Global Payments Inc.: 10-K Risk Factor Changes

Our future growth and profitability depend upon our continued expansion within the markets in which we currently operate, the further expansion of these markets, the emergence of other markets for payment technology and software solutions and our ability to penetrate these markets. As part of our strategy to achieve this expansion, we look for acquisition and joint venture opportunities, investments and alliance relationships with other businesses, including referral partners, ISOs and other financial institutions, that will allow us to increase our market penetration, technological capabilities, service offerings and distribution capabilities. We may not be able to successfully identify suitable acquisition, joint venture, investment and alliance candidates in the future, and if we do, they may not provide us with the value and benefits we anticipate, which may inhibit our growth prospects and adversely affect our business, financial condition and results of operations. Our expansion into new markets is also dependent upon our ability to apply our existing technology or to develop new applications to meet the particular service needs of each new market. We may not have adequate financial or technological resources to develop effective and secure services and distribution channels that will satisfy the demands of these new markets. If we fail to expand into new and existing markets for payment technology and software solutions, we may not be able to continue to grow our revenues and earnings. 23 23 23 Table of Contents Table of Contents Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by a variety of factors including adverse financial conditions, trade tensions and increased global scrutiny of foreign investments. A number of countries, including the U.S. and countries in Europe and the Asia-Pacific region, are considering or have adopted restrictions on foreign investments. Governments may continue to adopt or tighten economic sanctions, tariffs or trade restrictions of this nature, and such restrictions could adversely affect our business, financial condition and results of operations. Furthermore, our future success will depend, in part, upon our ability to integrate and manage our expanded business, which could pose substantial challenges for our management team, including challenges related to the management and monitoring of new operations and associated costs and complexity. We may also face increased scrutiny from governmental authorities if we become a larger business.

Our future growth and profitability depend upon our continued expansion within the markets in which we currently operate, the further expansion of these markets, the emergence of other markets for payment technology and software solutions and our ability to penetrate these markets. As part of our strategy to achieve this expansion, we look for acquisition opportunities, investments and alliance relationships with other businesses, including referral partners, ISOs and other financial institutions, that will allow us to increase our market penetration, technological capabilities, product offerings and distribution capabilities. We may not be able to successfully identify suitable acquisition, investment and alliance candidates in the future, and if we do, they may not provide us with the value and benefits we anticipate, which may inhibit our growth prospects and adversely affect our business, financial condition and results of operations. Our expansion into new markets is also dependent upon our ability to apply our existing technology or to develop new applications to meet the particular service needs of each new market. We may not have adequate financial or technological resources to develop effective and secure services and distribution channels that will satisfy the demands of these new markets. If we fail to expand into new and existing markets for payment technology and software solutions, we may not be able to continue to grow our revenues and earnings. Our ability to acquire other businesses or technologies, make strategic investments or integrate acquired businesses effectively may also be impaired by a variety of factors including adverse financial conditions, trade tensions and increased global scrutiny of foreign investments. A number of countries, including the U.S. and countries in Europe and the Asia-Pacific region, are considering or have adopted restrictions on foreign investments. Governments may continue to adopt or tighten economic sanctions, tariffs or trade restrictions of this nature, and such restrictions could negatively affect our business and financial results. Furthermore, our future success will depend, in part, upon our ability to manage our expanded business, which could pose substantial challenges for our management, including challenges related to the management and monitoring of new operations and associated costs and complexity. We may also face increased scrutiny from governmental authorities if we become a larger business.

