← back to summary

MA, §1A diff (2017 → 2018)

Similarity1.00
Added+10270 words
Removed-11176 words

Added paragraphs (10270 words)

ITEM 1A. RISK FACTORS Legal and Regulatory Payments Industry Regulation Global regulatory and legislative activity directly related to the payments industry may have a material adverse impact on our overall business and results of operations. Regulators increasingly seek to regulate certain aspects of payments systems such as ours, or establish or expand their authority to do so. Many jurisdictions have enacted such regulations. These regulations have established, and could further expand, obligations or restrictions with respect to the types of products and services that we may offer to financial institutions for consumers, the countries in which our integrated products and services may be used, the way we structure and operate our business and the types of consumers and merchants who can obtain or accept our products or services. New regulations and oversight could also relate to our clearing and settlement activities (including risk management policies and procedures, collateral requirements, participant default policies and procedures, the ability to complete timely switching of financial transactions, and capital and financial resource requirements). In addition, several central banks or similar regulatory bodies around the world have increased, or are seeking to increase, their formal oversight of the electronic payments industry and, in some cases, are considering designating certain payments networks as “systemically important payment systems” or “critical infrastructure.” These obligations, designations and restrictions may further expand and could conflict with each other as more jurisdictions impose oversight of payment systems. Some enacted regulations require financial institutions to provide third party payment processors access to consumer payment accounts. This may enable these third party payment processors to route transactions away from Mastercard products by offering account information or payment initiation services directly to people who currently use our products. This may also allow these processors to commoditize the data that are included in the transactions. New authentication standards have been enacted requiring additional verification information from consumers to complete transactions. This may increase the number of transactions that consumers abandon if we are unable to ensure a frictionless authentication experience. An increase in the rate of abandoned transactions could adversely impact our volumes or other operational metrics. Increased regulation and oversight of payment systems may result in costly compliance burdens or otherwise increase our costs. Such laws or compliance burdens could result in issuers and acquirers being less willing to participate in our payments system, reduce the benefits offered in connection with the use of our products (making our products less desirable to consumers), reduce the volume of domestic and cross-border transactions or other operational metrics, disintermediate us, impact our profitability and limit our ability to innovate or offer differentiated products and services, all of which could materially and adversely impact our financial performance. Regulators could also require us to obtain prior approval for changes to its system rules, procedures or operations, or could require customization with regard to such changes, which could impact market participant risk and therefore risk to us. Such regulatory changes could lead to new or different criteria for participation in and access to our payments system by financial institutions or other customers. Moreover, failure to comply with the laws and regulations to which we are subject could result in fines, sanctions, civil damages or other penalties, which could materially and adversely affect our overall business and results of operations, as well as have an impact on our brand and reputation. Increased regulatory, legislative and litigation activity with respect to interchange rates could have an adverse impact on our business. Interchange rates are a significant component of the costs that merchants pay in connection with the acceptance of our products. Although we do not earn revenues from interchange, interchange rates can impact the volume of transactions we see on our payment products. If interchange rates are too high, merchants may stop accepting our products or route debit transactions away from our network. If interchange rates are too low, issuers may stop promoting our integrated products and services, eliminate or reduce loyalty rewards programs or other account holder benefits (e.g., free checking or low interest rates on balances), or charge fees to account holders (e.g., annual fees or late payment fees). Governments and merchant groups in a number of countries have implemented or are seeking interchange rate reductions through legislation, competition law, central bank regulation and litigation. See “Government Regulation” and Note 20 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details. If issuers cannot collect or we are forced to reduce interchange rates, issuers may be less willing to participate in our four-party payments system, or may reduce the benefits offered in connection with the use of our products, reducing the attractiveness of our products to consumers. In particular, potential changes to interregional interchange fees as a result of the proposed resolution of the European Commission’s investigation could impact our cross-border transaction activity disproportionately versus competitors that are not subject to similar reductions. These and other impacts could lower transaction volumes, and/or make proprietary three-party networks or other forms of payment more attractive. Issuers could reduce the benefits associated with our products or choose to charge higher fees to consumers to attempt to recoup a portion of the costs incurred for their services. In addition, issuers could seek to decrease the expense of their payment programs by seeking a reduction in the fees that we charge to them, particularly if regulation has a disproportionate impact on us as compared to our competitors in terms of the fees we can charge. This could make our products less desirable to consumers, reduce the volume of transactions and our profitability, and limit our ability to innovate or offer differentiated products. We are devoting substantial resources to defending our right to establish interchange rates in regulatory proceedings, litigation and legislative activity. The potential outcome of any of these activities could have a more positive or negative impact on us relative to our competitors. If we are ultimately unsuccessful in defending our ability to establish interchange rates, any resulting legislation, regulation and/or litigation may have a material adverse impact on our overall business and results of operations. In addition, regulatory proceedings and litigation could result (and in some cases has resulted) in us being fined and/or having to pay civil damages, the amount of which could be material. Current regulatory activity could be extended to additional jurisdictions or products, which could materially and adversely affect our overall business and results of operations. Regulators around the world increasingly replicate other regulators’ approaches with regard to the regulation of payments and other industries. Consequently, regulation in any one country, state or region may influence regulatory approaches in other countries, states or regions. Similarly, new laws and regulations within a country, state or region involving one product may lead to regulation of similar or related products. For example, regulations affecting debit transactions could lead to regulation of other products (such as credit). As a result, the risks to our business created by any one new law or regulation are magnified by the potential it has to be replicated in other jurisdictions or involve other products within any particular jurisdiction. These include matters like interchange rates, potential direct regulation of our network fees and pricing, network standards and network exclusivity and routing agreements. Conversely, if widely varying regulations come into existence worldwide, we may have difficulty adjusting our products, services, fees and other important aspects of our business to meet the varying requirements. Either of these outcomes could materially and adversely affect our overall business and results of operations. Limitations on our ability to restrict merchant surcharging could materially and adversely impact our results of operations. We have historically implemented policies, referred to as no-surcharge rules, in certain jurisdictions, including the United States, that prohibit merchants from charging higher prices to consumers who pay using our products instead of other means. Authorities in several jurisdictions have acted to end or limit the application of these no-surcharge rules (or indicated interest in doing so). Additionally, we have modified our no-surcharge rules to permit U.S. merchants to surcharge credit cards, subject to certain limitations. It is possible that over time merchants in some or all merchant categories in these jurisdictions may choose to surcharge as permitted by the rule change. This could result in consumers viewing our products less favorably and/or using alternative means of payment instead of electronic products, which could result in a decrease in our overall transaction volumes, and which in turn could materially and adversely impact our results of operations. Preferential or Protective Government Actions Preferential and protective government actions related to domestic payment services could adversely affect our ability to maintain or increase our revenues. Governments in some countries have acted, or in the future may act, to provide resources, preferential treatment or other protection to selected national payment and switching providers, or have created, or may in the future create, their own national provider. This action may displace us from, prevent us from entering into, or substantially restrict us from participating in, particular geographies, and may prevent us from competing effectively against those providers. For example: • Governments in some countries are considering, or may consider, regulatory requirements that mandate switching of domestic payments either entirely in that country or by only domestic companies. • Some jurisdictions are considering requirements to collect, process and/or store data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications. • Geopolitical events and resulting OFAC sanctions, adverse trade policies or other types of government actions could lead jurisdictions affected by those sanctions to take actions in response that could adversely affect our business. • Regional groups of countries are considering, or may consider, efforts to restrict our participation in the switching of regional transactions. Such developments prevent us from utilizing our global switching capabilities for domestic or regional customers. Our efforts to effect change in, or work with, these countries may not succeed. This could adversely affect our ability to maintain or increase our revenues and extend our global brand. Privacy, Data Protection and Security Regulation of privacy, data protection, security and the digital economy could increase our costs, as well as negatively impact our growth. We are subject to increasingly complex regulations related to privacy, data protection and information security in the jurisdictions in which we do business. These regulations could result in negative impacts to our business. As we continue to develop integrated products and services to meet the needs of a changing marketplace, as well as acquire new companies, we may expand our information profile through the collection of additional data from additional sources and across multiple channels. This expansion could amplify the impact of these regulations on our business. Regulation of privacy and data protection and information security often times require monitoring of and changes to our data practices in regard to the collection, use, disclosure, storage, transfer and/or security of personal and sensitive information. We are also subject to enhanced compliance and operational requirements in the European Union, and policymakers around the globe are using these requirements as a reference to adopt new or updated privacy laws that could result in similar or stricter requirements in other jurisdictions. Some jurisdictions are also considering requirements to collect, process and/or store data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications. Other jurisdictions are considering adopting sector-specific regulations for the payments industry, including forced data sharing requirements or additional verification requirements that overlap or conflict with, or diverge from, general privacy rules. Failure to comply with these laws, regulations and requirements could result in fines, sanctions or other penalties, which could materially and adversely affect our results of operations and overall business, as well as have an impact on our reputation. New requirements or reinterpretations of existing requirements in these areas, or the development of new regulatory schemes related to the digital economy in general, may also increase our costs and could impact the products and services we offer and other aspects of our business, such as fraud monitoring, the development of information-based products and solutions and technology operations. In addition, these requirements may increase the costs to our customers of issuing payment products, which may, in turn, decrease the number of our payment products that they issue. Moreover, due to account data compromise events and privacy abuses by other companies, as well as the disclosure of monitoring activities by certain governmental agencies in combination with the use of artificial intelligence and new technologies, there has been heightened legislative and regulatory scrutiny around the world that could lead to further regulation and requirements and/or future enforcement. Those developments have also raised public attention on companies’ data practices and have changed consumer and societal expectations for enhanced privacy and data protection. Any of these developments could materially and adversely affect our overall business and results of operations. In addition, fraudulent activity could encourage regulatory intervention, which could damage our reputation and reduce the use and acceptance of our integrated products and services or increase our compliance costs. Criminals are using increasingly sophisticated methods to capture consumer account information to engage in illegal activities such as counterfeiting or other fraud. As outsourcing and specialization become common in the payments industry, there are more third parties involved in processing transactions using our payment products. While we are taking measures to make card and digital payments more secure, increased fraud levels involving our integrated products and services, or misconduct or negligence by third parties switching or otherwise servicing our integrated products and services, could lead to regulatory intervention, such as enhanced security requirements, as well as damage to our reputation. Other Regulation Regulations that directly or indirectly apply to Mastercard as a result of our participation in the global payments industry may materially and adversely affect our overall business and results of operations. We are subject to regulations that affect the payments industry in the many jurisdictions in which our integrated products and services are used. Many of our customers are also subject to regulations applicable to banks and other financial institutions that, at times, consequently affect us. Regulation of the payments industry, including regulations applicable to us and our customers, has increased significantly in the last several years. See “Business - Government Regulation” in Part I, Item 1 for a detailed description of such regulation and related legislation. Examples include: • Anti-Money Laundering, Counter Terrorist Financing, Economic Sanctions and Anti-Corruption - We are subject to AML and CTF laws and regulations globally, including the U.S. Bank Secrecy Act and the USA PATRIOT Act, as well as the various economic sanctions programs, including those imposed and administered by OFAC. The economic sanctions programs administered by OFAC restrict financial transactions and other dealings with certain countries and geographies (specifically Crimea, Cuba, Iran, North Korea and Syria) and with persons and entities included in OFAC sanctions lists