4
Risk Factors
Regulatory and legal risks
22
Worldline
2016 Registration Document
enhanced transparency to the Group’s clients on the pricing
components of its services.
The regulatory environment applicable to the Group is
constantly changing. The Payment Services Directive n°2 (the
“PSD2”) enters into force January
13, 2016 followed by a
transposition period of 2 years. The PSD2 enlarges the scope of
the existing regulation and it may adversely affect the Group’s
business or operations, directly or indirectly (if, for example, the
Group’s clients’ businesses and operations are adversely
affected).
Certain activities of the Group, such as its “Cheque Service”
solution, may also become subject to specific regulation. The
Group was in discussions in 2012 with the French regulatory
authority (Autorité de Contrôle Prudentiel et de Resolution)
about the regulations and approvals applicable to this activity;
such discussions did not lead at this date to any follow-up or
requests from the regulatory authority. Should new regulatory
requirements concerning this activity come into force, the
Group’s results of operations and financial condition could be
adversely affected.
Certain changes to statutes, regulations or industry standards,
such as the implementation of the SEPA project in Europe
(Single Euro Payments Area – a single area for payments in
euros) will significantly impact the Group’s operations and
financial position. To comply with the SEPA project, the Belgian
domestic payment scheme Bancontact/Mister Cash has been
opened to other commercial acquirers, which will induce a new
source of competition in Belgium with other potential
Bancontact/Mister Cash scheme members. Even though the
Group has put into place a plan to mitigate the SEPA project’s
impact on its business in Belgium, this regulation has the
potential to adversely affect the Group’s results of operations.
The SEPA requirements also have an effect on the Group’s
financial institution clients which could result in material, indirect
effects on the way the Group operates or the costs to operate
the Group’s business and impair demand for the Group’s
services among its financial institution clients.
quality of products and services. Growing concern about these
issues included in new laws and regulations could conceivably
slow down growth in these areas, possibly reducing demand for
the Group’s products and therefore adversely affecting its
business, results of operations and financial condition.
Growing enthusiasm for Internet, mobile and IP-based
communication networks may lead to new laws and regulations
regarding confidentiality, data protection, pricing, content and
effect on the Group’s financial position and results of operations.
Furthermore, changes in accounting policies can significantly
affect how the Group calculates expenses and earnings.
In addition, the Group is subject to tax laws in each jurisdiction
where it does business. Changes in tax laws or their
interpretation could decrease the value of tax losses and tax
credits carry forwards recorded on the Group’s balance sheet,
cash flows and income and therefore have a material adverse
Compliance with legal and regulatory rules applicable to the
Group’s business could impose significant additional costs
and have a material adverse effect on the Group’s business.
which it operates, especially as pertains to its IT infrastructure,
internal controls and reporting rules.
In order to comply with regulations applicable to its business,
and in particular to the activities of payment institutions and
subcontractors of credit institutions, the Group is required to
adhere to a broad number of requirements in the countries in
Compliance with these standards, and the corresponding costs
could have a material adverse effect on the Group’s financial
condition and results of operations. In particular, the Group
could be subject audits by the Belgian regulatory authority, the
Banque Nationale de Belgique or the Dutch regulatory authority
(the DBN – National Bank of the Netherlands) in respect of the
effectiveness of its internal controls and audit systems and risk
management. In the event that such audit reveals that the
Group is not in compliance with the relevant regulatory
requirements, the Group’s efforts to remedy such instances of
non-compliance could have a material adverse effect on the
Group’s financial condition and results of operations.
Changes to PCI standards could require significant costs to
ensure compliance, which could have an adverse effect on
the Group’s business.
payment account data security) and the PCI-UPT (relating to
security requirements for unattended payment terminals). Such
standards, which can be adopted by various payment schemes,
entail specific technical requirements and a certification process.
Card Industry – Security Standard Council) are designed to
enhance Card payment data security by promoting the
broadest possible dissemination and implementation of specific
standards relating to the various components of card payment
transactions. The main standard is the PCI-PTS standard on PIN
entry (Payment Card Industry – PIN Transaction Security). The
aim is to guarantee that the cardholder’s PIN is always
processed in a fully secure fashion by the PIN entry device and
ensure the highest level of payment transaction security. Other
PCI-SSC standards include the PCI-DSS (designed to enhance
The security standards established by the PCI-SSC (Payment
associations, banks, transaction processors). This separate
organization offers manufacturers the opportunity to take part
in shaping the standards and the rules for applying them.
Updates to these standards involving changes to existing
requirements are managed by the founding members of the
PCI-SSC – Visa, MasterCard, JCB, American Express and Discover
– in relation with stakeholders from across the electronic
payment industry (e.g. hardware industry stakeholders
(including the Group), regulators, merchants, banking
Changes to these standards entail changes to the Group’s
hardware or products or embedded software. This could
therefore entail substantial capital expenditure. The Group takes
all the necessary financial and engineering steps to bring its new
payment terminals into compliance with the applicable PCI
standard, which imposed stiffer requirements. Although the
certification process is extremely robust, there is a risk that once
in use, specific products might reveal defects that could
subsequently lead the PCI to challenge their certification. In the
event of a withdrawal of the certification, such a challenge could
force the Group to offer different certified terminals to its
customers. This situation may induce customers to switch to
another solution, which would result in decreased revenue and
financial loss.