The acquisition, integration, and conversion of businesses and the formation or operation of alliances or joint ventures and other partnering arrangements involve a number of risks. Core risks are in the area of valuation (negotiating a fair price for the business based on, in certain cases, limited diligence) and integration and conversion (managing the complex process of integrating the acquired company's people, services, information security and technology and other assets to realize the projected value of the acquired company and the synergies projected to be realized in connection with the acquisition). In addition, international acquisitions, joint ventures and alliances often involve additional or increased risks, including, for example: managing geographically separated organizations, systems, and facilities; integrating personnel with diverse cultural and business backgrounds and organizational cultures; complying with foreign regulatory requirements; fluctuations in currency exchange rates; enforcement of intellectual property rights in some foreign countries; difficulty entering new foreign markets due to, among other things, regulatory licensure, customer acceptance and business knowledge of those new markets; and general economic and political conditions. See “—Risks Related to General Economic Conditions—We are subject to economic and geopolitical risk, health and social events or conditions, the business cycles and credit risk of our customers and the overall level of consumer, business and government spending, which could adversely affect our business, financial condition, results of operations and cash flows.” for further information about how general economic conditions could adversely affect our business, financial condition, results of operations and cash flows. If the integration and conversion process does not proceed smoothly, the following factors, among others, could reduce our revenues and earnings, increase our operating costs and result in us not achieving projected synergies: •If we are unable to successfully integrate the benefits plans, duties and responsibilities, and other factors of interest to the management and employees of the acquired business, we could lose employees to our competitors in the region, which could significantly affect our ability to operate the business effectively and complete the integration; •If the integration process causes any delays with the delivery of our services, or the quality of those services, we could lose customers to our competitors; •The acquisition or joint venture may otherwise cause disruption to, as applicable, the acquired company’s or our joint venture partners' business and operations and relationships with financial institution sponsors, customers, merchants, employees and other partners; •The acquisition or joint venture and the related integration could divert the attention of our management from other strategic matters; •The data security, cybersecurity and operational resilience posture of the acquired entities, joint ventures or companies we invest in or partner with, may not be adequate and may be more susceptible to a system failure, service disruption or cybersecurity incident or attack; and •The costs related to the integration of the acquired business and operations into ours may be greater than anticipated.

The acquisition, integration, and conversion of businesses and the formation or operation of alliances or joint ventures and other partnering arrangements involve a number of risks. Core risks are in the area of valuation (negotiating a fair price for the business based on sometimes limited diligence) and integration and conversion (managing the complex process of integrating 23 23 23 Table of Contents Table of Contents the acquired company's people, services, information security and technology and other assets to realize the projected value of the acquired company and the synergies projected to be realized in connection with the acquisition). In addition, international acquisitions and alliances often involve additional or increased risks, including, for example: managing geographically separated organizations, systems, and facilities; integrating personnel with diverse business backgrounds and organizational cultures; complying with foreign regulatory requirements; fluctuations in currency exchange rates; enforcement of intellectual property rights in some foreign countries; difficulty entering new foreign markets due to, among other things, regulatory licensure, customer acceptance and business knowledge of those new markets; and general economic and political conditions. If the integration and conversion process does not proceed smoothly, the following factors, among others, could reduce our revenues and earnings, increase our operating costs, and result in us not achieving projected synergies: •If we are unable to successfully integrate the benefits plans, duties and responsibilities, and other factors of interest to the management and employees of the acquired business, we could lose employees to our competitors in the region, which could significantly affect our ability to operate the business and complete the integration; •If the integration process causes any delays with the delivery of our services, or the quality of those services, we could lose customers to our competitors; •The acquisition may otherwise cause disruption to the acquired company’s business and operations and relationships with financial institution sponsors, customers, merchants, employees and other partners; •The acquisition and the related integration could divert the attention of our management from other strategic matters including possible acquisitions and alliances, planning for new product development or expansion into new markets for payments technology and software solutions; and •The costs related to the integration of the acquired company’s business and operations into ours may be greater than anticipated.