including the SDN List. Iran, Sudan and Syria have been identified by the U.S. State Department as terrorist-sponsoring states. We are also subject to anti-corruption laws and regulations globally, including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act, which, among other things, generally prohibit giving or offering payments or anything of value for the purpose of improperly influencing a business decision or to gain an unfair business advantage. A violation and subsequent judgment or settlement against us, or those with whom we may be associated, under these laws could subject us to substantial monetary penalties, damages, and/or have a significant reputational impact. • Account-based Payment Systems - In the U.K., the Treasury has expanded the Bank of England’s oversight of certain payment system providers that are systemically important to U.K.’s payment network. As a result of these changes, aspects of our Vocalink business are now subject to the U.K. payment system oversight regime and are directly overseen by the Bank of England. • Issuer Practice Legislation and Regulation - Our financial institution customers are subject to numerous regulations, which impact us as a consequence. In addition, certain regulations (such as PSD2 in the EEA) may disintermediate issuers. If our customers are disintermediated in their business, we could face diminished demand for our integrated products and services. In addition, existing or new regulations in these or other areas may diminish the attractiveness of our products to our customers. • Regulation of Internet and Digital Transactions - Proposed legislation in various jurisdictions relating to Internet gambling and other digital areas such as cyber-security and copyright and trademark infringement could impose additional compliance burdens on us and/or our customers, including requiring us or our customers to monitor, filter, restrict, or otherwise oversee various categories of payment transactions. Increased regulatory focus on us, such as in connection with the matters discussed above, may result in costly compliance burdens and/or may otherwise increase our costs. Similarly, increased regulatory focus on our customers may cause such customers to reduce the volume of transactions processed through our systems, or may otherwise impact the competitiveness of our products. Actions by regulators could influence other organizations around the world to enact or consider adopting similar measures, amplifying any potential compliance burden. Finally, failure to comply with the laws and regulations discussed above to which we are subject could result in fines, sanctions or other penalties. Each may individually or collectively materially and adversely affect our financial performance and/or our overall business and results of operations, as well as have an impact on our reputation. We could be subject to adverse changes in tax laws, regulations and interpretations or challenges to our tax positions. We are subject to tax laws and regulations of the U.S. federal, state and local governments as well as various non-U.S. jurisdictions. Potential changes in existing tax laws, including future regulatory guidance, may impact our effective tax rate and tax payments. There can be no assurance that changes in tax laws or regulations, both within the U.S. and the other jurisdictions in which we operate, will not materially and adversely affect our effective tax rate, tax payments, financial condition and results of operations. Similarly, changes in tax laws and regulations that impact our customers and counterparties or the economy generally may also impact our financial condition and results of operations. In addition, tax laws and regulations are complex and subject to varying interpretations, and any significant failure to comply with applicable tax laws and regulations in all relevant jurisdictions could give rise to substantial penalties and liabilities. Any changes in enacted tax laws, rules or regulatory or judicial interpretations; any adverse outcome in connection with tax audits in any jurisdiction; or any change in the pronouncements relating to accounting for income taxes could materially and adversely impact our effective tax rate, tax payments, financial condition and results of operations. Litigation Liabilities we may incur or limitations on our business related to any litigation or litigation settlements could materially and adversely affect our results of operations. We are a defendant on a number of civil litigations and regulatory proceedings and investigations, including among others, those alleging violations of competition and antitrust law and those involving intellectual property claims. See Note 20 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details regarding the allegations contained in these complaints and the status of these proceedings. In the event we are found liable in any material litigations or proceedings, particularly in the event we may be found liable in a large class-action lawsuit or on the basis of an antitrust claim entitling the plaintiff to treble damages or under which we were jointly and severally liable, we could be subject to significant damages, which could have a material adverse impact on our overall business and results of operations. Certain limitations have been placed on our business in recent years because of litigation and litigation settlements, such as changes to our no-surcharge rule in the United States. Any future limitations on our business resulting from litigation or litigation settlements could impact our relationships with our customers, including reducing the volume of business that we do with them, which may materially and adversely affect our overall business and results of operations. Business and Operations Competition and Technology Substantial and intense competition worldwide in the global payments industry may materially and adversely affect our overall business and results of operations. The global payments industry is highly competitive. Our payment programs compete against all forms of payment, including cash and checks; electronic, mobile and e-commerce payment platforms; cryptocurrencies; ACH payment services; and other payments networks, which can have several competitive impacts on our business: • Some of our traditional competitors, as well as alternative payment service providers, may have substantially greater financial and other resources than we have, may offer a wider range of programs and services than we offer or may use more effective advertising and marketing strategies to achieve broader brand recognition or merchant acceptance than we have. • Our ability to compete may also be affected by the outcomes of litigation, competition-related regulatory proceedings, central bank activity and legislative activity. Certain of our competitors operate three-party payments systems with direct connections to both merchants and consumers and these competitors may derive competitive advantages from their business models. If we continue to attract more regulatory scrutiny than these competitors because we operate a four-party system, or we are regulated because of the system we operate in a way in which our competitors are not, we could lose business to these competitors. See “Business-Competition” in Part I, Item 1. If we are not able to differentiate ourselves from our competitors, drive value for our customers and/or effectively align our resources with our goals and objectives, we may not be able to compete effectively against these threats. Our competitors may also more effectively introduce their own innovative programs and services that adversely impact our growth. We also compete against new entrants that have developed alternative payments systems, e-commerce payments systems and payments systems for mobile devices, as well as physical store locations. A number of these new entrants rely principally on the Internet to support their services and may enjoy lower costs than we do, which could put us at a competitive disadvantage. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations. Disintermediation from stakeholders both within and outside of the payments value chain could harm our business. As the payments industry continues to develop and change, we face disintermediation and related risks, including: • Parties that process our transactions in certain countries may try to eliminate our position as an intermediary in the payment process. For example, merchants could switch (and in some cases are switching) transactions directly with issuers. Additionally, processors could process transactions directly between issuers and acquirers. Large scale consolidation within processors could result in these processors developing bilateral agreements or in some cases switching the entire transaction on their own network, thereby disintermediating us. • Regulation in the EEA may disintermediate us by enabling third-party providers opportunities to route payment transactions away from our networks and towards other forms of payment. • Although we partner with technology companies (such as digital players and mobile providers) that leverage our technology, platforms and networks to deliver their products, they could develop platforms or networks that disintermediate us from digital payments and impact our ability to compete in the digital economy. This risk is heightened when we have relationships with these entities where we share Mastercard data. While we share this data in a controlled manner subject to applicable anonymization and privacy and data protection standards, without proper oversight we could inadvertently share too much data which could give the partner a competitive advantage. • Competitors, customers, technology companies, governments and other industry participants may develop products that compete with or replace value-added products and services we currently provide to support our switched transaction and payment offerings. These products could replace our own switching and payments offerings or could force us to change our pricing or practices for these offerings. In addition, governments that develop national payment platforms may promote their platforms in such a way that could put us at a competitive disadvantage in those markets. • Participants in the payments industry may merge, create joint ventures or form other business combinations that may strengthen their existing business services or create new payment products and services that compete with our services. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations. Continued intense pricing pressure may materially and adversely affect our overall business and results of operations. In order to increase transaction volumes, enter new markets and expand our Mastercard-branded cards and enabled products and services, we seek to enter into business agreements with customers through which we offer incentives, pricing discounts and other support that promote our products. In order to stay competitive, we may have to increase the amount of these incentives and pricing discounts. Over the past several years, we have experienced continued pricing pressure. The demand from our customers for better pricing arrangements and greater rebates and incentives moderates our growth. We may not be able to continue our expansion strategy to switch additional transaction volumes or to provide additional services to our customers at levels sufficient to compensate for such lower fees or increased costs in the future, which could materially and adversely affect our overall business and results of operations. In addition, increased pressure on prices increases the importance of cost containment and productivity initiatives in areas other than those relating to customer incentives. In the future, we may not be able to enter into agreements with our customers if they require terms that we are unable or unwilling to offer, and we may be required to modify existing agreements in order to maintain relationships and to compete with others in the industry. Some of our competitors are larger and have greater financial resources than we do and accordingly may be able to charge lower prices to our customers. In addition, to the extent that we offer discounts or incentives under such agreements, we will need to further increase transaction volumes or the amount of services provided thereunder in order to benefit incrementally from such agreements and to increase revenue and profit, and we may not be successful in doing so, particularly in the current regulatory environment. Our customers also may implement cost reduction initiatives that reduce or eliminate payment product marketing or increase requests for greater incentives or greater cost stability. These factors could have a material adverse impact on our overall business and results of operations. Rapid and significant technological developments and changes could negatively impact our overall business and results of operations or limit our future growth. The payments industry is subject to rapid and significant technological changes, which can impact our business in several ways: • Technological changes, including continuing developments of technologies in the areas of smart cards and devices, contactless and mobile payments, e-commerce, cryptocurrency and block chain technology, machine learning and AI, could result in new technologies that may be superior to, or render obsolete, the technologies we currently use in our programs and services. Moreover, these changes could result in new and innovative payment methods and products that could place us at a competitive disadvantage and that could reduce the use of our products. • We rely in part on third parties, including some of our competitors and potential competitors, for the development of and access to new technologies. The inability of these companies to keep pace with technological developments, or the acquisition of these companies by competitors, could negatively impact our offerings. • Our ability to develop and adopt new services and technologies may be inhibited by industry-wide solutions and standards (such as those related to EMV, tokenization or other safety and security technologies), and by resistance from customers or merchants to such changes. • Our ability to develop evolving systems and products may be inhibited by any difficulty we may experience in attracting and retaining technology experts. • Our ability to adopt these technologies can also be inhibited by intellectual property rights of third parties. We have received, and we may in the future receive, notices or inquiries from patent holders (for example, other operating companies or non-practicing entities) suggesting that we may be infringing certain patents or that we need to license the use of their patents to avoid infringement. Such notices may, among other things, threaten litigation against us or our customers or demand significant license fees. • Our ability to develop new technologies and reflect technological changes in our payments offerings will require resources, which may result in additional expenses. • We work with technology companies (such as digital players and mobile providers) that use our technology to enhance payment safety and security and to deliver their payment-related products and services quickly and efficiently to consumers. Our inability to keep pace technologically could negatively impact the willingness of these customers to work with us, and could encourage them to use their own technology and compete against us. We cannot predict the effect of technological changes on our business, and our future success will depend, in part, on our ability to anticipate, develop or adapt to technological changes and evolving industry standards. Failure to keep pace with these technological developments or otherwise bring to market products that reflect these technologies could lead to a decline in the use of our products, which could have a material adverse impact on our overall business and results of operations. Operating a real-time account-based payment network presents risks that could materially affect our business. Our acquisition of Vocalink in 2017 added real-time account-based payment technology to the suite of capabilities we offer. While expansion into this space presents business opportunities, there are also regulatory and operational risks associated with administering a real-time account-based payment network. British regulators have designated this platform to be “critical national infrastructure” and regulators in other countries may in the future expand their regulatory oversight of real-time account-based payment systems in similar ways. In addition, any prolonged service outage on this network could result in quickly escalating impacts, including potential intervention by the Bank of England and significant