Worldline - 2020 Universal Registration Document

F

RISK ANALYSIS Risk factors

Card Scheme Rules F.2.9.3 In order to provide its transaction processing services, the Group must be a member (commercial acquirer), and be registered as a processor, of payment schemes in the territories where the Group provides such services. The relationship with these card networks or any changes in network rules or standards, including interpretation and implementation of the rules or standards, that increase the cost of doing business or limit the Group’s ability to provide transaction processing services to or through its merchants or partners, could adversely affect its business, financial condition or results of operations. Furthermore, if the Group is unable to maintain its membership as a commercial acquirer or registration as processor of such payment schemes, which may be due to none-compliance with the payment schemes’ rules or guidelines (including major security or fraud incidents) resulting in the suspension or cancellation of the Group’s registration, the Group may no longer be able to provide acquiring or processing services to the affected customers. As such, the Group and its customers are subject to card network rules that could subject it or its customers to a variety of fines or penalties that may be levied by card networks for certain acts or omissions. In addition, from time to time, card networks increase the fees that they charge to their members and their processors. Risk management Worldline has setup a centralized scheme management team, which has a holistic view of scheme related topics and is able to facilitate the organization in a structured and centralized manner ( e.g. to manage licenses and facilitate scheme compliance process to ensure compliance with rules). With respect to increased costs charged by the schemes ( e.g. increased network & processing fees…), the Group could be led to attempt to pass all or part of these increases along to its merchants, which could result in the loss of some of such clients to competitors if those latter competitors pursue a different strategy. If the Group was to absorb all or a portion of such fees, it could lead to an increase in the operating costs and reduce the earnings of the Group. Tax laws F.2.9.4 As an international group doing business in many countries, the Group is subject to multiple tax laws and must, accordingly, ensure that its global operations at once comply with the various regulatory requirements while all the while achieving their commercial, financial and tax objectives. Because tax laws and regulations in effect in the various countries where the Group does business do not always provide clear or definitive guidelines, the Group’s structure, the conduct of its business and the relevant tax regime are based on the Group’s interpretation of applicable tax laws and regulations. More generally, any violation of tax laws and regulations in the countries where the Group or its subsidiaries are located or do business could lead to tax assessments or the payment of late fees, interest, fines and penalties. This

In order to comply with regulations applicable to its business, and in particular to the activities of payment institutions and subcontractors of credit institutions, the Group is required to adhere to a broad number of requirements in the countries in which it operates, especially as pertains to its IT infrastructure, internal controls and reporting rules. Compliance with these evolving standards, and the corresponding costs could have a material adverse effect on the Group’s financial condition or results of operations. In particular, the Group could be subject to audits by the regulatory authorities of the countries in which it holds a license (Belgian regulatory authority - the Banque Nationale de Belgique, the Dutch regulatory authority - the De NederlandscheBank, the Swedish regulatory authority – Finansinspektionen - the UK Financial Conduct Authority and the Luxembourg regulatory authority - the Commission de Surveillance du Secteur Financier) in respect of the effectiveness of its internal controls and audit systems and risk management. In the event that such audit reveals that the Group is not in compliance with the relevant regulatory requirements, the Group’s efforts to remedy such instances of non-compliance could have a material adverse effect on the Group’s financial condition and results of operations. Risk management The Group’s Compliance department is responsible for supervising and monitoring all matters relating to ethics and compliance within the Group. It handles the implementation of the various aspects of the Group’s Code of Ethics and Business Conduct and ensures that these issues and compliance policies are consistent across the Group. In addition, the Group may call on experts to conduct ad hoc checks on the compliance of some of its practices with applicable regulations. Protection of personal data F.2.9.2 In the context of its activities, the Group collects, uses and processes various types of data, including personal data. The Group has noted an increase in the number of laws and regulations relating to data management and in particular to personal data, within the European Union but also in other regions where the Group operates. Risk management The Group has taken measures to ensure the reliability of its data protection and security systems, as well as to reduce the possible risks caused by a breach of the personal data it processes. Despite the measures adopted by the Group, in particular with respect to the European Regulation on the protection of personal data (“GDPR”) aimed at guaranteeing the confidentiality, integrity and security of data, the risk of possible attacks or violations involving personal data remains.

346

Universal Registration Document 2020