As a payments technology company, our business is affected by laws and complex regulations and examinations that affect us and our industry in the countries in which we operate. Regulation and proposed regulation of the payments industry have continued to increase significantly in recent years. Failure to comply with regulations or guidelines may result in the suspension or revocation of a license or registration, the limitation, suspension or termination of service, and the imposition of civil and criminal penalties, including fines, or may cause customers or potential customers to be reluctant to do business with us, any of which could have an adverse effect on our financial condition. Interchange fees are subject to intense legal, regulatory and legislative scrutiny worldwide. For instance, the Dodd-Frank Act restricts the amounts of debit card fees that certain issuing institutions can charge merchants and allows merchants to set minimum amounts for the acceptance of credit cards and to offer discounts for different payment methods. These types of restrictions could negatively affect the number of debit transactions, which would adversely affect our business. The Dodd-Frank Act also created the CFPB, which has responsibility for enforcing federal consumer protection laws, and the Financial Stability Oversight Council, which has the authority to determine whether any nonbank financial company, like us, should be supervised by the Board of Governors of the Federal Reserve on the ground that it is "systemically important" to the U.S. financial system. Any such designation would result in increased regulatory burdens on our business, which increases our risk profile and may have an adverse effect on our business, financial condition, results of operations and cash flows. Additionally, interchange and/or other processing fees have recently become the subject of newly enacted and/or proposed new legislation that seeks to limit the application of interchange and/or other processing fees to portions of transactions processed via credit or debit. Such legislation would add significant complexity to existing systems and processes and/or would require code development and technological changes, the cost of which may not be recouped. The inability to apply interchange and/or other processing fees to portions of transactions could negatively affect the economic opportunity associated with such transactions and result in an adverse effect to our business, financial condition, results of operations and cash flows. 27 27 27 Table of Contents Table of Contents Because we directly or indirectly offer or provide financial services to consumers, we are subject to prohibitions against unfair, deceptive, or abusive acts or practices under the Dodd-Frank Act. More generally, all persons engaged in commerce, including, but not limited to, us and our merchant and financial institution customers, are subject to Section 5 of the FTC Act prohibiting unfair or deceptive acts or practices ("UDAP"). We also have businesses that are subject to credit reporting and debt collection laws and regulations in the U.S. Various federal and state regulatory enforcement agencies, including the FTC, the CFPB and the states’ attorneys general, may seek to take action against nonbanks that engage in UDAP or violate other laws, rules or regulations and, to the extent we are in violation of these laws, rules or regulations or are processing payments for a merchant that may be in violation of these laws, rules or regulations, we may be subject to enforcement actions and as a result may incur losses and liabilities. We are also subject to examination by the FFIEC as a result of our provision of data processing services to financial institutions. As the regulatory environment remains unpredictable and subject to rapid change, new obligations could increase the cost and complexity of compliance. Evolving regulations also increase the risk of investigations, fines, nonmonetary penalties and litigation. Because of our services in relation to the banking industry, much of our business is obligated, either under law or via contracts with our customers, to comply with anti-money laundering regulations. Noncompliance with these regulations could lead to substantial regulatory fines and penalties or damages from private causes of action. The effect of such regulations could adversely affect our business, financial condition, results of operations and cash flows. In addition, we and our sponsor financial institutions are subject to the laws and regulations enforced by the Office of Foreign Assets Control, which prohibit U.S. persons from engaging in transactions with certain prohibited persons or entities. Similar requirements apply in other countries. Furthermore, certain of our businesses are regulated as money transmitters or otherwise require licensing in one or more states or jurisdictions, subjecting us to various licensing, supervisory and other requirements. Continuing developments in privacy and data protection regulation globally, combined with the rapid pace of technology innovation, have created risks and operational challenges for many of our business activities as described in "Item 1 - Business" of this Annual Report on Form 10-K. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our data privacy practices or operations model, which could result in potential fines, damages or a need to incur substantial costs to modify our operations. Compliance with these laws and regulations can be costly and time consuming, adding a layer of complexity to business practices and innovation. Our failure to comply could result in public or private enforcement action and accompanying litigation costs, losses, fines and penalties, which could adversely affect our business, financial condition, results of operations and cash flows. In addition, U.S. banking agencies and the SEC have adopted or proposed enhanced cybersecurity risk management rules and/or standards that could apply to us and our financial institution clients and that address cybersecurity risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. Several states and foreign countries also have adopted or proposed new privacy and cybersecurity laws covering these issues. Legislation and regulations on cybersecurity, data privacy and data localization may compel us to enhance or modify our systems, invest in new systems or alter our business practices or our policies on data governance, security and privacy. If any of these laws, rules or standards are applicable to us, our operational costs could increase significantly. The rise in the use of generative AI has dramatically altered the corporate landscape. Incorporating AI, including machine learning technologies, into our businesses presents numerous risks and uncertainties. Furthermore, the global regulatory framework has not kept pace with the rapid developments in generative AI technology which has created uncertainties regarding compliance with applicable laws, rules and regulations. Aside from legal considerations regarding the development and deployment of AI technology, ethical considerations also exist given the potential risk of generating misleading or harmful content. The unpredictable nature of AI-generated content further amplifies the risk of unintended consequences and biases. Additionally, without clear requirements to explain AI-generated content and/or the data used to train AI models, there is a risk of intellectual property disputes, including those involving the protection or infringement of AI-generated content. We are exploring opportunities to expand our portfolio with AI capabilities to strengthen our market position, expand our teams' technological capabilities, and enhance our customers' experiences. If we are unsuccessful in doing so, we may have a competitive disadvantage in developing new solutions and operating our business, and, as a result, our customers may prefer different solutions. See "—Risks Related to Our Business Model and Operations—Our business may be affected by current and future laws and regulations governing the development, use and deployment of AI technologies, as well as potentially related private litigation” for further information about the risks of the use and deployment of AI technologies. Changes to laws and regulations, or interpretation or enforcement thereof, even if we are not involved, may adversely affect our business by requiring significant efforts to change our systems and services requiring changes to how we price our services to customers. We may have difficulty aligning our operations to comply with varying or conflicting laws, rules and regulations. A failure to comply with laws, rules and regulations, even if inadvertent, and social expectations of corporate fairness relating to AI, could damage our business or our reputation. 28 28 28 Table of Contents Table of Contents