reputational risk to Vocalink and us. For a discussion of the regulatory risks related to our real-time account-based payment platform, see our risk factor in “Risk Factors - Payments Industry Regulation” in this Part I, Item 1A. Furthermore, the complexity of this payment technology requires careful management to address security vulnerabilities that are different from those faced on our core network. Operational difficulties, such as the temporary unavailability of our services or products, or security breaches on our real-time account-based payment network could cause a loss of business for these products and services, result in potential liability for us and adversely affect our reputation. Working with new customers and end users as we expand our integrated products and services can present operational challenges, be costly and result in reputational damage if the new products or services do not perform as intended. The payments markets in which we compete are characterized by rapid technological change, new product introductions, evolving industry standards and changing customer and consumer needs. In order to remain competitive and meet the needs of the payments market, we are continually involved in diversifying our integrated products and services. These efforts carry the risks associated with any diversification initiative, including cost overruns, delays in delivery and performance problems. These projects also carry risks associated with working with different types of customers, for example organizations such as corporations that are not financial institutions and non-governmental organizations (“NGOs”), and end users than those we have traditionally worked with. These differences may present new operational challenges in the development and implementation of our new products or services. Our failure to render these integrated products and services could make our other integrated products and services less desirable to customers, or put us at a competitive disadvantage. In addition, if there is a delay in the implementation of our products or services or if our products or services do not perform as anticipated, we could face additional regulatory scrutiny, fines, sanctions or other penalties, which could materially and adversely affect our overall business and results of operations, as well as negatively impact our brand and reputation. Information Security and Service Disruptions Information security incidents or account data compromise events could disrupt our business, damage our reputation, increase our costs and cause losses. Information security risks for payments and technology companies such as ours have significantly increased in recent years in part because of the proliferation of new technologies, the use of the Internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, terrorists and other external parties. These threats may derive from fraud or malice on the part of our employees or third parties, or may result from human error or accidental technological failure. These threats include cyber-attacks such as computer viruses, malicious code, phishing attacks or information security breaches and could lead to the misappropriation of consumer account and other information and identity theft. Our operations rely on the secure processing, transmission and storage of confidential, proprietary and other information in our computer systems and networks. Our customers and other parties in the payments value chain, as well as account holders, rely on our digital technologies, computer systems, software and networks to conduct their operations. In addition, to access our integrated products and services, our customers and account holders increasingly use personal smartphones, tablet PCs and other mobile devices that may be beyond our control. We, like other financial technology organizations, routinely are subject to cyber-threats and our technologies, systems and networks have been subject to attempted cyber-attacks. Because of our position in the payments value chain, we believe that we are likely to continue to be a target of such threats and attacks. Additionally, geopolitical events and resulting government activity could also lead to information security threats and attacks by affected jurisdictions and their sympathizers. To date, we have not experienced any material impact relating to cyber-attacks or other information security breaches. However, future attacks or breaches could lead to security breaches of the networks, systems or devices that our customers use to access our integrated products and services, which in turn could result in the unauthorized disclosure, release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information (including account data information) or data security compromises. Such attacks or breaches could also cause service interruptions, malfunctions or other failures in the physical infrastructure or operations systems that support our businesses and customers (such as the lack of availability of our value-added services), as well as the operations of our customers or other third parties. In addition, they could lead to damage to our reputation with our customers and other parties and the market, additional costs to us (such as repairing systems, adding new personnel or protection technologies or compliance costs), regulatory penalties, financial losses to both us and our customers and partners and the loss of customers and business opportunities. If such attacks are not detected immediately, their effect could be compounded. Despite various mitigation efforts that we undertake, there can be no assurance that we will be immune to these risks and not suffer material breaches and resulting losses in the future, or that our insurance coverage would be sufficient to cover all losses. Our risk and exposure to these matters remain heightened because of, among other things, the evolving nature of these threats, our prominent size and scale and our role in the global payments and technology industries, our plans to continue to implement our digital and mobile channel strategies and develop additional remote connectivity solutions to serve our customers and account holders when and how they want to be served, our global presence, our extensive use of third-party vendors and future joint venture and merger and acquisition opportunities. As a result, information security and the continued development and enhancement of our controls, processes and practices designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access remain a priority for us. As cyber-threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Any of the risks described above could materially adversely affect our overall business and results of operations. In addition to information security risks for our systems, we also routinely encounter account data compromise events involving merchants and third-party payment processors that process, store or transmit payment transaction data, which affect millions of Mastercard, Visa, Discover, American Express and other types of account holders. Further events of this type may subject us to reputational damage and/or lawsuits involving payment products carrying our brands. Damage to our reputation or that of our brands resulting from an account data breach of either our systems or the systems of our customers, merchants and other third parties could decrease the use and acceptance of our integrated products and services. Such events could also slow or reverse the trend toward electronic payments. In addition to reputational concerns, the cumulative impact of multiple account data compromise events could increase the impact of the fraud resulting from such events by, among other things, making it more difficult to identify consumers. Moreover, while most of the lawsuits resulting from account data breaches do not involve direct claims against us and while we have releases from many issuers and acquirers, we could still face damage claims, which, if upheld, could materially and adversely affect our results of operations. Such events could have a material adverse impact on our transaction volumes, results of operations and prospects for future growth, or increase our costs by leading to additional regulatory burdens being imposed on us. Service disruptions that cause us to be unable to process transactions or service our customers could materially affect our overall business and results of operations. Our transaction switching systems and other offerings may experience interruptions as a result of technology malfunctions, fire, weather events, power outages, telecommunications disruptions, terrorism, workplace violence, accidents or other catastrophic events. Our visibility in the global payments industry may also put us at greater risk of attack by terrorists, activists, or hackers who intend to disrupt our facilities and/or systems. Additionally, we rely on third-party service providers for the timely transmission of information across our global data network. Inadequate infrastructure in lesser-developed markets could also result in service disruptions, which could impact our ability to do business in those markets. If one of our service providers fails to provide the communications capacity or services we require, as a result of natural disaster, operational disruptions, terrorism, hacking or any other reason, the failure could interrupt our services. Although we maintain a business continuity program to analyze risk, assess potential impacts, and develop effective response strategies, we cannot ensure that our business would be immune to these risks, because of the intrinsic importance of our switching systems to our business, any interruption or degradation could adversely affect the perception of the reliability of products carrying our brands and materially adversely affect our overall business and our results of operations. Financial Institution Customers and Other Stakeholder Relationships Losing a significant portion of business from one or more of our largest financial institution customers could lead to significant revenue decreases in the longer term, which could have a material adverse impact on our business and our results of operations. Most of our financial institution customer relationships are not exclusive and may be terminated by our customers. Our customers can reassess their commitments to us at any time in the future and/or develop their own competitive services. Accordingly, our business agreements with these customers may not reduce the risk inherent in our business that customers may terminate their relationships with us in favor of relationships with our competitors, or for other reasons, or might not meet their contractual obligations to us. In addition, a significant portion of our revenue is concentrated among our five largest financial institution customers. Loss of business from any of our large customers could have a material adverse impact on our overall business and results of operations. Exclusive/near exclusive relationships certain customers have with our competitors may have a material adverse impact on our business. Certain customers have exclusive, or nearly-exclusive, relationships with our competitors to issue payment products, and these relationships may make it difficult or cost-prohibitive for us to do significant amounts of business with them to increase our revenues. In addition, these customers may be more successful and may grow faster than the customers that primarily issue our payment products, which could put us at a competitive disadvantage. Furthermore, we earn substantial revenue from customers with nearly-exclusive relationships with our competitors. Such relationships could provide advantages to the customers to shift business from us to the competitors with which they are principally aligned. A significant loss of our existing revenue or transaction volumes from these customers could have a material adverse impact on our business. Consolidation in the banking industry could materially and adversely affect our overall business and results of operations. The banking industry has undergone substantial, accelerated consolidation in the past. Consolidations have included customers with a substantial Mastercard portfolio being acquired by institutions with a strong relationship with a competitor. If significant consolidation among customers were to continue, it could result in the substantial loss of business for us, which could have a material adverse impact on our business and prospects. In addition, one or more of our customers could seek to merge with, or acquire, one of our competitors, and any such transaction could also have a material adverse impact on our overall business. Consolidation could also produce a smaller number of large customers, which could increase their bargaining power and lead to lower prices and/or more favorable terms for our customers. These developments could materially and adversely affect our results of operations. Our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and, in many jurisdictions, their ability to effectively manage or help manage our brands. While we work directly with many stakeholders in the payments system, including merchants, governments and large digital companies and other technology companies, we are, and will continue to be, significantly dependent on our relationships with our issuers and acquirers and their respective relationships with account holders and merchants to support our programs and services. Furthermore, we depend on our issuing partners and acquirers to continue to innovate to maintain competitiveness in the market. We do not issue cards or other payment devices, extend credit to account holders or determine the interest rates or other fees charged to account holders. Each issuer determines these and most other competitive payment program features. In addition, we do not establish the discount rate that merchants are charged for acceptance, which is the responsibility of our acquiring customers. As a result, our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and the strength of our relationships with them. In turn, our customers’ success depends on a variety of factors over which we have little or no influence, including economic conditions in global financial markets or their disintermediation by competitors or emerging technologies, as well as regulation. If our customers become financially unstable, we may lose revenue or we may be exposed to settlement risk. See our risk factor in “Risk Factors - Settlement and Third-Party Obligations” in this Part I, Item 1A with respect to how we guarantee certain third-party obligations for further discussion. With the exception of the United States and a select number of other jurisdictions, most in-country (as opposed to cross-border) transactions conducted using Mastercard, Maestro and Cirrus cards are authorized, cleared and settled by our customers or other processors. Because we do not provide domestic switching services in these countries and do not, as described above, have direct relationships with account holders, we depend on our close working relationships with our customers to effectively manage our brands, and the perception of our payments system, among consumers in these countries. We also rely on these customers to help manage our brands and perception among regulators and merchants in these countries, alongside our own relationships with them. From time to time, our customers may take actions that we do not believe to be in the best interests of our payments system overall, which may materially and adversely impact our business. Merchants’ continued focus on acceptance costs may lead to additional litigation and regulatory proceedings and increase our incentive program costs, which could materially and adversely affect our profitability. Merchants are important constituents in our payments system. We rely on both our relationships with them, as well as their relationships with our issuer and acquirer customers, to continue to expand the acceptance of our integrated products and services. We also work with merchants to help them enable new sales channels, create better purchase experiences, improve efficiencies, increase revenues and fight fraud. In the retail industry, there is a set of larger merchants with increasingly global scope and influence. We believe that these merchants are having a significant impact on all participants in the global payments industry, including Mastercard. Some large merchants have supported the legal, regulatory and legislative challenges to interchange fees that Mastercard has been defending, including the U.S. merchant litigations. See our risk factor in “Risk Factors - Risks Related to Our Participation in the Payments Industry” in this Part I, Item 1A with respect to payments industry regulation, including interchange fees. The continued