessment, and management objectives throughout all levels of the company, we have implemented a security education and awareness program that is designed to reinforce key behaviors that 31 31 31 Table of Contents Table of Contents facilitate risk reduction and inform team members about the material cybersecurity risks facing our organization. We also include periodic training on information security to the board of directors." }, { "status": "ADDED", "current_title": "Identification, Assessment, and Management of Third-Party Cybersecurity Risks", "prior_title": null, "current_body": "We have designed our risk identification, assessment, and management processes and procedures to account for cybersecurity risks associated with our use of third-party service providers. In addition to performing periodic assessments of vendors that include evaluating those vendors for cybersecurity risks, we endeavor to reduce supply chain cybersecurity risks by: (1) seeking to impose contractual requirements on our counterparties related to the use and security of personal data and other confidential information, as well as compliance with applicable privacy and security laws, wherever required by law to do so; and (2) requiring new software integrations and connectivity with vendors to undergo an architectural review process that involves consultation with the information security function and other relevant stakeholders. Moreover, critical vendors receive periodic comprehensive risk assessments conducted by the vendor management office (a team within ERM), in collaboration with Information Security and our Business Resiliency Governance (\"BRG\") team, that include a focus on the vendor’s cybersecurity practices." }, { "status": "ADDED", "current_title": "Evaluation, Categorization, and Escalation of Cybersecurity Incidents", "prior_title": null, "current_body": "Our information security program includes an incident response plan, which establishes (1) a framework for classifying security incidents according to their severity level, taking into account the nature and scope of the incident; and (2) protocols for the escalation of incidents, including to the attention of the Technology Committee as appropriate. The incident response plan is approved annually by the board of directors. We maintain a Global Security Operations Center (\"GSOC\"), staffed 24/7, and a Global Critical Incident Management (\"GCIM\") team, and the roles and responsibilities of the GSOC and GCIM in the incident response context are established by the incident response plan, as well as in associated playbooks and other procedural documentation. On an annual basis, we retain an outside consultant to develop and administer a simulation of a cybersecurity incident designed to test our response capabilities and capacity for effective cross-functional coordination in the wake of an incident and to inform management and the Technology Committee of the results of the exercise. We maintain a business resiliency program, overseen by BRG, that is designed to facilitate our ability to respond, recover and resume services in the event of an incident that causes an operational disruption." }, { "status": "ADDED", "current_title": "Discussion of Material Cybersecurity Risks and Incidents", "prior_title": null, "current_body": "We have not experienced any material cybersecurity incidents in the past calendar years and the expenses we have incurred from cybersecurity incidents during that period were immaterial. We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected us, including our operations, business strategy, results of operations, or financial condition. We face risks from cybersecurity threats that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition. For a full discussion of cybersecurity risks, see the section entitled \"Risk Factors\" in Item 1A." }, { "status": "ADDED", "current_title": "Board and Management Oversight of Risks Associated with Cybersecurity Threats", "prior_title": null, "current_body": "The Technology Committee provides the board of director-level oversight of our information technology and information security practices and cyber-risk profile and serves as a liaison between our board of directors and the CISO and the Chief Privacy Officer with respect to such matters. The Technology Committee reviews our key initiatives and practices relating to information technology, information security, cybersecurity, disaster recovery, business continuity, data privacy and data governance, and monitors compliance with regulatory requirements and industry standards. The Technology Committee helps to ensure that our strategic business goals are aligned with our technology strategy and infrastructure and that management has adequate support for the Company's internal technology and information security needs. At every regular meeting of the Technology Committee, the CISO provides the Technology Committee with updates and changes to the state, strategy and risks related to the information security program as well as other security news and topics. Further, the Technology Committee and Audit Committee receive quarterly reports from the Chief Risk Officer regarding our risk exposure related to significant information technology and information security practices. The CISO and CIO meet regularly with the chair of the Technology Committee outside of committee meetings. In addition, the board of directors regularly receives information about these topics from the chair of the Technology Committee, the CIO, and management, and the board of directors is apprised directly of incidents as appropriate, pursuant to our incident response plan. 32 32 32 Table of Contents Table of Contents" }, { "status": "REMOVED", "current_title": null, "prior_title": "Our Consumer Solutions segment relies on certain relationships with issuing banks, distributors, marketers and brand partners. The loss of such relationships, or if we are unable to maintain such relationships on terms that are favorable to us, may materially adversely affect our business, financial condition, results of operations and cash flows.", "prior_body": "Our Consumer Solutions segment relies on arrangements that we have with issuing banks to provide us with critical services, including the FDIC-insured depository accounts tied to the cards and accounts we manage, access to the ATM networks, membership in the card associations and network organizations and other banking services. The majority of our active Consumer Solutions cards and accounts are issued or opened through Meta Payment Systems (\"MetaBank\"). If any material adverse event were to affect MetaBank's or another of our critical issuing banks, or if our relationship with MetaBank or another critical bank were terminated, or MetaBank or another critical bank grew to a size such that it was no longer able to avail itself of certain regulatory exemptions for small banks, we may be forced to find an alternative provider for these critical banking services. It may not be possible to find a replacement bank on terms that are acceptable to us or at all. Any change in the issuing banks could disrupt the business or result in arrangements with new banks that are less favorable to us than those we have with our existing issuing banks, either of which could have a material adverse effect on our business, financial condition, results of operations and cash flows. Furthermore, our Consumer Solutions segment depends in large part on establishing agreements with distributors, marketers and brand partners, primarily alternative financial services providers, as well as grocery and convenience stores and other traditional retailers. Some of these companies may endeavor to internally develop their own programs or enter into exclusive relationships with our competitors to distribute or market their services. The loss of, or a substantial decrease in revenues from, one or more of our top distributors, marketers or brand partners could have a material adverse effect on our business, financial condition, results of operations and cash flows." }, { "status": "MODIFIED", "current_title": "Our inability to protect our systems and data from continually evolving cybersecurity threats or other technological risks could adversely affect our ability to deliver our services; damage our reputation among our customers, card issuers, financial institutions, card networks, partners and cardholders; adversely affect our continued card network registration or membership and financial institution sponsorship; and expose us to penalties, fines, liabilities, legal claims and defense costs.", "prior_title": "Our inability to protect our systems and data from continually evolving cybersecurity risks or other technological risks could affect our reputation among our customers, card issuers, financial institutions, card networks, partners and cardholders, adversely affect our continued card network registration or membership and financial institution sponsorship, and expose us to penalties, fines, liabilities and legal claims.", "similarity_score": 0.914, "confidence": "high", "key_changes": [ "Reworded sentence: \"Some of this information is also processed and stored by financial institutions, merchants and other entities, as well as third-party service providers to whom we outsource certain functions and other agents, such as independent consultants and auditors, which we refer to collectively as our associated third parties.\"", "Reworded sentence: \"Such attempts at unauthorized access can lead, and occasionally have led, to the compromise of sensitive, business, personal or confidential information.\"", "Reworded sentence: \"In addition, we have experienced and may continue to experience errors, interruptions or delays from computer viruses and other malware or vulnerabilities that could infect our systems or those of our associated third parties.\"", "Added sentence: \"We have experienced such incidents in the past, and we cannot guarantee that we will be able to anticipate or detect all attacks or vulnerabilities or implement adequate preventative measures in the future.\"", "Reworded sentence: \"Companies we acquire may require implementation of additional cyber defense methods to align with our standards and, as a result, there may be a period 18 18 18 Table of Contents Table of Contents of heightened risk between the acquisition date and the completion of such implementation.\"" ], "current_body": "In order to provide our services, we process and store sensitive business and personal information, which may include credit and debit card numbers, bank account numbers, social security numbers, driver’s license numbers, names and addresses, and other types of personal information or sensitive business information. Some of this information is also processed and stored by financial institutions, merchants and other entities, as well as third-party service providers to whom we outsource certain functions and other agents, such as independent consultants and auditors, which we refer to collectively as our associated third parties. We may have responsibility to the card networks, financial institutions, regulators, and in some instances, our merchants, ISOs and/or individuals, for our failure or the failure of our associated third parties (as applicable) to protect this information. We are a regular target of malicious third-party attempts to identify and exploit system vulnerabilities, and/or penetrate or bypass our security measures, in order to gain unauthorized access to our networks and systems or those of our associated third parties. Such attempts at unauthorized access can lead, and occasionally have led, to the compromise of sensitive, business, personal or confidential information. To mitigate these risks, we follow a defense-in-depth model for cybersecurity, meaning we proactively seek to employ multiple methods at different layers to defend our systems against intrusion and attack and to protect the data we possess. We have adopted policies and procedures, involving an incident response plan and both the board of directors and management oversight of cybersecurity risks, that we believe are designed to facilitate the identification, assessment and management of those risks including any risks that have the potential to be material. Our information security program establishes technical, physical and administrative controls to maintain the confidentiality, integrity and availability of our information and technical assets. However, we cannot provide any assurance that these cybersecurity risk management processes will be fully complied with or effective and we cannot be certain that these measures or other will always be successful or will always be sufficient to counter, or to rapidly detect, contain, and remediate, all current and emerging technology threats. More particularly, our computer systems and/or our associated third parties’ computer systems have been, and we expect will continue to be, targeted for penetration on a regular basis, and our data protection measures may not prevent unauthorized access. The techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently, are often difficult to detect and continually evolve and become more sophisticated. Threats to our systems and our associated third parties’ systems can derive from human error, fraud or malice on the part of employees or third parties, including state-sponsored organizations with significant financial and technological resources. In addition, we have experienced and may continue to experience errors, interruptions or delays from computer viruses and other malware or vulnerabilities that could infect our systems or those of our associated third parties. Denial of service, ransomware or other attacks could be launched against us for a variety of purposes, including to interfere with our services or create a diversion for other malicious activities. Our defensive measures may not prevent downtime, unauthorized access or use of sensitive data. We have experienced such incidents in the past, and we cannot guarantee that we will be able to anticipate or detect all attacks or vulnerabilities or implement adequate preventative measures in the future. While we maintain first- and third-party insurance coverage that may cover certain aspects of cyber risks, such insurance coverage may be insufficient to cover all losses. Companies we acquire may require implementation of additional cyber defense methods to align with our standards and, as a