As a payments technology company, our business is affected by laws and complex regulations and examinations that affect us and our industry in the countries in which we operate. Regulation and proposed regulation of the payments industry have continued to increase significantly in recent years. Failure to comply with regulations or guidelines may result in the suspension or revocation of a license or registration, the limitation, suspension or termination of service, and the imposition of civil and criminal penalties, including fines, or may cause customers or potential customers to be reluctant to do business with us, any of which could have an adverse effect on our financial condition. 24 24 24 Table of Contents Table of Contents Interchange fees are subject to intense legal, regulatory and legislative scrutiny worldwide. For instance, the Dodd-Frank Act restricts the amounts of debit card fees that certain issuing institutions can charge merchants and allows merchants to set minimum amounts for the acceptance of credit cards and to offer discounts for different payment methods. These types of restrictions could negatively affect the number of debit transactions, which would adversely affect our business. The Dodd-Frank Act also created the CFPB, which has responsibility for enforcing federal consumer protection laws, and the Financial Stability Oversight Council, which has the authority to determine whether any nonbank financial company, like us, should be supervised by the Board of Governors of the Federal Reserve on the ground that it is "systemically important" to the U.S. financial system. Any such designation would result in increased regulatory burdens on our business, which increases our risk profile and may have an adverse effect on our business, financial condition, results of operations and cash flows. Because we directly or indirectly offer or provide financial services to consumers, we are subject to prohibitions against unfair, deceptive, or abusive acts or practices under the Dodd-Frank Act. More generally, all persons engaged in commerce, including, but not limited to, us and our merchant and financial institution customers, are subject to Section 5 of the FTC Act prohibiting unfair or deceptive acts or practices ("UDAP"). We also have businesses that are subject to credit reporting and debt collection laws and regulations in the U.S. Various federal and state regulatory enforcement agencies, including the FTC, the CFPB and the states’ attorneys general, may seek to take action against nonbanks that engage in UDAP or violate other laws, rules or regulations and, to the extent we are in violation of these laws, rules or regulations or are processing payments for a merchant that may be in violation of these laws, rules or regulations, we may be subject to enforcement actions and as a result may incur losses and liabilities. We are also subject to examination by the FFIEC as a result of our provision of data processing services to financial institutions. As the regulatory environment remains unpredictable and subject to rapid change, new obligations could increase the cost and complexity of compliance. Evolving regulations also increase the risk of investigations, fines, nonmonetary penalties and litigation. Because of our services in relation to the banking industry, much of our business is obligated, either under law or via contracts with our customers, to comply with anti-money laundering regulations. Noncompliance with these regulations could lead to substantial regulatory fines and penalties or damages from private causes of action. The effect of the regulations could be detrimental to our financial condition. In addition, we and our sponsor financial institutions are subject to the laws and regulations enforced by the Office of Foreign Assets Control, which prohibit U.S. persons from engaging in transactions with certain prohibited persons or entities. Similar requirements apply in other countries. Furthermore, certain of our businesses are regulated as money transmitters or otherwise require licensing in one or more states or jurisdictions, subjecting us to various licensing, supervisory and other requirements. Continuing developments in privacy and data protection regulation globally, combined with the rapid pace of technology innovation, have created risks and operational challenges for many of our business activities as described in "Item 1 - Business." It is possible that these laws may be interpreted and applied in a manner that is inconsistent with our data privacy practices or operations model, which could result in potential liability for fines, damages or a need to incur substantial costs to modify our operations. Compliance with these laws and regulations can be costly and time consuming, adding a layer of complexity to business practices and innovation. As with other regulatory schemes, our failure to comply could result in public or private enforcement action and accompanying litigation costs, losses, fines and penalties, which could adversely affect our business, financial condition, results of operations and cash flows. In addition, U.S. banking agencies and the SEC have adopted or proposed enhanced cyber risk management standards that could apply to us and our financial institution clients and that would address cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. Several states and foreign countries also have adopted or proposed new privacy and cybersecurity laws targeting these issues. Legislation and regulations on cybersecurity, data privacy and data localization may compel us to enhance or modify our systems, invest in new systems or alter our business practices or our policies on data governance and privacy. If any of these outcomes were to occur, our operational costs could increase significantly. The rise in the use of generative artificial intelligence has dramatically altered the corporate landscape. Incorporating artificial intelligence, including machine learning technologies, into our businesses presents numerous risks and uncertainties. Furthermore, the global regulatory framework has not kept pace with the rapid developments in the generative artificial intelligence technology field, creating uncertainties regarding compliance with upcoming laws and regulations. Beyond legal considerations in the development and deployment of these models there exists an ethical consideration given the potential risk of generating misleading or harmful content. The unpredictable nature of outputs further amplifies this risk, potentially leading to unintended consequences and biases. Additionally, the absence of clear requirements pertaining to explainability and the data used to train these models, introduces the risk of intellectual property disputes, including the inability to protect or potential infringement claims regarding the artificially generated content. We are exploring opportunities to expand our portfolio with artificial intelligence capabilities to strengthen our market position, amplify our teams' capabilities, and enhance our customers' 25 25 25 Table of Contents Table of Contents experiences. If we are unsuccessful in doing so, we may have a competitive disadvantage in developing new products and operating our business and our customers may prefer different solutions. Changes to legal rules and regulations, or interpretation or enforcement thereof, even if not directed at us, may require significant efforts to change our systems and services and may require changes to how we price our services to customers, adversely affecting our business. Even an inadvertent failure to comply with laws and regulations, as well as rapidly evolving social expectations of corporate fairness, could damage our business or our reputation. As varying or conflicting regulations come into existence across the jurisdictions in which we operate, we may have difficulty aligning our operations to comply with all applicable laws.