focus of merchants on the costs of accepting various forms of payment, including in connection with the growth of digital payments, may lead to additional litigation and regulatory proceedings. Certain larger merchants are also able to negotiate incentives from us and pricing concessions from our issuer and acquirer customers as a condition to accepting our products. We also make payments to certain merchants to incentivize them to create co-branded payment programs with us. As merchants consolidate and become even larger, we may have to increase the amount of incentives that we provide to certain merchants, which could materially and adversely affect our results of operations. Competitive and regulatory pressures on pricing could make it difficult to offset the costs of these incentives. Additionally, if the rate of merchant acceptance growth slows our business could suffer. Our work with governments exposes us to unique risks that could have a material impact on our business and results of operations. As we increase our work with national, state and local governments, both indirectly through financial institutions and with them directly as our customers, we may face various risks inherent in associating or contracting directly with governments. These risks include, but are not limited to, the following: • Governmental entities typically fund projects through appropriated monies. Changes in governmental priorities or other political developments, including disruptions in governmental operations, could impact approved funding and result in changes in the scope, or lead to the termination of, the arrangements or contracts we or financial institutions enter into with respect to our payment products and services. • Our work with governments subjects us to U.S. and international anti-corruption laws, including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act. A violation and subsequent judgment or settlement under these laws could subject us to substantial monetary penalties and damages and have a significant reputational impact. • Working or contracting with governments, either directly or via our financial institution customers, can subject us to heightened reputational risks, including extensive scrutiny and publicity, as well as a potential association with the policies of a government as a result of a business arrangement with that government. Any negative publicity or negative association with a government entity, regardless of its accuracy, may adversely affect our reputation. Settlement and Third-Party Obligations Our role as guarantor, as well as other contractual obligations, expose us to risk of loss or illiquidity. We are a guarantor of certain third-party obligations, including those of certain of our customers. In this capacity, we are exposed to credit and liquidity risk from these customers and certain service providers. We may incur significant losses in connection with transaction settlements if a customer fails to fund its daily settlement obligations due to technical problems, liquidity shortfalls, insolvency or other reasons. Concurrent settlement failures of more than one of our larger customers or of several of our smaller customers either on a given day or over a condensed period of time may exceed our available resources and could materially and adversely affect our results of operations. We have significant contractual indemnification obligations with certain customers. Should an event occur that triggers these obligations, such an event could materially and adversely affect our overall business and result of operations. Global Economic and Political Environment Global economic, political, financial and societal events or conditions could result in a material and adverse impact on our overall business and results of operations. Adverse economic trends in key countries in which we operate may adversely affect our financial performance. Such impact may include, but is not limited to, the following: • Customers mitigating their economic exposure by limiting the issuance of new Mastercard products and requesting greater incentive or greater cost stability from us. • Consumers and businesses lowering spending, which could impact cross-border travel patterns (on which a significant portion of our revenues is dependent). • Government intervention (including the effect of laws, regulations and/or government investments on or in our financial institution customers), as well as uncertainty due to changing political regimes in executive, legislative and/or judicial branches of government, that may have potential negative effects on our business and our relationships with customers or otherwise alter their strategic direction away from our products. • Tightening of credit availability that could impact the ability of participating financial institutions to lend to us under the terms of our credit facility. Additionally, we switch substantially all cross-border transactions using Mastercard, Maestro and Cirrus-branded cards and generate a significant amount of revenue from cross-border volume fees and fees related to switched transactions. Revenue from switching cross-border and currency conversion transactions for our customers fluctuates with the levels and destinations of cross-border travel and our customers’ need for transactions to be converted into their base currency. Cross-border activity may be adversely affected by world geopolitical, economic, weather and other conditions. These include the threat of terrorism and outbreaks of flu, viruses and other diseases, as well as major environmental events. The uncertainty that could result from such events could decrease cross-border activity. Additionally, any regulation of interregional interchange fees could also negatively impact our cross-border activity. In each case, decreased cross-border activity could decrease the revenue we receive. Any of these developments could have a material adverse impact on our overall business and results of operations. Adverse currency fluctuations and foreign exchange controls could negatively impact our results of operations. During 2018, approximately 67% of our revenue was generated from activities outside the United States. This revenue (and the related expense) could be transacted in a non-functional currency or valued based on a currency other than the functional currency of the entity generating the revenues. Resulting exchange gains and losses are included in our net income. Our risk management activities provide protection with respect to adverse changes in the value of only a limited number of currencies and are based on estimates of exposures to these currencies. In addition, some of the revenue we generate outside the United States is subject to unpredictable currency fluctuations including devaluation of currencies where the values of other currencies change relative to the U.S. dollar. If the U.S. dollar strengthens compared to currencies in which we generate revenue, this revenue may be translated at a materially lower amount than expected. Furthermore, we may become subject to exchange control regulations that might restrict or prohibit the conversion of our other revenue currencies into U.S. dollars, such as what we have experienced in Venezuela. The occurrence of currency fluctuations or exchange controls could have a material adverse impact on our results of operations. The United Kingdom’s proposed withdrawal from the European Union could harm our business and financial results. In June 2016, voters in the United Kingdom approved the withdrawal of the U.K. from the E.U. (commonly referred to as “Brexit”). The U.K. government triggered Article 50 of the Lisbon Treaty on March 29, 2017, which commenced the official E.U. withdrawal process. Uncertainty over the terms of the U.K.’s departure from the E.U. could cause political and economic uncertainty in the U.K. and the rest of Europe, which could harm our business and financial results. Brexit could lead to legal uncertainty and potentially divergent national laws and regulations in the U.K. and E.U. We, as well as our clients who have significant operations in the U.K., may incur additional costs and expenses as we adapt to potentially divergent regulatory frameworks from the rest of the E.U. We may also face additional complexity with regard to immigration and travel rights for our employees located in the U.K. and the E.U. These factors may impact our ability to operate in the E.U. and U.K. seamlessly. Any of these effects of Brexit, among others, could harm our business and financial results. Brand and Reputational Impact Negative brand perception may materially and adversely affect our overall business. Our brands and their attributes are key assets of our business. The ability to attract consumers to our branded products and retain them depends upon the external perception of us and our industry. Our business may be affected by actions taken by our customers, merchants or other organizations that impact the perception of our brands or the payments industry in general. From time to time, our customers may take actions that we do not believe to be in the best interests of our brands, such as creditor practices that may be viewed as “predatory”. Moreover, adverse developments with respect to our industry or the industries of our customers may also, by association, impair our reputation, or result in greater regulatory or legislative scrutiny. We have also been pursuing the use of social media channels at an increasingly rapid pace. Under some circumstances, our use of social media, or the use of social media by others as a channel for criticism or other purposes, could also cause rapid, widespread reputational harm to our brands by disseminating rapidly and globally actual or perceived damaging information about us, our products or merchants or other end users who utilize our products. Also, as we are headquartered in the United States, a negative perception of the United States could impact the perception of our company, which could adversely affect our business. Such perception and damage to our reputation could have a material and adverse effect to our overall business. Lack of visibility of our brand in our products and services, or in the products and services of our partners who use our technology, may materially and adversely affect our business. As more players enter the global payments system, the layers between our brand and consumers and merchants increase. In order to compete with other powerful consumer brands that are also becoming part of the consumer payment experience, we often partner with those brands on payment solutions. These brands include large digital companies and other technology companies who are our customers and use our networks to build their own acceptance brands. In some cases, our brand may not be featured in the payment solution or may be secondary to other brands. Additionally, as part of our relationships with some issuers, our payment brand is only included on the back of the card. As a result, our brand may either be invisible to consumers or may not be the primary brand with which consumers associate the payment experience. This brand invisibility, or any consumer confusion as to our role in the consumer payment experience, could decrease the value of our brand, which could adversely affect our business. Talent and Culture We may not be able to attract, hire and retain a highly qualified and diverse workforce, or maintain our corporate culture, which could impact our ability to grow effectively. Our performance largely depends on the talents and efforts of our employees, particularly our key personnel and senior management. We may be unable to retain or to attract highly qualified employees. The market for key personnel is highly competitive, particularly in technology and other skill areas significant to our business. Additionally, changes in immigration and work permit laws and regulations and related enforcement have made it difficult for employees to work in, or transfer among, jurisdictions in which we have operations and could impair our ability to attract and retain qualified employees. Failure to attract, hire, develop, motivate and retain highly qualified and diverse employee talent, or to maintain a corporate culture that fosters innovation, creativity and teamwork could harm our overall business and results of operations. We rely on key personnel to lead with integrity. To the extent our leaders behave in a manner that is not consistent with our values, we could experience significant impact to our brand and reputation, as well as to our corporate culture. Acquisitions Acquisitions, strategic investments or entry into new businesses could disrupt our business and harm our results of operations or reputation. Although we may continue to evaluate and/or make strategic acquisitions of, or acquire interests in joint ventures or other entities related to, complementary businesses, products or technologies, we may not be able to successfully partner with or integrate them, despite original intentions and focused efforts. In addition, such an integration may divert management’s time and resources from our core business and disrupt our operations. Moreover, we may spend time and money on acquisitions or projects that do not meet our expectations or increase our revenue. To the extent we pay the purchase price of any acquisition in cash, it would reduce our cash reserves available to us for other uses, and to the extent the purchase price is paid with our stock, it could be dilutive to our stockholders. Furthermore, we may not be able to successfully finance the business following the acquisition as a result of costs of operations, including any litigation risk which may be inherited from the acquisition. Any acquisition or entry into a new business could subject us to new regulations with which we would need to comply. This compliance could increase our costs, and we could be subject to liability or reputational harm to the extent we cannot meet any such compliance requirements. Our expansion into new businesses could also result in unanticipated issues which may be difficult to manage. Class A Common Stock and Governance Structure Provisions in our organizational documents and Delaware law could be considered anti-takeover provisions and have an impact on change-in-control. Provisions contained in our amended and restated certificate of incorporation and bylaws and Delaware law could be considered anti-takeover provisions, including provisions that could delay or prevent entirely a merger or acquisition that our stockholders consider favorable. These provisions may also discourage acquisition proposals or have the effect of delaying or preventing entirely a change in control, which could harm our stock price. For example, subject to limited exceptions, our amended and restated certificate of incorporation prohibits any person from beneficially owning more than 15% of any of the Class A common stock or any other class or series of our stock with general voting power, or more than 15% of our total voting power. In addition: • our stockholders are not entitled to the right to cumulate votes in the election of directors • our stockholders are not entitled to act by written consent • a vote of 80% or more of all of the outstanding shares of our stock then entitled to vote is required for stockholders to amend any provision of our bylaws • any representative of a competitor of Mastercard or of Mastercard Foundation is disqualified from service on our board of directors Mastercard Foundation’s substantial stock ownership, and restrictions on its sales, may impact corporate actions or acquisition proposals favorable to, or favored by, the other public stockholders. As of February 8, 2019, Mastercard Foundation owned 112,181,762 shares of Class A common stock, representing approximately 11.1% of our general voting power. Mastercard Foundation may not sell or otherwise transfer its shares of Class A common stock prior to May 1, 2027, except to the extent necessary to satisfy its charitable disbursement requirements, for which purpose earlier sales are permitted. Mastercard Foundation is permitted to sell all of its remaining shares after May 1, 2027, subject to certain conditions. The directors of Mastercard Foundation are required to be independent of us and our customers. The ownership of Class A common stock by Mastercard Foundation, together with the restrictions on transfer, could discourage or make more difficult acquisition proposals favored by the other holders of the Class A common stock. In addition, because Mastercard Foundation is restricted from selling its shares for an extended period of time, it may not have the same interest in short or medium-term movements in our stock price as, or incentive to approve a corporate action that may be favorable to, our other stockholders. ITEM 1B.