result, there may be a period 18 18 18 Table of Contents Table of Contents of heightened risk between the acquisition date and the completion of such implementation. Furthermore, certain of our third-party relationships are subject to our vendor management program and are governed by written contracts. We believe we have designed our risk identification, assessment, and management processes and procedures to account for cybersecurity risks associated with our use of third-party service providers; however, we do not control the actions of our associated third parties, and any problems experienced by these third parties, including those resulting from breakdowns or other disruptions in the services provided by such parties or cyberattacks, targeted attacks against our employees and associated third parties and security breaches, could adversely affect our ability to service our customers or otherwise conduct our business. In addition, we impose contractual requirements on our counterparties, including vendors and other third parties, related to the use and security of personal data and other confidential information, along with compliance with applicable privacy and security laws. We cannot provide any assurance that these contractual requirements related to those who have access to this data will be followed or will be adequate to prevent the misuse of this data. We have occasionally received notifications from vendors and other third parties regarding the exposure of or unauthorized access to our data stored on their information systems, and any future misuse or compromise of personal information stored on those systems, or any other failure by a vendor or other third party to abide by our contractual requirements, could expose us to regulatory fines, third-party liability, protracted and costly litigation and, with respect to misuse of the personal information of our customers, lost revenue and reputational harm. Any type of security breach, attack or misuse of data described above or otherwise, whether experienced by us or an associated vendor or other third party, could harm our reputation; deter existing and prospective customers from using our services or from making digital payments generally; increase our operating expenses in order to contain and remediate the incident; expose us to unanticipated or uninsured liability; disrupt our operations (including potential service interruptions); distract our management; increase our risk of litigation or regulatory scrutiny; result in the imposition of penalties and fines under state, federal and foreign laws or by the card networks; and adversely affect our continued card network registration or membership and financial institution sponsorship. Removal from the networks' lists of Payment Card Industry Data Security Standard compliant service providers could mean that existing customers, sales partners or other third parties could cease using or referring others to our services. Also, prospective merchant customers, financial institutions, sales partners or other third parties could choose to terminate negotiations with us, or delay or choose not to consider us for their processing needs. In addition, the card networks could refuse to allow us to process through their networks. Any of the foregoing could adversely affect our business, financial condition or results of operation.", "prior_body": "In order to provide our services, we process and store sensitive business and personal information, which may include credit and debit card numbers, bank account numbers, social security numbers, driver’s license numbers, names and addresses, and other types of personal information or sensitive business information. Some of this information is also processed and stored by financial institutions, merchants and other entities, as well as third-party service providers to whom we outsource certain functions and other agents, which we refer to collectively as our associated third parties. We may have responsibility to the card networks, financial institutions, and in some instances, our merchants, ISOs and/or individuals, for our failure or the failure of our associated third parties (as applicable) to protect this information. We are a regular target of malicious third-party attempts to identify and exploit system vulnerabilities, and/or penetrate or bypass our security measures, in order to gain unauthorized access to our networks and systems or those of our associated third parties. Such access could lead to the compromise of sensitive, business, personal or confidential information. As a result, we follow a defense-in-depth model for cybersecurity, meaning we proactively seek to employ multiple methods at different layers to defend our systems against intrusion and attack and to protect the data we possess. However, we cannot be certain that these measures will be successful or will be sufficient to counter all current and emerging technology threats. Our computer systems and/or our associated third parties’ computer systems have been, and we expect to continue to be, targeted for penetration, and our data protection measures may not prevent unauthorized access. The techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently, are often difficult to detect and continually evolve and become more sophisticated. Threats to our systems and our associated third parties’ systems can derive from human error, fraud or malice on the part of employees or third parties, including state-sponsored organizations with significant financial and technological resources. In addition, we have experienced and may continue to experience errors, interruptions or delays from computer viruses and other malware that could infect our systems or those of our associated third parties. Denial of service, ransomware or other attacks could be launched against us for a variety of purposes, including to interfere with our services or create a diversion for other malicious activities. Our defensive measures may not prevent downtime, unauthorized access or use of sensitive data. While we maintain first- and third-party insurance coverage that may cover certain aspects of cyber risks, such insurance coverage may be insufficient to cover all losses. Companies we acquire may require implementation of additional cyber defense methods to align with our standards and, as a result, there may be a period of increased risk between the acquisition date and the completion of such implementation. Furthermore, certain of our third-party relationships are subject to our vendor management program and governed by written contracts; however, we do not control the actions of our associated third parties, and any problems experienced by these third parties, including those resulting from breakdowns or other disruptions in the services provided by such parties or cyberattacks, targeted attacks against our employees and associated third parties and security breaches, could adversely affect our ability to service our customers or otherwise conduct our business. In addition, we cannot provide assurance that the contractual requirements related to use, security and privacy that we impose on our associated third parties who have access to this data will be followed or will be adequate to prevent the misuse of this data. Any misuse or compromise of personal information or failure to adequately abide by these contractual requirements could result in liability, protracted and costly litigation and, with respect to misuse of personal information of our customers, lost revenue and reputational harm. Any type of security breach, attack or misuse of data described above or otherwise, whether experienced by us or an associated third party, could harm our reputation; deter existing and prospective customers from using our services or from making digital payments generally; increase our operating expenses in order to contain and remediate the incident; expose us to unanticipated or uninsured liability; disrupt our operations (including potential service interruptions); distract our management, increase our risk of litigation or regulatory scrutiny; result in the imposition of penalties and fines under state, federal and 17 17 17 Table of Contents Table of Contents foreign laws or by the card networks, and adversely affect our continued card network registration or membership and financial institution sponsorship. Our removal from the networks' lists of Payment Card Industry Data Security Standard compliant service providers could mean that existing customers, sales partners or other third parties may cease using or referring others to our services. Also, prospective merchant customers, financial institutions, sales partners or other third parties may choose to terminate negotiations with us, or delay or choose not to consider us for their processing needs. In addition, the card networks could refuse to allow us to process through their networks. Any of the foregoing could adversely affect our business, financial condition or results of operation." }, { "status": "MODIFIED", "current_title": "Fraud by merchants or others and losses from overdrawn cardholder accounts could have an adverse effect on our financial condition, results of operations and cash flows.", "prior_title": "Fraud by merchants or others and losses from overdrawn cardholder accounts could have an adverse effect on our financial condition, results of operations and cash flows.", "similarity_score": 0.911, "confidence": "high", "key_changes": [ "Reworded sentence: \"We have potential liability for fraudulent digital payment transactions or credits initiated by merchants or others.\"", "Removed sentence: \"Additionally, the COVID-19 pandemic, as well as macroeconomic conditions such as rising inflation and higher costs for labor and supplies, have negatively affected or may continue to affect the financial viability and operations of certain merchants.\"" ], "current_body": "We have potential liability for fraudulent digital payment transactions or credits initiated by merchants or others. Criminals are using increasingly sophisticated methods to engage in illegal activities such as counterfeiting and fraud. Failure to effectively manage risk and prevent fraud could increase our chargeback losses or cause us to incur other liabilities. It is possible that incidents of fraud could increase in the future. Increases in chargebacks or other liabilities could have a material adverse effect on our financial condition, results of operations and cash flows. The accompanying consolidated financial statements reflect management’s estimates and assumptions related to allowances for transaction and credit losses utilizing the most currently available information. Actual losses could differ materially from those estimates.", "prior_body": "We have potential liability for fraudulent digital payment transactions or credits initiated by merchants or others, and our prepaid card programs expose us to threats involving the misuse of cards, collusion, fraud and identity theft. Criminals are using increasingly sophisticated methods to engage in illegal activities such as counterfeiting and fraud. Failure to effectively manage risk and prevent fraud could increase our chargeback losses or cause us to incur other liabilities. It is possible that incidents of fraud could increase in the future. Increases in chargebacks or other liabilities could have a material adverse effect on our financial condition, results of operations and cash flows. Additionally, the COVID-19 pandemic, as well as macroeconomic conditions such as rising inflation and higher costs for labor and supplies, have negatively affected or may continue to affect the financial viability and operations of certain merchants. The accompanying consolidated financial statements reflect management’s estimates and assumptions related to allowances for transaction and credit losses utilizing the most currently available information. Actual losses could differ materially from those estimates." }, { "status": "MODIFIED", "current_title": "New or revised tax regulations, unfavorable resolution of tax contingencies or changes to enacted tax rates could adversely affect our tax expense.", "prior_title": "New or revised tax regulations, unfavorable resolution of tax contingencies or changes to enacted tax rates could adversely affect our tax expense.", "similarity_score": 0.883, "confidence": "high", "key_changes": [ "Reworded sentence: \"In December 2022, the EU Member States formally adopted the EU’s Pillar Two Directive, which generally provides for a minimum effective tax rate of 15%, as established by the Organization for Economic Co-operation and Development Pillar Two Framework.\"", "Reworded sentence: \"While we believe that the liabilities are adequate to cover reasonably expected tax risks, there can be no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial amount not significantly more than any related liability on the balance sheet.\"" ], "current_body": "Changes in tax laws or their interpretations could result in changes to enacted tax rates and may require complex computations to be performed that were not previously required, significant judgments to be made in interpretation of the new or revised tax regulations and significant estimates in calculations, as well as the preparation and analysis of information not previously relevant or regularly produced. Future changes in enacted tax rates could negatively affect our results of operations. In December 2022, the EU Member States formally adopted the EU’s Pillar Two Directive, which generally provides for a minimum effective tax rate of 15%, as established by the Organization for Economic Co-operation and Development Pillar Two Framework. The EU effective dates are January 1, 2024, and January 1, 2025, for different aspects of the directive. A significant number of other countries are expected to implement similar legislation with varying effective dates in the future. We are continuing to evaluate the potential effect on future periods of the Pillar Two Framework, pending legislative adoption by additional individual countries; however, we do not expect the directive to have a material effect on our financial condition or results of operations. Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby negatively affecting our results of operations and cash flows. We have recognized estimated liabilities on the balance sheet for material known tax exposures relating to deductions, transactions and other matters involving some uncertainty as to the proper tax treatment of the item. These liabilities reflect what we believe to be reasonable assumptions as to the likely final resolution of each issue if raised by a taxing authority. While we believe that the liabilities are adequate to cover reasonably expected tax risks, there can be no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial amount not significantly more than any related liability on the balance sheet.", "prior_body": "Changes in tax laws or their interpretations could result in changes to enacted tax rates and may require complex computations to be performed that were not previously required, significant judgments to be made in interpretation of the new or revised tax regulations and significant estimates in calculations, as well as the preparation and analysis of information not previously relevant or regularly produced. Future changes in enacted tax rates could negatively affect our results of operations. In August 2022, the Inflation Reduction Act of 2022 was signed into law. This law, among other things, provides for a corporate alternative minimum tax on adjusted financial statement income (effective for us in 2023), and an excise tax on corporate stock repurchases (effective for our share repurchases after December 31, 2022), and we are continuing to evaluate the effect it may have on our financial condition and results of operations. Future changes in enacted tax rates could negatively affect our results of operations. Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby negatively affecting our results of operations and cash flows. We have recognized estimated liabilities on the balance sheet for material known tax exposures relating to deductions, transactions and other matters involving some uncertainty as to the proper tax treatment of the item. These liabilities reflect what we believe to be reasonable assumptions as to the likely final resolution of each issue if raised by a taxing authority. While we believe that the liabilities are adequate to cover reasonably expected tax risks, there can be no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial amount no more than any related liability." }, { "status": "MODIFIED", "current_title": "We are subject to economic and geopolitical risk, health and social events or conditions, the business cycles and credit risk of our customers and the overall level of consumer, business and government spending, which could negatively affect our business, financial condition, results of operations and cash flows.", "prior_title": "We are subject to economic and geopolitical risk, health and social events or conditions, the business cycles and credit risk of our customers and the overall level of consumer, business and government spending, which could negatively affect our business, financial condition, results of operations and cash flows.", "similarity_score": 0.873, "confidence": "high", "key_changes": [ "Reworded sentence: \"We are exposed to general economic conditions, including but not limited to, recessions, inflation, rising interest rates, high unemployment, currency fluctuations, and rising energy prices, that affect consumer confidence, discretionary income and changes in consumer purchasing and spending habits.\"", "Reworded sentence: \"When such conditions arise, we evaluate where we may be able to implement cost-saving measures, including those related to headcount and discretionary expenses.\"", "Reworded sentence: \"In most markets, we collect our fees from our merchants on the first day after the monthly billing period, which results in the build-up of substantial receivable from our customers.\"", "Reworded sentence: \"In addition, our business, growth, financial condition or results of operations could be materially adversely affected by public health emergencies, such as the COVID-19 pandemic, political and economic instability or changes in a country’s or region’s economic conditions, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, increased difficulty of conducting business in a country or region due to actual or potential political or military conflict or action by the United States or foreign governments that may restrict our ability to transact business in a foreign country or with certain foreign individuals or entities.\"" ], "current_body": "The global payments technology industry depends heavily on the overall level of consumer, business and government spending. We are exposed to general economic conditions, including but not limited to, recessions, inflation, rising interest rates, high unemployment, currency fluctuations, and rising energy prices, that affect consumer confidence, discretionary income and changes in consumer purchasing and spending habits. Adverse economic conditions have at times affected and may continue to negatively affect our financial performance by reducing the number or average purchase amount of transactions made using digital payments. A reduction in the amount of consumer spending could result in a decrease in our revenues and profits. If our merchants make fewer sales to consumers using digital payments, or consumers using digital payments spend less per transaction, we will have fewer transactions to process or lower transaction amounts, each of which would contribute to lower revenues. Additionally, credit card issuers may reduce credit limits and become more selective in their card issuance practices. When such conditions arise, we evaluate where we may be able to implement cost-saving measures, including those related to headcount and discretionary expenses. While economic conditions have shown moderate improvement in recent months, any of these developments could have a material adverse effect on our financial condition and results of operations. Adverse macroeconomic conditions in any of our markets could force merchants, financial institutions or other customers to cease operations or petition for bankruptcy protection, resulting in lower revenue and earnings for us and greater exposure to potential credit losses and future transaction declines. We also have a certain amount of fixed costs, including rent, debt service, and salaries, which could limit our ability to quickly adjust costs and respond to changes in our business and the economy. Changes in economic conditions could also adversely affect our future revenues and profits and have a materially adverse effect on our business, financial condition, results of operations and cash flows. In most markets, we collect our fees from our merchants on the first day after the monthly billing period, which results in the build-up of substantial receivable from our customers. If a merchant were to go out of business during the billing period, we may be unable to collect such fees, which could negatively affect our business, financial condition, results of operations and cash flows. In addition, our business, growth, financial condition or results of operations could be materially adversely affected by public health emergencies, such as the COVID-19 pandemic, political and economic instability or changes in a country’s or region’s economic conditions, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, increased difficulty of conducting business in a country or region due to actual or potential political or military conflict or action by the United States or foreign governments that may restrict our ability to transact business in a foreign country or with certain foreign individuals or entities. Risks associated with heightened geopolitical and economic instability, include among others, reduction in consumer, government or corporate spending, international sanctions, embargoes, heightened inflation and actions taken by central banks to counter inflation, volatility in global financial markets, increased cyber disruptions or attacks, higher supply chain costs and increased tensions between countries in which we may operate, which could result in charges related to the recoverability of assets, including financial assets, long-lived assets and goodwill, and other losses, and could adversely affect our financial condition and results of operations. Climate-related events, including extreme weather events and natural disasters and their effects on critical infrastructure in the U.S. or internationally, could have adverse effects on our operations, customers or third-party suppliers. Furthermore, our shareholders, customers and other stakeholders have begun to consider how corporations are addressing sustainability matters, which include environmental and corporate responsibility issues. Government regulators, investors, customers and the general public are increasingly focused on sustainability practices and disclosures, and views on this topic are diverse and rapidly changing. These shifts in investing priorities may result in adverse effects on the trading price of the Company's common stock if investors determine that the Company has not made sufficient progress on sustainability matters. Furthermore, developing and acting on these initiatives, and collecting, measuring and reporting related information and metrics can be costly, difficult and time consuming, and are subject to evolving reporting standards and/or contractual obligations. The standards and laws by which sustainability efforts are tracked and measured are in many cases new, have not been harmonized, and continue to evolve. We could also face potential negative sustainability related publicity in traditional media or social media if shareholders or other stakeholders determine that we have not adequately considered or addressed sustainability and governance matters. We have been the recipient of proposals from shareholders to promote their corporate responsibility positions, and we may receive 29 29 29 Table of Contents Table of Contents other such proposals in the future. Such proposals may not be in the long-term interests of the Company or our shareholders and may divert management’s attention away from operational matters or create the impression that our practices are inadequate.", "prior_body": "The global payments technology industry depends heavily on the overall level of consumer, business and government spending. We are exposed to general economic conditions, including but not limited to, recessions, inflation, rising interest rates, high unemployment, currency fluctuations, and rising energy prices, that affect consumer confidence, spending, and discretionary income and changes in consumer purchasing habits. Adverse economic conditions may negatively affect our financial performance by reducing the number or average purchase amount of transactions made using digital payments. A reduction in the amount of consumer spending could result in a decrease in our revenues and profits. If our merchants make fewer sales to consumers using digital payments, or consumers using digital payments spend less per transaction, we will have fewer transactions to process or lower transaction amounts, each of which would contribute to lower revenues. Additionally, credit card issuers may reduce credit limits and become more selective in their card issuance practices. Any of these developments could have a material adverse effect on our financial condition and results of operations. Adverse macroeconomic conditions in any of our markets could force merchants, financial institutions or other customers to close or petition for bankruptcy protection, resulting in lower revenue and earnings for us and greater exposure to potential credit losses and future transaction declines. We also have a certain amount of fixed costs, including rent, debt service, and salaries, which could limit our ability to quickly adjust costs and respond to changes in our business and the economy. Changes in economic conditions could also adversely affect our future revenues and profits and have a materially adverse effect on our business, financial condition, results of operations and cash flows. Credit losses arise from the fact that, in most markets, we collect our fees from our merchants on the first day after the monthly billing period. This results in the build-up of a substantial receivable from our customers. If a merchant were to go out of business during the billing period, we may be unable to collect such fees, which could negatively affect our business, financial condition, results of operations and cash flows. In addition, our business, growth, financial condition or results of operations could be materially adversely affected by outbreaks of illnesses, pandemics like COVID-19 or other political and economic instability or changes in a country’s or region’s economic conditions, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, increased difficulty of conducting business in a country or region due to actual or potential political or military conflict or action by the United States or foreign governments that may restrict our ability to transact business in a foreign country or with certain foreign individuals or entities. Although the immediate effects of the COVID-19 pandemic have been assessed, the long-term effects of the COVID-19 pandemic on our business, results of operations, financial condition and cash flows will depend on future developments, which are highly uncertain and are difficult to predict at this time. Such developments include, but are not limited to, the effectiveness of preventative measures implemented to help limit the spread of the virus, including vaccine administration rates and efficacy, emergence of new virus variants and new waves of infection and the direction or extent of future restrictive actions that may be imposed by governments or public health authorities. The COVID-19 pandemic caused an economic slowdown in the U.S. and other markets in which we operate. It may also continue to affect financial markets and corporate credit markets which could adversely affect our access to financing or the terms of any such financing. Moreover, the global macroeconomic effects of the pandemic may persist for an indefinite period, even after the pandemic has subsided. Risks associated with heightened geopolitical and economic instability, such as those resulting from the invasion of Ukraine by Russia, include among others, reduction in consumer, government or corporate spending, international sanctions, embargoes, heightened inflation and actions taken by central banks to counter inflation, volatility in global financial markets, increased cyber disruptions