← back to summary

EFX, §1A diff (2016 → 2017)

Similarity0.99
Added+8325 words
Removed-6236 words

Added paragraphs (8325 words)

ITEM 1A. RISK FACTORS All of the risks and uncertainties described below and the other information included in this Form 10-K should be considered and read carefully. The risks described below are not the only ones facing us. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition or results of operations. This Form 10-K also contains forward-looking statements and estimates that involve risks and uncertainties. Our actual results could differ materially from those anticipated in the forward-looking statements as a result of specific factors, including the risks and uncertainties described below. Security breaches like the cybersecurity incident announced in September 2017 and other disruptions to our information technology infrastructure could compromise Company, consumer and customer information, interfere with our operations, cause us to incur significant costs for remediation and enhancement of our IT systems and expose us to legal liability, all of which could have a substantial negative impact on our business and reputation. In the ordinary course of business, we collect, process, transmit and store sensitive data, including intellectual property, proprietary business information and personally identifiable information of consumers. The secure operation of our information technology networks and systems, and of the processing and maintenance of this information, is critical to our business operations and strategy. Despite our substantial investment in physical and technological security measures, employee training and contractual precautions, our information technology networks and infrastructure (or those of our third-party vendors and other service providers) are vulnerable to unauthorized access to data or breaches of confidential information due to criminal conduct, attacks by hackers, employee or insider malfeasance and/or human error. In 2017, we were the target of a cybersecurity attack that involved the theft of certain personally identifiable information of U.S., Canadian and U.K. consumers. As a result of an ongoing analysis of data stolen in the 2017 cybersecurity incident, the Company recently announced that it was able to identify approximately 2.4 million U.S. consumers whose name and partial driver's license information were stolen, but who were not in the affected population of approximately 145.5 million consumers previously identified by the Company in 2017. The Company is in the process of notifying these additional consumers. It is possible that further analysis will identify additional consumers affected or additional types of data accessed, which could result in additional notifications and negative publicity. Following the cybersecurity incident, we began undertaking significant remediation efforts and other steps to enhance our data security infrastructure. In connection with these efforts, we have incurred significant costs and expect to incur additional significant costs as we take further steps to prevent unauthorized access to our systems and the data we maintain. The actions we have taken are based on our investigation of the causes of the cybersecurity incident, but there will be additional changes needed to prevent a similar incident. We cannot assure that all potential causes of the incident have been identified and remediated and will not occur again. Because our products and services involve the storage and transmission of personal information of consumers, we will continue to routinely be the target of attempted cyber and other security threats by outside third parties, including technically sophisticated and well-resourced bad actors attempting to access or steal the data we store. Insider or employee cyber and security threats are also a significant concern for all companies, including ours. In addition, the 2017 cybersecurity incident may embolden individuals or groups to target our systems. We must continuously monitor and develop our information technology networks and infrastructure to prevent, detect, address and mitigate the risk of unauthorized access, misuse, computer viruses and other events that could have a security impact. If we experience additional breaches of our security measures, including from incidents that we fail to detect for a period of time, sensitive data may be accessed, stolen, disclosed or lost. Any such access, disclosure or other loss of information could subject us to significant additional litigation, regulatory fines, penalties, losses of customers or reputational damage, any of which could have a significant negative impact on our cash flows, competitive position, financial condition or results of operations. We expect our insurance coverage will not be adequate to compensate us for all losses that may occur due to the 2017 cybersecurity incident and we cannot ensure that our insurance policies in the future will be adequate to cover losses from any future failures. In addition, our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention. The government investigations and litigation resulting from the 2017 cybersecurity incident will continue to adversely impact our business and results of operations. As a result of the 2017 cybersecurity incident, we are currently a party to a consolidated multi-district consumer class action lawsuit and a consolidated multi-district financial institution class action lawsuit, as well as securities class action lawsuits, shareholder derivative litigation and other lawsuits and claims allegedly arising out of the cybersecurity incident seeking monetary damages or other relief. A number of U.S. federal, state, local and foreign governmental officials and agencies, including Congressional committees, the FTC, the CFPB, the SEC, the U.S. Department of Justice and state attorneys general offices in the U.S., the FCA in the U.K. and the Office of the Privacy Commissioner in Canada, continue to investigate events related to the 2017 cybersecurity incident, including how it occurred, the consequences thereof and our response thereto. Additional lawsuits, investigations and reports related to the 2017 cybersecurity incident may be filed, commenced or issued. The claims and investigations have resulted in the incurrence of significant external and internal legal costs and expenses and reputational damage to our business and are expected to continue throughout 2018 and beyond. The resolution of these matters may result in damages, costs, fines or penalties substantially in excess of our insurance coverage, which, depending on the amount, could have a material adverse effect on our liquidity or compliance with our credit agreements. If such damages, costs, fines or penalties were great enough that we could not pay them through funds generated from operating activities and/or cause a default under our revolving credit facility, we may be forced to renegotiate or obtain a waiver under our revolving credit facility and/or seek additional debt or equity financing. Such renegotiation or financing may not be available on acceptable terms, or at all. In these circumstances, if we were unable to obtain sufficient financing, we may not be able to meet our obligations as they come due. The outcome of such claims and investigations could also adversely affect or cause us to change how we operate our business. The governmental agencies investigating the cybersecurity incident may seek to impose injunctive relief, consent decrees, or other civil or criminal penalties, which could, among other things, impact our ability to collect and use consumer information, materially increase our data security costs and/or otherwise require us to alter how we operate our business. Any legislative or regulatory changes adopted in reaction to the cybersecurity incident or other companies’ data breaches could require us to make modifications to the operation of our business that could have an adverse effect and/or increase or accelerate our compliance costs. Furthermore, these matters necessitate significant attention by management, which may divert the focus of management from the operation of our business resulting in an adverse impact on our results of operations. The cybersecurity incident and the adverse publicity that followed have had a negative impact on our reputation, and we cannot assure it will not have a long-term effect on our relationships with our customers, our revenue and our business. Our revenue growth in 2017 as compared to 2016 was negatively impacted by the cybersecurity incident. Certain of our customers have determined to defer or cancel new contracts or projects and others could consider such actions unless and until we can provide assurances regarding our ability to prevent unauthorized access to our systems and the data we maintain. Many of our customers are requiring security audits of our systems and any negative results of such audits may cause further losses of customers. In addition, some of our current and potential customers and the contracts governing certain customer relationships, as well as certain of our data suppliers, require us to maintain International Organization for Standardization (“ISO”) certifications, such as ISO 27001 certification, that specify requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system. Due to the 2017 cybersecurity incident, certain of our ISO certifications have been suspended and we will be required to take additional remediation steps to retain such certifications, which efforts may not be successful. Additionally, certain of our payment card industry certifications have been suspended which could result in fines and loss of access to data if we are not able to complete the necessary remediation steps to retain these certifications, which would adversely affect our ability to offer certain products to customers. If we are unable to demonstrate the security of our systems and the data we maintain and rebuild the trust of our customers, consumers and data suppliers, and if further negative publicity continues, we could experience a substantial negative impact on our business. The loss of access to credit, employment, financial and other data from external sources could harm our ability to provide our products and services. We rely extensively upon data from external sources to maintain our proprietary and non-proprietary databases, including data received from customers, strategic partners and various government and public record sources. This data includes the widespread and voluntary contribution of credit data from most lenders in the U.S and many other markets as well as the contribution of data under proprietary contractual agreements, such as employers’ contribution of employment and income data to The Work Number, financial institutions’ contribution of individual financial data to IXI, and telecommunications, cable and utility companies’ contribution of payment and fraud data to the National Cable, Telecommunications and Utility Exchange. For a variety of reasons, including concerns of data furnishers arising out of the 2017 cybersecurity incident, legislatively or judicially imposed restrictions on use, additional security breaches or competitive reasons, our data sources could withdraw, delay receipt of or increase the cost of their data provided to us. Where we currently have exclusive use of data, the providers of the data sources could elect to make the information available to competitors. We also compete with several of our third-party data suppliers. If a substantial number of data sources or certain key data sources were to withdraw or be unable to provide their data, if we were to lose access to data due to government regulation, if we lose exclusive right to the use of data, or if the collection, disclosure or use of data becomes uneconomical, our ability to provide products and services to our clients could have a significant negative impact, which could result in decreased revenue, net income and earnings per share and reputational loss. There can be no assurance that we would be able to obtain data from alternative sources if our current sources become unavailable. Negative changes in general economic conditions, including interest rates, unemployment rates, income, home prices, investment values and consumer confidence, could adversely affect us. Our customers, and therefore our business and revenues, are sensitive to negative changes in general economic conditions, including the demand and availability of affordable credit and capital, the level and volatility of interest rates, inflation, employment levels, consumer confidence and housing demand, both inside and outside the U.S. Business customers use our credit information and related analytical services and data to process applications for new credit cards, automobile loans, home and equity loans and other consumer loans, and to manage their existing credit relationships. Demand for our services tends to be correlated to general levels of economic activity and to consumer credit activity. Bank and other lenders’ willingness to extend credit is adversely affected by elevated consumer delinquency and loan losses in a weak economy. Consumer demand for credit (i.e., rates of spending and levels of indebtedness) also tends to grow more slowly or decline during periods of economic contraction or slow economic growth. Our customer base suffers when financial markets experience volatility, illiquidity and disruption, which has occurred in the past and which could reoccur, and the potential for increased and continuing disruptions going forward presents considerable risks to our business and revenue. High or rising rates of unemployment and interest, declines in income, home prices or investment values, lower consumer confidence and reduced access to credit adversely affect demand for our products and services, and consequently our revenue and results of operations, as consumers may postpone or reduce their spending and use of credit, and lenders may reduce the amount of credit offered or available. Our markets are highly competitive and new product introductions and pricing strategies being offered by our competitors could decrease our sales and market share or require us to enhance our products and services or reduce our prices in a manner that reduces our operating margins. We operate in a number of geographic, product and service markets that are highly competitive. Competitors may develop products and services that are superior to or that achieve greater market acceptance than our products and services. The size of our competitors varies across market segments, as do the resources we have allocated to the segments we target. Therefore, some of our competitors may have significantly greater financial, technical, marketing or other resources than we do in one or more of our market segments, or overall. As a result, our competitors may be in a position to respond more quickly than we can to new or emerging technologies and changes in customer requirements, or may devote greater resources than we can to the development, enhancement, promotion, sale and support of products and services, or some of our customers may develop products of their own that replace the products they currently purchase from us, which would result in lower revenue. In addition, many of our competitors have extensive consumer relationships, including relationships with our current and potential customers. Moreover, new competitors or alliances among our competitors may emerge and potentially reduce our market share, revenue or margins. We also sell our information to competing firms, and buy information from certain of our competitors, in order to sell “tri-bureau” and other products, most notably into the U.S. mortgage market. Changes in prices between competitors for this information and/or changes in the design or sale of tri-bureau versus single bureau product offerings may affect our revenue or profitability. Some of our competitors may choose to sell products that compete with ours at lower prices by accepting lower margins and profitability, or may be able to sell products competitive to ours at lower prices, individually or as a part of integrated suites, given proprietary ownership of data, technological superiority or economies of scale. Price reductions by our competitors could negatively impact our margins and results of operations and could also harm our ability to obtain new customers on favorable terms. Historically, certain of our key products have experienced declines in per unit pricing due to competitive factors and customer demand. Since a significant portion of our operating expenses is relatively fixed in nature due to sales, information technology and development and other costs, if we were unable to respond quickly enough to changes in competition or customer demand, we could experience further reductions in our operating margins. Our relationships with key long-term customers may be materially diminished or terminated We have long-standing relationships with a number of our customers, many of whom could unilaterally terminate their relationship with us or materially reduce the amount of business they conduct with us at any time. Many of our material customer agreements can be terminated by the customer for convenience on advance written notice, which provides our customers with the opportunity to renegotiate their contracts with us or to award more business to our competitors. We also provide our services to business partners who may combine them with their own or other branded services to be offered as a bundle to consumers, governmental agencies and businesses in support of fraud or credit protection, credit monitoring, identity authentication, insurance or credit underwriting, and collections. Some of these partners are the largest providers of credit information or identity protection services to the consumer market. Market competition, business requirements, financial condition and consolidation through mergers or acquisitions, could adversely affect our ability to continue or expand our relationships with our customers and business partners. There is no guarantee that we will be able to retain or