Removed paragraphs (11176 words)

ITEM 1A. RISK FACTORS Legal and Regulatory Direct Regulation of the Payments Industry Global regulatory and legislative activity related to the payments industry may have a material adverse impact on our overall business and results of operations. Regulators increasingly seek to regulate, or establish or expand their authority to regulate, certain aspects of payments systems such as ours. Some recent examples of regulatory and legislative activity include: • The European Union’s adoption of its Interchange Fee Regulation in 2015 regulating electronic payments issued and acquired within the EEA, including caps on consumer credit and debit interchange fees (described in more detail in the risk factors below) and the separation of brand and switching (which Mastercard implemented in 2016) • Several jurisdictions’ creation or grant of authority to create new regulations that either have or would enable the authority to regulate or increase formal oversight over payment systems, including the United Kingdom and India (both of which have designated us as a payments system subject to regulation), as well as Brazil, Hong Kong, Mexico and Russia • The EEA’s implementation of the revised PSD2, which requires: Ø financial institutions to provide third party payment processors access to consumer payment accounts. This may enable these third party payment processors to route transactions away from Mastercard products by offering account information or payment initiation services directly to people who currently use our products. Ø a different standard for authentication of transactions (strong customer authentication (“SCA”), as opposed to risk-based authentication). The new authentication standard requires additional verification information from consumers to complete transactions and may increase the number of transactions that consumers abandon if we are unable to ensure a frictionless authentication experience. An increase in the rate of abandoned transactions could adversely impact our volumes or other operations metrics. These regulations have established, and could further expand, obligations or restrictions with respect to the types of products and services that we may offer to financial institutions for consumers, the countries in which our integrated products and services may be used, the way we structure and operate our business and the types of consumers and merchants who can obtain or accept our products or services. New regulations and oversight could also relate to our clearing and settlement activities (including risk management policies and procedures, collateral requirements, participant default policies and procedures, the ability to complete timely switching of financial transactions, and capital and financial resource requirements). In addition, several central banks or similar regulatory bodies around the world that have increased, or are seeking to increase, their formal oversight of the electronic payments industry and, in some cases, are considering designating certain payments networks as “systemically important payment systems” or “critical infrastructure.” These obligations, designations and restrictions may further expand and could conflict with each other as more jurisdictions impose oversight of payment systems. As a result, increased regulation and oversight of payment systems may result in costly compliance burdens or otherwise increase our costs. Such laws or compliance burdens could result in issuers being less willing to participate in our payments system, reduce the benefits offered in connection with the use of our products (making our products less desirable to consumers), reduce the volume of domestic and cross-border transactions or other operational metrics, disintermediate us, impact our profitability and limit our ability to innovate or offer differentiated products and services, all of which could materially and adversely impact our financial performance. Regulators could also require us to obtain prior approval for changes to its system rules, procedures or operations, or could require customization with regard to such changes, which could impact market participant risk and therefore risk to us. Such regulatory changes could lead to new or different criteria for participation in and access to our payments system by financial institutions or other customers. Moreover, failure to comply with the laws and regulations to which we are subject could result in fines, sanctions, civil damages or other penalties, which could materially and adversely affect our overall business and results of operations, as well as have an impact on our brand and reputation Increased regulatory, legislative and litigation activity with respect to interchange rates could have an adverse impact on our business. Interchange rates are a significant component of the costs that merchants pay in connection with the acceptance of our products. Although we do not earn revenues from interchange, interchange rates can impact the volume of transactions we see on our payment products. If interchange rates are too high, merchants may stop accepting our products or route debit transactions away from our network. If interchange rates are too low, issuers may stop promoting our integrated products and services, eliminate or reduce loyalty rewards programs or other account holder benefits (e.g., free checking, low interest rates on balances), or charge fees to account holders (e.g., annual fees or late payment fees). Governments and merchant groups in a number of countries have implemented or are seeking interchange rate reductions through legislation, competition law, central bank regulation and litigation. Examples of regulatory and legislative activity include: • A Statement of Objections issued by the European Commission in July 2015 related to our interregional interchange fees and central acquiring rules within the EEA, to which we have responded and remain in discussions. • Legislation regulating the level of domestic interchange rates that has been enacted, or is being considered, in many jurisdictions (for example, debit interchange in the United States is capped by statute for certain regulated entities). • Merchants and consumers are also seeking interchange fee reductions and acceptance rule changes through litigation. See Note 18 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details. If issuers cannot collect or we are forced to reduce interchange rates, issuers may be less willing to participate in our four-party payments system, or may reduce the benefits offered in connection with the use of our products, reducing the attractiveness of our products to consumers. In particular, any changes to interregional interchange fees as a result of the European Commission’s Statement of Objections could impact our cross-border transaction activity disproportionately versus competitors that are not subject to similar reductions. These and other impacts could lower transaction volumes, and/or make proprietary three-party networks or other forms of payment more attractive. Issuers could reduce the benefits associated with our products or choose to charge higher fees to consumers to attempt to recoup a portion of the costs incurred for their services. In addition, issuers could seek to decrease the expense of their payment programs by seeking a reduction in the fees that we charge to them, particularly if regulation has a disproportionate impact on us as compared to our competitors in terms of the fees we can charge. This could make our products less desirable to consumers, reduce the volume of transactions and our profitability, and limit our ability to innovate or offer differentiated products. We are devoting substantial resources to defending our right to establish interchange rates in regulatory proceedings, litigation and legislative activity. The potential outcome of any of these activities could have a more positive or negative impact on us relative to our competitors. If we are ultimately unsuccessful in defending our ability to establish interchange rates, any resulting legislation, regulation and/or litigation may have a material adverse impact on our overall business and results of operations. In addition, regulatory proceedings and litigation could result in us being fined and/or having to pay civil damages, the amount of which could be material. Current regulatory activity could be extended to additional jurisdictions or products, which could materially and adversely affect our overall business and results of operations. Regulators around the world increasingly replicate other regulators’ approaches with regard to the regulation of payments and other industries. Consequently, regulation in any one country, state or region may influence regulatory approaches in other countries, states or regions. Similarly, new laws and regulations within a country, state or region involving one product may lead to regulation of similar or related products. For example, regulations affecting debit transactions could lead to regulation of other products (such as credit). As a result, the risks to our business created by any one new law or regulation are magnified by the potential it has to be replicated in other jurisdictions or involve other products within any particular jurisdiction. These include matters like interchange rates, potential direct regulation of our network fees and pricing, network standards and network exclusivity and routing agreements. Conversely, if widely varying regulations come into existence worldwide, we may have difficulty adjusting our products, services, fees and other important aspects of our business to meet the varying requirements. Either of these outcomes could materially and adversely affect our overall business and results of operations. Limitations on our ability to restrict merchant surcharging could materially and adversely impact our results of operations. We have historically implemented policies, referred to as no-surcharge rules, in certain jurisdictions, including the United States, that prohibit merchants from charging higher prices to consumers who pay using our products instead of other means. Authorities in several jurisdictions have acted to end or limit the application of these no-surcharge rules (or indicated interest in doing so). Additionally, we have modified our no-surcharge rules to permit U.S. merchants to surcharge credit cards, subject to certain limitations. It is possible that over time merchants in some or all merchant categories in these jurisdictions may choose to surcharge as permitted by the rule change. This could result in consumers viewing our products less favorably and/or using alternative means of payment instead of electronic products, which could result in a decrease in our overall transaction volumes, and which in turn could materially and adversely impact our results of operations. Preferential or Protective Government Actions Preferential and protective government actions related to domestic payment services could adversely affect our ability to maintain or increase our revenues. Governments in some countries have acted, or in the future may act, to provide resources, preferential treatment or other protection to selected national payment and switching providers, or have created, or may in the future create, their own national provider. This action may displace us from, prevent us from entering into, or substantially restrict us from participating in, particular geographies, and may prevent us from competing effectively against those providers. For example: • Governments in some countries are considering, or may consider, regulatory requirements that mandate switching of domestic payments either entirely in that country or by only domestic companies. In particular, we are currently excluded from domestic switching in China and are seeking market access, which is uncertain and subject to a number of factors, including receiving regulatory approval. In 2017, People’s Bank of China issued the Service Guidelines for Market Access of Bank Card Clearing Institutions, which provide some guidance on the 2016 regulations on license application and operational requirements for network operators to process domestic payments in China. We have been engaged with regulators, business partners and other stakeholders in connection with steps required to advance an application. Additionally, Russia has amended its National Payments Systems laws to require all payment systems to process domestic transactions through a government-owned payment switch. As a result, all of our domestic transactions in Russia are currently processed by that system instead of by us. • Geopolitical events and resulting OFAC sanctions, adverse trade policies or other types of government actions could lead jurisdictions affected by those sanctions to take actions in response that could adversely affect our business. • Regional groups of countries, such as the Gulf Cooperation Countries in the Middle East and a number of countries in South East Asia, are considering, or may consider, efforts to restrict our participation in the switching of regional transactions. Such developments prevent us from utilizing our global switching capabilities for domestic or regional customers. Our efforts to effect change in, or work with, these countries may not succeed. This could adversely affect our ability to maintain or increase our revenues and extend our global brand. Regulation Related to Our Participation in the Payments Industry Regulations that directly or indirectly affect the global payments industry may materially and adversely affect our overall business and results of operations. We are subject to regulations that affect the payments industry in the many jurisdictions in which our integrated products and services are used. Many of our customers are also subject to regulations applicable to banks and other financial institutions that, at times, consequently affect us. Regulation of the payments industry, including regulations applicable to us and our customers, has increased significantly in the last several years. See “Business-Government Regulation” in Part I, Item 1 for a detailed description of such regulation and related legislation. Examples include: • Anti-Money Laundering, Counter Terrorist Financing, Economic Sanctions and Anti-Corruption - We are subject to AML and CTF laws and regulations globally, including the U.S. Bank Secrecy Act and the USA PATRIOT Act, as well as the various economic sanctions programs, including those imposed and administered by OFAC. We have implemented a comprehensive AML/CTF program, comprised of policies, procedures and internal controls, including the designation of a compliance officer, which is designed to prevent our payment network from being used to facilitate money laundering and other illicit activity and to address these legal and regulatory requirements and assist in managing money laundering and terrorist financing risks. The economic sanctions programs administered by OFAC restrict financial transactions and other dealings with certain countries and geographies (specifically Crimea, Cuba, Iran, North Korea and Syria) and with persons and entities included in OFAC sanctions lists including the SDN List. We take measures to prevent transactions that do not comply with OFAC and other applicable sanctions, including establishing a risk-based compliance program that has policies, procedures and controls designed to prevent us from having unlawful business dealings with prohibited countries, regions, individuals or entities. As part of this program, we obligate issuers and acquirers to comply with their local sanctions obligations and the U.S. sanctions programs, including requiring the screening of account holders and merchants, respectively, against OFAC sanctions lists (including the SDN List). Iran, Sudan and Syria have been identified by the U.S. State Department as terrorist-sponsoring states, and we have no offices, subsidiaries or affiliated entities located in any of these countries or geographies and do not license entities domiciled there. We are also subject to anti-corruption laws and regulations globally, including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act, which, among other things, generally prohibit giving or offering payments or anything of value for the purpose of improperly influencing a business decision or to gain an unfair business advantage. We have implemented policies, procedures and internal controls to proactively manage corruption risk. A violation and subsequent judgment or settlement against us, or those with whom we may be associated, under these laws could subject us to substantial monetary penalties, damages, and/or have a significant reputational impact. • Financial Sector Oversight - In the United States, we are subject to regulation by a number of agencies charged with oversight of, among other things, consumer protection, financial and banking matters. These regulators have supervisory and independent examination authority as well as enforcement authority that we may be subject to because of the services we provide to financial institutions that issue and acquire our products. It is often not clear whether and/or to what extent these institutions will regulate broader aspects of payment networks. • Real-time Account-based Payment Systems - In 2017, we completed the acquisition of a controlling interest in Vocalink. In the U.K., the Bank of England has expanded its oversight of certain payment system providers that are systemically important to U.K.’s payment network. As a result of these changes, aspects of our Vocalink business could become subject to the U.K. payment system oversight regime and be directly overseen by the Bank of England. • Issuer Practice Legislation and Regulation - Our financial institution customers are subject to numerous regulations, which impact us as a consequence. In addition, certain regulations, such as PSD2 in the EEA, may disintermediate