or attacks, higher supply chain costs and increased tensions between the United States and countries in which we operate, which could result in charges related to the recoverability of assets, including financial assets, long-lived assets and goodwill and other losses, and could adversely affect our financial condition and results of operations. Climate-related events, including extreme weather events and natural disasters and their effect on critical infrastructure in the U.S. or internationally, could have similar adverse effects on our operations, customers or third-party suppliers. Furthermore, our shareholders, customers and other stakeholders have begun to consider how corporations are addressing environmental, social and governance (\"ESG\") issues. Government regulators, investors, customers and the general public are increasingly focused on ESG practices and disclosures, and views about ESG are diverse and rapidly changing. These shifts in investing priorities may result in adverse effects on the trading price of the Company's common stock if investors determine that the Company has not made sufficient progress on ESG matters. Furthermore, developing and acting on initiatives within the scope of ESG, and collecting, measuring and reporting ESG-related information and metrics can be costly, difficult and time 28 28 28 Table of Contents Table of Contents consuming, and are subject to evolving reporting standards and/or contractual obligations. We could also face potential negative ESG-related publicity in traditional media or social media if shareholders or other stakeholders determine that we have not adequately considered or addressed ESG matters. We have been the recipient of proposals from shareholders to promote their governance positions. Shareholders are increasingly submitting proposals related to a variety of ESG issues to public companies, and we may receive other such proposals in the future. Such proposals may not be in the long-term interests of the Company or our stockholders and may divert management’s attention away from operational matters or create the impression that our practices are inadequate." }, { "status": "MODIFIED", "current_title": "Increased merchant, referral partner, ISO or payment facilitator attrition could cause our financial results to decline.", "prior_title": "Increased merchant, referral partner or ISO attrition could cause our financial results to decline.", "similarity_score": 0.857, "confidence": "high", "key_changes": [ "Reworded sentence: \"If a referral partner switches to another transaction processor, terminates our services, internalizes payment processing functions that we perform, merges with or is acquired by one of our competitors, or shuts down or becomes insolvent, we may no longer receive new merchant referrals from such referral partner, and we risk losing existing merchants that were originally enrolled by the referral partner.\"", "Added sentence: \"21 21 21 Table of Contents Table of Contents\"" ], "current_body": "We experience attrition in merchant credit and debit card processing volume resulting from several factors, including merchant closures, loss of merchant accounts to our competitors, unsuccessful contract renewal negotiations and account closures that we initiate for various reasons, such as heightened credit risks or contract breaches by merchants. Our referral partners are a significant source of new business. If a referral partner switches to another transaction processor, terminates our services, internalizes payment processing functions that we perform, merges with or is acquired by one of our competitors, or shuts down or becomes insolvent, we may no longer receive new merchant referrals from such referral partner, and we risk losing existing merchants that were originally enrolled by the referral partner. We cannot predict the level of attrition in the future and it could increase. Higher than expected attrition could negatively affect our results, which could have a material adverse effect on our business, financial condition, results of operations and cash flows. 21 21 21 Table of Contents Table of Contents", "prior_body": "We experience attrition in merchant credit and debit card processing volume resulting from several factors, including merchant closures, loss of merchant accounts to our competitors, unsuccessful contract renewal negotiations and account closures that we initiate for various reasons, such as heightened credit risks or contract breaches by merchants. Our referral partners are a significant source of new business. If a referral partner or an ISO switches to another transaction processor, terminates our services, internalizes payment processing functions that we perform, merges with or is acquired by one of our competitors, or shuts down or becomes insolvent, we may no longer receive new merchant referrals from such referral partner, and we risk losing existing merchants that were originally enrolled by the referral partner or ISO. We cannot predict the level of attrition in the future and it could increase. Higher than expected attrition could negatively affect our results, which could have a material adverse effect on our business, financial condition, results of operations and cash flows." }, { "status": "MODIFIED", "current_title": "Our business is subject to government regulation and oversight. Any new implementation of or changes made to laws, regulations or other industry standards affecting our business in any of the geographic regions in which we operate may require significant development and compliance efforts or have an unfavorable effect on our ability to continue to offer certain services, or on our financial results and our cash flows.", "prior_title": "Our business is subject to government regulation and oversight. Any new implementation of or changes made to laws, regulations or other industry standards affecting our business in any of the geographic regions in which we operate may require significant development efforts or have an unfavorable effect on our financial results and our cash flows.", "similarity_score": 0.851, "confidence": "high", "key_changes": [ "Reworded sentence: \"Regulation and proposed regulation of the payments industry have continued to increase significantly in recent years.\"", "Reworded sentence: \"The Dodd-Frank Act also created the CFPB, which has responsibility for enforcing federal consumer protection laws, and the Financial Stability Oversight Council, which has the authority to determine whether any nonbank financial company, like us, should be supervised by the Board of Governors of the Federal Reserve on the ground that it is \"systemically important\" to the U.S.\"", "Reworded sentence: \"More generally, all persons engaged in commerce, including, but not limited to, us and our merchant and financial institution customers, are subject to Section 5 of the FTC Act prohibiting unfair or deceptive acts or practices (\"UDAP\").\"", "Reworded sentence: \"Various federal and state regulatory enforcement agencies, including the FTC, the CFPB and the states’ attorneys general, may seek to take action against nonbanks that engage in UDAP or violate other laws, rules or regulations and, to the extent we are in violation of these laws, rules or regulations or are processing payments for a merchant that may be in violation of these laws, rules or regulations, we may be subject to enforcement actions and as a result may incur losses and liabilities.\"", "Reworded sentence: \"The effect of the regulations could be detrimental to our financial condition.\"" ], "current_body": "As a payments technology company, our business is affected by laws and complex regulations and examinations that affect us and our industry in the countries in which we operate. Regulation and proposed regulation of the payments industry have continued to increase significantly in recent years. Failure to comply with regulations or guidelines may result in the suspension or revocation of a license or registration, the limitation, suspension or termination of service, and the imposition of civil and criminal penalties, including fines, or may cause customers or potential customers to be reluctant to do business with us, any of which could have an adverse effect on our financial condition. 24 24 24 Table of Contents Table of Contents Interchange fees are subject to intense legal, regulatory and legislative scrutiny worldwide. For instance, the Dodd-Frank Act restricts the amounts of debit card fees that certain issuing institutions can charge merchants and allows merchants to set minimum amounts for the acceptance of credit cards and to offer discounts for different payment methods. These types of restrictions could negatively affect the number of debit transactions, which would adversely affect our business. The Dodd-Frank Act also created the CFPB, which has responsibility for enforcing federal consumer protection laws, and the Financial Stability Oversight Council, which has the authority to determine whether any nonbank financial company, like us, should be supervised by the Board of Governors of the Federal Reserve on the ground that it is \"systemically important\" to the U.S. financial system. Any such designation would result in increased regulatory burdens on our business, which increases our risk profile and may have an adverse effect on our business, financial condition, results of operations and cash flows. Because we directly or indirectly offer or provide financial services to consumers, we are subject to prohibitions against unfair, deceptive, or abusive acts or practices under the Dodd-Frank Act. More generally, all persons engaged in commerce, including, but not limited to, us and our merchant and financial institution customers, are subject to Section 5 of the FTC Act prohibiting unfair or deceptive acts or practices (\"UDAP\"). We also have businesses that are subject to credit reporting and debt collection laws and regulations in the U.S. Various federal and state regulatory enforcement agencies, including the FTC, the CFPB and the states’ attorneys general, may seek to take action against nonbanks that engage in UDAP or violate other laws, rules or regulations and, to the extent we are in violation of these laws, rules or regulations or are processing payments for a merchant that may be in violation of these laws, rules or regulations, we may be subject to enforcement actions and as a result may incur losses and liabilities. We are also subject to examination by the FFIEC as a result of our provision of data processing services to financial institutions. As the regulatory environment remains unpredictable and subject to rapid change, new obligations could increase the cost and complexity of compliance. Evolving regulations also increase the risk of investigations, fines, nonmonetary penalties and litigation. Because of our services in relation to the banking industry, much of our business is obligated, either under law or via contracts with our customers, to comply with anti-money laundering regulations. Noncompliance with these regulations could lead to substantial regulatory fines and penalties or damages from private causes of action. The effect of the regulations could be detrimental to our financial condition. In addition, we and our sponsor financial institutions are subject to the laws and regulations enforced by the Office of Foreign Assets Control, which prohibit U.S. persons from engaging in transactions with certain prohibited persons or entities. Similar requirements apply in other countries. Furthermore, certain of our businesses are regulated as money transmitters or otherwise require licensing in one or more states or jurisdictions, subjecting us to various licensing, supervisory and other requirements. Continuing developments in privacy and data protection regulation globally, combined with the rapid pace of technology innovation, have created risks and operational challenges for many of our business activities as described in \"Item 1 - Business.\" It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our data privacy practices or operations model, which could result in potential liability for fines, damages or a need to incur substantial costs to modify our operations. Compliance with these laws and regulations can be costly and time consuming, adding a layer of complexity to business practices and innovation. As with other regulatory schemes, our failure to comply could result in public or private enforcement action and accompanying litigation costs, losses, fines and penalties, which could adversely affect our business, financial condition, results of operations and cash flows. In addition, U.S. banking agencies and the SEC have adopted or proposed enhanced cyber risk management standards that could apply to us and our financial institution clients and that would address cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. Several states and foreign countries also have adopted or proposed new privacy and cybersecurity laws targeting these issues. Legislation and regulations on cybersecurity, data privacy and data localization may compel us to enhance or modify our systems, invest in new systems or alter our business practices or our policies on data governance and privacy. If any of these outcomes were to occur, our operational costs could increase significantly. The rise in the use of generative artificial intelligence has dramatically altered the corporate landscape. Incorporating artificial intelligence, including machine learning technologies, into our businesses presents numerous risks and uncertainties. Furthermore, the global regulatory framework has not kept pace with the rapid developments in the generative artificial intelligence technology field, creating uncertainties regarding compliance with upcoming laws and regulations. Beyond legal considerations in the development and deployment of these models there exists an ethical consideration given the potential risk of generating misleading or harmful content. The unpredictable nature of outputs further amplifies this risk, potentially leading to unintended consequences and biases. Additionally, the absence of clear requirements pertaining to explainability and the data used to train these models, introduces the risk of intellectual property disputes, including the inability to protect or potential infringement claims regarding the artificially generated content. We are exploring opportunities to expand our portfolio with artificial