•We are subject to risks associated with changes in interest rates or currency exchange rates and may not effectively hedge against these risks, which could adversely affect our business, financial condition, results of operations and cash flows. •A downgrade in the ratings of our debt could restrict our ability to access the debt capital markets and increase our interest costs. •Failure to maintain effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act of 2002 (the "Sarbanes-Oxley Act") could have a material adverse effect on our business.

•We are subject to risks associated with changes in interest rates or currency exchange rates, which could adversely affect our business, financial condition, results of operations and cash flows, and we may not effectively hedge against these risks. •A downgrade in the ratings of our debt could restrict our ability to access the debt capital markets and increase our interest costs. •Failure to maintain effective internal controls in accordance with Section 404 of the Sarbanes-Oxley Act could have a material adverse effect on our business.

The global payments technology industry depends heavily on the overall level of consumer, business and government spending. We are exposed to general economic conditions, including but not limited to, recessions, inflation, rising interest rates, high unemployment, currency fluctuations, and rising energy prices, that adversely affect consumer confidence, discretionary income and changes in consumer purchasing and spending habits. Adverse economic conditions have at times affected, and may continue to adversely affect, our financial performance by reducing the number or average purchase amount of transactions made using digital payments. A reduction in the level of consumer spending could result in a decrease in our revenues and profits. If our customers make fewer sales to consumers using digital payments, or consumers using digital payments spend less per transaction, we will have fewer transactions to process or lower transaction amounts, each of which would contribute to lower revenues. Moreover, competitors may respond to market conditions by lowering prices and attempting to lure away our customers to lower-cost solutions. Additionally, credit card issuers may reduce credit limits and become more selective in their card issuance practices. When such conditions arise, we evaluate where we may be able to implement cost-saving measures, including those related to headcount and discretionary expenses. Adverse macroeconomic conditions in any of our markets could force merchants, financial institutions or other customers to cease operations or petition for bankruptcy protection, resulting in lower revenue and earnings for us and greater exposure to potential credit losses and future transaction declines. We also have a certain amount of fixed costs, including rent, debt service, and salaries, which could limit our ability to quickly adjust costs and respond to changes in our business and the economy. Changes in economic conditions could also adversely affect our future revenues and profits and have a material adverse effect on our business, financial condition, results of operations and cash flows. In most of the markets in which we operate, we collect fees from our merchants on the first day after the monthly billing period, which results in the build-up of substantial receivables from our customers. If a merchant were to go out of business during the billing period, we may be unable to collect such fees, which could also adversely affect our business, financial condition, results of operations and cash flows. In addition, our business, growth, financial condition or results of operations could be materially adversely affected by public health emergencies, political and economic instability or changes in a country’s or region’s economic conditions, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, increased difficulty of conducting business in a country or region due to actual or potential political or military conflict or action by the United States or foreign governments that may restrict our ability to transact business in a foreign country or with certain foreign individuals or entities. Risks associated with heightened geopolitical and economic instability, include among others, reduction in consumer, government or corporate spending, international sanctions, embargoes, tariffs, heightened inflation and actions taken by central banks to counter inflation, volatility in global financial markets, increased cyber disruptions or attacks, higher supply chain costs and increased tensions between countries in which we may operate, which could result in charges related to the recoverability of assets, including financial assets, long-lived assets and goodwill, and other losses, and could adversely affect our business, financial condition and results of operations.