issuers. If our customers are disintermediated in their business, we could face diminished demand for our integrated products and services. In addition, existing or new regulations in these or other areas may diminish the attractiveness of our products to our customers. • Regulation of Internet and Digital Transactions - Proposed legislation in various jurisdictions relating to Internet gambling and other digital areas such as cyber-security, copyright, trademark infringement and privacy could impose additional compliance burdens on us and/or our customers, including requiring us or our customers to monitor, filter, restrict, or otherwise oversee various categories of payment transactions. Increased regulatory focus on us, such as in connection with the matters discussed above, may result in costly compliance burdens and/or may otherwise increase our costs. Similarly, increased regulatory focus on our customers may cause such customers to reduce the volume of transactions processed through our systems. Actions by regulators could influence other organizations around the world to enact or consider adopting similar measures, amplifying any potential compliance burden. Finally, failure to comply with the laws and regulations discussed above to which we are subject could result in fines, sanctions or other penalties. Each may individually or collectively materially and adversely affect our financial performance and/or our overall business and results of operations, as well as have an impact on our reputation. We could be subject to adverse changes in tax laws, regulations and interpretations or challenges to our tax positions. We are subject to tax laws and regulations of the U.S. federal, state and local governments as well as various non-U.S. jurisdictions. Potential changes in existing tax laws may impact our effective tax rate and tax payments. For example, the recent U.S. tax legislation enacted on December 22, 2017 represents a significant overhaul of the U.S. federal tax code. This tax legislation reduced the U.S. statutory corporate tax rate and made other changes that could have a favorable impact on our overall U.S. federal tax liability in a given period. However, the tax legislation also included a number of provisions that limit or eliminate various deductions, including interest expense, performance-based compensation for certain executives and the domestic production activities deduction, among others, that could affect our U.S. federal income tax position. We are continuing to evaluate the overall impact of this tax legislation on our operations and U.S. federal income tax position. See Note 17 (Income Taxes) to the consolidated financial statements included in Part II, Item 8 for further discussion of the TCJA. While we expect the TCJA to be favorable to the Company overall, there can be no assurance that changes in tax laws or regulations, both within the U.S. and the other jurisdictions in which we operate, will not materially and adversely affect our effective tax rate, tax payments, financial condition and results of operations. Similarly, changes in tax laws and regulations that impact our customers and counterparties or the economy generally may also impact our financial condition and results of operations. In addition, tax laws and regulations are complex and subject to varying interpretations, and any significant failure to comply with applicable tax laws and regulations in all relevant jurisdictions could give rise to substantial penalties and liabilities. Any changes in enacted tax laws, rules or regulatory or judicial interpretations; any adverse outcome in connection with tax audits in any jurisdiction; or any change in the pronouncements relating to accounting for income taxes could materially and adversely impact our effective tax rate, tax payments, financial condition and results of operations. Privacy, Data Protection and Security Regulation of privacy, data protection, security and the digital economy could increase our costs, as well as negatively impact our growth. We are subject to regulations related to privacy, data protection and information security in the jurisdictions in which we do business. These regulations could result in negative impacts to our business. As we continue to develop integrated products and services to meet the needs of a changing marketplace, we may expand our information profile through the collection of additional data across multiple channels. This expansion could amplify the impact of these regulations on our business. Regulation of privacy and data protection and information security often times require monitoring of and changes to our data practices in regard to the collection, use, disclosure, storage and/or security of personal and sensitive information. In addition, due to the European Parliament’s passage of the GDPR and the European Court of Justice’s invalidation of the Safe Harbor treaty, we are subject to enhanced compliance and operational requirements in the European Union. Failure to comply with these laws, regulations and requirements could result in fines, sanctions or other penalties, which could materially and adversely affect our results of operations and overall business, as well as have an impact on our reputation. New requirements or reinterpretations of existing requirements in these areas, or the development of new regulatory schemes related to the digital economy in general, may also increase our costs and could impact aspects of our business such as fraud monitoring, the development of information-based products and solutions and technology operations. In addition, these requirements may increase the costs to our customers of issuing payment products, which may, in turn, decrease the number of our payment products that they issue. Moreover, due to account data compromise events, as well as the disclosure of the monitoring activities by certain governmental agencies, there has been heightened legislative and regulatory scrutiny around the world that could lead to further regulation and requirements. Any of these developments could materially and adversely affect our overall business and results of operations. In addition, fraudulent activity could encourage regulatory intervention, which could damage our reputation and reduce the use and acceptance of our integrated products and services or increase our compliance costs. Criminals are using increasingly sophisticated methods to capture consumer account information to engage in illegal activities such as counterfeiting or other fraud. As outsourcing and specialization become common in the payments industry, there are more third parties involved in processing transactions using our payment products. While we are taking measures to make card and digital payments more secure, increased fraud levels involving our integrated products and services, or misconduct or negligence by third parties switching or otherwise servicing our integrated products and services, could lead to regulatory intervention, such as enhanced security requirements, as well as damage to our reputation. Litigation Liabilities we may incur for any litigation that has been or may be brought against us could materially and adversely affect our results of operations. We are a defendant on a number of civil litigations and regulatory proceedings and investigations, including among others, those alleging violations of competition and antitrust law and those involving intellectual property claims. See Note 18 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details regarding the allegations contained in these complaints and the status of these proceedings. In the event we are found liable in any material litigations or proceedings, particularly in the event we may be found liable in a large class-action lawsuit or on the basis of an antitrust claim entitling the plaintiff to treble damages or under which we were jointly and severally liable, we could be subject to significant damages, which could have a material adverse impact on our overall business and results of operations. Limitations on our business resulting from litigation or litigation settlements may materially and adversely affect our overall business and results of operations. Certain limitations have been placed on our business in recent years because of litigation and litigation settlements, such as changes to our no-surcharge rule in the United States. Any future limitations on our business resulting from litigation or litigation settlements could impact our relationships with our customers, including reducing the volume of business that we do with them, which may materially and adversely affect our overall business and results of operations. Business and Operations Competition and Technology Substantial and intense competition worldwide in the global payments industry may materially and adversely affect our overall business and results of operations. The global payments industry is highly competitive. Our payment programs compete against all forms of payment, including cash and checks; electronic, mobile and e-commerce payment platforms; cryptocurrencies; ACH payment services; and other payments networks, which can have several competitive impacts on our business: • Within the global general purpose payments industry, we face substantial and increasingly intense competition worldwide. • In certain jurisdictions, including the United States, Visa has greater volume, scale and market share than we do, which may provide significant competitive advantages. • Some of our traditional competitors, as well as alternative payment service providers, may have substantially greater financial and other resources than we have, may offer a wider range of programs and services than we offer or may use more effective advertising and marketing strategies to achieve broader brand recognition or merchant acceptance than we have. • Our ability to compete may also be affected by the outcomes of litigation, competition-related regulatory proceedings, central bank activity and legislative activity. Certain of our competitors, including American Express, Discover, private-label card networks and certain alternative payments systems, operate three-party payments systems with direct connections to both merchants and consumers and these competitors may derive competitive advantages from their business models. If we continue to attract more regulatory scrutiny than these competitors because we operate a four-party system, or we are regulated because of the system we operate in a way in which our competitors are not, we could lose business to these competitors. See “Business-Competition” in Part I, Item 1. If we are not able to differentiate ourselves from our competitors, drive value for our customers and/or effectively align our resources with our goals and objectives, we may not be able to compete effectively against these threats. Our competitors may also more effectively introduce their own innovative programs and services that adversely impact our growth. We also compete against new entrants that have developed alternative payments systems, e-commerce payments systems and payments systems for mobile devices, as well as physical store locations. A number of these new entrants rely principally on the Internet to support their services and may enjoy lower costs than we do, which could put us at a competitive disadvantage. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations. Disintermediation from stakeholders both within and outside of the payments value chain could harm our business. As the payments industry continues to develop and change, we face disintermediation and related risks, including: • Parties that process our transactions in certain countries may try to eliminate our position as an intermediary in the payment process. For example, merchants could switch (and in some cases are switching) transactions directly with issuers. Additionally, processors could process transactions directly between issuers and acquirers. Large scale consolidation within processors could result in these processors developing bilateral agreements or in some cases switching the entire transaction on their own network, thereby disintermediating us. • Regulation in the EEA may disintermediate us by enabling third-party processors opportunities to route payment transactions away from our networks and towards other forms of payment. • Although we partner with technology companies (such as digital players and mobile providers) that leverage our technology, platforms and networks to deliver their products, they could develop platforms or networks that disintermediate us from digital payments and impact our ability to compete in the digital economy. This risk is heightened when we have relationships with these entities where we share Mastercard data. While we share this data in a controlled manner subject to applicable anonymization and data privacy standards, without proper oversight we could inadvertently share too much data which could give the partner a competitive advantage. • Competitors, customers, technology companies, governments and other industry participants may develop products that compete with or replace value-added products and services we currently provide to support our switched transaction and payment offerings. These products could replace our own switching and payments offerings or could force us to change our pricing or practices for these offerings. In addition, governments that develop national payment platforms may promote their platforms in such a way that could put us at a competitive disadvantage in those markets. • Participants in the payments industry may merge, create joint ventures or form other business combinations that may strengthen their existing business services or create new payment services that compete with our services. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations. Continued intense pricing pressure may materially and adversely affect our overall business and results of operations. In order to increase transaction volumes, enter new markets and expand our Mastercard-branded cards and enabled products and services, we seek to enter into business agreements with customers through which we offer incentives, pricing discounts and other support that promote our products. In order to stay competitive, we may have to increase the amount of these incentives and pricing discounts. Over the past several years, we have experienced continued pricing pressure. The demand from our customers for better pricing arrangements and greater rebates and incentives moderates our growth. We may not be able to continue our expansion strategy to process additional transaction volumes or to provide additional services to our customers at levels sufficient to compensate for such lower fees or increased costs in the future, which could materially and adversely affect our overall business and results of operations. In addition, increased pressure on prices increases the importance of cost containment and productivity initiatives in areas other than those relating to customer incentives. In the future, we may not be able to enter into agreements with our customers if they require terms that we are unable or unwilling to offer, and we may be required to modify existing agreements in order to maintain relationships and to compete with others in the industry. Some of our competitors are larger and have greater financial resources than we do and accordingly may be able to charge lower prices to our customers. In addition, to the extent that we offer discounts or incentives under such agreements, we will need to further increase transaction volumes or the amount of services provided thereunder in order to benefit incrementally from such agreements and to increase revenue and profit, and we may not be successful in doing so, particularly in the current regulatory environment. Our customers also may implement cost reduction initiatives that reduce or eliminate payment product marketing or increase requests for greater incentives or greater cost stability. These factors could have a material adverse impact on our overall business and results of operations. Rapid and significant technological developments and changes could negatively impact our overall business and results of operations or limit our future growth. The payments industry is subject to rapid and significant technological changes, which can impact our business in several ways: • Technological changes, including continuing developments of technologies in the areas of smart cards and devices, contactless and mobile payments, e-commerce, cryptocurrency and block chain technology, machine learning and AI, could result in new technologies that may be superior to, or render obsolete, the technologies we currently use in our programs and services. Moreover, these changes could result in new and innovative payment methods and programs that could place us at a competitive disadvantage and that could reduce the use of our products. • We rely in part on third parties, including some of our competitors and potential competitors, for the development of and access to new technologies. The inability of these companies to keep pace with technological developments, or the acquisition of these companies by competitors, could negatively impact our offerings. • Our ability to develop and adopt new services and technologies may be inhibited by industry-wide solutions and standards (such as those related to EMV, tokenization or other safety and security technologies), and by resistance from customers or merchants to such changes. • Our ability to develop evolving systems and products may be inhibited by any difficulty we may experience in attracting and retaining technology experts. • Our ability to adopt these technologies can also be inhibited by intellectual property rights of third parties. We have received, and we may in the future receive, notices or inquiries from patent holders (for example, other operating companies or non-practicing