Worldline - Registration Document 2016

Risk Factors Risks related to the Group’s business and industry

computer viruses, unauthorized entry, terrorist acts and war. limited to, fire, natural disasters, telecommunications failure, that could cause system interruptions include, but are not including from events that may be beyond its control. Events therefore be able to protect its systems from interruption, flows. To successfully operate its business, the Group must result in: processing of payment transactions or other difficulties could parties, defects in our systems, errors or delays in the may occur. Breakdowns in the Group’s systems or those of third not be adequate to compensate it for all losses or failures that The Group’s property and business interruption insurance may may contain undetected errors that degrade their performance. products or employees. Similarly, software and software updates result of breakdowns or failures of such parties’ own systems, could also be sources of operational risk to it, including as a or systems. Third parties with whom the Group does business deliberate sabotage or fraudulent manipulation of its operations failures, either as a result of human error or as a result of dependent, could cause significant operational breakdowns or Additionally, the Group’s employees, on whom it is also loss of revenue; ● loss of clients and/or contracts; ● loss of sensitive merchant, consumer and other data; ● fines imposed by payment network associations; ● contractual penalties or trade concessions; ● damage to the hardware or software of our clients; ● negative publicity; harm to the Group’s business or reputation resulting from ● exposure to fraud losses or other liabilities; ● measures and remediation efforts); connection with the imposition of additional security additional operating and development costs (notably in ● legal proceedings being brought against the Group; and/or ● diversion of technical and other resources. ● results of operations and financial condition. reliability or its reputation generally, and hence its business, materially and adversely affect the Group’s reputation for the duration of the outage. Any of these developments could merchant clients from being able to process card payments for liability. Similarly, service outages could prevent the Group’s successful in preventing disruption or limiting the Group’s etc., it cannot be certain that these measures will always be security controls, application development and testing controls, liability through controls, including system redundancies, operations. Although the Group attempts to limit its potential on the Group’s business, financial condition and results of Any one or more of the foregoing could have an adverse effect

adapt its contracts accordingly. The Group’s financial exposure by international standards and law and industry standards, or to comply with mandatory privacy and security standards required required to expend significant capital and other resources to restrictions on its business processes. The Group may be impact on the Group by increasing its costs or imposing specific industry bodies, such changes could have an adverse in the various jurisdictions in which the Group operates or by requirements relating to personal data are adopted in the future extent more restrictive laws, rules or industry security through any insurance maintained by the Group. standards may either not be insured against or not fully covered from any actual or alleged breach of such regulations or results of operations and financial condition. In addition, to the which could have an adverse effect on the Group’s business, damage to the Group’s global reputation and its brand, any of customers to be reluctant to do business with the Group, penalties including fines, or may cause existing or potential services and the imposition of administrative, civil or criminal registrations, the limitation, suspension or termination of result in the suspension or revocation of licenses or data use and security laws, standards and regulations could Group’s failure to keep apprised of and comply with privacy, liability. defects could damage customer relations and subject it to Breakdowns of the Group’s processing systems or software delivers are designed to securely and reliably process very software, servers and data centers. The services the Group operation of numerous systems, including its computer systems, The Group depends heavily on the efficient and uninterrupted outflows for different parties operating across the payment collection, accounting and management of cash inflows and reputation. The Group operates various services that involve the number of users, the Group’s business, and, ultimately, its could have a material adverse effect on a potentially large significant processing or reporting errors or service outages effective and secure service or performance issues that result in high volumes and processing speeds. Any failure to deliver an reports and other information on those transactions, all at very complex transactions—very often in real-time—and provide unable to take corrective measures to redistribute such cash given the Group’s role as systems operator, should the Group be which could adversely affect the Group’s financial condition, undetected fraud, could result in cash flow accounting errors interpretation of contractual rules within systems, or even services chain. A technical defect, errors in the application or Regulation GDPR (General Data Protection Regulation). The in which the Group operates, and in particular to the European processing and transfer of personal data in various jurisdictions standards and limitations applicable to the collection, storage, indirectly through its clients) to laws, regulations, industry e-Transactional services, the Group is subject directly (or institutions, card processing services and other digital and Moreover, as a global provider of services to financial

4

13

Worldline 2016 Registration Document