intelligence capabilities to strengthen our market position, amplify our teams' capabilities, and enhance our customers' 25 25 25 Table of Contents Table of Contents experiences. If we are unsuccessful in doing so, we may have a competitive disadvantage in developing new products and operating our business and our customers may prefer different solutions. Changes to legal rules and regulations, or interpretation or enforcement thereof, even if not directed at us, may require significant efforts to change our systems and services and may require changes to how we price our services to customers, adversely affecting our business. Even an inadvertent failure to comply with laws and regulations, as well as rapidly evolving social expectations of corporate fairness, could damage our business or our reputation. As varying or conflicting regulations come into existence across the jurisdictions in which we operate, we may have difficulty aligning our operations to comply with all applicable laws.", "prior_body": "As a payments technology company, our business is affected by laws and complex regulations and examinations that affect us and our industry in the countries in which we operate. Regulation and proposed regulation of the payments industry have increased significantly in recent years. Failure to comply with regulations or guidelines may result in the suspension or revocation of a license or registration, the limitation, suspension or termination of service, and the imposition of civil and 23 23 23 Table of Contents Table of Contents criminal penalties, including fines, or may cause customers or potential customers to be reluctant to do business with us, any of which could have an adverse effect on our financial condition. Interchange fees are subject to intense legal, regulatory and legislative scrutiny worldwide. For instance, the Dodd-Frank Act restricts the amounts of debit card fees that certain issuing institutions can charge merchants and allows merchants to set minimum amounts for the acceptance of credit cards and to offer discounts for different payment methods. These types of restrictions could negatively affect the number of debit transactions, which would adversely affect our business. The Dodd-Frank Act also created the CFPB, which has responsibility for enforcing federal consumer protection laws, and the Financial Stability Oversight Council, which has the authority to determine whether any nonbank financial company, such as us, should be supervised by the Board of Governors of the Federal Reserve on the ground that it is \"systemically important\" to the U.S. financial system. Any such designation would result in increased regulatory burdens on our business, which increases our risk profile and may have an adverse effect on our business, financial condition, results of operations and cash flows. Because we directly or indirectly offer or provide financial services to consumers, we are subject to prohibitions against unfair, deceptive, or abusive acts or practices under the Dodd-Frank Act. More generally, all persons engaged in commerce, including, but not limited to, us and our merchant and financial institution customers, are subject to Section 5 of the Federal Trade Commission (\"FTC\") Act prohibiting unfair or deceptive acts or practices (\"UDAP\"). We also have businesses that are subject to credit reporting and debt collection laws and regulations in the U.S. Various federal and state regulatory enforcement agencies, including the FTC, the CFPB and the states’ attorneys general, may seek to take action against nonbanks that engage in UDAP or violate other laws, rules or regulations and, to the extent we are in violation of these laws, rules or regulations or processing payments for a merchant that may be in violation of these laws, rules or regulations, we may be subject to enforcement actions and as a result may incur losses and liabilities. Continuing developments in privacy and data protection regulation globally, combined with the rapid pace of technology innovation, have created risks and operational challenges for many of our business activities as described in \"Item 1 - Business.\" As the regulatory environment remains unpredictable and subject to rapid change, new obligations could increase the cost and complexity of compliance. Evolving regulations also increase the risk of investigations, fines, non-monetary penalties, and litigation. Much of our business is obligated, either under law or via contracts with our customers, to comply with anti-money laundering regulations. Noncompliance with these regulations could lead to substantial regulatory fines and penalties or damages from private causes of action. The effect of the regulations could harm our business and financial condition. In addition, we and our sponsor financial institutions are subject to the laws and regulations enforced by the Office of Foreign Assets Control, which prohibit U.S. persons from engaging in transactions with certain prohibited persons or entities. Similar requirements apply in other countries. Furthermore, certain of our businesses are regulated as money transmitters or otherwise require licensing in one or more states or jurisdictions, subjecting us to various licensing, supervisory and other requirements. We are also subject to examination by the Federal Banking Agencies as a result of our provision of data processing services to financial institutions. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our data privacy practices or operations model, which could result in potential liability for fines, damages or a need to incur substantial costs to modify our operations. Compliance with these laws and regulations can be costly and time consuming, adding a layer of complexity to business practices and innovation. As with other regulatory schemes, our failure to comply could result in public or private enforcement action and accompanying litigation costs, losses, fines and penalties, which could adversely affect our business, financial condition, results of operations and cash flows. With respect to our Consumer Solutions segment, because each distributor offers prepaid cards, reload services and/or money remittance services as an agent of Consumer Solutions, or another third party, we do not believe that the distributors themselves are required to become licensed as money transmitters in order to engage in such activity. However, there is a risk that a federal or state regulator will take a contrary position and initiate enforcement or other proceedings against a distributor, us, our issuing banks or our other service providers. If we are unsuccessful in making a persuasive argument that a distributor should not be subject to such licensing requirements, it could result in the imposition of fines, the suspension of the distributor’s ability to offer some or all of our related services in the relevant jurisdiction, civil liability and criminal liability, each of which could negatively affect our financial condition and results of operations. Furthermore, if the federal government or one or more state governments impose additional legislative or regulatory requirements on our Consumer Solutions segment, the issuing banks or the distributors, or prohibit or limit the activities of our Consumer Solutions segment as currently conducted, we may be required to modify or terminate some or all of our Consumer Solutions services offered in the relevant jurisdiction or certain of the issuing banks may terminate their relationship with us. Moreover, as a number of our Consumer Solutions distributors are engaged in offering payday, title and/or installment loans, current and future legislative and regulatory restrictions that negatively affect their ability to continue their operations could have a corresponding negative effect on our revenue and 24 24 24 Table of Contents Table of Contents earnings from these relationships, potentially resulting in a significant decline in revenue from the Consumer Solutions segment. Changes to legal rules and regulations, or interpretation or enforcement thereof, even if not directed at us, may require significant efforts to change our systems and services and may require changes to how we price our services to customers, adversely affecting our business. Even an inadvertent failure to comply with laws and regulations, as well as rapidly evolving social expectations of corporate fairness, could damage our business or our reputation. If varying or conflicting regulations come into existence across the jurisdictions in which we operate, we may have difficulty aligning our operations to comply with all applicable laws." }, { "status": "MODIFIED", "current_title": "Software and hardware defects, failures, undetected errors, and development delays could affect our ability to deliver our services, damage customer relations, expose us to liability and have an adverse effect on our business, financial condition and results of operations.", "prior_title": "Software defects, undetected errors, and development delays could damage customer relations, expose us to liability and have an adverse effect on our business, financial condition and results of operations.", "similarity_score": 0.755, "confidence": "high", "key_changes": [ "Reworded sentence: \"Our core services are based on software and computing systems that may encounter development delays, and the underlying software may contain undetected errors, viruses, defects or vulnerabilities.\"" ], "current_body": "Our core services are based on software and computing systems that may encounter development delays, and the underlying software may contain undetected errors, viruses, defects or vulnerabilities. The hardware infrastructure on which our systems run may have a faulty component or fail. Defects in our software services, underlying hardware, or errors or delays in our processing of digital transactions could result in additional development costs, diversion of technical and other resources from our other development efforts, and could result in loss of credibility with current or potential customers, harm to our reputation and exposure to liability claims. In instances in which we rely on third-party software, our services are occasionally affected by defects, viruses, vulnerabilities, security incidents or other failures that take place at the vendor level. Depending on the circumstances, a vendor failure could cause delays, disruption or data loss or damage, and therefore cause harm to our credibility, reputation or financial condition. In addition, our insurance may not be adequate to compensate us for all losses or failures that may occur.", "prior_body": "Our core services are based on software and computing systems that often encounter development delays, and the underlying software may contain undetected errors, viruses or defects. Defects in our software services or errors or delays in our processing of digital transactions could result in additional development costs, diversion of technical and other resources from our other development efforts, loss of credibility with current or potential customers, harm to our reputation and exposure to liability claims. In instances in which we rely on third-party software in conjunction with any disaster recovery functions, we could be adversely affected by the vendor’s unresponsiveness or other failures. We rely on technologies and software supplied by third parties that may also contain undetected errors, viruses or defects that could have a material adverse effect on our business, financial condition and results of operations. In addition, our insurance may not be adequate to compensate us for all losses or failures that may occur." }, { "status": "UNCHANGED", "current_title": "Consolidation among financial institutions or among retail customers, including the merger of our customers with entities that are not our customers or the sale of portfolios by our customers to entities that are not our customers, could materially affect our financial condition, results of operations and cash flows.", "prior_title": "Consolidation among financial institutions or among retail customers, including the merger of our customers with entities that are not our customers or the sale of portfolios by our customers to entities that are not our customers, could materially affect our financial condition, results of operations and cash flows.", "current_body": "Consolidation among financial institutions, particularly in the area of credit card operations, and consolidation in the retail industry, is a risk that could negatively affect our existing customer agreements and future revenues. In addition, consolidation among financial institutions has led to an increasingly concentrated customer base, which results in a changing mix toward larger customers. Continued consolidation among financial institutions could increase the bargaining power of our current and future customers and further increase our customer concentration. Consolidation among financial institutions and retail customers and the resulting loss of any significant number of customers by us could have a material adverse effect on our financial condition, results of operations and cash flows." }, { "status": "UNCHANGED", "current_title": "Increases in card network fees may result in the loss of customers and/or a reduction in our earnings.", "prior_title": "Increases in card network fees may result in the loss of customers and/or a reduction in our earnings.", "current_body": "From time-to-time, the card networks, including Visa and Mastercard, increase the fees that they charge processors. We often pass these increases along to our merchant customers; however, if merchants do not accept these increases, this strategy might result in the loss of customers to our competitors, thereby reducing our revenues and earnings. If competitive practices prevent us from passing along the higher fees to our merchant customers in the future, we may have to absorb all or a portion of such increases, thereby reducing our earnings." }, { "status": "UNCHANGED", "current_title": "Our risk management policies and procedures may not be fully effective in mitigating our risk exposure in all market environments or against all types of risk.", "prior_title": "Our risk management policies and procedures may not be fully effective in mitigating our risk exposure in all market environments or against all types of risk.", "current_body": "We operate in a rapidly changing industry. Accordingly, our risk