renew existing agreements, maintain relationships with any of our customers or business partners on acceptable terms or at all, or collect amounts owed to us from insolvent customers or business partners. The loss of one or more of our major customers or business partners could adversely affect our business, financial condition and results of operations. If we do not introduce successful new products, services and analytical capabilities in a timely manner, or if the market does not adopt our new services, our competitiveness and operating results will suffer. We generally sell our products in industries that are characterized by rapid technological changes, frequent new product and service introductions and changing industry standards. In addition, certain of the markets in which we operate are seasonal and cyclical. Without the timely introduction of new products, services and enhancements, our products and services will become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer. The success of our new products and services will depend on several factors, including our ability to properly identify customer needs; innovate and develop new technologies, services and applications; successfully commercialize new technologies in a timely manner; produce and deliver our products in sufficient volumes on time; differentiate our offerings from competitor offerings; price our products competitively; anticipate our competitors’ development of new products, services or technological innovations; and control product quality in our product development process. Our resources have to be committed to any new products and services before knowing whether the market will adopt the new offerings. In addition, our management is and will continue to be intensely focused on enhancing our security measures and responding to consumer and customer concerns relating to the 2017 cybersecurity incident and may not be able to devote sufficient time to new product development, which could cause us to be less competitive as compared to our peers, lose out on new revenue opportunities and have an adverse effect on our growth and our business. The demand for some of our products and services may be negatively impacted to the extent the availability of free or less expensive consumer information increases. Public or commercial sources of free or relatively inexpensive consumer credit, credit score and other information have become increasingly available, particularly through the internet, and this trend is expected to continue. In addition, governmental agencies in particular have increased the amount of information to which they provide free public access and these or other sources of free or relatively inexpensive consumer information from competitors or other commercial sources may reduce demand for our services, particularly in our USIS and Global Consumer Solutions business units. Recently, there also has been an increase in companies offering free or low-cost direct to consumer credit services (such as credit scores, reports and monitoring) as part of alternative business models that use such services as a means to introduce consumers to other products and services. To the extent that our customers choose not to obtain services from us and instead rely on information obtained at no cost or relatively inexpensively from these other sources, our business, financial condition and results of operations may be adversely affected. Due to the 2017 cybersecurity incident and our provision of free services to consumers in connection therewith, we ceased the advertisement and sale of new products in our direct to consumer business, which resulted in a significant decline in revenue in that business. Furthermore, in late January 2018, we began offering a new credit lock service, Lock & AlertTM, that is free for life and is aimed at empowering consumers to control access to their Equifax credit file directly and quickly from their smartphone or computer. We expect services like our Lock & AlertTM to continue to increase, thereby eliminating the market for many consumer direct products and services. As a result of these factors, we expect that revenue from our direct to consumer business will continue to decline. Additionally, if a significant number of consumers lock or freeze their file, our population of data is reduced which could affect our product offerings and value to our customers in our other businesses. If we experience system constraints or failures, or our customers do not modify and/or upgrade their systems to accept new releases of our products and services, our services to our customers could be delayed or interrupted, which could result in lost revenues or customers, lower margins, or other harm to our business and reputation. We depend on reliable, stable, efficient and uninterrupted operation of our technology network, systems, and data centers to provide service to our customers. Many of the services and systems upon which we rely have been outsourced to third parties. In addition, many of our revenue streams are dependent on links to third party telecommunications providers. These systems and operations, and the personnel that support, service and operate these systems, could be exposed to interruption, damage or destruction from power loss, telecommunication failures, computer viruses, denial-of-service attacks, employee or insider malfeasance, human error, fire, natural disasters, war, terrorist acts or civil unrest. We may not have sufficient disaster recovery or redundant operations in place to cover a loss or failure of systems or telecommunications links in a timely manner. In addition, we will continue to be intensely focused on enhancing our data security infrastructure and implementation of those enhancements could result in service interruptions. Any significant delay or interruption could result in lost revenues or customers, lower margins, or other significant harm to our business or reputation. We and our customers are subject to various current laws and governmental regulations, and could be affected by new laws or regulations, including as a result of the 2017 cybersecurity incident, compliance with which may cause us to incur significant expenses and change our business practices, and if we fail to maintain satisfactory compliance with certain regulations, we could be subject to civil or criminal penalties. We are subject to a number of U.S. federal, state, local and foreign laws and regulations relating to consumer privacy, data and financial protection. See Item 1. Business - "Governmental Regulation" in this Form 10-K for a summary of the U.S. and foreign consumer and data protection laws and regulations to which we are subject. These regulations are complex, change frequently, have tended to become more stringent over time, and are subject to administrative interpretation and judicial construction in ways that could harm our business. Furthermore, we expect there to be an increased focus on laws and regulations related to our business because of the great public concern in the U.S. with regard to the operation of credit reporting agencies, as well as the collection, use, accuracy, correction and sharing of personal information, which was heightened by the 2017 cybersecurity incident. For example, there are a number of legislative proposals pending before the U.S. Congress, various state legislative bodies and foreign governments concerning data protection due to our 2017 cybersecurity incident and other high-profile breaches that could affect us and the President of the United States could act by Executive Order. In addition, a growing number of legislative and regulatory bodies have adopted consumer notification and other requirements in the event that consumer information is accessed by unauthorized persons and additional regulations regarding the use, access, accuracy and security of such data are possible. In the U.S., state laws provide for disparate notification regimes, all of which we are subject to. Further, any perception that our practices or products are an invasion of privacy, whether or not consistent with current or future regulations and industry practices, may subject us to public criticism, private class actions, reputational harm, or claims by regulators, which could disrupt our business and expose us to increased liability. We devote substantial compliance, legal and operational business resources to facilitate compliance with applicable regulations and requirements. In the future, we may be subject to significant additional expense to ensure continued compliance with applicable laws and regulations and to investigate, defend or remedy actual or alleged violations. Additionally, we cooperate with CFPB supervisory examinations and respond to other state, federal and foreign government investigations of our business practices. Any failure by us to comply with, or remedy any violations of, applicable laws and regulations could result in the curtailment of certain of our operations, the imposition of fines and penalties, liability to private plaintiffs as a result of individual or class action litigation, restrictions on our ability to carry on or expand our operations, and reputational harm. In addition, because many of our products are regulated or sold to customers in various industries, we must comply with additional regulations in marketing our products. Moreover, our compliance with privacy laws and regulations and our reputation depend in part on customers' adherence to privacy laws and regulations and their use of our services in ways consistent with consumer expectations and regulatory requirements. We cannot predict the ultimate impact on our business of new or proposed CFPB, FCA or other rules, supervisory examinations or government investigations or enforcement actions. The following legal and regulatory developments also could have a substantial negative impact on our business, financial condition or results of operations: • amendment, enactment or interpretation of laws and regulations that restrict the access and use of personal information and reduce the availability or effectiveness of our solutions or the supply of data available to customers; • changes in cultural and consumer attitudes in favor of further restrictions on information collection and sharing, which may lead to regulations that prevent full utilization of our solutions; • failure of data suppliers or customers to comply with laws or regulations, where mutual compliance is required; • failure of our solutions to comply with current laws and regulations; and • failure of our solutions to adapt to changes in the regulatory environment in an efficient, cost effective manner. For example, Ecuador passed a law in December 2017 that, if implemented, would effectively prohibit us from operating as a credit bureau within Ecuador unless we are selected to operate under contract to serve the public authority that the new law tasks with providing such services. These laws and regulations (as well as actions that may be taken by legislatures and regulatory bodies in other countries) and the consequences of any violation could limit our ability to pursue business opportunities we might otherwise consider engaging in, impose additional costs on us, result in significant loss of revenue, result in significant restitution and fines, impact the value of assets we hold, or otherwise adversely affect our business. See “Item 1. Business - Governmental Regulation” and “Item 3. Legal Proceedings” in this Form 10-K. Regulatory oversight of our contractual relationships with certain of our customers may adversely affect our business. The federal banking agencies, including the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System and the CFPB, as well as many state banking agencies have issued guidance to insured depository institutions and other providers of financial services on assessing and managing risks associated with third-party relationships, which include all business arrangements between a financial services provider and another entity, by contract or otherwise, and generally requires banks and financial services providers to exercise comprehensive oversight throughout each phase of a bank or financial service provider’s business arrangement with third-party service providers, and instructs banks and financial service providers to adopt risk management processes commensurate with the level of risk and complexity of their third-party relationships. This guidance requires more rigorous oversight of third-party relationships that involve certain “critical activities.” In light of this guidance, our existing or potential bank and financial services customers subject to this guidance may continue to revise their third-party risk management policies and processes and the terms on which they do business with us, which may adversely affect our relationship with such customers. In response to the 2017 cybersecurity incident, we also have been contacted by state banking regulators seeking to examine our practices as a third-party service provider to the entities that they regulate. It is possible that these or similar examinations by federal or state banking regulators could lead to adverse changes in our customer relationships. Economic, political and other risks associated with international sales and operations could adversely affect our results of operations. Sales outside the U.S. comprised 29% of our operating revenue in 2017. As a result, our business is subject to various risks associated with doing business internationally. In addition, many of our employees, suppliers, job functions and facilities are located outside the U.S. Accordingly, our future results could be harmed by a variety of factors including: • changes in specific country or region political, economic or other conditions; • trade protection measures; • data privacy and consumer protection regulations; • difficulty in staffing and managing widespread operations; • differing labor, intellectual property protection and technology standards and regulations; • business licensing requirements or other requirements relating to making foreign direct investments, which could increase our cost of doing business in certain jurisdictions, prevent us from entering certain markets, increase our operating costs or lead to penalties or restrictions; • difficulties associated with repatriating cash generated or held abroad in a tax-efficient manner; • implementation of exchange controls; • geopolitical instability, including terrorism and war; • foreign currency changes; • increased travel, infrastructure, legal and compliance costs of multiple international locations; • foreign laws and regulatory requirements; • terrorist activity, natural disasters and other catastrophic events; • restrictions on the import and export of technologies; • difficulties in enforcing contracts and collecting accounts receivable; • longer payment cycles; • failure to meet quality standards for outsourced work; • unfavorable tax rules; • the presence and acceptance of varying level of business corruption in international markets; and • varying business practices in foreign countries We earn revenue, pay expenses, own assets and incur liabilities in countries using currencies other than the U.S. dollar, including among others the British pound, the Australian dollar, the Canadian dollar, the Argentine peso, the Chilean peso, the Euro, the New Zealand dollar, the Costa Rican colon, the Singapore dollar, the Brazilian real, the Russian ruble and the Indian rupee. Because our consolidated financial statements are presented in U.S. dollars, we must translate revenue, income and expenses, as well as assets and liabilities, into U.S. dollars at exchange rates in effect during or at the end of each reporting period. Therefore, increases or decreases in the value of the U.S. dollar against major currencies will affect our operating revenues, operating income and the value of balance sheet items denominated in foreign currencies. In 2017, a general weakening of foreign currencies in countries where we have operations against the U.S. dollar had a negative impact on our results as reported in U.S. dollars. See “Segment Financial Results - International - Asia Pacific,” “ - Europe,” “ -Latin America,” and “- Canada” and “Effects of Inflation and Changes in Foreign Currency Exchange Rates” in the Management’s Discussion and Analysis section of this Form 10-K. Because of the geographic diversity of our operations, weaknesses in some currencies might be offset by strengths in others over time. We generally do not mitigate the risks associated with fluctuating exchange rates, although we may from time to time through forward contracts or other derivative instruments hedge a portion of our translational foreign currency exposure or exchange rate risks associated with material transactions which are denominated in a foreign currency. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Accordingly, fluctuations in foreign currency exchange rates, particularly the strengthening of the U.S. dollar against major currencies, may materially affect our consolidated financial results. We also have a cost method investment in a credit information company in Brazil valued in Brazilian reais. Economic and competition risks within Brazil, and the company’s ability to successfully implement its strategic and operating plans, have had an adverse financial impact on the value of our investment and could result in an additional impairment of the investment. Compliance with applicable U.S. and foreign laws and regulations, such as anti-corruption laws, tax laws, foreign exchange controls and restrictions on repatriation of earnings or other similar restraints, data privacy requirements, labor laws and anti-competition relations increases the cost of doing business in foreign jurisdictions. Although we have implemented policies and procedures to comply with these laws and regulations, a violation by our employees, contractors or agents could nevertheless occur. We are regularly involved in claims, suits, government investigations, supervisory examinations and other proceedings that may result in adverse outcomes. In addition to what we are currently experiencing due to the 2017 cybersecurity incident, we are regularly involved in claims, suits, government investigations, supervisory examinations and regulatory proceedings arising from the ordinary course of our business, including actions with respect to consumer protection and data protection, including purported class action lawsuits. Such claims, suits, government investigations and proceedings are inherently uncertain and their results cannot be predicted with certainty. Regardless of their outcome, such legal proceedings can have an adverse impact on us because of legal costs, diversion of management and other personnel, and other factors. In addition, it is possible that a resolution of one or more such proceedings could result in reputational harm, liability, penalties, or sanctions, as well as judgments, consent decrees, or orders preventing us from offering certain features, functionalities, products, or services, or requiring a change in our business practices, products or technologies, which could in the future materially and adversely affect our business, operating results, and financial condition. The FCRA contains an attorney fee shifting provision to provide an incentive for consumers to bring individual and class action lawsuits against a CRA for violation of the FCRA, and the number of consumer lawsuits (both individual and class action) against us alleging a violation of FCRA and our resulting costs associated with resolving these lawsuits have increased substantially over the past several years. We rely, in part, on acquisitions, joint ventures and other alliances to grow our business and expand our geographic reach. The acquisition, integration or divestiture of businesses by us may not produce the expected financial, operating results or IT and data security profile we expect. In addition, if we are unable to make acquisitions or successfully develop and maintain joint ventures and other alliances, our growth may be adversely impacted. Historically, we have relied, in part, on acquisitions, joint ventures and other alliances to grow our business. Over the past several years, we have acquired many smaller businesses in the U.S. and across the world. Furthermore, during 2016, we acquired Veda, the leading provider of credit information and analysis in Australia and New Zealand, for cash consideration plus debt assumed of approximately $1.9 billion. In January 2014, we acquired TDX, a debt placement service and debt management platform company in the United Kingdom for approximately $323 million. Acquisitions may not be completed on favorable terms, and the expected benefits, synergies and growth from these initiatives may not materialize as planned. We may have difficulty assimilating new businesses and their products, services, technologies, IT systems and personnel into our operations. IT and data security profiles of acquired companies may not meet the Equifax standard and may take longer to integrate and remediate than planned. This may result in significantly greater transaction costs for future acquisitions than we have experienced historically, or it could mean that we will not pursue certain acquisitions where the costs of integration and remediation are too significant. We may also have difficulty integrating and operating businesses in countries and geographies where we do not currently have a significant presence, and acquisitions of businesses having a significant presence outside of the U.S. will increase our exposure to risks of conducting operations in international markets. Similarly, any divestitures will be accompanied by risks commonly encountered in the sale of businesses. These difficulties could disrupt our ongoing business, distract our management and workforce, increase our expenses and adversely affect our operating results and financial condition. Despite our past experience, opportunities to grow our business through acquisitions, joint ventures and other alliances may not be available to us in the future. In addition, as a result of the 2017 cybersecurity incident and the resources and management attention required in connection therewith, there may be more limited resources available for acquisitions and management’s attention is likely to be diverted away from sourcing and developing potential acquisition and joint venture opportunities, resulting in decreased growth. Dependence on outsourcing certain portions of our operations may adversely affect our ability to bring products to market and damage our reputation. Dependence on outsourced information technology and other administrative functions may impair our ability to operate effectively. As part of our efforts to streamline operations and to reduce operating costs, we have outsourced various components of our application development, information technology, operational support and administrative functions and will continue to evaluate additional outsourcing. Although we have implemented service level agreements and have established monitoring controls, if our outsourcing vendors fail to perform their obligations in a timely manner or at satisfactory quality levels including with respect to data and system security, or increase prices for their services to unreasonable levels, our ability to bring products to market and support our customers, and our reputation could suffer. Any failure to perform on the part of these third-party providers could impair our ability to operate effectively and could result in lower future revenue, unrealized efficiencies and adversely impact our results of operations and our financial condition. Much of our outsourcing takes place in developing countries and, as a result, may be subject to geopolitical uncertainty. Changes in income tax laws can significantly impact our net income. Federal and state governments in the U.S. as well as a number of other governments around the world are currently facing significant fiscal pressures and have considered or may consider changes to their tax laws for revenue raising or economic competitiveness reasons. Changes to tax laws can have immediate impacts, either favorable or unfavorable, on our results of operations and cash flows, and may impact our competitive position versus certain competitors who are domiciled in other jurisdictions and subject to different tax laws. In December 2017, the U.S. enacted the Tax Cuts and Jobs Act of 2017 which will significantly impact our U.S. and global tax expense. The application of many provisions in the Tax Cuts and Jobs Act of 2017 are uncertain at this time. The impact on Equifax will not be fully known until further guidance is provided by the U.S. Treasury. If our government contracts are terminated, if we are suspended from government work, or if our ability to compete for new contracts is adversely affected, our business could suffer. We derive a portion of our revenue from direct and indirect sales to U.S., state, local and foreign governments and their respective agencies. Such contracts are subject to various procurement laws and regulations, and contract provisions relating to their formation, administration and performance. Failure to comply with these laws, regulations or provisions in our government contracts could result in the imposition of various civil and criminal penalties, termination of contracts, forfeiture of profits, suspension of payments, or suspension of future government contracting. Following the 2017 cybersecurity incident, our government contracts received enhanced scrutiny and negative media attention that resulted in the suspension of one of our contracts. If we are unable to repair the reputational damage cause by the 2017 cybersecurity incident and ensure the security of the data we maintain, our ability to maintain our existing and acquire new government contracts may be substantially impacted. Also, the government programs to which we provide services, or which are the basis of compliance services we provide non-governmental clients, including, in particular, the employer requirements under the Affordable Care Act, may be terminated or substantially altered by the government and our services would no longer be needed. If our government contracts are terminated, if we are suspended from government work, if the services we provide are no longer needed due to government program change or termination, or if our ability to compete for new contracts is adversely affected, our business could suffer. Third parties may claim that we are infringing on their intellectual property and we could suffer significant litigation or licensing expenses or be prevented from selling products or services. There has been substantial litigation in the U.S. regarding intellectual property rights in the information technology industry. From time to time, third parties may claim that one or more of our products or services infringe their intellectual property rights. We analyze and take action in response to such claims on a case by case basis. Any dispute or litigation regarding patents or other intellectual property could be costly and time-consuming due to the complexity of our technology and the uncertainty of intellectual property litigation, could divert our management and key personnel from our business operations and we may not prevail. A claim of intellectual property infringement could force us to enter into a costly or restrictive license agreement, which might not be available under acceptable terms or at all, or could subject us to significant damages or to an injunction against development and sale of certain of our products or services. Our intellectual property portfolio may not be useful in asserting a counterclaim, or negotiating a license, in response to a claim of intellectual property infringement. In certain of our businesses we rely on third-party intellectual property licenses and we cannot ensure that these licenses will be available to us in the future on favorable terms or at all. Although our policy is to obtain licenses or other rights where necessary, we cannot provide assurance that we have obtained all required licenses or rights. Third parties may misappropriate or infringe on our intellectual property and we may suffer competitive injury or expend significant resources enforcing our rights. Our success increasingly depends on our proprietary technology. We rely on various intellectual property rights, including patents, copyrights, database rights, trademarks and trade secrets, as well as contract restrictions, confidentiality provisions and licensing arrangements, to establish our proprietary rights. The extent to which such rights can be protected varies in different jurisdictions. If we do not enforce our intellectual property rights successfully our competitive position may suffer which could harm our operating results. Our pending patent and trademark applications may not be allowed or competitors may challenge the validity or scope of our intellectual property rights. In addition, our patents, copyrights, trademarks and other intellectual property rights may not provide us a significant competitive advantage. We may need to devote significant resources, including cybersecurity resources, to monitoring our intellectual property rights and we may or may not be able to detect misappropriation or infringement by third parties. Our competitive position may be harmed if we cannot detect misappropriation or infringement and enforce our intellectual property rights quickly or at all. In some circumstances, enforcement may not be available to us because a third party has a dominant intellectual property position or for other business reasons. In addition, competitors might avoid infringement by designing around our intellectual property rights or by developing non-infringing competing technologies. Intellectual property rights and our ability to enforce them may be unavailable or limited in some countries which could make it easier for competitors to capture market share and could result in lost revenue. The U.K’s impending departure from the EU could adversely affect us. The referendum on the U.K.’s membership in the EU (referred to as “Brexit”) approving the exit of the U.K. from the EU could cause disruptions to and create uncertainty surrounding our business, including affecting our relationships with our existing and future customers, suppliers and employees, which could have an adverse effect on our business, financial results and operations. While the referendum was non-binding, the U.K. parliament has voted in favor of allowing the government to commence negotiations to determine the future terms of the U.K.’s relationship with the EU, including the terms of trade between the U.K. and the EU and other nations. The effects of Brexit will depend on any agreements the U.K. makes to retain access to EU markets either during a transitional period or more permanently. In addition, developments regarding Brexit may also create global economic uncertainty, which may cause our clients to closely monitor their costs and reduce their spending on our solutions and services. A downgrade to our credit ratings would increase our cost of borrowing under our credit facility and adversely affect our ability to access the capital markets. We are party to a $900.0 million unsecured, revolving credit facility that matures in November 2020 and an $800.0 million term loan facility that matures in November 2018 (collectively, the “Senior Credit Facilities”). The cost of borrowing under the Senior Credit Facilities and our ability and the terms under which we may access the credit markets are affected by credit ratings assigned to our indebtedness by the major credit rating agencies. These ratings are premised on our performance under assorted financial metrics, such as leverage and interest coverage ratios and other measures of financial strength, business and financial risk, industry conditions, transparency with rating agencies and timeliness of financial reporting. Our current ratings have served to lower our borrowing costs and facilitate access to a variety of lenders. However, there can be no assurance that our credit ratings or outlook will not be lowered in the future in response to adverse changes in these metrics caused by our operating results or by actions that we take that reduce our profitability or that require us to incur additional indebtedness for items such as substantial cash acquisitions, significant increases in costs and capital spending in security and IT systems, significant costs related to settlements of litigation or regulatory requirements, or by returning excess cash to shareholders through dividends or under our share repurchase program. A downgrade of our credit ratings would increase our cost of borrowing under the Senior Credit Facilities, negatively affect our ability to access the capital markets on advantageous terms, or at all, negatively affect the trading price of our securities and have a significant negative impact on our business, financial condition and results of operations. We may not be able to borrow under our revolving credit facility and Receivables Facility. We are party to a $225.0 million, 2-year receivables funding facility ("the "Receivables Facility") as well as the Senior Credit Facilities. Our revolving credit facility and Receivables Facility have representations, covenants, financial covenants and events of default which may limit our ability to borrow under such debt obligations. Any breach of a representation or failure to comply with any covenant or financial covenant or the occurrence of any event of default under the Senior Credit Facilities or the Receivables Facility could result in a prohibition of further borrowings under the revolving credit facility and Receivables Facility or acceleration of any obligations outstanding thereunder. Any event of default under the Senior Credit Facilities or Receivables Facility could result in a cross default under our other outstanding debt obligations. Changes in interest rates could adversely affect our cost of capital and net income. Rising interest rates, credit market dislocations and decisions and actions by credit rating agencies can affect the availability and cost of our funding and adversely affect our net income. Our business will suffer if we are not able to retain and hire key personnel. Our future success depends partly on the continued service of our key development, sales, marketing, executive and administrative personnel. Additionally, increased retention risk exists in certain key areas of our operations, such as IT and security, which require specialized skills, such as maintenance of certain legacy computer systems, data security experts and analytical modelers. If we fail to retain and hire a sufficient number of these personnel, we will not be able to maintain or expand our business. Further, as a result of the cybersecurity incident we may suffer increased attrition. We believe our pay levels are competitive within the regions in which we operate. However, there is also intense competition for certain highly technical specialties in geographic areas where we continue to recruit, and it may become more difficult to retain our key employees. Our retirement and post-retirement pension plans are subject to financial market risks that could adversely affect our future results of operations and cash flows. We have significant retirement and post retirement pension plan assets and obligations. The performance of the financial markets and interest rates impact our plan expenses and funding obligations. Significant decreases in market interest rates, decreases in the fair value of plan assets and investment losses on plan assets will increase our funding obligations, and adversely impact our results of operations and cash flows. We are subject to a variety of other general risks and uncertainties inherent in doing business. In addition to the specific factors discussed above, we are subject to risks that are inherent to doing business. These include growth rates, general economic and political conditions, customer satisfaction with the quality of our services, costs of obtaining insurance, changes in unemployment rates, and other events that can impact revenue and the cost of doing business. ITEM 1B.