The global payments technology industry depends heavily on the overall level of consumer, business and government spending. We are exposed to general economic conditions, including but not limited to, recessions, inflation, rising interest rates, high unemployment, currency fluctuations, and rising energy prices, that affect consumer confidence, discretionary income and changes in consumer purchasing and spending habits. Adverse economic conditions have at times affected and may continue to negatively affect our financial performance by reducing the number or average purchase amount of transactions made using digital payments. A reduction in the amount of consumer spending could result in a decrease in our revenues and profits. If our merchants make fewer sales to consumers using digital payments, or consumers using digital payments spend less per transaction, we will have fewer transactions to process or lower transaction amounts, each of which would contribute to lower revenues. Additionally, credit card issuers may reduce credit limits and become more selective in their card issuance practices. When such conditions arise, we evaluate where we may be able to implement cost-saving measures, including those related to headcount and discretionary expenses. While economic conditions have shown moderate improvement in recent months, any of these developments could have a material adverse effect on our financial condition and results of operations. Adverse macroeconomic conditions in any of our markets could force merchants, financial institutions or other customers to cease operations or petition for bankruptcy protection, resulting in lower revenue and earnings for us and greater exposure to potential credit losses and future transaction declines. We also have a certain amount of fixed costs, including rent, debt service, and salaries, which could limit our ability to quickly adjust costs and respond to changes in our business and the economy. Changes in economic conditions could also adversely affect our future revenues and profits and have a materially adverse effect on our business, financial condition, results of operations and cash flows. In most markets, we collect our fees from our merchants on the first day after the monthly billing period, which results in the build-up of substantial receivable from our customers. If a merchant were to go out of business during the billing period, we may be unable to collect such fees, which could negatively affect our business, financial condition, results of operations and cash flows. In addition, our business, growth, financial condition or results of operations could be materially adversely affected by public health emergencies, such as the COVID-19 pandemic, political and economic instability or changes in a country’s or region’s economic conditions, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, increased difficulty of conducting business in a country or region due to actual or potential political or military conflict or action by the United States or foreign governments that may restrict our ability to transact business in a foreign country or with certain foreign individuals or entities. Risks associated with heightened geopolitical and economic instability, include among others, reduction in consumer, government or corporate spending, international sanctions, embargoes, heightened inflation and actions taken by central banks to counter inflation, volatility in global financial markets, increased cyber disruptions or attacks, higher supply chain costs and increased tensions between countries in which we may operate, which could result in charges related to the recoverability of assets, including financial assets, long-lived assets and goodwill, and other losses, and could adversely affect our financial condition and results of operations. Climate-related events, including extreme weather events and natural disasters and their effects on critical infrastructure in the U.S. or internationally, could have adverse effects on our operations, customers or third-party suppliers. Furthermore, our shareholders, customers and other stakeholders have begun to consider how corporations are addressing sustainability matters, which include environmental and corporate responsibility issues. Government regulators, investors, customers and the general public are increasingly focused on sustainability practices and disclosures, and views on this topic are diverse and rapidly changing. These shifts in investing priorities may result in adverse effects on the trading price of the Company's common stock if investors determine that the Company has not made sufficient progress on sustainability matters. Furthermore, developing and acting on these initiatives, and collecting, measuring and reporting related information and metrics can be costly, difficult and time consuming, and are subject to evolving reporting standards and/or contractual obligations. The standards and laws by which sustainability efforts are tracked and measured are in many cases new, have not been harmonized, and continue to evolve. We could also face potential negative sustainability related publicity in traditional media or social media if shareholders or other stakeholders determine that we have not adequately considered or addressed sustainability and governance matters. We have been the recipient of proposals from shareholders to promote their corporate responsibility positions, and we may receive 29 29 29 Table of Contents Table of Contents other such proposals in the future. Such proposals may not be in the long-term interests of the Company or our shareholders and may divert management’s attention away from operational matters or create the impression that our practices are inadequate.