management policies and procedures may not be fully effective to identify, monitor and manage our risks. If our policies and procedures are not fully effective or if we are not always successful in identifying and mitigating all risks to which we are or may become exposed, we may suffer uninsured liability, harm to our reputation or be subject to litigation or regulatory actions that could have a material adverse effect on our business, financial condition, results of operations and cash flows." }, { "status": "UNCHANGED", "current_title": "We rely on various financial institutions to provide clearing services in connection with our settlement activities. If we are unable to maintain clearing services with these financial institutions and are unable to find a replacement, our business may be adversely affected.", "prior_title": "We rely on various financial institutions to provide clearing services in connection with our settlement activities. If we are unable to maintain clearing services with these financial institutions and are unable to find a replacement, our business may be adversely affected.", "current_body": "We rely on various financial institutions to provide clearing services in connection with our settlement activities. If such financial institutions should stop providing clearing services, we would have to find other financial institutions to provide those services. If we were unable to find a replacement financial institution we may no longer be able to provide processing services to certain customers, which could negatively affect our financial condition, results of operations and cash flows." }, { "status": "UNCHANGED", "current_title": "If we lose key personnel or are unable to attract and hire additional qualified personnel as we grow, our business could be adversely affected.", "prior_title": "If we lose key personnel or are unable to attract and hire additional qualified personnel as we grow, our business could be adversely affected.", "current_body": "All of our businesses function at the intersection of rapidly changing technological, social, economic and regulatory developments that require a wide ranging set of expertise and intellectual capital. To successfully compete and grow, we must recruit, develop, retain and motivate personnel who can provide the needed expertise across the entire spectrum of intellectual capital needs. In addition, we must develop our personnel to fulfill succession plans capable of maintaining continuity in the midst of the inevitable unpredictability of human capital. However, the market for qualified personnel is extremely competitive, and we may not succeed in recruiting additional personnel or may fail to effectively replace current personnel who depart with qualified or effective successors. We cannot be assured that key personnel, including executive officers, will continue to be employed or that we will be able to attract and retain qualified personnel in the future. Failure to retain, develop or attract key personnel could disrupt our operations and adversely affect our business and future success, which could have a material adverse effect on our business, financial condition, results of operations and cash flows." }, { "status": "UNCHANGED", "current_title": "We may not be able to raise additional funds to finance our future capital needs.", "prior_title": "We may not be able to raise additional funds to finance our future capital needs.", "current_body": "We may need to raise additional funds to finance our future capital needs, including developing new services and technologies or to fund future acquisitions or operating needs. If we raise additional funds through the sale of equity securities, these transactions may dilute the value of our outstanding common stock. We may also decide to issue securities, including debt securities that have rights, preferences and privileges senior to our common stock. We may not be able to raise additional funds on terms favorable to us or at all. If financing is not available or is not available on acceptable terms, we may be unable to fund our future needs. This may prevent us from increasing our market share, capitalizing on new business opportunities or remaining competitive in our industry. In addition, adverse economic conditions or any downgrades in our credit ratings could affect our ability to obtain additional financing in the future and could negatively affect the terms of any such financing." }, { "status": "UNCHANGED", "current_title": "We incur chargeback losses when our merchants refuse or cannot reimburse us for chargebacks resolved in favor of their customers. Any increase in chargebacks not paid by our merchants could adversely affect our business, financial condition, results of operations and cash flows.", "prior_title": "We incur chargeback losses when our merchants refuse or cannot reimburse us for chargebacks resolved in favor of their customers. Any increase in chargebacks not paid by our merchants could adversely affect our business, financial condition, results of operations and cash flows.", "current_body": "In the event a dispute between a cardholder and a merchant is not resolved in favor of the merchant, the transaction is normally charged back to the merchant and the purchase price is credited or otherwise refunded to the cardholder. If we are unable to collect such amounts from the merchant's account or reserve account (if applicable), or if the merchant refuses or is unable, due to closure, bankruptcy or other reasons, to reimburse us for a chargeback, we may bear the loss for the amount of the refund paid to the cardholder. The risk of chargebacks is typically greater with those merchants that promise future delivery of goods and services rather than delivering goods or rendering services at the time of payment. We may experience significant losses from chargebacks in the future. Any increase in chargebacks not paid by our merchants could have a material adverse effect on our business, financial condition, results of operations and cash flows. We have policies to manage merchant-related credit risk and attempt to mitigate such risk by requiring collateral and monitoring transaction activity. Notwithstanding our programs and policies for managing credit risk, it is possible that a default on such obligations by one or more of our merchants could have a material adverse effect on our business." }, { "status": "UNCHANGED", "current_title": "Our substantial indebtedness could adversely affect us and limit our business flexibility.", "prior_title": "Our substantial indebtedness could adversely affect us and limit our business flexibility.", "current_body": "We have a significant amount of indebtedness and may incur other debt in the future. Our level of debt and the covenants to which we agreed could have negative consequences for us, including, among other things, (1) requiring us to dedicate a large portion of our cash flow from operations to servicing and repayment of the debt; (2) limiting funds available for strategic initiatives and opportunities, working capital and other general corporate needs; and (3) limiting our ability to incur certain kinds or amounts of additional indebtedness, which could restrict our flexibility to react to changes in our business, our industry and economic conditions. If we are unable to generate sufficient cash flow from operations in the future to service our debt, we may be required, among other things, to seek additional financing in the debt or equity markets, refinance or restructure all or a portion of our indebtedness, sell selected assets or reduce or delay planned capital, operating or investment expenditures. Such measures may not be sufficient to enable us to service our debt, which could result in us defaulting on our obligations." }, { "status": "UNCHANGED", "current_title": "The integration and conversion of our acquired operations or other future acquisitions, if any, could result in increased operating costs if the anticipated synergies of operating these businesses as one are not achieved, a loss of strategic opportunities if management is distracted by the integration process, and a loss of customers if our service levels drop during or following the integration process.", "prior_title": "The integration and conversion of our acquired operations or other future acquisitions, if any, could result in increased operating costs if the anticipated synergies of operating these businesses as one are not achieved, a loss of strategic opportunities if management is distracted by the integration process, and a loss of customers if our service levels drop during or following the integration process.", "current_body": "The acquisition, integration, and conversion of businesses and the formation or operation of alliances or joint ventures and other partnering arrangements involve a number of risks. Core risks are in the area of valuation (negotiating a fair price for the business based on sometimes limited diligence) and integration and conversion (managing the complex process of integrating 23 23 23 Table of Contents Table of Contents the acquired company's people, services, information security and technology and other assets to realize the projected value of the acquired company and the synergies projected to be realized in connection with the acquisition). In addition, international acquisitions and alliances often involve additional or increased risks, including, for example: managing geographically separated organizations, systems, and facilities; integrating personnel with diverse business backgrounds and organizational cultures; complying with foreign regulatory requirements; fluctuations in currency exchange rates; enforcement of intellectual property rights in some foreign countries; difficulty entering new foreign markets due to, among other things, regulatory licensure, customer acceptance and business knowledge of those new markets; and general economic and political conditions. If the integration and conversion process does not proceed smoothly, the following factors, among others, could reduce our revenues and earnings, increase our operating costs, and result in us not achieving projected synergies: •If we are unable to successfully integrate the benefits plans, duties and responsibilities, and other factors of interest to the management and employees of the acquired business, we could lose employees to our competitors in the region, which could significantly affect our ability to operate the business and complete the integration; •If the integration process causes any delays with the delivery of our services, or the quality of those services, we could lose customers to our competitors; •The acquisition may otherwise cause disruption to the acquired company’s business and operations and relationships with financial institution sponsors, customers, merchants, employees and other partners; •The acquisition and the related integration could divert the attention of our management from other strategic matters including possible acquisitions and alliances, planning for new product development or expansion into new markets for payments technology and software solutions; and •The costs related to the integration of the acquired company’s business and operations into ours may be greater than anticipated." }, { "status": "UNCHANGED", "current_title": "A downgrade in the ratings of our debt could restrict our ability to access the debt capital markets and increase our interest costs.", "prior_title": "A downgrade in the ratings of our debt could restrict our ability to access the debt capital markets and increase our interest costs.", "current_body": "We currently maintain investment credit ratings with nationally recognized statistical rating organizations. Unfavorable changes in the ratings that these rating agencies assign to our debt may ultimately negatively affect our access to the debt capital markets and increase the costs we incur to borrow funds. If ratings for our debt fall below investment grade, our access to the capital markets could become restricted, and our relationships with certain customers of our Issuer Solutions segment could also be affected. Future tightening in the credit markets and a reduced level of liquidity in many financial markets due to turmoil in the financial and banking industries could affect our access to the debt capital markets or the price we pay to issue debt. Additionally, our revolving credit facility includes an increase in interest rates if the ratings for our debt are downgraded." }, { "status": "UNCHANGED", "current_title": "Our balance sheet includes significant amounts of goodwill and other intangible assets. The impairment of a portion of these assets could negatively affect our business, financial condition and results of operations.", "prior_title": "Our balance sheet includes significant amounts of goodwill and other intangible assets. The impairment of a portion of these assets could negatively affect our business, financial condition and results of operations.", "current_body": "As a result of our acquisitions, a significant portion of our total assets are intangible assets (including goodwill). Goodwill and intangible assets, net of amortization, together accounted for approximately 73% of our total assets as of December 31, 2023. We expect to engage in additional acquisition activity from time-to-time, which may result in our recognition of additional intangible assets, including goodwill. We evaluate on a regular basis whether all or a portion of our goodwill and other intangible assets may be impaired. Under current accounting rules, any determination that impairment has occurred would require us to record an impairment charge, which would negatively affect our earnings. An impairment of a portion of our goodwill or other intangible assets could have a material adverse effect on our business, financial condition and results of operations." }, { "status": "UNCHANGED", "current_title": "If we do not renew or renegotiate our agreements on favorable terms with our customers within the Issuer Solutions segment, our business will suffer. The timing of the conversions or deconversions of card portfolios could also affect our revenues and expenses.", "prior_title": "If we do not renew or renegotiate our agreements on favorable terms with our customers within the Issuer Solutions segment, our business will suffer. The timing of the conversions or deconversions of card portfolios could also affect our revenues and