Removed paragraphs (6236 words)

ITEM 1A. RISK FACTORS All of the risks and uncertainties described below and the other information included in this Form 10-K should be considered and read carefully. The risks described below are not the only ones facing us. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition or results of operations. This Form 10-K also contains forward-looking statements and estimates that involve risks and uncertainties. Our actual results could differ materially from those anticipated in the forward-looking statements as a result of specific factors, including the risks and uncertainties described below. Negative changes in general economic conditions, including interest rates, unemployment rates, income, home prices, investment values and consumer confidence, could materially adversely affect us. Our customers, and therefore our business and revenues, are sensitive to negative changes in general economic conditions, including the demand and availability of affordable credit and capital, the level and volatility of interest rates, inflation, employment levels, consumer confidence and housing demand, both inside and outside the U.S. Business customers use our credit information and related analytical services and data to process applications for new credit cards, automobile loans, home and equity loans and other consumer loans, and to manage their existing credit relationships. Demand for our services tends to be correlated to general levels of economic activity and to consumer credit activity. Bank and other lenders’ willingness to extend credit is adversely affected by elevated consumer delinquency and loan losses in a weak economy. Consumer demand for credit (i.e., rates of spending and levels of indebtedness) also tends to grow more slowly or decline during periods of economic contraction or slow economic growth. Our customer base suffers when financial markets experience volatility, illiquidity and disruption, which has occurred in the past and which could reoccur, and the potential for increased and continuing disruptions going forward, present considerable risks to our business and revenue. High or rising rates of unemployment and interest, declines in income, home prices or investment values, lower consumer confidence and reduced access to credit adversely affect demand for our products and services, and consequently our revenue and results of operations, as consumers may continue to postpone or reduce their spending and use of credit, and lenders may reduce the amount of credit offered or available. The loss of access to credit, employment, financial and other data from external sources could harm our ability to provide our products and services. We rely extensively upon data from external sources to maintain our proprietary and non-proprietary databases, including data received from customers, strategic partners and various government and public record sources. This data includes the widespread and voluntary contribution of credit data from most lenders in the U.S and many other markets as well as the contribution of data under proprietary contractual agreements, such as employers’ contribution of employment and income data to The Work Number, financial institutions’ contribution of individual financial data to IXI, and telecommunications, cable and utility companies’ contribution of payment and fraud data to the National Cable, Telecommunications and Utility Exchange. Although historically we have not experienced material issues in this regard, our data sources could withdraw, delay receipt of or increase the cost of their data provided to us for a variety of reasons, including legislatively or judicially imposed restrictions on use, security breaches or competitive reasons. Where we currently have exclusive use of data, the providers of the data sources could elect to make the information available to competitors. We also compete with several of our third-party data suppliers. If a substantial number of data sources or certain key data sources were to withdraw or be unable to provide their data, if we were to lose access to data due to government regulation, if we lose exclusive right to the use of data, or if the collection of data becomes uneconomical, our ability to provide products and services to our clients could be materially adversely impacted, which could result in decreased revenue, net income and earnings per share. There can be no assurance that we would be able to obtain data from alternative sources if our current sources become unavailable. Our markets are highly competitive and new product introductions and pricing strategies being offered by our competitors could decrease our sales and market share or require us to enhance our products and services or reduce our prices in a manner that reduces our operating margins. We operate in a number of geographic, product and service markets that are highly competitive. Competitors may develop products and services that are superior to or that achieve greater market acceptance than our products and services. The size of our competitors varies across market segments, as do the resources we have allocated to the segments we target. Therefore, some of our competitors may have significantly greater financial, technical, marketing or other resources than we do in one or more of our market segments, or overall. As a result, our competitors may be in a position to respond more quickly than we can to new or emerging technologies and changes in customer requirements, or may devote greater resources than we can to the development, enhancement, promotion, sale and support of products and services. Moreover, new competitors or alliances among our competitors may emerge and potentially reduce our market share, revenue or margins. We also sell our information to competing firms, and buy information from certain of our competitors, in order to sell “tri-bureau” and other products, most notably into the mortgage and direct to consumer markets. Changes in prices between competitors for this information and/or changes in the design or sale of tri-bureau versus single bureau product offerings may affect our revenue or profitability. Some of our competitors may choose to sell products competitive to ours at lower prices by accepting lower margins and profitability, or may be able to sell products competitive to ours at lower prices given proprietary ownership of data, technological superiority or economies of scale. Price reductions by our competitors could negatively impact our margins and results of operations and could also harm our ability to obtain new customers on favorable terms. Historically, certain of our key products have experienced declines in per unit pricing due to competitive factors and customer demand. Since a significant portion of our operating expenses is relatively fixed in nature due to sales, information technology and development and other costs, if we were unable to respond quickly enough to changes in competition or customer demand, we could experience further reductions in our operating margins. If we do not introduce successful new products, services and analytical capabilities in a timely manner, our competitiveness and operating results will suffer. We generally sell our products in industries that are characterized by rapid technological changes, frequent new product and service introductions and changing industry standards. In addition, certain of the markets in which we operate are seasonal and cyclical. Without the timely introduction of new products, services and enhancements, our products and services will become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer. The success of our new products and services will depend on several factors, including our ability to properly identify customer needs; innovate and develop new technologies, services and applications; successfully commercialize new technologies in a timely manner; produce and deliver our products in sufficient volumes on time; differentiate our offerings from competitor offerings; price our products competitively; anticipate our competitors’ development of new products, services or technological innovations; and control product quality in our product development process. The demand for some of our products and services may be negatively impacted to the extent the availability of free or less expensive consumer information increases. Public or commercial sources of free or relatively inexpensive consumer credit, credit score and other information have become increasingly available, particularly through the internet, and this trend is expected to continue. Governmental agencies in particular have increased the amount of information to which they provide free public access and these or other sources of free or relatively inexpensive consumer information from competitors or other commercial sources may reduce demand for our services, particularly in our USIS and Global Consumer Solutions business units. In addition, recently there has been an increase in companies offering free or low-cost direct to consumer credit services (such as credit scores, reports and monitoring) as part of alternative business models that use such services as a means to introduce consumers to premium products and services. To the extent that our customers choose not to obtain services from us and instead rely on information obtained at no cost or relatively inexpensively from these other sources, our business, financial condition and results of operations may be adversely affected. If we experience system constraints or failures, or our customers do not modify and/or upgrade their systems to accept new releases of our products and services, our services to our customers could be delayed or interrupted, which could result in lost revenues or customers, lower margins, or other harm to our business and reputation. We depend on reliable, stable, efficient and uninterrupted operation of our technology network, systems, and data centers to provide service to our customers. Many of the services and systems upon which we rely have been outsourced to third parties. In addition, many of our revenue streams are dependent on links to third party telecommunications providers. These systems and operations, and the personnel that support, service and operate these systems, could be exposed to interruption, damage or destruction from power loss, telecommunication failures, computer viruses, denial-of-service attacks, employee or insider malfeasance, human error, fire, natural disasters, war, terrorist acts or civil unrest. We may not have sufficient disaster recovery or redundant operations in place to cover a loss or failure of systems or telecommunications links in a timely manner. Any significant delay or interruption could result in lost revenues or customers, lower margins, or other significant harm to our business or reputation. Security breaches and other disruptions to our information technology infrastructure could interfere with our operations, and could compromise Company, customer and consumer information, exposing us to liability which could cause our business and reputation to suffer. In the ordinary course of business, we rely upon information technology networks and systems, some of which are managed by third parties, to process, transmit and store electronic information, and to manage or support a variety of business processes and activities, including business-to-business and business-to-consumer electronic commerce and internal accounting and financial reporting systems. Additionally, we collect and store sensitive data, including intellectual property, proprietary business information and personally identifiable information of our customers, employees, consumers and suppliers, in data centers and on information technology networks. The secure and uninterrupted operation of these networks and systems, and of the processing and maintenance of this information, is critical to our business operations and strategy. Despite our substantial investment in physical and technological security measures, employee training, contractual precautions and business continuity plans, our information technology networks and infrastructure or those of our third-party vendors and other service providers could be vulnerable to damage, disruptions, shutdowns, or breaches of confidential information due to criminal conduct, denial of service or other advanced persistent attacks by hackers, employee or insider error or malfeasance, or other disruptions during the process of upgrading or replacing computer software or hardware, power outages, computer viruses, telecommunication or utility failures or natural disasters or other catastrophic events. Unauthorized access to data files or our information technology systems and applications could result in inappropriate use, change or disclosure of sensitive and/or personal data of our customers, employees, consumers and suppliers. We are regularly the target of attempted cyber and other security threats and must continuously monitor and develop our information technology networks and infrastructure to prevent, detect, address and mitigate the risk of unauthorized access, misuse, computer viruses and other events that could have a security impact. Insider or employee cyber and security threats are increasingly a concern for all large companies, including ours. Although we are not aware of any material breach of our data, properties, networks or systems, if one or more of such events occur, this potentially could compromise our networks and the information stored there could be accessed, publicly disclosed, lost or stolen. Any such access, disclosure or other loss of information could subject us to litigation, regulatory fines, penalties or reputational damage, any of which could have a material effect on our cash flows, competitive position, financial condition or results of operations. Our property and business interruption insurance may not be adequate to compensate us for all losses or failures that may occur. Also, our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention. We and our customers are subject to various current governmental regulations, and could be affected by new laws or regulations, compliance with which may cause us to incur significant expenses and change our business practices, and if we fail to maintain satisfactory compliance with certain regulations, we could be subject to civil or criminal penalties. We are subject to a number of U.S. and state and foreign laws and regulations relating to consumer privacy, data and financial protection. These regulations are complex, change frequently, have tended to become more stringent over time, and are subject to administrative interpretation and judicial construction in ways that could harm our business. Foreign data protection, privacy, consumer protection and other laws and regulations are often more restrictive than those in the U.S. There are also a number of legislative proposals pending before the U.S. Congress, various state legislative bodies and foreign governments concerning data protection that could affect us. Under Title X of the Dodd-Frank Act, the CFPB has broad powers to promulgate, administer and enforce consumer financial regulations, including those applicable to us and to many of our customers. The CFPB has oversight of the FCRA, the federal regulation most directly impacting U.S. operations. The CFPB is also charged with defining “unfair, deceptive or abusive acts and practices,” known as “UDAAP.” Also, where a company has violated Title X of the Dodd-Frank Act, or CFPB regulations under Title X, the Dodd-Frank Act empowers state attorneys general and state regulators to bring civil actions for the kind of cease and desist orders available to the CFPB (but not for civil penalties). During 2016, the CFPB publicly announced 35 enforcement actions, imposing $300.5 million in civil money penalties, and ordering $34 million in restitution and $256.2 million in balance reductions. In the U.K., we are subject to a regulatory framework which provides for primary regulation by the FCA. The FCA focuses on consumer protection and market regulation as well as prudential supervision of regulated financial institutions. The FCA has significant powers, including the power to regulate conduct related to the marketing of financial products, specify minimum standards and to place requirements on products, impose unlimited fines, and to investigate organizations and individuals. In addition, the FCA is able to ban financial products for up to a year while considering an indefinite ban; it has the power to instruct firms to immediately retract or modify promotions which it finds to be misleading, and to publish such decisions. Our core credit reporting (“credit reference”) and debt collections services businesses in the U.K. are subject to FCA supervision and we will require certain corporate and “approved person” authorizations from the FCA to carry on such businesses. Our license application for our debt collection services businesses (TDX) was approved in 2016, and our application for authorization in our capacity as a credit reference agency is under review. Although we do not currently anticipate any issues in receiving authorization, to the extent applicable approvals are not obtained in a timely manner, or at all, we may not conduct these businesses in the U.K. In Europe, we are subject to the E.U. Data Protection Regulation, or GDPR, which will replace the comprehensive 1995 European Union Data Protection Directive. The GDPR establishes several obligations that organizations must follow with respect to use of personal data, including a prohibition on the transfer of personal information from the E.U. to other countries whose laws do not protect personal data to an "adequate" level of privacy or security. The new standards for adequacy are generally stricter and more comprehensive than that of the U.S. and most other countries where Equifax operates. In the U.K., regulatory limitations affect our use of the Electoral Roll, one of our key data sources in that jurisdiction. Generally, the data underlying the products offered by our U.K. Information Services and Global Consumer Solutions product lines, excluding our Commercial Services products, are subject to these regulations. In Spain and Portugal, privacy laws also regulate all credit bureau and personal solutions activities. The GDPR, among other things, will tighten data protection requirements and make enforcement more rigorous, for example, by streamlining enforcement at a European level, introducing data breach notification requirements and increasing penalties for non-compliance. The GDPR was passed by the E.U. Parliament in the spring of 2016 and will become fully effective in May 2018, following a two-year implementation period. New legislation regarding data protection and credit reporting is under consideration in several Latin American countries, including legislation that proposes to adopt EU standards. Periodically, legislative amendments are proposed to prohibit the use of certain data for credit reference purposes, shorten the period during which data may be stored and create new access and notification rights for data subjects. While the potential impact of the foregoing regulatory changes is unlikely to be material in the aggregate to our business, if the market opportunity were to be restricted significantly in Argentina or Chile and/or in a combination of the smaller Latin American countries in which we operate, the impact on our International operating results could be material. We are also subject to rules and regulations relating to consumer privacy, data and financial protection in the other jurisdictions in which we operate, including Australia and New Zealand. If we violate, or otherwise fail to comply with these regulations, our International operating results could be adversely affected. See “Item 1. Business - Government Regulation” in this Form 10-K. We devote substantial compliance, legal and operational business resources to facilitate compliance with applicable regulations and requirements. Additionally, we cooperate with CFPB supervisory examinations and respond to other state and federal investigations of our business practices. Any failure by us to comply with, or remedy any violations of, applicable laws and regulations could result in the curtailment of certain of our operations, the imposition of fines and penalties, and restrictions