Worldline - 2019 Universal Registration Document

WORLDLINE Worldline: a regulated Group

Worldline NV/SA has a subsidiary in Sweden (Worldline Sweden AB) which has a payments institution license which includes money remittance services and is under the supervision of the local regulation authority (SFSA/FinansInspektionen). Such license is passported in other European Economic Area countries. Also, the payment institution license held by Paysquare SE, a Worldline BV subsidiary in the Netherlands, was passported in Austria, Belgium, Cyprus, Finland, France, Germany, Greece, Luxembourg, Poland, Portugal, Spain and in the United-Kingdom. SIX Payment Services (Europe) S.A., a subsidiary of the Group located in Luxembourg, has a payment institution license from the CSSF, the local regulator in Luxembourg. SIX Payment Services (Europe) S.A. has established a network of branches in nine member states of the EU, i.e. Poland, Germany, Hungary, Italy, Czech Republic, Belgium, the United Kingdom, Austria and Slovenia. In addition, SPS EU has passported its license on the basis of the freedom of services to all countries of the European Economic Area. Payment institutions are subject to specific regulations resulting from the Payment Services Directive 2015/2366 (PSD2), in particular in regard to own funds and internal controls procedures that they must put in place to comply with the various applicable regulations, such as anti-money laundering measures, corporate governance rules and prudential reporting obligations. The Group also has vigilance and reporting requirements regarding the identity of its clients and beneficiaries of payment transactions. The European Union member states’ national regulatory authorities may impose stricter prudential regulations in light of the specific activity of the regulated payment institution. For example, the Group’s Belgian entity Worldline NV/SA has a “hybrid” license as a result of its payment terminal manufacturing business that, according to the Belgian regulatory authority, represents a potential risk to its payment services. Accordingly, this entity is subject to more extensive prudential constraints, especially as pertains to own funds requirements. For example, Worldline Group regulated entities were required to have around € 42.6 million in own funds during the fourth quarter of 2019 (of which Worldline NV/SA was €27 million). As a provider of these services, the Group is required to comply with certain administrative obligations and provide ancillary services, such as issuing confirmation receipts for transactions (in paper or electronic format), providing installation services, monitoring and maintaining hardware and software or developing client-oriented applications for

terminals. The Group is subject to these requirements either as a result of its carrying out the activities of a payment institution, or in its role as subcontractor carrying out the activities of credit institutions. As a subcontractor, the Group acts as a processor on behalf of credit institutions and must therefore provide its services in compliance with the regulations applicable to credit institutions. For a description of the services that credit institutions outsource to the Group (for which the Group does not require a license), see Section C.5.2 of this Universal Registration Document. Finally, the Group has indirect access to the interbank payment systems, in order to carry out payment transactions and clearing operations processed in the context of the Group’s Commercial Acquiring activities. The Group is thus subject to certain specific operational regulations developed by the companies that manage these interbank systems, such as STET in France and in the Netherlands, the automated Clearing House is processed by equensWorldline which is supervised by the National Bank of the Netherlands. The Group has implemented an internal monitoring system to follow legislative and regulatory developments applicable to its activities Credit institutions can also be authorized to provide payment services. Like all activities exercised by credit institutions, these services can be outsourced, meaning that the institution entrusts to an external service provider, the running of its operational activities. In France, such outsourcing activities are regulated by CRBF regulation 97-02 of February 21, 1997 relating to internal controls within credit institutions and investment firms. Under the provisions of this regulation, a credit institution’s external service provider must comply with the credit institution’s established controls procedures in respect of services provided and must communicate any information that could have an impact on its ability to undertake the functions that have been outsourced to it. For example, the Group issues payment cards and bank statements on behalf of its credit institution clients. Similarly, a licensed payment institution may outsource some of its activities provided it complies with its internal controls procedures and provided it obtains the prior authorization from the competent regulator should this outsourcing be critical. Regulations applicable to C.4.1.2 outsourced credit and payment institution activities

C

63

Universal Registration Document 2019