Worldline - Registration Document 2016

4

Risk Factors Regulatory and legal risks

enhanced transparency to the Group’s clients on the pricing components of its services. The regulatory environment applicable to the Group is constantly changing. The Payment Services Directive n°2 (the “PSD2”) enters into force January 13, 2016 followed by a transposition period of 2 years. The PSD2 enlarges the scope of the existing regulation and it may adversely affect the Group’s business or operations, directly or indirectly (if, for example, the Group’s clients’ businesses and operations are adversely affected). Certain activities of the Group, such as its “Cheque Service” solution, may also become subject to specific regulation. The Group was in discussions in 2012 with the French regulatory authority (Autorité de Contrôle Prudentiel et de Resolution) about the regulations and approvals applicable to this activity; such discussions did not lead at this date to any follow-up or requests from the regulatory authority. Should new regulatory requirements concerning this activity come into force, the Group’s results of operations and financial condition could be adversely affected. Certain changes to statutes, regulations or industry standards, such as the implementation of the SEPA project in Europe (Single Euro Payments Area – a single area for payments in euros) will significantly impact the Group’s operations and financial position. To comply with the SEPA project, the Belgian domestic payment scheme Bancontact/Mister Cash has been opened to other commercial acquirers, which will induce a new source of competition in Belgium with other potential Bancontact/Mister Cash scheme members. Even though the Group has put into place a plan to mitigate the SEPA project’s impact on its business in Belgium, this regulation has the potential to adversely affect the Group’s results of operations. The SEPA requirements also have an effect on the Group’s financial institution clients which could result in material, indirect effects on the way the Group operates or the costs to operate the Group’s business and impair demand for the Group’s services among its financial institution clients. Growing enthusiasm for Internet, mobile and IP-based communication networks may lead to new laws and regulations regarding confidentiality, data protection, pricing, content and quality of products and services. Growing concern about these issues included in new laws and regulations could conceivably slow down growth in these areas, possibly reducing demand for the Group’s products and therefore adversely affecting its business, results of operations and financial condition. In addition, the Group is subject to tax laws in each jurisdiction where it does business. Changes in tax laws or their interpretation could decrease the value of tax losses and tax credits carry forwards recorded on the Group’s balance sheet, cash flows and income and therefore have a material adverse effect on the Group’s financial position and results of operations. Furthermore, changes in accounting policies can significantly affect how the Group calculates expenses and earnings. Compliance with legal and regulatory rules applicable to the Group’s business could impose significant additional costs and have a material adverse effect on the Group’s business. In order to comply with regulations applicable to its business, and in particular to the activities of payment institutions and subcontractors of credit institutions, the Group is required to adhere to a broad number of requirements in the countries in which it operates, especially as pertains to its IT infrastructure, internal controls and reporting rules.

Compliance with these standards, and the corresponding costs could have a material adverse effect on the Group’s financial condition and results of operations. In particular, the Group could be subject audits by the Belgian regulatory authority, the Banque Nationale de Belgique or the Dutch regulatory authority (the DBN – National Bank of the Netherlands) in respect of the effectiveness of its internal controls and audit systems and risk management. In the event that such audit reveals that the Group is not in compliance with the relevant regulatory requirements, the Group’s efforts to remedy such instances of non-compliance could have a material adverse effect on the Group’s financial condition and results of operations. Changes to PCI standards could require significant costs to ensure compliance, which could have an adverse effect on the Group’s business. Card Industry – Security Standard Council) are designed to enhance Card payment data security by promoting the broadest possible dissemination and implementation of specific standards relating to the various components of card payment transactions. The main standard is the PCI-PTS standard on PIN entry (Payment Card Industry – PIN Transaction Security). The aim is to guarantee that the cardholder’s PIN is always processed in a fully secure fashion by the PIN entry device and ensure the highest level of payment transaction security. Other PCI-SSC standards include the PCI-DSS (designed to enhance The security standards established by the PCI-SSC (Payment payment account data security) and the PCI-UPT (relating to security requirements for unattended payment terminals). Such standards, which can be adopted by various payment schemes, entail specific technical requirements and a certification process. Updates to these standards involving changes to existing requirements are managed by the founding members of the PCI-SSC – Visa, MasterCard, JCB, American Express and Discover – in relation with stakeholders from across the electronic payment industry (e.g. hardware industry stakeholders (including the Group), regulators, merchants, banking Changes to these standards entail changes to the Group’s hardware or products or embedded software. This could therefore entail substantial capital expenditure. The Group takes all the necessary financial and engineering steps to bring its new payment terminals into compliance with the applicable PCI standard, which imposed stiffer requirements. Although the certification process is extremely robust, there is a risk that once in use, specific products might reveal defects that could subsequently lead the PCI to challenge their certification. In the event of a withdrawal of the certification, such a challenge could force the Group to offer different certified terminals to its customers. This situation may induce customers to switch to another solution, which would result in decreased revenue and financial loss. associations, banks, transaction processors). This separate organization offers manufacturers the opportunity to take part in shaping the standards and the rules for applying them.

22

Worldline 2016 Registration Document

Made with