on our ability to carry on or expand our operations. In addition, because many of our products are regulated or sold to customers in various industries, we must comply with additional regulations in marketing our products. We cannot predict the ultimate impact on our business of new or proposed CFPB, FCA or other rules, supervisory examinations or government investigations or enforcement actions. These laws and regulations (as well as actions that may be taken by legislatures and regulatory bodies in other countries) and the consequences of any violation could limit our ability to pursue business opportunities we might otherwise consider engaging in, impose additional costs on us, result in significant loss of revenue, result in significant restitution and fines, impact the value of assets we hold, or otherwise significantly adversely affect our business. See “Item 1. Business - Government Regulation” in this Form 10-K. We are regularly involved in claims, suits, government investigations, supervisory examinations and other proceedings that may result in adverse outcomes. We are regularly involved in claims, suits, government investigations, supervisory examinations and regulatory proceedings arising from the ordinary course of our business, including actions with respect to consumer protection and data protection, including purported class action lawsuits. Such claims, suits, government investigations, and proceedings are inherently uncertain and their results cannot be predicted with certainty. Regardless of their outcome, such legal proceedings can have an adverse impact on us because of legal costs, diversion of management and other personnel, and other factors. In addition, it is possible that a resolution of one or more such proceedings could result in reputational harm, liability, penalties, or sanctions, as well as judgments, consent decrees, or orders preventing us from offering certain features, functionalities, products, or services, or requiring a change in our business practices, products or technologies, which could in the future materially and adversely affect our business, operating results, and financial condition. The FCRA contains an attorney fee shifting provision to provide an incentive for consumers to bring individual and class action lawsuits against a CRA for violation of the FCRA, and the number of consumer lawsuits (both individual and class action) against us alleging a violation of FCRA and our resulting costs associated with resolving these lawsuits have increased substantially over the past several years. We rely, in part, on acquisitions, joint ventures and other alliances to grow our business and expand our geographic reach. If we are unable to make acquisitions or successfully develop and maintain joint ventures and other alliances, our growth may be adversely impacted. In addition, the acquisition, integration or divestiture of businesses by us may not produce the expected financial or operating results. During 2016, we acquired Veda, the leading provider of credit information and analysis in Australia and New Zealand, for cash consideration plus debt assumed of approximately $1.9 billion as well as other smaller businesses. In January 2014, we acquired the TDX, a debt placement service and debt management platform company in the United Kingdom for approximately $323 million. During 2013, we acquired TrustedID, a direct-to-consumer identity protection business, and several smaller international businesses. Expected benefits, synergies and growth from these initiatives may not materialize as planned. We may have difficulty assimilating new businesses and their products, services, technologies and personnel into our operations. We may also have difficulty integrating and operating businesses in countries and geographies where we do not currently have a significant presence. These difficulties could disrupt our ongoing business, distract our management and workforce, increase our expenses and materially adversely affect our operating results and financial condition. Also, we may not be able to retain key management and other critical employees after an acquisition. Dependence on outsourcing certain portions of our operations may adversely affect our ability to bring products to market and damage our reputation. Dependence on outsourced information technology and other administrative functions may impair our ability to operate effectively. As part of our efforts to streamline operations and to reduce operating costs, we have outsourced various components of our application development, information technology, operational support and administrative functions and will continue to evaluate additional outsourcing. Although we have implemented service level agreements and have established monitoring controls, if our outsourcing vendors fail to perform their obligations in a timely manner or at satisfactory quality levels, our ability to bring products to market and support our customers, and our reputation could suffer. Any failure to perform on the part of these third-party providers could impair our ability to operate effectively and could result in lower future revenue, unexecuted efficiencies and adversely impact our results of operations and our financial condition. Much of our outsourcing takes place in developing countries and, as a result, may be subject to geopolitical uncertainty. The impact of consolidation in our customer end markets is difficult to predict and may harm our business. The financial services, mortgage, retail and telecommunications industries to which we sell our products and services are intensely competitive and have been subject to increasing consolidation. Continuation of the consolidation trends in these and other industries could result in lower average prices for the larger combined entities, lower combined purchases of our services than were purchased cumulatively by separate entities prior to consolidation or existing competitors increasing their market share in newly consolidated entities, which could have a material adverse effect on our business, financial condition and results of operations. We may not be able to compete successfully in an increasingly consolidated industry and cannot predict with certainty how industry consolidation will affect our competitors or us. Changes in income tax laws can significantly impact our net income. Federal and state governments in the U.S. as well as a number of other governments around the world are currently facing significant fiscal pressures and have considered or may consider changes to their tax laws for revenue raising or economic competitiveness reasons. Changes to tax laws can have immediate impacts, either favorable or unfavorable, on our results of operations and cash flows, and may impact our competitive position versus certain competitors who are domiciled in other jurisdictions and subject to different tax laws. If our government contracts are terminated, if we are suspended from government work, or if our ability to compete for new contracts is adversely affected, our business could suffer. We derive a portion of our revenue from direct and indirect sales to U.S., state, local and foreign governments and their respective agencies. Such contracts are subject to various procurement laws and regulations, and contract provisions relating to their formation, administration and performance. Failure to comply with these laws, regulations or provisions in our government contracts could result in the imposition of various civil and criminal penalties, termination of contracts, forfeiture of profits, suspension of payments, or suspension of future government contracting. Also, the government programs to which we provide services, or which are the basis of compliance services we provide non-governmental clients, including, in particular, the Affordable Care Act, may be terminated or substantially altered by the government and our services would no longer be needed. If our government contracts are terminated, if we are suspended from government work, if the services we provide are no longer needed due to government program change or termination, or if our ability to compete for new contracts is adversely affected, our business could suffer. Third parties may claim that we are infringing on their intellectual property and we could suffer significant litigation or licensing expenses or be prevented from selling products or services. From time to time, third parties may claim that one or more of our products or services infringe their intellectual property rights. We analyze and take action in response to such claims on a case by case basis. Any dispute or litigation regarding patents or other intellectual property could be costly and time-consuming due to the complexity of our technology and the uncertainty of intellectual property litigation and could divert our management and key personnel from our business operations. A claim of intellectual property infringement could force us to enter into a costly or restrictive license agreement, which might not be available under acceptable terms or at all, or could subject us to significant damages or to an injunction against development and sale of certain of our products or services. Our intellectual property portfolio may not be useful in asserting a counterclaim, or negotiating a license, in response to a claim of intellectual property infringement. In certain of our businesses we rely on third-party intellectual property licenses and we cannot ensure that these licenses will be available to us in the future on favorable terms or at all. Third parties may infringe on our intellectual property and we may suffer competitive injury or expend significant resources enforcing our rights. Our success increasingly depends on our proprietary technology. We rely on various intellectual property rights, including patents, copyrights, database rights, trademarks and trade secrets, as well as confidentiality provisions and licensing arrangements, to establish our proprietary rights. The extent to which such rights can be protected varies in different jurisdictions. If we do not enforce our intellectual property rights successfully our competitive position may suffer which could harm our operating results. Our pending patent and trademark applications may not be allowed or competitors may challenge the validity or scope of our intellectual property rights. In addition, our patents, copyrights, trademarks and other intellectual property rights may not provide us a significant competitive advantage. We may need to spend significant resources monitoring our intellectual property rights and we may or may not be able to detect infringement by third parties. Our competitive position may be harmed if we cannot detect infringement and enforce our intellectual property rights quickly or at all. In some circumstances, enforcement may not be available to us because an infringer has a dominant intellectual property position or for other business reasons. In addition, competitors might avoid infringement by designing around our intellectual property rights or by developing non-infringing competing technologies. Intellectual property rights and our ability to enforce them may be unavailable or limited in some countries which could make it easier for competitors to capture market share and could result in lost revenue. Economic, political and other risks associated with international sales and operations could adversely affect our results of operations. Sales outside the U.S. comprised 27% of our net operating revenue in 2016. As a result, our business is subject to various risks associated with doing business internationally. In addition, many of our employees, suppliers, job functions and facilities are located outside the U.S. Accordingly, our future results could be harmed by a variety of factors including: • changes in specific country or region political, economic or other conditions; • trade protection measures; • data privacy and consumer protection regulations; • difficulty in staffing and managing widespread operations; • differing labor, intellectual property protection and technology standards and regulations; • business licensing requirements or other requirements relating to making foreign direct investments, which could increase our cost of doing business in certain jurisdictions, prevent us from entering certain markets, increase our operating costs or lead to penalties or restrictions; • difficulties associated with repatriating cash generated or held abroad in a tax-efficient manner; • implementation of exchange controls; • geopolitical instability, including terrorism and war; and • foreign currency changes. We earn revenue, pay expenses, own assets and incur liabilities in countries using currencies other than the U.S. dollar, including among others the British pound, the Australian dollar, the Canadian dollar, the Argentine peso, the Chilean peso, the Euro, the New Zealand dollar, the Costa Rican peso, the Singapore dollar, the Brazilian real, the Russian ruble and the Indian rupee. Because our consolidated financial statements are presented in U.S. dollars, we must translate revenue, income and expenses, as well as assets and liabilities, into U.S. dollars at exchange rates in effect during or at the end of each reporting period. Therefore, increases or decreases in the value of the U.S. dollar against major currencies will affect our net operating revenues, operating income and the value of balance sheet items denominated in foreign currencies. In 2016, a general weakening of foreign currencies in countries where we have operations against the U.S. dollar had a negative impact on our results as reported in U.S. dollars. See “Segment Financial Results - International - Europe", - Asia Pacific", -Latin America", and “- Canada” and “Effects of Inflation and Changes in Foreign Currency Exchange Rates” in the Management’s Discussion and Analysis section of this Form 10-K. Because of the geographic diversity of our operations, weaknesses in some currencies might be offset by strengths in others over time. We generally do not mitigate the risks associated with fluctuating exchange rates, although we may from time to time through forward contracts or other derivative instruments hedge a portion of our translational foreign currency exposure or exchange rate risks associated with material transactions which are denominated in a foreign currency. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Accordingly, fluctuations in foreign currency exchange rates, particularly the strengthening of the U.S. dollar against major currencies, may materially affect our consolidated financial results. We also have a cost method investment in a credit information company in Brazil valued in Brazilian reais. Economic and competition risks within Brazil, and the company’s ability to successfully implement its strategic and operating plans, have had an adverse financial impact on the value of our investment and could result in an additional impairment of the investment. Compliance with applicable U.S. and foreign laws and regulations, such as anti-corruption laws, tax laws, foreign exchange controls and restrictions on repatriation of earnings or other similar restraints, data privacy requirements, labor laws and anti-competition relations increases the cost of doing business in foreign jurisdictions. Although we have implemented policies and procedures to comply with these laws and regulations, a violation by our employees, contractors or agents could nevertheless occur. The U.K’s impending departure from the EU could adversely affect us. The referendum on the U.K.’s membership in the EU (referred to as “Brexit”), approving the exit of the U.K. from the EU could cause disruptions to and create uncertainty surrounding our business, including affecting our relationships with our existing and future clients, suppliers and employees, which could have an adverse effect on our business, financial results and operations. While the referendum was non-binding, the U.K. parliament has voted in favor of allowing the government to commence negotiations to determine the future terms of the U.K.’s relationship with the EU, including the terms of trade between the U.K. and the EU and other nations. The effects of Brexit will depend on any agreements the U.K. makes to retain access to EU markets either during a transitional period or more permanently. In addition, developments regarding Brexit may also create global economic uncertainty, which may cause our clients to closely monitor their costs and reduce their spending on our solutions and services. A downgrade to our credit ratings would increase our cost of borrowing under our credit facility and adversely affect our ability to access the capital markets. We are party to a $900.0 million unsecured, revolving credit facility that matures in November 2020 and an $800.0 million term loan facility that matures in November 2018 (collectively, the “Credit Facilities”). The cost of borrowing under Credit Facilities and our ability and the terms under which we may access the credit markets are affected by credit ratings assigned to our indebtedness by the major credit rating agencies. These ratings are premised on our performance under assorted financial metrics, such as leverage and interest coverage ratios and other measures of financial strength, business and financial risk, industry conditions, transparency with rating agencies and timeliness of financial reporting. Our current ratings have served to lower our borrowing costs and facilitate access to a variety of lenders. However, there can be no assurance that our credit ratings or outlook will not be lowered in the future in response to adverse changes in these metrics caused by our operating results or by actions that we take, such as incurring additional indebtedness or by returning excess cash to shareholders through dividends or under our share repurchase program. A downgrade of our credit ratings would increase our cost of borrowing under the Credit Facilities, negatively affect our ability to access the capital markets on advantageous terms, or at all, negatively affect the trading price of our securities and have a material adverse effect on our business, financial condition and results of operations. Changes in interest rates could adversely affect our cost of capital and net income. Rising interest rates, credit market dislocations and decisions and actions by credit rating agencies can affect the availability and cost of our funding and adversely affect our net income. Our business will suffer if we are not able to retain and hire key personnel. Our future success depends partly on the continued service of our key development, sales, marketing, executive and administrative personnel. Additionally, increased retention risk exists in certain key areas of our operations that require specialized skills, such as maintenance of certain legacy computer systems, data security experts and analytical modelers. If we fail to retain and hire a sufficient number of these personnel, we will not be able to maintain or expand our business. We believe our pay levels are competitive within the regions in which we operate. However, there is also intense competition for certain highly technical specialties in geographic areas where we continue to recruit, and it may become more difficult to retain our key employees. Our retirement and post-retirement pension plans are subject to financial market risks that could adversely affect our future results of operations and cash flows. We have significant retirement and post retirement pension plan assets and obligations. The performance of the financial markets and interest rates impact our plan expenses and funding obligations. Significant decreases in market interest rates, decreases in the fair value of plan assets and investment losses on plan assets will increase our funding obligations, and adversely impact our results of operations and cash flows. We are subject to a variety of other general risks and uncertainties inherent in doing business. In addition to the specific factors discussed above, we are subject to risks that are inherent to doing business. These include growth rates, general economic and political conditions, customer satisfaction with the quality of our services, costs of obtaining insurance, changes in unemployment rates, and other events that can impact revenue and the cost of doing business. ITEM 1B.