entities) suggesting that we may be infringing certain patents or that we need to license the use of their patents to avoid infringement. Such notices may, among other things, threaten litigation against us or our customers or demand significant license fees. • Our ability to develop new technologies and reflect technological changes in our payments offerings will require resources, which may result in additional expenses. • We work with technology companies (such as digital players and mobile providers) that use our technology to enhance payment safety and security and to deliver their payment-related products and services quickly and efficiently to consumers. Our inability to keep pace technologically could negatively impact the willingness of these customers to work with us, and could encourage them to use their own technology and compete against us. We cannot predict the effect of technological changes on our business, and our future success will depend, in part, on our ability to anticipate, develop or adapt to technological changes and evolving industry standards. Failure to keep pace with these technological developments or otherwise bring to market products that reflect these technologies could lead to a decline in the use of our products, which could have a material adverse impact on our overall business and results of operations. Operating a new real-time account-based payments network in connection with our Vocalink acquisition presents risks that could materially affect our business. Our acquisition of Vocalink in 2017 added real-time account-based payment technology to the suite of capabilities we offer. While expansion into this space presents business opportunities, there are also regulatory and operational risks associated with administering a new type of payments network and with integrating this acquisition into our business. Operating a new type of payments system presents new regulatory and operational risks. English regulators have designated this platform to be “critical national infrastructure” and regulators in other countries may in the future expand their regulatory oversight of real-time account-based payments systems in similar ways. In addition, any prolonged service outage on this network could result in quickly escalating impacts, including potential intervention by the Bank of England and significant reputational risk to Vocalink and us. For a discussion of the regulatory risks related to our real-time account-based payments platform, see our risk factor in “Risk Factors - Regulation Related to Our Participation in the Payments Industry” in this Part I, Item 1A. Furthermore, the complexity of this payment technology requires careful management to address security vulnerabilities that are different from those faced on our core network. While we are leveraging Vocalink’s talent and expertise, we may face challenges in adapting to the complex requirements of operating a new payments system. Operational difficulties, such as the temporary unavailability of our services or products, or security breaches on our real-time account-based payments network could cause a loss of business for these products and services, result in potential liability for us and adversely affect our reputation. We are also working to embed the new products and technology acquired from Vocalink into our existing markets. This product convergence requires tight working relationships and integration with the people and corporate culture of Vocalink as a critical success factor. Not managing the integration successfully could result in larger-than-expected integration costs, which could be significant. If we fail to successfully embed these new technologies, we may lose existing Vocalink business and may not remain competitive in our payment technology offerings as compared to our competitors. See our risk factor in “Risk Factors - Acquisitions” in this Part I, Item 1A for more information on risks relating to the integrating our acquisitions. Working with new customers and end users as we expand our integrated products and services can present operational challenges, be costly and result in reputational damage if the new products or services do not perform as intended. The payments markets in which we compete are characterized by rapid technological change, new product introductions, evolving industry standards and changing customer and consumer needs. In order to remain competitive and meet the needs of the payments market, we are continually involved in diversifying our integrated products and services. These efforts carry the risks associated with any diversification initiative, including cost overruns, delays in delivery and performance problems. These projects also carry risks associated with working with different types of customers, for example organizations such as corporations that are not financial institutions and non-governmental organizations (“NGOs”), and end users than those we have traditionally worked with. These differences may present new operational challenges in the development and implementation of our new products or services. Our failure to render these integrated products and services could make our other integrated products and services less desirable to customers, or put us at a competitive disadvantage. In addition, if there is a delay in the implementation of our products or services or if our products or services do not perform as anticipated, we could face additional regulatory scrutiny, fines, sanctions or other penalties, which could materially and adversely affect our overall business and results of operations, as well as negatively impact our brand and reputation. Information Security and Service Disruptions Information security incidents or account data compromise events could disrupt our business, damage our reputation, increase our costs and cause losses. Information security risks for payments and technology companies such as ours have significantly increased in recent years in part because of the proliferation of new technologies, the use of the Internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, terrorists and other external parties. These threats may derive from fraud or malice on the part of our employees or third parties, or may result from human error or accidental technological failure. These threats include cyber-attacks such as computer viruses, malicious code, phishing attacks or information security breaches and could lead to the misappropriation of consumer account and other information and identity theft. Our operations rely on the secure processing, transmission and storage of confidential, proprietary and other information in our computer systems and networks. Our customers and other parties in the payments value chain, as well as account holders, rely on our digital technologies, computer systems, software and networks to conduct their operations. In addition, to access our integrated products and services, our customers and account holders increasingly use personal smartphones, tablet PCs and other mobile devices that may be beyond our control. We, like other financial technology organizations, routinely are subject to cyber-threats and our technologies, systems and networks have been subject to attempted cyber-attacks. Because of our position in the payments value chain, we believe that we are likely to continue to be a target of such threats and attacks. Additionally, geopolitical events and resulting government activity could also lead to information security threats and attacks by affected jurisdictions and their sympathizers. To date, we have not experienced any material impact relating to cyber-attacks or other information security breaches. However, future attacks or breaches could lead to security breaches of the networks, systems or devices that our customers use to access our integrated products and services, which in turn could result in the unauthorized disclosure, release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information (including account data information) or data security compromises. Such attacks or breaches could also cause service interruptions, malfunctions or other failures in the physical infrastructure or operations systems that support our businesses and customers (such as the lack of availability of our value-added systems), as well as the operations of our customers or other third parties. In addition, they could lead to damage to our reputation with our customers and other parties and the market, additional costs to us (such as repairing systems, adding new personnel or protection technologies or compliance costs), regulatory penalties, financial losses to both us and our customers and partners and the loss of customers and business opportunities. If such attacks are not detected immediately, their effect could be compounded. We maintain an information security program, a business continuity program and insurance coverage (each reviewed by our Board of Directors and its Audit Committee), and our processing systems incorporate multiple levels of protection, in order to address or otherwise mitigate these risks. We also continually test our systems to discover and address any potential vulnerabilities. Despite these mitigation efforts, there can be no assurance that we will be immune to these risks and not suffer material breaches and resulting losses in the future, or that our insurance coverage would be sufficient to cover all losses. Our risk and exposure to these matters remain heightened because of, among other things, the evolving nature of these threats, our prominent size and scale and our role in the global payments and technology industries, our plans to continue to implement our digital and mobile channel strategies and develop additional remote connectivity solutions to serve our customers and account holders when and how they want to be served, our global presence, our extensive use of third-party vendors and future joint venture and merger and acquisition opportunities. As a result, information security and the continued development and enhancement of our controls, processes and practices designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access remain a priority for us. As cyber-threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Any of the risks described above could materially adversely affect our overall business and results of operations. In addition to information security risks for our systems, we also routinely encounter account data compromise events involving merchants and third-party payment processors that process, store or transmit payment transaction data, which affect millions of Mastercard, Visa, Discover, American Express and other types of account holders. These events, some of which have been high profile, typically involve external agents hacking the merchants’ or third-party processors’ systems and installing malware to compromise the confidentiality and integrity of those systems. Further events of this type may subject us to reputational damage and/or lawsuits involving payment products carrying our brands. Damage to our reputation or that of our brands resulting from an account data breach of either our systems or the systems of our customers, merchants and other third parties could decrease the use and acceptance of our integrated products and services. Such events could also slow or reverse the trend toward electronic payments. In addition to reputational concerns, while most of the lawsuits resulting from account data breaches do not involve direct claims against us and while we have releases from many issuers and acquirers, we could still face damage claims, which, if upheld, could materially and adversely affect our results of operations. Such events could have a material adverse impact on our transaction volumes, results of operations and prospects for future growth, or increase our costs by leading to additional regulatory burdens being imposed on us. Service disruptions that cause us to be unable to process transactions or service our customers could materially affect our overall business and results of operations. Our transaction switching systems and other offerings may experience interruptions as a result of technology malfunctions, fire, weather events, power outages, telecommunications disruptions, terrorism, workplace violence, accidents or other catastrophic events. Our visibility in the global payments industry may also put us at greater risk of attack by terrorists, activists, or hackers who intend to disrupt our facilities and/or systems. Additionally, we rely on third-party service providers for the timely transmission of information across our global data network. Inadequate infrastructure in lesser-developed markets could also result in service disruptions, which could impact our ability to do business in those markets. If one of our service providers fails to provide the communications capacity or services we require, as a result of natural disaster, operational disruptions, terrorism, hacking or any other reason, the failure could interrupt our services. Although we maintain a business continuity program to analyze risk, assess potential impacts, and develop effective response strategies, we cannot ensure that our business would be immune to these risks, because of the intrinsic importance of our switching systems to our business, any interruption or degradation could adversely affect the perception of the reliability of products carrying our brands and materially adversely affect our overall business and our results of operations. Financial Institution Customers and Other Stakeholder Relationships Losing a significant portion of business from one or more of our largest financial institution customers could lead to significant revenue decreases in the longer term, which could have a material adverse impact on our business and our results of operations. Most of our financial institution customer relationships are not exclusive and may be terminated by our customers. Our customers can reassess their commitments to us at any time in the future and/or develop their own competitive services. Accordingly, our business agreements with these customers may not reduce the risk inherent in our business that customers may terminate their relationships with us in favor of relationships with our competitors, or for other reasons, or might not meet their contractual obligations to us. In addition, a significant portion of our revenue is concentrated among our five largest financial institution customers. Loss of business from any of our large customers could have a material adverse impact on our overall business and results of operations. Exclusive/near exclusive relationships certain customers have with our competitors may have a material adverse impact on our business. Certain customers have exclusive, or nearly-exclusive, relationships with our competitors to issue payment products, and these relationships may make it difficult or cost-prohibitive for us to do significant amounts of business with them to increase our revenues. In addition, these customers may be more successful and may grow faster than the customers that primarily issue our payment products, which could put us at a competitive disadvantage. Furthermore, we earn substantial revenue from customers with nearly-exclusive relationships with our competitors. Such relationships could provide advantages to the customers to shift business from us to the competitors with which they are principally aligned. A significant loss of our existing revenue or transaction volumes from these customers could have a material adverse impact on our business. Consolidation in the banking industry could materially and adversely affect our overall business and results of operations. The banking industry has undergone substantial, accelerated consolidation in the past. Consolidations have included customers with a substantial Mastercard portfolio being acquired by institutions with a strong relationship with a competitor. If significant consolidation among customers were to continue, it could result in the substantial loss of business for us, which could have a material adverse impact on our business and prospects. In addition, one or more of our customers could seek to merge with, or acquire, one of our competitors, and any such transaction could also have a material adverse impact on our overall business. Consolidation could also produce a smaller number of large customers, which could increase their bargaining power and lead to lower prices and/or more favorable terms for our customers. These developments could materially and adversely affect our results of operations. Our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and, in many jurisdictions, their ability to effectively manage or help manage our brands. While we work directly with many stakeholders in the payments system, including merchants, governments and large digital companies and other technology companies, we are, and will continue to be, significantly dependent on our relationships with our issuers and acquirers and their respective relationships with account holders and merchants to support our programs and services. Furthermore, we depend on our issuing partners and acquirers to continue to innovate to maintain competitiveness in the market. We do not issue cards or other payment devices, extend credit to account holders or determine the interest rates or other fees charged to account holders. Each issuer determines these and most other competitive payment program features. In addition, we do not establish the discount rate that merchants are charged for acceptance, which is the responsibility of our acquiring customers. As a result, our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and the strength of our relationships with them. In turn, our customers’ success depends on a variety of factors over which we have little or no influence, including economic conditions in global financial markets or their disintermediation by competitors or emerging