Worldline - 2019 Universal Registration Document

F

RISK ANALYSIS Risk factors

F.2.1

Cyber-attack, security of systems and data protection [extra-financial risks – Build customer trust]

The Group’s visibility, or the visibility of the brands for which it processes data, in the global payment and digital services industry may attract hackers to conduct cyber-attacks on its systems that could compromise the security of its data or could cause interruptions in the operations of its businesses and expose the Group to increased costs, litigation and other liabilities. The sensitivity of activities, geopolitical tensions and increasing sophistication of cyber-crime contribute to intensify this risk. As part of its business, the Group operates various services that involve the collection, accounting and management of cash inflows and outflows for different parties operating across the payment services chain. The Group electronically receives, processes, stores and transmits sensitive business information of its clients. In addition, depending on the services offered, the Group collects and processes a significant amount of sensitive personal consumer data, including names and addresses, bank account data, payment history records, personal medical data and tax information, among other consumer data. The confidentiality and integrity of the client and consumer information that resides on the Group’s infrastructure and information systems is critical to the successful operation of its business. All of the Group’s businesses functions are at the intersection of rapidly changing technological, social, economic and regulatory developments that requires a wide-ranging set of expertise and intellectual capital. For the Group to successfully compete and grow, it must retain, recruit and develop the necessary personnel who can provide the needed expertise across the entire spectrum of the Group’s intellectual capital needs. The market for qualified personnel, particularly in the area of information and payment technology, is highly competitive and is a factor contributing to increase the risk related to people retention and acquisition.

An information breach in the system and loss of confidential information such as credit card and bank account numbers and related information could have a longer and more significant impact on the Group’s business operations than a hardware failure and could result in claims against the Group for misuse of personal information, such as identity theft. The loss of confidential information could result in the payment of damages and reputational harm and therefore have a material adverse effect on the Group’s business, results of operations or financial condition. As a result, risks related to cyber-attack, security of systems and data protection are highly important for the Group in terms of impact and likelihood and are therefore proactively and closely monitored. The Group security organization has defined a set of Global Security and Safety policies, standards, guidelines and mitigating measures to address the security and cyber-attack risks. Those measures are further detailed in Section D.2.3 “Ensure system security, reliability & continuity”.

People [extra-financial risks – Responsible employer challenges] F.2.2

As part of its acquisition strategy, the Group’s ability to retain employees and key competences in the acquired companies is essential. Failing in those domains might impact the Company as it may limit the organization’s ability to provide high quality services as contractually agreed followed by penalties/claims, win opportunities or loss of customers and reputation damage. The Group has defined a set of programs and mitigating measures to address these people risks. Those measures are further detailed in Section D.3 “Being a responsible employer”.

Market challenges F.2.3

The global payment and digital services industry as well as the change, new product and service introductions, evolving e-consumer and mobility services area in which the Group industry standards, changing customer needs and preferences operates is subject to rapid and significant technological and the entrance of non-traditional competitors.

332

Universal Registration Document 2019