•We may not be able to successfully manage our intellectual property and may be subject to infringement claims.

•We are subject to economic and geopolitical risk, health and social events or conditions, the business cycles and credit risk of our customers and the overall level of consumer, business and government spending, which could adversely affect our business, financial condition, results of operations and cash flows. •Investor and other stakeholder scrutiny related to our sustainability practices, and our disclosed performance and aspirations for these practices, may increase costs and expose us to numerous risks.

•We are subject to economic and geopolitical risk, health and social events or conditions, the business cycles and credit risk of our customers and the overall level of consumer, business and government spending, which could negatively affect our business, financial condition, results of operations and cash flows.

We depend on the efficient and uninterrupted operation of our computer systems, software, data centers and telecommunications networks, as well as the systems and services of third parties. Not only could we suffer damage to our reputation in the event of a system outage or data loss, but we could also be liable to third parties. Many of our contractual agreements with financial institutions and certain other customers require the payment of penalties if we do not meet certain operating standards. Our systems and operations or those of our third-party providers could be exposed to damage or interruption from, among other things, fire; climate-related events, including extreme weather events; natural disasters; pandemics; power loss; telecommunications failure; terrorist acts; war; unauthorized entry; malicious attacks; human error; hardware failure; and computer viruses or other defects. We have been and continue to be exposed to defects in our systems or those of third parties, errors or delays in the processing of payment transactions, telecommunications failures, or other difficulties (including those related to system relocation), which could result in loss of revenues, loss of customers, loss of merchant and cardholder data, harm to our business or reputation, exposure to fraud losses or other liabilities, negative publicity, additional operating and development costs, litigation expenses, fines and other sanctions imposed by card networks or regulators and/or diversion of technical and other resources. There is also a risk that third-party suppliers of hardware and infrastructure required to support our employee productivity or our suppliers could be affected by supply chain disruptions, such as manufacturing and shipping delays. An extended supply chain disruption could also affect the delivery of our services. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations and cash flows. In addition, if we are unable to renew or renegotiate our agreements with key suppliers on favorable terms to us or at all, or find alternative third-party providers, our services may be affected. Any of the foregoing could have a material adverse effect on our business, financial condition, results of operations and cash flows.

We depend on the efficient and uninterrupted operation of our computer systems, software, data centers and telecommunications networks, as well as the systems and services of third parties. A system outage or data loss could have a material adverse effect on our business, financial condition, results of operations and cash flows. Not only could we suffer damage to our reputation in the event of a system outage or data loss, but we could also be liable to third parties. Many of our contractual agreements with financial institutions and certain other customers require the payment of penalties if we do not meet certain operating standards. Our systems and operations or those of our third-party providers could be exposed to damage or interruption from, among other things, fire; climate-related events, including extreme weather events; natural disasters; pandemics; power loss; telecommunications failure; terrorist acts; war; unauthorized entry; malicious attack; human error; hardware failure; and computer viruses or other defects. We have been and continue to be exposed to defects in our systems or those of third parties, errors or delays in the processing of payment transactions, telecommunications failures, or other difficulties (including those related to system relocation), which could result in loss of revenues, loss of customers, loss of 19 19 19 Table of Contents Table of Contents merchant and cardholder data, harm to our business or reputation, exposure to fraud losses or other liabilities, negative publicity, additional operating and development costs, litigation expenses, fines and other sanctions imposed by card networks or regulators, and/or diversion of technical and other resources. There is also a risk that third-party suppliers of hardware and infrastructure required to support our employee productivity or our suppliers could be affected by supply chain disruptions, such as manufacturing and shipping delays. An extended supply chain disruption could also affect the delivery of our services.

