WORLDLINE_REGISTRATION_DOCUMENT_2017

The Group’s business Regulation

As an example, the Group’s Commercial Acquiring activities, which, in the context of payments made by card or online, consist in receiving and transmitting the payment order to the cardholder’s bank so that the bank may determine if the transaction can be effected, constitute the provision of payment instrument acquiring services. Similarly, the Group’s processing and execution of debit (Bancontact, Maestro and VPay) or credit (Visa and MasterCard) card payment orders constitutes the provision of services for the execution of payment transactions through payment cards. Conducting regulated payment services in a European Union member state requires prior approval from the relevant national regulatory authority as either a licensed credit institution authorized to provide payment services, a licensed payment institution or as an issuer of electronic money. Licensed institutions are allowed to operate in the member state in which they are licensed as well as in any other member state in which they are authorized to operate either pursuant to the European principal of freedom to provide services, through a subsidiary or a branch located in the host member state or through an agent. In order to be able to carry out its regulated activities, Worldline NV/SA, a subsidiary of the Group located in Belgium, possesses a payment institution license in Belgium, which allows it to carry out the services described above. In accordance with the European Regulations described above, payment institutions that are licensed in one European Union member state are allowed to establish themselves or provide payment services in any other European Union member state without having to obtain a license from that state, either pursuant to the European principal of freedom to provide services or through a subsidiary (a system referred to as the “European passport”). Worldline NV/SA’s license in Belgium has been “passported” to Austria, the Czech Republic, Germany, Spain, France, the United Kingdom, Italy, Luxembourg, the Netherlands, Norway, Poland, Slovakia, Bulgaria, Croatia, Denmark, Estonia, Finland, Iceland, Lithuania, Malta, Romania, Slovenia, Greece, Ireland, Latvia, Portugal, Sweden, Cyprus and Hungary. Worldline NV/SA has also a a subsidiary in the Czech Republic and a branch in Slovakia. Worldline NV/SA has a subsidiary in Sweden (Worldline Sweden AB) which has a money remittance license delivered by the local regulation authority (SFSA / FinansInspektionen). Such license is passported in other EEA countries. Also, the payment institution license held by Paysquare, a Worldline BV subsidiary, in the Netherlands, was “passported” in Austria, Finland, France, Germany, Luxemburg, Poland, Portugal, Spain and in the United-Kingdom. Payment institutions are subject to specific regulations resulting from the PSD, in particular in regard to own funds and internal controls procedures that they must put in place to comply with the various applicable regulations, such as anti-money laundering measures, corporate governance rules and prudential regulations. The Group also has vigilance and reporting requirements regarding the identity of its clients and beneficiaries of payment transactions. The European Union member states’ national regulatory authorities may impose stricter prudential regulations in light of the specific activity of the regulated payment institution. For example, the Group’s Belgian entity Worldline NV/SA has a “hybrid” license as a result of its payment terminal manufacturing business that, according to the Belgian regulatory authority, represents a potential risk to its payment services activities, given security flaws or failures could affect the Terminals sold by the Group. Accordingly, the

Group is subject to more extensive prudential constraints, especially as pertains to own funds requirements. For example, Worldline NV/SA was required to have around € 34.14 million in own funds during the fourth quarter of 2017. As a provider of these services, the Company is required to comply with certain administrative obligations and provide ancillary services, such as issuing confirmation receipts for transactions (in paper or electronic format), providing installation services, monitoring and maintaining hardware and software or developing client-oriented applications for Terminals. The Group is subject to these requirements either as a result of its carrying out the activities of a payment institution, or in its role as subcontractor carrying out the activities of credit institutions. As a subcontractor, the Group acts as a processor on behalf of credit institutions and must therefore provide its services in compliance with the regulations applicable to credit institutions. For a description of the services that credit institutions outsource to the Group (for which the Group does not require a license), see Section C.1.2 of this registration document. The regulations applicable to payment services are constantly changing. On January 13, 2016, the revised Payment Services Directive (PSD2) entered into force. By January 13, 2018, Member States shall adopt and publish the measures necessary to comply with this directive -as PSD1 Directive 2007/64/EC is repealed with effect from that date. For implementation the European Banking Authority EBA is mandated to develop 6 Regulatory Technical Standards (RTS) and 5 sets of Guidelines (GL) within defined deadlines ranging from 12 to 24 months after the date of entry into force. The directive enlarges the scope of the existing PSD regulation by limiting the exemptions provided for in the PSD and extending its applicability to “third-party payment service providers” who provide remote access to payment account services or payment initiation services through online platforms in relation to payment accounts held by other payment service providers. PSD2 will result in the creation of new regulations applicable to payment initiation services and services for accessing account payment balances. This directive could have an impact on certain payment activities carried out by the Group, in particular services related to the iDEAL and MyBank e-payment platforms and WL Sips card payment platform, and would require a review of the authentication and authorization procedures that would be implemented in the context of PSD2 in order to adjust the Group’s payment platforms, as necessary, so as to comply with the applicable regulation. For a description of these services, see Section C “The Group’s business” of this Registration Document. Worldline has set up an internal PSD2 transformation program to analyze and mediate the impacts and to contribute actively to the consultation of EBA developing RTS and GL in 2016 and 2017. Finally, the Group has indirect access to the interbank payment systems, in order to carry out payment transactions and clearing operations processed in the context of the Group’s Commercial Acquiring activities. The Group is thus subject to certain specific operational regulations developed by the companies that manage these interbank systems, such as STET in France and the CORE (Compensation Retail) system in Belgium. The Group has implemented an internal monitoring system to follow legislative and regulatory developments applicable to its activities.

C

61

Worldline 2017 Registration Document