expenses.", "current_body": "A significant amount of our Issuer Solutions segment revenues is derived from long-term contracts with large financial institutions and other financial service providers. The financial position of these customers and their willingness to pay for our 22 22 22 Table of Contents Table of Contents services are affected by general market conditions, competitive pressures and operating margins within their industries. When our long-term contracts near expiration, the renewal or renegotiation of the contract presents our customers with the opportunity to consider other providers, transition all or a portion of the services we provide in-house or seek lower rates for our services. Additionally, as we modernize the technology platform we use to deliver services, some Issuer Solutions customers may not be agreeable to our modernization effort and may choose to end their contracts prematurely, or not renew their contracts as a result. The loss of our contracts with existing customers or renegotiation of contracts at reduced rates or with fewer services could have a material adverse effect on our financial condition, results of operations and cash flows. In addition, the timing of the conversion of card portfolios of new payment processing customers to our processing systems and the deconversion of existing customers to other systems could affect our revenues and expenses. Due to a variety of factors, conversions and deconversions may not occur as scheduled, and this may have a material adverse effect on our financial condition, results of operations and cash flows." }, { "status": "UNCHANGED", "current_title": "Our systems or our third-party providers' systems may fail, which could interrupt our service, cause us to lose business, increase our costs and expose us to liability.", "prior_title": "Our systems or our third-party providers' systems may fail, which could interrupt our service, cause us to lose business, increase our costs and expose us to liability.", "current_body": "We depend on the efficient and uninterrupted operation of our computer systems, software, data centers and telecommunications networks, as well as the systems and services of third parties. A system outage or data loss could have a material adverse effect on our business, financial condition, results of operations and cash flows. Not only could we suffer damage to our reputation in the event of a system outage or data loss, but we could also be liable to third parties. Many of our contractual agreements with financial institutions and certain other customers require the payment of penalties if we do not meet certain operating standards. Our systems and operations or those of our third-party providers could be exposed to damage or interruption from, among other things, fire; climate-related events, including extreme weather events; natural disasters; pandemics; power loss; telecommunications failure; terrorist acts; war; unauthorized entry; malicious attack; human error; hardware failure; and computer viruses or other defects. We have been and continue to be exposed to defects in our systems or those of third parties, errors or delays in the processing of payment transactions, telecommunications failures, or other difficulties (including those related to system relocation), which could result in loss of revenues, loss of customers, loss of 19 19 19 Table of Contents Table of Contents merchant and cardholder data, harm to our business or reputation, exposure to fraud losses or other liabilities, negative publicity, additional operating and development costs, litigation expenses, fines and other sanctions imposed by card networks or regulators, and/or diversion of technical and other resources. There is also a risk that third-party suppliers of hardware and infrastructure required to support our employee productivity or our suppliers could be affected by supply chain disruptions, such as manufacturing and shipping delays. An extended supply chain disruption could also affect the delivery of our services." }, { "status": "UNCHANGED", "current_title": "We may not be able to successfully manage our intellectual property and may be subject to infringement claims.", "prior_title": "We may not be able to successfully manage our intellectual property and may be subject to infringement claims.", "current_body": "We rely on a combination of contractual rights and copyright, trademark, patent and trade secret laws to establish and protect our proprietary technology. Despite our efforts to protect our intellectual property, third parties may infringe or misappropriate our intellectual property or may develop software or technology that competes with ours. Our competitors may independently develop similar technology, duplicate our services or design around our intellectual property rights. We may have to litigate to enforce and protect our intellectual property rights, trade secrets and know-how or to determine their scope, validity or enforceability, which is expensive and could cause a diversion of resources and may not prove to be successful. The loss of intellectual property protection or the inability to secure or enforce intellectual property protection could harm our business and ability to compete. 27 27 27 Table of Contents Table of Contents We may also be subject to costly litigation in the event our services and technology are alleged to infringe upon another party’s proprietary rights. Third parties may have, or may eventually be issued, patents that could be infringed by our services or technology. Any of these third parties could make a claim of infringement against us with respect to our services or technology. We may also be subject to claims by third parties for breach of copyright, trademark or license usage rights. Any such claims and any resulting litigation could subject us to significant litigation costs and potential liability for damages. An adverse determination in any litigation of this type could limit our ability to use the intellectual property subject to these claims and require us to design around a third party’s intellectual property, which may not be possible, or to license alternative technology from another party, which may be costly. In addition, such litigation is often time consuming and expensive to defend and could result in the diversion of the time and attention of our employees." }, { "status": "UNCHANGED", "current_title": "There may be a decline in the use of cards and other digital payments as a payment mechanism for consumers or other adverse developments with respect to the card industry in general.", "prior_title": "There may be a decline in the use of cards and other digital payments as a payment mechanism for consumers or other adverse developments with respect to the card industry in general.", "current_body": "If consumers do not continue to use credit, debit or other digital payment methods of the type we process as a payment mechanism for their transactions or if there is a change in the mix of payments between cash, checks, credit cards and debit cards, that is adverse to us, it could have a material adverse effect on our business, financial condition, results of operations and cash flows. Consumer credit risk may make it more difficult or expensive for consumers to gain access to credit facilities such as credit cards. Regulatory changes may result in financial institutions seeking to charge their customers additional fees for use of credit or debit cards. Such fees may result in decreased use of credit or debit cards by cardholders. In each case, our business, financial condition, results of operations and cash flows could be adversely affected." }, { "status": "UNCHANGED", "current_title": "In order to remain competitive and to continue to increase our revenues and earnings, we must continually and quickly update our services, a process that could result in higher costs and the loss of revenues, earnings and customers if the new services do not perform as intended or are not accepted in the marketplace.", "prior_title": "In order to remain competitive and to continue to increase our revenues and earnings, we must continually and quickly update our services, a process that could result in higher costs and the loss of revenues, earnings and customers if the new services do not perform as intended or are not accepted in the marketplace.", "current_body": "The payments technology industry in which we compete is characterized by rapid technological change, new product introductions, evolving industry standards and changing customer needs. In order to remain competitive, we are continually involved in a number of projects, including the development of new platforms, products, mobile payment applications, ecommerce services and other new offerings emerging in the payments technology industry. These projects carry the risks associated with any development effort, including cost overruns, delays in delivery and performance problems, which could in turn lead to impairment of long-lived assets associated with projects. In the payments technology markets, these risks are even more acute. Any delay in the delivery of new services or the failure to differentiate our services could render our services less desirable to customers, or possibly even obsolete. Furthermore, as the market for alternative payment processing services evolves, it may develop too rapidly or not rapidly enough for us to recover the costs we have incurred in developing new services targeted at this market. In addition, certain of the services we deliver to the payments technology market are designed to process very complex transactions and deliver reports and other information on those transactions, all at very high volumes and processing speeds. Any failure to deliver an effective, accurate, compliant and secure product or any performance issue that arises with a new product or service could result in significant processing or reporting errors or other losses. We rely in part on third parties, including some of our competitors and potential competitors, for the development of and access to new technologies. If development efforts are required or if promised new services are not delivered timely to our customers or do not perform as anticipated, we could incur higher costs, a loss of revenues and lower earnings and cash flows. 20 20 20 Table of Contents Table of Contents" }, { "status": "UNCHANGED", "current_title": "Failure to maintain effective internal controls in accordance with Section 404 of the Sarbanes-Oxley Act could have a material adverse effect on our business.", "prior_title": "Failure to maintain effective internal controls in accordance with Section 404 of the Sarbanes-Oxley Act could have a material adverse effect on our business.", "current_body": "Section 404 of the Sarbanes-Oxley Act requires us to evaluate annually the effectiveness of our internal control over financial reporting as of the end of each year and to include a management report assessing the effectiveness of our internal control over financial reporting in our annual report. If we fail to maintain the adequacy of our internal controls, we may not be able to ensure that we can conclude on an ongoing basis that we have effective internal control over financial reporting. Furthermore, this assessment may be complicated by any acquisitions we have completed or may complete. In certain markets, including, without limitation, China, Greece and Spain, our member sponsors perform payment processing operations and related support services pursuant to services agreements. We expect that the member sponsors will continue to provide these services until such time as we may integrate these functions into our operations. Accordingly, we rely on our member sponsors to provide financial data, such as amounts billed to merchants, to assist us with compiling our accounting records. As such, our internal control over financial reporting could be materially affected, or is reasonably likely to be materially affected, by the internal control and procedures of our member sponsors in these markets. While we continue to dedicate resources and management time to ensure that we have effective internal control over financial reporting, failure to achieve and maintain an effective internal control environment could have a material adverse effect on our ability to timely generate accurate financial statements in conformity with accounting principles generally accepted in the United States, on the market's perception of our business and on our stock price." }, { "status": "UNCHANGED", "current_title": "We are subject to risks associated with changes in interest rates or currency exchange rates, which could adversely affect our business, financial condition, results of operations and cash flows, and we may not effectively hedge against these risks.", "prior_title": "We are subject to risks associated with changes in interest rates or currency exchange rates, which could adversely affect our business, financial condition, results of operations and cash flows, and we may not effectively hedge against these risks.", "current_body": "A portion of our indebtedness bears interest at a variable rate, and we may incur additional variable-rate indebtedness in the future. Elevated interest rates could increase our cost of debt, and reduce our operating cash flows, limit options to refinance existing debt on favorable terms or at all, and could hinder our ability to fund our operations, capital expenditures, acquisitions, share repurchases or dividends. We are also subject to risks related to the changes in currency exchange rates as a result of our investments in foreign operations and from revenues generated in currencies other than our reporting currency, the U.S. dollar. Revenues and profits generated by international operations will increase or decrease compared to prior periods as a result of changes in currency exchange rates. Volatility in currency exchange rates has affected and may continue to affect our financial results. 