Worldline - Registration Document 2016

Risk Factors

Regulatory and legal risks

Worldline

2016 Registration Document

enhanced transparency to the Group’s clients on the pricing

components of its services.

The regulatory environment applicable to the Group is

constantly changing. The Payment Services Directive n°2 (the

“PSD2”) enters into force January

13, 2016 followed by a

transposition period of 2 years. The PSD2 enlarges the scope of

the existing regulation and it may adversely affect the Group’s

business or operations, directly or indirectly (if, for example, the

Group’s clients’ businesses and operations are adversely

affected).

Certain activities of the Group, such as its “Cheque Service”

solution, may also become subject to specific regulation. The

Group was in discussions in 2012 with the French regulatory

authority (Autorité de Contrôle Prudentiel et de Resolution)

about the regulations and approvals applicable to this activity;

such discussions did not lead at this date to any follow-up or

requests from the regulatory authority. Should new regulatory

requirements concerning this activity come into force, the

Group’s results of operations and financial condition could be

adversely affected.

Certain changes to statutes, regulations or industry standards,

such as the implementation of the SEPA project in Europe

(Single Euro Payments Area – a single area for payments in

euros) will significantly impact the Group’s operations and

financial position. To comply with the SEPA project, the Belgian

domestic payment scheme Bancontact/Mister Cash has been

opened to other commercial acquirers, which will induce a new

source of competition in Belgium with other potential

Bancontact/Mister Cash scheme members. Even though the

Group has put into place a plan to mitigate the SEPA project’s

impact on its business in Belgium, this regulation has the

potential to adversely affect the Group’s results of operations.

The SEPA requirements also have an effect on the Group’s

financial institution clients which could result in material, indirect

effects on the way the Group operates or the costs to operate

the Group’s business and impair demand for the Group’s

services among its financial institution clients.

quality of products and services. Growing concern about these

issues included in new laws and regulations could conceivably

slow down growth in these areas, possibly reducing demand for

the Group’s products and therefore adversely affecting its

business, results of operations and financial condition.

Growing enthusiasm for Internet, mobile and IP-based

communication networks may lead to new laws and regulations

regarding confidentiality, data protection, pricing, content and

effect on the Group’s financial position and results of operations.

Furthermore, changes in accounting policies can significantly

affect how the Group calculates expenses and earnings.

In addition, the Group is subject to tax laws in each jurisdiction

where it does business. Changes in tax laws or their

interpretation could decrease the value of tax losses and tax

credits carry forwards recorded on the Group’s balance sheet,

cash flows and income and therefore have a material adverse

Compliance with legal and regulatory rules applicable to the

Group’s business could impose significant additional costs

and have a material adverse effect on the Group’s business.

which it operates, especially as pertains to its IT infrastructure,

internal controls and reporting rules.

In order to comply with regulations applicable to its business,

and in particular to the activities of payment institutions and

subcontractors of credit institutions, the Group is required to

adhere to a broad number of requirements in the countries in

Compliance with these standards, and the corresponding costs

could have a material adverse effect on the Group’s financial

condition and results of operations. In particular, the Group

could be subject audits by the Belgian regulatory authority, the

Banque Nationale de Belgique or the Dutch regulatory authority

(the DBN – National Bank of the Netherlands) in respect of the

effectiveness of its internal controls and audit systems and risk

management. In the event that such audit reveals that the

Group is not in compliance with the relevant regulatory

requirements, the Group’s efforts to remedy such instances of

non-compliance could have a material adverse effect on the

Group’s financial condition and results of operations.

Changes to PCI standards could require significant costs to

ensure compliance, which could have an adverse effect on

the Group’s business.

payment account data security) and the PCI-UPT (relating to

security requirements for unattended payment terminals). Such

standards, which can be adopted by various payment schemes,

entail specific technical requirements and a certification process.

Card Industry – Security Standard Council) are designed to

enhance Card payment data security by promoting the

broadest possible dissemination and implementation of specific

standards relating to the various components of card payment

transactions. The main standard is the PCI-PTS standard on PIN

entry (Payment Card Industry – PIN Transaction Security). The

aim is to guarantee that the cardholder’s PIN is always

processed in a fully secure fashion by the PIN entry device and

ensure the highest level of payment transaction security. Other

PCI-SSC standards include the PCI-DSS (designed to enhance

The security standards established by the PCI-SSC (Payment

associations, banks, transaction processors). This separate

organization offers manufacturers the opportunity to take part

in shaping the standards and the rules for applying them.

Updates to these standards involving changes to existing

requirements are managed by the founding members of the

PCI-SSC – Visa, MasterCard, JCB, American Express and Discover

– in relation with stakeholders from across the electronic

payment industry (e.g. hardware industry stakeholders

(including the Group), regulators, merchants, banking

Changes to these standards entail changes to the Group’s

hardware or products or embedded software. This could

therefore entail substantial capital expenditure. The Group takes

all the necessary financial and engineering steps to bring its new

payment terminals into compliance with the applicable PCI

standard, which imposed stiffer requirements. Although the

certification process is extremely robust, there is a risk that once

in use, specific products might reveal defects that could

subsequently lead the PCI to challenge their certification. In the

event of a withdrawal of the certification, such a challenge could

force the Group to offer different certified terminals to its

customers. This situation may induce customers to switch to

another solution, which would result in decreased revenue and

financial loss.