Current §1A text (2017)

Show full section (8353 words)

ITEM 1A. RISK FACTORS All of the risks and uncertainties described below and the other information included in this Form 10-K should be considered and read carefully. The risks described below are not the only ones facing us. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition or results of operations. This Form 10-K also contains forward-looking statements and estimates that involve risks and uncertainties. Our actual results could differ materially from those anticipated in the forward-looking statements as a result of specific factors, including the risks and uncertainties described below. Security breaches like the cybersecurity incident announced in September 2017 and other disruptions to our information technology infrastructure could compromise Company, consumer and customer information, interfere with our operations, cause us to incur significant costs for remediation and enhancement of our IT systems and expose us to legal liability, all of which could have a substantial negative impact on our business and reputation. In the ordinary course of business, we collect, process, transmit and store sensitive data, including intellectual property, proprietary business information and personally identifiable information of consumers. The secure operation of our information technology networks and systems, and of the processing and maintenance of this information, is critical to our business operations and strategy. Despite our substantial investment in physical and technological security measures, employee training and contractual precautions, our information technology networks and infrastructure (or those of our third-party vendors and other service providers) are vulnerable to unauthorized access to data or breaches of confidential information due to criminal conduct, attacks by hackers, employee or insider malfeasance and/or human error. In 2017, we were the target of a cybersecurity attack that involved the theft of certain personally identifiable information of U.S., Canadian and U.K. consumers. As a result of an ongoing analysis of data stolen in the 2017 cybersecurity incident, the Company recently announced that it was able to identify approximately 2.4 million U.S. consumers whose name and partial driver's license information were stolen, but who were not in the affected population of approximately 145.5 million consumers previously identified by the Company in 2017. The Company is in the process of notifying these additional consumers. It is possible that further analysis will identify additional consumers affected or additional types of data accessed, which could result in additional notifications and negative publicity. Following the cybersecurity incident, we began undertaking significant remediation efforts and other steps to enhance our data security infrastructure. In connection with these efforts, we have incurred significant costs and expect to incur additional significant costs as we take further steps to prevent unauthorized access to our systems and the data we maintain. The actions we have taken are based on our investigation of the causes of the cybersecurity incident, but there will be additional changes needed to prevent a similar incident. We cannot assure that all potential causes of the incident have been identified and remediated and will not occur again. Because our products and services involve the storage and transmission of personal information of consumers, we will continue to routinely be the target of attempted cyber and other security threats by outside third parties, including technically sophisticated and well-resourced bad actors attempting to access or steal the data we store. Insider or employee cyber and security threats are also a significant concern for all companies, including ours. In addition, the 2017 cybersecurity incident may embolden individuals or groups to target our systems. We must continuously monitor and develop our information technology networks and infrastructure to prevent, detect, address and mitigate the risk of unauthorized access, misuse, computer viruses and other events that could have a security impact. If we experience additional breaches of our security measures, including from incidents that we fail to detect for a period of time, sensitive data may be accessed, stolen, disclosed or lost. Any such access, disclosure or other loss of information could subject us to significant additional litigation, regulatory fines, penalties, losses of customers or reputational damage, any of which could have a significant negative impact on our cash flows, competitive position, financial condition or results of operations. We expect our insurance coverage will not be adequate to compensate us for all losses that may occur due to the 2017 cybersecurity incident and we cannot ensure that our insurance policies in the future will be adequate to cover losses from any future failures. In addition, our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention. The government investigations and litigation resulting from the 2017 cybersecurity incident will continue to adversely impact our business and results of operations. As a result of the 2017 cybersecurity incident, we are currently a party to a consolidated multi-district consumer class action lawsuit and a consolidated multi-district financial institution class action lawsuit, as well as securities class action lawsuits, shareholder derivative litigation and other lawsuits and claims allegedly arising out of the cybersecurity incident seeking monetary damages or other relief. A number of U.S. federal, state, local and foreign governmental officials and agencies, including Congressional committees, the FTC, the CFPB, the SEC, the U.S. Department of Justice and state attorneys general offices in the U.S., the FCA in the U.K. and the Office of the Privacy Commissioner in Canada, continue to investigate events related to the 2017 cybersecurity incident, including how it occurred, the consequences thereof and our response thereto. Additional lawsuits, investigations and reports related to the 2017 cybersecurity incident may be filed, commenced or issued. The claims and investigations have resulted in the incurrence of significant external and internal legal costs and expenses and reputational damage to our business and are expected to continue throughout 2018 and beyond. The resolution of these matters may result in damages, costs, fines or penalties substantially in excess of our insurance coverage, which, depending on the amount, could have a material adverse effect on our liquidity or compliance with our credit agreements. If such damages, costs, fines or penalties were great enough that we could not pay them through funds generated from operating activities and/or cause a default under our revolving credit facility, we may be forced to renegotiate or obtain a waiver under our revolving credit facility and/or seek additional debt or equity financing. Such renegotiation or financing may not be available on acceptable terms, or at all. In these circumstances, if we were unable to obtain sufficient financing, we may not be able to meet our obligations as they come due. The outcome of such claims and investigations could also adversely affect or cause us to change how we operate our business. The governmental agencies investigating the cybersecurity incident may seek to impose injunctive relief, consent decrees, or other civil or criminal penalties, which could, among other things, impact our ability to collect and use consumer information, materially increase our data security costs and/or otherwise require us to alter how we operate our business. Any legislative or regulatory changes adopted in reaction to the cybersecurity incident or other companies’ data breaches could require us to make modifications to the operation of our business that could have an adverse effect and/or increase or accelerate our compliance costs. Furthermore, these matters necessitate significant attention by management, which may divert the focus of management from the operation of our business resulting in an adverse impact on our results of operations. The cybersecurity incident and the adverse publicity that followed have had a negative impact on our reputation, and we cannot assure it will not have a long-term effect on our relationships with our customers, our revenue and our business. Our revenue growth in 2017 as compared to 2016 was negatively impacted by the cybersecurity incident. Certain of our customers have determined to defer or cancel new contracts or projects and others could consider such actions unless and until we can provide assurances regarding our ability to prevent unauthorized access to our systems and the data we maintain. Many of our customers are requiring security audits of our systems and any negative results of such audits may cause further losses of customers. In addition, some of our current and potential customers and the contracts governing certain customer relationships, as well as certain of our data suppliers, require us to maintain International Organization for Standardization (“ISO”) certifications, such as ISO 27001 certification, that specify requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system. Due to the 2017 cybersecurity incident, certain of our ISO certifications have been suspended and we will be required to take additional remediation steps to retain such certifications, which efforts may not be successful. Additionally, certain of our payment card industry certifications have been suspended which could result in fines and loss of access to data if we are not able to complete the necessary remediation steps to retain these certifications, which would adversely affect our ability to offer certain products to customers. If we are unable to demonstrate the security of our systems and the data we maintain and rebuild the trust of our customers, consumers and data suppliers, and if further negative publicity continues, we could experience a substantial negative impact on our business. The loss of access to credit, employment, financial and other data from external sources could harm our ability to provide our products and services. We rely extensively upon data from external sources to maintain our proprietary and non-proprietary databases, including data received from customers, strategic partners and various government and public record sources. This data includes the widespread and voluntary contribution of credit data from most lenders in the U.S and many other markets as well as the contribution of data under proprietary contractual agreements, such as employers’ contribution of employment and income data to The Work Number, financial institutions’ contribution of individual financial data to IXI, and telecommunications, cable and utility companies’ contribution of payment and fraud data to the National Cable, Telecommunications and Utility Exchange. For a variety of reasons, including concerns of data furnishers arising out of the 2017 cybersecurity incident, legislatively or judicially imposed restrictions on use, additional security breaches or competitive reasons, our data sources could withdraw, delay receipt of or increase the cost of their data provided to us. Where we currently have exclusive use of data, the providers of the data sources could elect to make the information available to competitors. We also compete with several of our third-party data suppliers. If a substantial number of data sources or certain key data sources were to withdraw or be unable to provide their data, if we were to lose access to data due to government regulation, if we lose exclusive right to the use of data, or if the collection, disclosure or use of data becomes uneconomical, our ability to provide products and services to our clients could have a significant negative impact, which could result in decreased revenue, net income and earnings per share and reputational loss. There can be no assurance that we would be able to obtain data from alternative sources if our current sources become unavailable. Negative changes in general economic conditions, including interest rates, unemployment rates, income, home prices, investment values and consumer confidence, could adversely affect us. Our customers, and therefore our business and revenues, are sensitive to negative changes in general economic conditions, including the demand and availability of affordable credit and capital, the level and volatility of interest rates, inflation, employment levels, consumer confidence and housing demand, both inside and outside the U.S. Business customers use our credit information and related analytical services and data to process applications for new credit cards, automobile loans, home and equity loans and other consumer loans, and to manage their existing credit relationships. Demand for our services tends to be correlated to general levels of economic activity and to consumer credit activity. Bank and other lenders’ willingness to extend credit is adversely affected by elevated consumer delinquency and loan losses in a weak economy. Consumer demand for credit (i.e., rates of spending and levels of indebtedness) also tends to grow more slowly or decline during periods of economic contraction or slow economic growth. Our customer base suffers when financial markets experience volatility, illiquidity and disruption, which has occurred in the past and which could reoccur, and the potential for increased and continuing disruptions going forward presents considerable risks to our business and revenue. High or rising rates of unemployment and interest, declines in income, home prices or investment values, lower consumer confidence and reduced access to credit adversely affect demand for our products and services, and consequently our revenue and results of operations, as consumers may postpone or reduce their spending and use of credit, and lenders may reduce the amount of credit offered or available. Our markets are highly competitive and new product introductions and pricing strategies being offered by our competitors could decrease our sales and market share or require us to enhance our products and services or reduce our prices in a manner that reduces our operating margins. We operate in a number of geographic, product and service markets that are highly competitive. Competitors may develop products and services that are superior to or that achieve greater market acceptance than our products and services. The size of our competitors varies across market segments, as do the resources we have allocated to the segments we target. Therefore, some of our competitors may have significantly greater financial, technical, marketing or other resources than we do in one or more of our market segments, or overall. As a result, our competitors may be in a position to respond more quickly than we can to new or emerging technologies and changes in customer requirements, or may devote greater resources than we can to the development, enhancement, promotion, sale and support of products and services, or some of our customers may develop products of their own that replace the products they currently purchase from us, which would result in lower revenue. In addition, many of our competitors have extensive consumer relationships, including relationships with our current and potential customers. Moreover, new competitors or alliances among our competitors may emerge and potentially reduce our market share, revenue or margins. We also sell our information to competing firms, and buy information from certain of our competitors, in order to sell “tri-bureau” and other products, most notably into the U.S. mortgage market. Changes in prices between competitors for this information and/or changes in the design or sale of tri-bureau versus single bureau product offerings may affect our revenue or profitability. Some of our competitors may choose to sell products that compete with ours at lower prices by accepting lower margins and profitability, or may be able to sell products competitive to ours at lower prices, individually or as a part of integrated suites, given proprietary ownership of data, technological superiority or economies of scale. Price reductions by our competitors could negatively impact our margins and results of operations and could also harm our ability to obtain new customers on favorable terms. Historically, certain of our key products have experienced declines in per unit pricing due to competitive factors and customer demand. Since a significant portion of our operating expenses is relatively fixed in nature due to sales, information technology and development and other costs, if we were unable to respond quickly enough to changes in competition or customer demand, we could experience further reductions in our operating margins. Our relationships with key long-term customers may be materially diminished or terminated We have long-standing relationships with a number of our customers, many of whom could unilaterally terminate their relationship with us or materially reduce the amount of business they conduct with us at any time. Many of our material customer agreements can be terminated by the customer for convenience on advance written notice, which provides our customers with the opportunity to renegotiate their contracts with us or to award more business to our competitors. We also provide our services to business partners who may combine them with their own or other branded services to be offered as a bundle to consumers, governmental agencies and businesses in support of fraud or credit protection, credit monitoring, identity authentication, insurance or credit underwriting, and collections. Some of these partners are the largest providers of credit information or identity protection services to the consumer market. Market competition, business requirements, financial condition and consolidation through mergers or acquisitions, could adversely affect our ability to continue or expand our relationships with our customers and business partners. There is no guarantee that we will be able to retain or renew existing agreements, maintain relationships