WORLDLINE_REGISTRATION_DOCUMENT_2017

F

Risk Factors [GRI 102-15] and [GRI 102-11] Regulatory and legal risks

F.3

Regulatory and legal risks

Changes in the laws, regulations, policies or other industry standards affecting the Group’s business could impose costly compliance burdens and have a material adverse effect on the Group’s business. There may be changes in the laws, regulations or other industry standards that affect the Group’s operating environment in substantial and, at times, unpredictable ways in different countries the Group is operating in, at the European level or internationally. Changes to laws, regulations or industry standards, or in their interpretation and implementation, could have a material adverse effect on the Group’s operating costs or its competitive position. Regulation of the payments industry has increased significantly in recent years and continues to increase. Failure to comply with laws, rules and regulations or standards to which the Group is subject in different countries it is operating in, Europe and internationally, in particular the regulations applicable to payment institutions and systemic processors, which are considered critical to the local economy, may result, among other things, in the suspension or revocation of a license or registration, forced replacement of existing management, the limitation, suspension or termination of service, and the imposition of fines, sanctions or other penalties, any of which could have a material adverse effect on the Group’s business, financial condition and results of operations, as well as damage the Group’s reputation. The effects of such a change on the Group’s financial institution clients could result in material, indirect effects on the way the Group operates or the costs to operate the Group’s business and impair demand for the Group’s services among its financial institution clients. In particular, the Group may need to adapt its systems to comply with new regulation requirements such as the unbundling of tariffs, which would also provide enhanced transparency to the Group’s clients on the pricing components of its services. The regulatory environment applicable to the Group is constantly changing. The Payment Services Directive n°2 (the “PSD2”) enters into force January 13, 2018. The PSD2 enlarges the scope of the existing regulation and it may adversely affect the Group’s business or operations, directly or indirectly (if, for example, the Group’s clients’ businesses and operations are adversely affected). Extra regulatory requirements are applicable such as additional regulatory filing as to ensure keeping the payment institution licenses, the obligation to register agents with supervisory authorities and to establish local contact points towards regulators in countries where licenses are passported via group companies or via agents, additional reporting (e.g. fraud, incidents, etc.), just to name some.

Certain changes to industry standards, such as SEPA instant credit transfer in Europe (Single Euro Payments Area – a single area for payments in euros) will significantly impact the Group’s operations and financial position. The SEPA instant credit transfer will induce the building of a new eco-system. Growing enthusiasm for Internet, mobile and IP-based communication networks has lead to new laws and regulations regarding confidentiality, data protection, pricing, content and quality of products and services. Growing concern about these issues included in new laws and regulations could conceivably slow down growth in these areas, possibly reducing demand for the Group’s products and therefore adversely affecting its business, results of operations and financial condition. The European Regulation 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation” or “GDPR”) and the upcoming European Regulation on the protection of personal data in electronic communications (e-Privacy) enter into force May 25, 2018. GDPR and e-Privacy enlarge the scope of existing regulations by attributing additional rights to data subjects and imposing stringent compliance requirements. In particular, the Group may need to adapt its systems, procedures and databases to comply with new regulatory and compliance requirements. Compliance with GDPR and e-Privacy may have material adverse effects both direct and indirect on the way the Group operates or the costs to operate the Group’s business. Failure to comply with the aforementioned regulations may lead to the imposition of fines or a ban on the processing of personal data which could have a material adverse effect on the Group’s business, financial condition and results of operations, as well as damage the Group’s reputation. In addition, the Group is subject to tax laws in each jurisdiction where it does business. Changes in tax laws or their interpretation could decrease the value of tax losses and tax credits carry forwards recorded on the Group’s balance sheet, cash flows and income and therefore have a material adverse effect on the Group’s financial position and results of operations. Furthermore, changes in accounting policies can significantly affect how the Group calculates expenses and earnings. Compliance with legal and regulatory rules applicable to the Group’s business could impose significant additional costs and have a material adverse effect on the Group’s business. In order to comply with regulations applicable to its business, and in particular to the activities of payment institutions and subcontractors of credit institutions, the Group is required to adhere to a broad number of requirements in the countries in which it operates, especially as pertains to its IT infrastructure, internal controls and reporting rules.

276

Worldline 2017 Registration Document