Changes in tax laws or their interpretations could result in changes to enacted tax rates and may require complex computations to be performed that were not previously required, significant judgments to be made in interpretation of the new or revised tax regulations and significant estimates in calculations, as well as the preparation and analysis of information not previously relevant or regularly produced. Future changes in enacted tax rates could adversely affect our business, financial condition, results of operations and cash flows. In 2024, additional jurisdictions globally enacted local legislation formally adopting the Global Anti-Base Erosion Model Rules ("Pillar Two"), which generally provides for a minimum effective tax rate of 15%, as established by the Organization for Economic Co-operation and Development ("OECD") Pillar Two Framework. The effective dates are generally January 1, 2024, and January 1, 2025, for different aspects of the rules and vary by jurisdiction. Additional jurisdictions are expected to implement the model rules under local law in the future, with varying effective dates. We are continuing to evaluate the potential effect on future periods of the Pillar Two implementation, pending legislative adoption by additional individual countries and the ongoing issuance of additional administrative guidance by the OECD. Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby adversely affecting our business, financial condition, results of operations and cash flows. We exercise significant judgment and make estimates that we believe to be reasonable in calculating our worldwide provision for income taxes and other tax liabilities. However, relevant tax authorities may disagree with our estimates, interpretations or tax treatment of certain material items. Failure to sustain our position in these matters could adversely affect our business, financial condition, results of operations and cash flows.

Changes in tax laws or their interpretations could result in changes to enacted tax rates and may require complex computations to be performed that were not previously required, significant judgments to be made in interpretation of the new or revised tax regulations and significant estimates in calculations, as well as the preparation and analysis of information not previously relevant or regularly produced. Future changes in enacted tax rates could negatively affect our results of operations. In December 2022, the EU Member States formally adopted the EU’s Pillar Two Directive, which generally provides for a minimum effective tax rate of 15%, as established by the Organization for Economic Co-operation and Development Pillar Two Framework. The EU effective dates are January 1, 2024, and January 1, 2025, for different aspects of the directive. A significant number of other countries are expected to implement similar legislation with varying effective dates in the future. We are continuing to evaluate the potential effect on future periods of the Pillar Two Framework, pending legislative adoption by additional individual countries; however, we do not expect the directive to have a material effect on our financial condition or results of operations. Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby negatively affecting our results of operations and cash flows. We have recognized estimated liabilities on the balance sheet for material known tax exposures relating to deductions, transactions and other matters involving some uncertainty as to the proper tax treatment of the item. These liabilities reflect what we believe to be reasonable assumptions as to the likely final resolution of each issue if raised by a taxing authority. While we believe that the liabilities are adequate to cover reasonably expected tax risks, there can be no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial amount not significantly more than any related liability on the balance sheet.

From time to time, we may dispose of businesses that do not meet our strategic objectives. We may not be able to complete planned or desired dispositions on terms favorable to us. Losses on the sales of, or lost operating income from, those businesses could negatively affect our profitability and margins. Moreover, we have incurred and in the future may incur asset impairment charges related to potential dispositions that reduce our profitability. Our disposition activities may also present financial, managerial, and operational risks. Those risks include diversion of management attention from our other businesses, difficulties separating personnel and systems, possible need for providing transition services to buyers, adverse effects on existing business relationships with suppliers and customers and indemnities and potential disputes with the buyers. Any of these factors could adversely affect our business, financial condition and results of operations. 26 26 26 Table of Contents Table of Contents

From time-to-time, we may divest businesses that do not meet our strategic objectives. We may not be able to complete desired divestitures on terms favorable to us. Losses on the sales of, or lost operating income from, those businesses could negatively affect our profitability and margins. Moreover, we have incurred and in the future may incur asset impairment charges related to potential divestitures that reduce our profitability. Our divestiture activities may also present financial, managerial, and operational risks. Those risks include diversion of management attention from our other businesses, difficulties separating personnel and systems, possible need for providing transition services to buyers, adverse effects on existing business relationships with suppliers and customers and indemnities and potential disputes with the buyers. Any of these factors could adversely affect our financial condition and results of operations.