with any of our customers or business partners on acceptable terms or at all, or collect amounts owed to us from insolvent customers or business partners. The loss of one or more of our major customers or business partners could adversely affect our business, financial condition and results of operations. If we do not introduce successful new products, services and analytical capabilities in a timely manner, or if the market does not adopt our new services, our competitiveness and operating results will suffer. We generally sell our products in industries that are characterized by rapid technological changes, frequent new product and service introductions and changing industry standards. In addition, certain of the markets in which we operate are seasonal and cyclical. Without the timely introduction of new products, services and enhancements, our products and services will become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer. The success of our new products and services will depend on several factors, including our ability to properly identify customer needs; innovate and develop new technologies, services and applications; successfully commercialize new technologies in a timely manner; produce and deliver our products in sufficient volumes on time; differentiate our offerings from competitor offerings; price our products competitively; anticipate our competitors’ development of new products, services or technological innovations; and control product quality in our product development process. Our resources have to be committed to any new products and services before knowing whether the market will adopt the new offerings. In addition, our management is and will continue to be intensely focused on enhancing our security measures and responding to consumer and customer concerns relating to the 2017 cybersecurity incident and may not be able to devote sufficient time to new product development, which could cause us to be less competitive as compared to our peers, lose out on new revenue opportunities and have an adverse effect on our growth and our business. The demand for some of our products and services may be negatively impacted to the extent the availability of free or less expensive consumer information increases. Public or commercial sources of free or relatively inexpensive consumer credit, credit score and other information have become increasingly available, particularly through the internet, and this trend is expected to continue. In addition, governmental agencies in particular have increased the amount of information to which they provide free public access and these or other sources of free or relatively inexpensive consumer information from competitors or other commercial sources may reduce demand for our services, particularly in our USIS and Global Consumer Solutions business units. Recently, there also has been an increase in companies offering free or low-cost direct to consumer credit services (such as credit scores, reports and monitoring) as part of alternative business models that use such services as a means to introduce consumers to other products and services. To the extent that our customers choose not to obtain services from us and instead rely on information obtained at no cost or relatively inexpensively from these other sources, our business, financial condition and results of operations may be adversely affected. Due to the 2017 cybersecurity incident and our provision of free services to consumers in connection therewith, we ceased the advertisement and sale of new products in our direct to consumer business, which resulted in a significant decline in revenue in that business. Furthermore, in late January 2018, we began offering a new credit lock service, Lock & AlertTM, that is free for life and is aimed at empowering consumers to control access to their Equifax credit file directly and quickly from their smartphone or computer. We expect services like our Lock & AlertTM to continue to increase, thereby eliminating the market for many consumer direct products and services. As a result of these factors, we expect that revenue from our direct to consumer business will continue to decline. Additionally, if a significant number of consumers lock or freeze their file, our population of data is reduced which could affect our product offerings and value to our customers in our other businesses. If we experience system constraints or failures, or our customers do not modify and/or upgrade their systems to accept new releases of our products and services, our services to our customers could be delayed or interrupted, which could result in lost revenues or customers, lower margins, or other harm to our business and reputation. We depend on reliable, stable, efficient and uninterrupted operation of our technology network, systems, and data centers to provide service to our customers. Many of the services and systems upon which we rely have been outsourced to third parties. In addition, many of our revenue streams are dependent on links to third party telecommunications providers. These systems and operations, and the personnel that support, service and operate these systems, could be exposed to interruption, damage or destruction from power loss, telecommunication failures, computer viruses, denial-of-service attacks, employee or insider malfeasance, human error, fire, natural disasters, war, terrorist acts or civil unrest. We may not have sufficient disaster recovery or redundant operations in place to cover a loss or failure of systems or telecommunications links in a timely manner. In addition, we will continue to be intensely focused on enhancing our data security infrastructure and implementation of those enhancements could result in service interruptions. Any significant delay or interruption could result in lost revenues or customers, lower margins, or other significant harm to our business or reputation. We and our customers are subject to various current laws and governmental regulations, and could be affected by new laws or regulations, including as a result of the 2017 cybersecurity incident, compliance with which may cause us to incur significant expenses and change our business practices, and if we fail to maintain satisfactory compliance with certain regulations, we could be subject to civil or criminal penalties. We are subject to a number of U.S. federal, state, local and foreign laws and regulations relating to consumer privacy, data and financial protection. See Item 1. Business - "Governmental Regulation" in this Form 10-K for a summary of the U.S. and foreign consumer and data protection laws and regulations to which we are subject. These regulations are complex, change frequently, have tended to become more stringent over time, and are subject to administrative interpretation and judicial construction in ways that could harm our business. Furthermore, we expect there to be an increased focus on laws and regulations related to our business because of the great public concern in the U.S. with regard to the operation of credit reporting agencies, as well as the collection, use, accuracy, correction and sharing of personal information, which was heightened by the 2017 cybersecurity incident. For example, there are a number of legislative proposals pending before the U.S. Congress, various state legislative bodies and foreign governments concerning data protection due to our 2017 cybersecurity incident and other high-profile breaches that could affect us and the President of the United States could act by Executive Order. In addition, a growing number of legislative and regulatory bodies have adopted consumer notification and other requirements in the event that consumer information is accessed by unauthorized persons and additional regulations regarding the use, access, accuracy and security of such data are possible. In the U.S., state laws provide for disparate notification regimes, all of which we are subject to. Further, any perception that our practices or products are an invasion of privacy, whether or not consistent with current or future regulations and industry practices, may subject us to public criticism, private class actions, reputational harm, or claims by regulators, which could disrupt our business and expose us to increased liability. We devote substantial compliance, legal and operational business resources to facilitate compliance with applicable regulations and requirements. In the future, we may be subject to significant additional expense to ensure continued compliance with applicable laws and regulations and to investigate, defend or remedy actual or alleged violations. Additionally, we cooperate with CFPB supervisory examinations and respond to other state, federal and foreign government investigations of our business practices. Any failure by us to comply with, or remedy any violations of, applicable laws and regulations could result in the curtailment of certain of our operations, the imposition of fines and penalties, liability to private plaintiffs as a result of individual or class action litigation, restrictions on our ability to carry on or expand our operations, and reputational harm. In addition, because many of our products are regulated or sold to customers in various industries, we must comply with additional regulations in marketing our products. Moreover, our compliance with privacy laws and regulations and our reputation depend in part on customers' adherence to privacy laws and regulations and their use of our services in ways consistent with consumer expectations and regulatory requirements. We cannot predict the ultimate impact on our business of new or proposed CFPB, FCA or other rules, supervisory examinations or government investigations or enforcement actions. The following legal and regulatory developments also could have a substantial negative impact on our business, financial condition or results of operations: • amendment, enactment or interpretation of laws and regulations that restrict the access and use of personal information and reduce the availability or effectiveness of our solutions or the supply of data available to customers; • changes in cultural and consumer attitudes in favor of further restrictions on information collection and sharing, which may lead to regulations that prevent full utilization of our solutions; • failure of data suppliers or customers to comply with laws or regulations, where mutual compliance is required; • failure of our solutions to comply with current laws and regulations; and • failure of our solutions to adapt to changes in the regulatory environment in an efficient, cost effective manner. For example, Ecuador passed a law in December 2017 that, if implemented, would effectively prohibit us from operating as a credit bureau within Ecuador unless we are selected to operate under contract to serve the public authority that the new law tasks with providing such services. These laws and regulations (as well as actions that may be taken by legislatures and regulatory bodies in other countries) and the consequences of any violation could limit our ability to pursue business opportunities we might otherwise consider engaging in, impose additional costs on us, result in significant loss of revenue, result in significant restitution and fines, impact the value of assets we hold, or otherwise adversely affect our business. See “Item 1. Business - Governmental Regulation” and “Item 3. Legal Proceedings” in this Form 10-K. Regulatory oversight of our contractual relationships with certain of our customers may adversely affect our business. The federal banking agencies, including the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System and the CFPB, as well as many state banking agencies have issued guidance to insured depository institutions and other providers of financial services on assessing and managing risks associated with third-party relationships, which include all business arrangements between a financial services provider and another entity, by contract or otherwise, and generally requires banks and financial services providers to exercise comprehensive oversight throughout each phase of a bank or financial service provider’s business arrangement with third-party service providers, and instructs banks and financial service providers to adopt risk management processes commensurate with the level of risk and complexity of their third-party relationships. This guidance requires more rigorous oversight of third-party relationships that involve certain “critical activities.” In light of this guidance, our existing or potential bank and financial services customers subject to this guidance may continue to revise their third-party risk management policies and processes and the terms on which they do business with us, which may adversely affect our relationship with such customers. In response to the 2017 cybersecurity incident, we also have been contacted by state banking regulators seeking to examine our practices as a third-party service provider to the entities that they regulate. It is possible that these or similar examinations by federal or state banking regulators could lead to adverse changes in our customer relationships. Economic, political and other risks associated with international sales and operations could adversely affect our results of operations. Sales outside the U.S. comprised 29% of our operating revenue in 2017. As a result, our business is subject to various risks associated with doing business internationally. In addition, many of our employees, suppliers, job functions and facilities are located outside the U.S. Accordingly, our future results could be harmed by a variety of factors including: • changes in specific country or region political, economic or other conditions; • trade protection measures; • data privacy and consumer protection regulations; • difficulty in staffing and managing widespread operations; • differing labor, intellectual property protection and technology standards and regulations; • business licensing requirements or other requirements relating to making foreign direct investments, which could increase our cost of doing business in certain jurisdictions, prevent us from entering certain markets, increase our operating costs or lead to penalties or restrictions; • difficulties associated with repatriating cash generated or held abroad in a tax-efficient manner; • implementation of exchange controls; • geopolitical instability, including terrorism and war; • foreign currency changes; • increased travel, infrastructure, legal and compliance costs of multiple international locations; • foreign laws and regulatory requirements; • terrorist activity, natural disasters and other catastrophic events; • restrictions on the import and export of technologies; • difficulties in enforcing contracts and collecting accounts receivable; • longer payment cycles; • failure to meet quality standards for outsourced work; • unfavorable tax rules; • the presence and acceptance of varying level of business corruption in international markets; and • varying business practices in foreign countries We earn revenue, pay expenses, own assets and incur liabilities in countries using currencies other than the U.S. dollar, including among others the British pound, the Australian dollar, the Canadian dollar, the Argentine peso, the Chilean peso, the Euro, the New Zealand dollar, the Costa Rican colon, the Singapore dollar, the Brazilian real, the Russian ruble and the Indian rupee. Because our consolidated financial statements are presented in U.S. dollars, we must translate revenue, income and expenses, as well as assets and liabilities, into U.S. dollars at exchange rates in effect during or at the end of each reporting period. Therefore, increases or decreases in the value of the U.S. dollar against major currencies will affect our operating revenues, operating income and the value of balance sheet items denominated in foreign currencies. In 2017, a general weakening of foreign currencies in countries where we have operations against the U.S. dollar had a negative impact on our results as reported in U.S. dollars. See “Segment Financial Results - International - Asia Pacific,” “ - Europe,” “ -Latin America,” and “- Canada” and “Effects of Inflation and Changes in Foreign Currency Exchange Rates” in the Management’s Discussion and Analysis section of this Form 10-K. Because of the geographic diversity of our operations, weaknesses in some currencies might be offset by strengths in others over time. We generally do not mitigate the risks associated with fluctuating exchange rates, although we may from time to time through forward contracts or other derivative instruments hedge a portion of our translational foreign currency exposure or exchange rate risks associated with material transactions which are denominated in a foreign currency. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place. Accordingly, fluctuations in foreign currency exchange rates, particularly the strengthening of the U.S. dollar against major currencies, may materially affect our consolidated financial results. We also have a cost method investment in a credit information company in Brazil valued in Brazilian reais. Economic and competition risks within Brazil, and the company’s ability to successfully implement its strategic and operating plans, have had an adverse financial impact on the value of our investment and could result in an additional impairment of the investment. Compliance with applicable U.S. and foreign laws and regulations, such as anti-corruption laws, tax laws, foreign exchange controls and restrictions on repatriation of earnings or other similar restraints, data privacy requirements, labor laws and anti-competition relations increases the cost of doing business in foreign jurisdictions. Although we have implemented policies and procedures to comply with these laws and regulations, a violation by our employees, contractors or agents could nevertheless occur. We are regularly involved in claims, suits, government investigations, supervisory examinations and other proceedings that may result in adverse outcomes. In addition to what we are currently experiencing due to the 2017 cybersecurity incident, we are regularly involved in claims, suits, government investigations, supervisory examinations and regulatory proceedings arising from the ordinary course of our business, including actions with respect to consumer protection and data protection, including purported class action lawsuits. Such claims, suits, government investigations and proceedings are inherently uncertain and their results cannot be predicted with certainty. Regardless of their outcome, such legal proceedings can have an adverse impact on us because of legal costs, diversion of management and other personnel, and other factors. In addition, it is possible that a resolution of one or more such proceedings could result in reputational harm, liability, penalties, or sanctions, as well as judgments, consent decrees, or orders preventing us from offering certain features, functionalities, products, or services, or requiring a change in our business practices, products or technologies, which could in the future materially and adversely affect our business, operating results, and financial condition. The FCRA contains an attorney fee shifting provision to provide an incentive for consumers to bring individual and class action lawsuits against a CRA for violation of the FCRA, and the number of consumer lawsuits (both individual and class action) against us alleging a violation of FCRA and our resulting costs associated with resolving these lawsuits have increased substantially over the past several years. We rely, in part, on acquisitions, joint ventures and other alliances to grow our business and expand our geographic reach. The acquisition, integration or divestiture of businesses by us may not produce the expected financial, operating results or IT and data security profile we expect. In addition, if we are unable to make acquisitions or successfully develop and maintain joint ventures and other alliances, our growth may be adversely impacted. Historically, we have relied, in part, on acquisitions, joint ventures and other alliances to grow our business. Over the past several years, we have acquired many smaller businesses in the U.S. and across the world. Furthermore, during 2016, we acquired Veda, the leading provider of credit information and analysis in Australia and New Zealand, for cash consideration plus debt assumed of approximately $1.9 billion. In January 2014, we acquired TDX, a debt placement service and debt management platform company in the United Kingdom for approximately $323 million. Acquisitions may not be completed on favorable terms, and the expected benefits, synergies and growth from these initiatives may not materialize as planned. We may have difficulty assimilating new businesses and their products, services, technologies, IT systems and personnel into our operations. IT and data security profiles of acquired companies may not meet the Equifax standard and may take longer to integrate and remediate than planned. This may result in significantly greater transaction costs for future acquisitions than we have experienced historically, or it could mean that we will not pursue certain acquisitions where the costs of integration and remediation are too significant. We may also have difficulty integrating and operating businesses in countries and geographies where we do not currently have a significant presence, and acquisitions of businesses having a significant presence outside of the U.S. will increase our exposure to risks of conducting operations in international markets. Similarly, any divestitures will be accompanied by risks commonly encountered in the sale of businesses. These difficulties could disrupt our ongoing business, distract our management and workforce, increase our expenses and adversely affect our operating results and financial condition. Despite our past experience, opportunities to grow our business through acquisitions, joint ventures and other alliances may not be available to us in the future. In addition, as a result of the 2017 cybersecurity incident and the resources and management attention required in connection therewith, there may be more limited resources available for acquisitions and management’s attention is likely to be diverted away from sourcing and developing potential acquisition and joint venture opportunities, resulting in decreased growth. Dependence on outsourcing certain portions of our operations may adversely affect our ability to bring products to market and damage our reputation. Dependence on outsourced information technology and other administrative functions may impair our ability to operate effectively. As part of our efforts to streamline operations and to reduce operating costs, we have outsourced various components of our application development, information technology, operational support and administrative functions and will continue to evaluate additional outsourcing. Although we have implemented service level agreements and have established monitoring controls, if our outsourcing vendors fail to perform their obligations in a timely manner or at satisfactory quality levels including with respect to data and system security, or increase prices for their services to unreasonable levels, our ability to bring products to market and support our customers, and our reputation could suffer. Any failure to perform on the part of these third-party providers could impair our ability to operate effectively and could result in lower future revenue, unrealized efficiencies and adversely impact our results of operations and our financial condition. Much of our outsourcing takes place in developing countries and, as a result, may be subject to geopolitical uncertainty. Changes in income tax laws can significantly impact our net income. Federal and state governments in the U.S. as well as a number of other governments around the world are currently facing significant fiscal pressures and have considered or may consider changes to their tax laws for revenue raising or economic competitiveness reasons. Changes to tax laws can have immediate impacts, either favorable or unfavorable, on our results of operations and cash flows, and may impact our competitive position versus certain competitors who are domiciled in other jurisdictions and subject to different tax laws. In December 2017, the U.S. enacted the Tax Cuts and Jobs Act of 2017 which will significantly impact our U.S. and global tax expense. The application of many provisions in the Tax Cuts and Jobs Act of 2017 are uncertain at this time. The impact on Equifax will not be fully known until further guidance is provided by the U.S. Treasury. If our government contracts are terminated, if we are suspended from government work, or if our ability to compete for new contracts is adversely affected, our business could suffer. We derive a portion of our revenue from direct and indirect sales to U.S., state, local and foreign governments and their respective agencies. Such contracts are subject to various procurement laws and regulations, and contract provisions relating to their formation, administration and performance. Failure to comply with these laws, regulations or provisions in our government contracts could result in the imposition of various civil and criminal penalties, termination of contracts, forfeiture of profits, suspension of payments, or suspension of future government contracting. Following the 2017 cybersecurity incident, our government contracts received enhanced scrutiny and negative media attention that resulted in the suspension of one of our contracts. If we are unable to repair the reputational damage cause by the 2017 cybersecurity incident and ensure the security of the data we maintain, our ability to maintain our existing and acquire new government contracts may be substantially impacted. Also, the government programs to which we provide services, or which are the basis of compliance services we provide non-governmental clients, including, in particular, the employer requirements under the Affordable Care Act, may be terminated or substantially altered by the government and our services would no longer be needed. If our government contracts are terminated, if we are suspended from government work, if the services we provide are no longer needed due to government program change or termination, or if our ability to compete for new contracts is adversely affected, our business could suffer. Third parties may claim that we are infringing on their intellectual property and we could suffer significant litigation or licensing expenses or be prevented from selling products or services. There has been substantial litigation in the U.S. regarding intellectual property rights in the information technology industry. From time to time, third parties may claim that one or more of our products or services infringe their intellectual property rights. We analyze and take action in response to such claims on a case by case basis. Any dispute or litigation regarding patents or other intellectual property could be costly and time-consuming due to the complexity of our technology and the uncertainty of intellectual property litigation, could divert our management and key personnel from our business operations and we may not prevail. A claim of intellectual property infringement could force us to enter into a costly or restrictive license agreement, which might not be available under acceptable terms or at all, or could subject us to significant damages or to an injunction against development and sale of certain of our products or services. Our intellectual property portfolio may not be useful in asserting a counterclaim, or negotiating a license, in response to a claim of intellectual property infringement. In certain of our businesses we rely on third-party intellectual property licenses and we cannot ensure that these licenses will be available to us in the future on favorable terms or at all. Although our policy is to obtain licenses or other rights where necessary, we cannot provide assurance that we have obtained all required licenses or rights. Third parties may misappropriate or infringe on our intellectual property and we may suffer competitive injury or expend significant resources enforcing our rights. Our success increasingly depends on our proprietary technology. We rely on various intellectual property rights, including patents, copyrights, database rights, trademarks and trade secrets, as well as contract restrictions, confidentiality provisions and licensing arrangements, to establish our proprietary rights. The extent to which such rights can be protected varies in different jurisdictions. If we do not enforce our intellectual property rights successfully our competitive position may suffer which could harm our operating results. Our pending patent and trademark applications may not be allowed or competitors may challenge the validity or scope of our intellectual property rights. In addition, our patents, copyrights, trademarks and other intellectual property rights may not provide us a significant competitive advantage. We may need to devote significant resources, including cybersecurity resources, to monitoring our intellectual property rights and we may or may not be able to detect misappropriation or infringement by third parties. Our competitive position may be harmed if we cannot detect misappropriation or infringement and enforce our intellectual property rights quickly or at all. In some circumstances, enforcement may not be available to us because a third party has a dominant intellectual property position or for other business reasons. In addition, competitors might avoid infringement by designing around our intellectual property rights or by developing non-infringing competing technologies. Intellectual property rights and our ability to enforce them may be unavailable or limited in some countries which could make it easier for competitors to capture market share and could result in lost revenue. The U.K’s impending departure from the EU could adversely affect us. The referendum on the U.K.’s membership in the EU (referred to as “Brexit”) approving the exit of the U.K. from the EU could cause disruptions to and create uncertainty surrounding our business, including affecting our relationships with our existing and future customers, suppliers and employees, which could have an adverse effect on our business, financial results and operations. While the referendum was non-binding, the U.K. parliament has voted in favor of allowing the government to commence negotiations to determine the future terms of the U.K.’s relationship with the EU, including the terms of trade between the U.K. and the EU and other nations. The effects of Brexit will depend on any agreements the U.K. makes to retain access to EU markets either during a transitional period or more permanently. In addition, developments regarding Brexit may also create global economic uncertainty, which may cause our clients to closely monitor their costs and reduce their spending on our solutions and services. A downgrade to our credit ratings would increase our cost of borrowing under our credit facility and adversely affect our ability to access the capital markets. We are party to a $900.0 million unsecured, revolving credit facility that matures in November 2020 and an $800.0 million term loan facility that matures in November 2018 (collectively, the “Senior Credit Facilities”). The cost of borrowing under the Senior Credit Facilities and our ability and the terms under which we may access the credit markets are affected by credit ratings assigned to our indebtedness by the major credit rating agencies. These ratings are premised on our performance under assorted financial metrics, such as leverage and interest coverage ratios and other measures of financial strength, business and financial risk, industry conditions, transparency with rating agencies and timeliness of financial reporting. Our current ratings have served to lower our borrowing costs and facilitate access to a variety of lenders. However, there can be no assurance that our credit ratings or outlook will not be lowered in the future in response to adverse changes in these metrics caused by our operating results or by actions that we take that reduce our profitability or that require us to incur additional indebtedness for items such as substantial cash acquisitions, significant increases in costs and capital spending in security and IT systems, significant costs related to settlements of litigation or regulatory requirements, or by returning excess cash to shareholders through dividends or under our share repurchase program. A downgrade of our credit ratings would increase our cost of borrowing under the Senior Credit Facilities, negatively affect our ability to access the capital markets on advantageous terms, or at all, negatively affect the trading price of our securities and have a significant negative impact on our business, financial condition and results of operations. We may not be able to borrow under our revolving credit facility and Receivables Facility. We are party to a $225.0 million, 2-year receivables funding facility ("the "Receivables Facility") as well as the Senior Credit Facilities. Our revolving credit facility and Receivables Facility have representations, covenants, financial covenants and events of default which may limit our ability to borrow under such debt obligations. Any breach of a representation or failure to comply with any covenant or financial covenant or the occurrence of any event of default under the Senior Credit Facilities or the Receivables Facility could result in a prohibition of further borrowings under the revolving credit facility and Receivables Facility or acceleration of any obligations outstanding thereunder. Any event of default under the Senior Credit Facilities or Receivables Facility could result in a cross default under our other outstanding debt obligations. Changes in interest rates could adversely affect our cost of capital and net income. Rising interest rates, credit market dislocations and decisions and actions by credit rating agencies can affect the availability and cost of our funding and adversely affect our net income. Our business will suffer if we are not able to retain and hire key personnel. Our future success depends partly on the continued service of our key development, sales, marketing, executive and administrative personnel. Additionally, increased retention risk exists in certain key areas of our operations, such as IT and security, which require specialized skills, such as maintenance of certain legacy computer systems, data security experts and analytical modelers. If we fail to retain and hire a sufficient number of these personnel, we will not be able to maintain or expand our business. Further, as a result of the cybersecurity incident we may suffer increased attrition. We believe our pay levels are competitive within the regions in which we operate. However, there is also intense competition for certain highly technical specialties in geographic areas where we continue to recruit, and it may become more difficult to retain our key employees. Our retirement and post-retirement pension plans are subject to financial market risks that could adversely affect our future results of operations and cash flows. We have significant retirement and post retirement pension plan assets and obligations. The performance of the financial markets and interest rates impact our plan expenses and funding obligations. Significant decreases in market interest rates, decreases in the fair value of plan assets and investment losses on plan assets will increase our funding obligations, and adversely impact our results of operations and cash flows. We are subject to a variety of other general risks and uncertainties inherent in doing business. In addition to the specific factors discussed above, we are subject to risks that are inherent to doing business. These include growth rates, general economic and political conditions, customer satisfaction with the quality of our services, costs of obtaining insurance, changes in unemployment rates, and other events that can impact revenue and the cost of doing business. ITEM 1B.