Worldline - 2020 Universal Registration Document

F

RISK ANALYSIS Risk factors

Risk factors F.2

The above-mentioned risk management activities allowed the Group management to select, and rank in priority order, the risk factors specific to the Group which are the most material. Furthermore, in light of the Ingenico Group acquisition, this exercice has been enlarged to this new scope in order to provide an up to date view considering the growth of MS activities and the new TSS business. They are classified by importance (decreasing in magnitude after taking into account the mitigating measures taken by the Group).

The Sections F.2.1 to F.2.17 describe the Group’s major risks i.e. which could have a material adverse impact on its business or results (or its ability to achieve its objectives) and/or a possible likelihood to occur. The materiality of the risks has been assessed based on the probability of their occurrence and the expected magnitude of their negative impact. The table below provides a summarized overview of the main risk categories:

Challenges

Main Risks

Worldline action plans and KPIs Refer to Section D.2.3. Refer to Section D.3. Refer to Section D.2.2.

Build customer trust

F.2.1 Cyber-attack, security of systems and data protection

Being a responsible employer

F.2.2 People

Build customer trust

F.2.3 Market challenges including: F.2.3.1 Innovative portfolio F.2.3.2 Competitors’ landscape F.2.4 Service delivery quality and business continuity

Build customer trust

Refer to Section D.2.3

Promote its business ethics within our value chain

F.2.5 Suppliers

Refer to Section D.4.4

F.2.1

Cyber-attack, security of systems and data protection [extra-financial risks – Build customer trust]

The Group’s visibility, or the visibility of the brands for which it processes data, in the global payment and digital services industry may attract hackers to conduct cyber-attacks on its systems that could compromise the security of its data or could cause interruptions in the operations of its businesses and expose the Group to increased costs, litigation and other liabilities. The sensitivity of activities, geopolitical tensions and increasing sophistication of cyber-crime contribute to intensify this risk. As part of its business, the Group operates various services that involve the collection, accounting and management of cash inflows and outflows for different parties operating across the payment services chain. The Group electronically receives, processes, stores and transmits sensitive business information of its clients. In addition, depending on the services offered, the Group collects and processes a significant amount of sensitive personal consumer data, including names and addresses, bank account data, payment history records, personal medical data and tax information, among other consumer data. The confidentiality and integrity of the client and consumer information that resides on the Group’s infrastructure and information systems is critical to the successful operation of its business.

An information breach in the system and loss of confidential information such as credit card and bank account numbers and related information could have a longer and more significant impact on the Group’s business operations than a hardware failure and could result in claims against the Group for misuse of personal information, such as identity theft. The loss of confidential information could result in the payment of damages and reputational harm and therefore have a material adverse effect on the Group’s business, results of operations or financial condition. Risk management As a result, risks related to cyber-attack, security of systems and data protection are highly important for the Group in terms of impact and likelihood and are therefore proactively and closely monitored. The Group security organization has defined a set of Global Security and Safety policies, standards, guidelines and mitigating measures to address the security and cyber-attack risks. Those measures are further detailed in Section D.2.3 “Ensure system security, reliability & business continuity”.

340

Universal Registration Document 2020