26 26 26 Table of Contents Table of Contents In certain of the jurisdictions in which we operate, we may become subject to exchange control regulations that might restrict or prohibit the conversion of our foreign currencies into U.S. dollars or limit our ability to freely move currency in or out of particular jurisdictions. The occurrence of any of these factors could decrease the value of revenues we receive from our international operations and have a material adverse effect on our business. We may seek to reduce our exposure to fluctuations in interest rates or currency exchange rates through the use of hedging arrangements. To the extent that we hedge our interest rate or currency exchange rate exposures, we forgo the benefits we would otherwise experience if interest rates or currency exchange rates were to change in our favor. Developing an effective strategy for dealing with movements in interest rates and currency exchange rates is complex, and no strategy can completely insulate us from risks associated with such fluctuations. In addition, a counterparty to the arrangement could default on its obligation, thereby exposing us to credit risk. We may have to repay certain costs, such as transaction fees or breakage costs, if we terminate these arrangements." }, { "status": "UNCHANGED", "current_title": "Our revenues from the sale of services to merchants that accept Visa and Mastercard are dependent upon our continued Visa and Mastercard registrations, financial institution sponsorship and, in some cases, continued membership in certain card networks.", "prior_title": "Our revenues from the sale of services to merchants that accept Visa and Mastercard are dependent upon our continued Visa and Mastercard registrations, financial institution sponsorship and, in some cases, continued membership in certain card networks.", "current_body": "In order to provide our Visa and Mastercard transaction processing services, we must be either a direct member or registered as a merchant processor or service provider of Visa and Mastercard, respectively. Registration as a merchant processor or service provider is dependent upon our being sponsored by Members of each organization in certain jurisdictions. If our sponsor financial institution in any market should stop providing sponsorship for us, we would need to find another financial institution to provide those services or we would need to attain direct membership with the card networks, either of which could prove to be difficult and expensive. Relatedly, transitioning to a new sponsor financial institution requires technical development work, which takes time. If we were unable to find a replacement financial institution to provide sponsorship or attain direct membership or unable to transition to a new sponsor financial institution in a timely manner, we may no longer be able to provide processing services to affected customers and potential customers in that market, which would negatively affect our revenues, earnings and cash flows. Furthermore, some agreements with our financial institution sponsors give them substantial discretion in approving certain aspects of our business practices, including our solicitation, application and qualification procedures for merchants and the terms of our agreements with merchants. Our sponsors' discretionary actions under these agreements could have a material adverse effect on our business, financial condition and results of operations. In connection with direct membership, the rules and regulations of various card associations and networks prescribe certain capital requirements. Any increase in the capital level required would limit our use of capital for other purposes. The termination of our registration, or any changes in the rules of Visa or Mastercard or any other network that would impair our registration or prevent us from providing services to our customers, could require us to stop providing payment processing services or prevent us from successfully submitting transactions to such network, which would make it impossible for us to conduct our business on its current scale. The rules of the card networks may be influenced by card issuers, and some of those issuers also provide acquiring services and may be our competitors. If we fail to comply with the applicable requirements of the card networks, the card networks could seek to fine us, suspend us or terminate our registrations or membership. The termination of our registrations or our membership or our status as a service provider or a merchant processor, or any changes in card association or other network rules or standards, including interpretation and implementation of the rules or standards, that increase the cost of doing business or limit our ability to provide transaction processing services to our customers, could have a material adverse effect on our business, financial condition, results of operations and cash flows. If a merchant fails to comply with the applicable requirements of the card associations and networks, we, the merchant or, in some cases the ISO, could be subject to a variety of fines or penalties that may be levied by the card associations or networks. If we cannot collect or pursue collection of such amounts from the applicable merchant or, in some cases the ISO, we may have to bear the cost of such fines or penalties, resulting in lower earnings for us." }, { "status": "UNCHANGED", "current_title": "We may not be able to, or we may decide not to, pay dividends or repurchase shares at a level anticipated by our shareholders, which could reduce shareholder returns.", "prior_title": "We may not be able to, or we may decide not to, pay dividends or repurchase shares at a level anticipated by our shareholders, which could reduce shareholder returns.", "current_body": "The extent to which we pay dividends on our common stock and repurchase our common stock in the future is at the discretion of our board of directors and will depend on, among other factors, our results of operations, financial condition, capital requirements and such other factors as our board of directors deems relevant. No assurance can be given that we will be able to or will choose to continue to pay dividends or repurchase shares in the foreseeable future. 28 28 28 Table of Contents Table of Contents" }, { "status": "UNCHANGED", "current_title": "The costs and effects of pending and future litigation, investigations or similar matters, or adverse facts and developments related thereto, could materially affect our business, financial condition, results of operations and cash flows.", "prior_title": "The costs and effects of pending and future litigation, investigations or similar matters, or adverse facts and developments related thereto, could materially affect our business, financial condition, results of operations and cash flows.", "current_body": "We are from time-to-time involved in various litigation matters and governmental or regulatory investigations or similar matters arising out of our current or future business. Our insurance or indemnities may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation. Litigation could be costly, time-consuming and divert attention of management from daily operational needs. Furthermore, there is no guarantee that we will be successful in defending ourselves in pending or future litigation or similar matters under various laws. Should the ultimate judgments or settlements in any pending or future litigation or investigation significantly exceed our insurance coverage, such judgments could have a material adverse effect on our business, financial condition, results of operations and cash flows. 30 30 30 Table of Contents Table of Contents ITEM 1C - CYBERSECURITY" }, { "status": "UNCHANGED", "current_title": "Our inability to complete certain divestitures or the effects of divesting a business could have a material adverse effect on our business and financial results.", "prior_title": "Our inability to complete certain divestitures or the effects of divesting a business could have a material adverse effect on our business and financial results.", "current_body": "From time-to-time, we may divest businesses that do not meet our strategic objectives. We may not be able to complete desired divestitures on terms favorable to us. Losses on the sales of, or lost operating income from, those businesses could negatively affect our profitability and margins. Moreover, we have incurred and in the future may incur asset impairment charges related to potential divestitures that reduce our profitability. Our divestiture activities may also present financial, managerial, and operational risks. Those risks include diversion of management attention from our other businesses, difficulties separating personnel and systems, possible need for providing transition services to buyers, adverse effects on existing business relationships with suppliers and customers and indemnities and potential disputes with the buyers. Any of these factors could adversely affect our financial condition and results of operations." }, { "status": "UNCHANGED", "current_title": "Our future growth depends in part on the continued expansion within markets in which we already operate, the emergence of new markets, and the continued availability of alliance relationships and strategic acquisition opportunities.", "prior_title": "Our future growth depends in part on the continued expansion within markets in which we already operate, the emergence of new markets, and the continued availability of alliance relationships and strategic acquisition opportunities.", "current_body": "Our future growth and profitability depend upon our continued expansion within the markets in which we currently operate, the further expansion of these markets, the emergence of other markets for payment technology and software solutions and our ability to penetrate these markets. As part of our strategy to achieve this expansion, we look for acquisition opportunities, investments and alliance relationships with other businesses, including referral partners, ISOs and other financial institutions, that will allow us to increase our market penetration, technological capabilities, product offerings and distribution capabilities. We may not be able to successfully identify suitable acquisition, investment and alliance candidates in the future, and if we do, they may not provide us with the value and benefits we anticipate, which may inhibit our growth prospects and adversely affect our business, financial condition and results of operations. Our expansion into new markets is also dependent upon our ability to apply our existing technology or to develop new applications to meet the particular service needs of each new market. We may not have adequate financial or technological resources to develop effective and secure services and distribution channels that will satisfy the demands of these new markets. If we fail to expand into new and existing markets for payment technology and software solutions, we may not be able to continue to grow our revenues and earnings. Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by a variety of factors including adverse financial conditions, trade tensions and increased global scrutiny of foreign investments. A number of countries, including the U.S. and countries in Europe and the Asia-Pacific region, are considering or have adopted restrictions on foreign investments. Governments may continue to adopt or tighten economic sanctions, tariffs or trade restrictions of this nature, and such restrictions could negatively affect our business and financial results. Furthermore, our future success will depend, in part, upon our ability to manage our expanded business, which could pose substantial challenges for our management, including challenges related to the management and monitoring of new operations and associated costs and complexity. We may also face increased scrutiny from governmental authorities if we become a larger business." }, { "status": "UNCHANGED", "current_title": "The payments technology industry is highly competitive and highly innovative, and some of our competitors have greater financial and operational resources than we do, which may give them an advantage with respect to the pricing of services offered to customers and the ability to develop new and disruptive technologies.", "prior_title": "The payments technology industry is highly competitive and highly innovative, and some of our competitors have greater financial and operational resources than we do, which may give them an advantage with respect to the pricing of services offered to customers and the ability to develop new and disruptive technologies.", "current_body": "We operate in the payments technology industry, which is highly competitive and highly innovative. In this industry, our primary competitors include other independent payment processors, credit card processing firms, third-party card processing software institutions, as well as financial institutions, ISOs, payment facilitators, prepaid programs managers and, potentially, card networks. Some of our current and potential competitors may be larger than we are and have greater financial and operational resources or brand recognition than we have. Our competitors that are financial institutions or subsidiaries of financial institutions do not incur the costs associated with being sponsored by a direct member for participation in the card networks, as we do in certain jurisdictions, and may be able to settle transactions more quickly for merchants than we can. These financial institutions may also provide payment processing services to merchants at lower margins or at a loss in order to generate banking fees from the merchants. It is also possible that larger financial institutions, including some who are customers of ours, could decide to perform in-house some or all of the services that we currently provide or could provide. These attributes may provide them with a competitive advantage in the market. Furthermore, we are facing increasing competition from nontraditional competitors, including new entrant technology companies, who offer certain innovations in payment methods. Some of these competitors utilize proprietary software and service solutions. Some of these nontraditional competitors have significant financial resources and robust networks and are highly regarded by consumers. In addition, some nontraditional competitors, such as private companies or startup companies, may be less risk averse than we are and, therefore, may be able to respond more quickly to market demands. These competitors may compete in ways that minimize or remove the role of traditional card networks, acquirers, issuers and processors in the digital payments process. If these nontraditional competitors gain a greater share of total digital payments transactions, it could have an adverse effect on our business, financial condition, results of operations and cash flows." } ] }