technologies. If our customers become financially unstable, we may lose revenue or we may be exposed to settlement risk. See our risk factor in “Risk Factors - Settlement and Third-Party Obligations” in this Part I, Item 1A with respect to how we guarantee certain third-party obligations for further discussion. With the exception of the United States and a select number of other jurisdictions, most in-country (as opposed to cross-border) transactions conducted using Mastercard, Maestro and Cirrus cards are authorized, cleared and settled by our customers or other processors. Because we do not provide domestic switching services in these countries and do not, as described above, have direct relationships with account holders, we depend on our close working relationships with our customers to effectively manage our brands, and the perception of our payments system, among consumers in these countries. We also rely on these customers to help manage our brands and perception among regulators and merchants in these countries, alongside our own relationships with them. From time to time, our customers may take actions that we do not believe to be in the best interests of our payments system overall, which may materially and adversely impact our business. Merchants’ continued focus on acceptance costs may lead to additional litigation and regulatory proceedings and increase our incentive program costs, which could materially and adversely affect our profitability. Merchants are important constituents in our payments system. We rely on both our relationships with them, as well as their relationships with our issuer and acquirer customers, to continue to expand the acceptance of our integrated products and services. We also work with merchants to help them enable new sales channels, create better purchase experiences, improve efficiencies, increase revenues and fight fraud. In the retail industry, there is a set of larger merchants with increasingly global scope and influence. We believe that these merchants are having a significant impact on all participants in the global payments industry, including Mastercard. Some large merchants have supported the legal, regulatory and legislative challenges to interchange fees that Mastercard has been defending, including the U.S. merchant litigations. See our risk factor in “Risk Factors - Risks Related to Our Participation in the Payments Industry” in this Part I, Item 1A with respect to payments industry regulation, including interchange fees. The continued focus of merchants on the costs of accepting various forms of payment, including in connection with the growth of digital payments, may lead to additional litigation and regulatory proceedings. Certain larger merchants are also able to negotiate incentives from us and pricing concessions from our issuer and acquirer customers as a condition to accepting our products. We also make payments to certain merchants to incentivize them to create co-branded payment programs with us. As merchants consolidate and become even larger, we may have to increase the amount of incentives that we provide to certain merchants, which could materially and adversely affect our results of operations. Competitive and regulatory pressures on pricing could make it difficult to offset the costs of these incentives. Additionally, if the rate of merchant acceptance growth slows our business could suffer. Our work with governments exposes us to unique risks that could have a material impact on our business and results of operations. As we increase our work with national, state and local governments, both indirectly through financial institutions and with them directly as our customers, we may face various risks inherent in associating or contracting directly with governments. These risks include, but are not limited to, the following: • Governmental entities typically fund projects through appropriated monies. Changes in governmental priorities or other political developments, including disruptions in governmental operations, could impact approved funding and result in changes in the scope, or lead to the termination of, the arrangements or contracts we or financial institutions enter into with respect to our payment products and services. • Our work with governments subjects us to U.S. and international anti-corruption laws, including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act. A violation and subsequent judgment or settlement under these laws could subject us to substantial monetary penalties and damages and have a significant reputational impact. • Working or contracting with governments, either directly or via our financial institution customers, can subject us to heightened reputational risks, including extensive scrutiny and publicity, as well as a potential association with the policies of a government as a result of a business arrangement with that government. Any negative publicity or negative association with a government entity, regardless of its accuracy, may adversely affect our reputation. Settlement and Third-Party Obligations Our role as guarantor exposes us to risk of loss or illiquidity. We are a guarantor of certain third-party obligations, including those of: • principal customers, which are customers that participate directly in our programs and are responsible for their own settlement and other activities as well as those of their sponsored affiliate customers • affiliate debit licensees In this capacity, we are exposed to risk of loss or illiquidity: • We may incur obligations in connection with transaction settlements if an issuer or acquirer fails to fund its daily settlement obligations due to technical problems, liquidity shortfalls, insolvency or other reasons. • If our principal customer or affiliate debit licensee is unable to fulfill its settlement obligations to other customers, we may bear the loss. • Although we are not obligated to do so, we may elect to keep merchants whole if an acquirer defaults on its merchant payment obligations, or to keep prepaid cardholders whole if an issuer defaults on its obligation to safeguard unspent prepaid funds. Concurrent settlement failures of more than one of our larger customers or of several of our smaller customers either on a given day or over a condensed period of time may exceed our available resources and could materially and adversely affect our overall business and liquidity. Even if we have sufficient liquidity to cover a settlement failure, we may not be able to recover the cost of such a payment and may therefore be exposed to significant losses, which could materially and adversely affect our results of operations. Should an event occur that would trigger any significant indemnification obligation which we owe to any customers or other companies, such an obligation could materially and adversely affect our overall business and results of operations. We mitigate the contingent risk of a settlement failure using various strategies, including monitoring our customers’ financial condition, their economic and political operating environments and their compliance with our participation standards. For more information on our settlement exposure and risk assessment and mitigation practices, see Note 19 (Settlement and Other Risk Management) to the consolidated financial statements included in Part II, Item 8. Global Economic and Political Environment Global financial market activity could result in a material and adverse impact on our overall business and results of operations. Adverse economic trends (including distress in financial markets, turmoil in specific economies around the world and additional government intervention) have impacted the environment in which we operate. The condition of the economic environment may accelerate the timing of or increase the impact of risks to our financial performance. Such impact may include, but is not limited to, the following: • Our customers may: Ø restrict credit lines to account holders or limit the issuance of new Mastercard products to mitigate increasing account holder defaults Ø implement cost reduction initiatives that reduce or eliminate payment product marketing or increase requests for greater incentives or greater cost stability Ø default on their settlement obligations, including as a result of sovereign defaults, causing a liquidity crisis for our other customers • Consumer spending can be negatively impacted by: Ø declining economies, foreign currency fluctuations and the pace of economic recovery, which can change cross-border travel patterns, on which a significant portion of our revenues is dependent Ø low levels of consumer and business confidence typically associated with recessionary environments and those markets experiencing relatively high unemployment • Government intervention (including the effect of laws, regulations and/or government investments on or in our financial institution customers), as well as uncertainty due to changing political regimes in executive, legislative and/or judicial branches of government, may have potential negative effects on our business and our relationships with customers or otherwise alter their strategic direction away from our products. • Tightening of credit availability could impact the ability of participating financial institutions to lend to us under the terms of our credit facility. Any of these developments could have a material adverse impact on our overall business and results of operations. A decline in cross-border activity could adversely affect our results of operations. We switch substantially all cross-border transactions using Mastercard, Maestro and Cirrus-branded cards and generate a significant amount of revenue from cross-border volume fees and fees related to switched transactions. Revenue from switching cross-border and currency conversion transactions for our customers fluctuates with the levels and destinations of cross-border travel and our customers’ need for transactions to be converted into their base currency. Cross-border activity may be adversely affected by world geopolitical, economic, weather and other conditions. These include the threat of terrorism and outbreaks of flu, viruses and other diseases. Additionally, any regulation of interregional interchange fees could negatively impact our cross-border activity, which could decrease the revenue we receive. Any such decline in cross-border activity could materially adversely affect our results of operations. Negative trends in spending could negatively impact our results of operations. The global payments industry depends heavily upon the overall level of consumer, business and government spending. General economic conditions (such as unemployment, housing and changes in interest rates) and other political conditions (such as devaluation of currencies and government restrictions on consumer spending) in key countries in which we operate may adversely affect our financial performance by reducing the number or average purchase amount of transactions involving our products. Adverse currency fluctuations and foreign exchange controls could negatively impact our results of operations. During 2017, approximately 65% of our revenue was generated from activities outside the United States. This revenue (and the related expense) could be transacted in a non-functional currency or valued based on a currency other than the functional currency of the entity generating the revenues. Resulting exchange gains and losses are included in our net income. Our risk management activities provide protection with respect to adverse changes in the value of only a limited number of currencies and are based on estimates of exposures to these currencies. In addition, some of the revenue we generate outside the United States is subject to unpredictable currency fluctuations including devaluation of currencies where the values of other currencies change relative to the U.S. dollar. If the U.S. dollar strengthens compared to currencies in which we generate revenue, this revenue may be translated at a materially lower amount than expected. Furthermore, we may become subject to exchange control regulations that might restrict or prohibit the conversion of our other revenue currencies into U.S. dollars, such as what we have experienced in Venezuela. The occurrence of currency fluctuations or exchange controls could have a material adverse impact on our results of operations. The United Kingdom’s proposed withdrawal from the European Union could harm our business and financial results. In June 2016, voters in the United Kingdom approved the withdrawal of the U.K. from the E.U. (commonly referred to as “Brexit”). The U.K. government triggered Article 50 of the Lisbon Treaty on May 29, 2017, which commenced the official E.U. withdrawal process. Uncertainty over the terms of the U.K.’s departure from the E.U. could cause political and economic uncertainty in the U.K. and the rest of Europe, which could harm our business and financial results. Brexit could lead to legal uncertainty and potentially divergent national laws and regulations in the U.K. and E.U. We, as well as our clients who have significant operations in the U.K., may incur additional costs and expenses as we adapt to potentially divergent regulatory frameworks from the rest of the E.U. In addition, because we conduct business in and have operations in the U.K., we may need to apply for regulatory authorization and permission in separate E.U. member states. We may also face additional complexity with regard to immigration and travel rights for our employees located in the U.K. and the E.U. These factors may impact our ability to operate in the E.U. and U.K. seamlessly. Any of these effects of Brexit, among others, could harm our business and financial results. Reputational Impact Negative brand perception may materially and adversely affect our overall business. Our brands and their attributes are key assets of our business. The ability to attract consumers to our branded products and retain them depends upon the external perception of us and our industry. Our business may be affected by actions taken by our customers, merchants or other organizations that impact the perception of our brands or the payments industry in general. From time to time, our customers may take actions that we do not believe to be in the best interests of our brands, such as creditor practices that may be viewed as “predatory”. Additionally, large digital companies and other technology companies who are our customers use our networks to build their own acceptance brands, which could cause consumer confusion and decrease the value of our brand. Moreover, adverse developments with respect to our industry or the industries of our customers may also, by association, impair our reputation, or result in greater regulatory or legislative scrutiny. We have also been pursuing the use of social media channels at an increasingly rapid pace. Under some circumstances, our use of social media, or the use of social media by others as a channel for criticism or other purposes, could also cause rapid, widespread reputational harm to our brands by disseminating rapidly and globally actual or perceived damaging information about us, our products or merchants or other end users who utilize our products. Also, as we are headquartered in the United States, a negative perception of the United States could impact the perception of our company, which could adversely affect our business. Such perception and damage to our reputation could have a material and adverse effect to our overall business. Acquisitions Acquisitions, strategic investments or entry into new businesses could disrupt our business and harm our results of operations or reputation. Although we may continue to evaluate and/or make strategic acquisitions of, or acquire interests in joint ventures or other entities related to, complementary businesses, products or technologies, we may not be able to successfully partner with or integrate them, despite original intentions and focused efforts. In addition, such an integration may divert management’s time and resources from our core business and disrupt our operations. Moreover, we may spend time and money on acquisitions or projects that do not meet our expectations or increase our revenue. To the extent we pay the purchase price of any acquisition in cash, it would reduce our cash reserves available to us for other uses, and to the extent the purchase price is paid with our stock, it could be dilutive to our stockholders. Furthermore, we may not be able to successfully finance the business following the acquisition as a result of costs of operations, including any litigation risk which may be inherited from the acquisition. Any acquisition or entry into a new business could subject us to new regulations with which we would need to comply. This compliance could increase our costs, and we could be subject to liability or reputational harm to the extent we cannot meet any such compliance requirements. Our expansion into new businesses could also result in unanticipated issues which may be difficult to manage. Class A Common Stock and Governance Structure Provisions in our organizational documents and Delaware law could be considered anti-takeover provisions and have an impact on change-in-control. Provisions contained in our amended and restated certificate of incorporation and bylaws and Delaware law could be considered anti-takeover provisions, including provisions that could delay or prevent entirely a merger or acquisition that our stockholders consider favorable. These provisions may also discourage acquisition proposals or have the effect of delaying or preventing entirely a change in control, which could harm our stock price. For example, subject to limited exceptions, our amended and restated certificate of incorporation prohibits any person from beneficially owning more than 15% of any of the Class A common stock or any other class or series of our stock with general voting power, or more than 15% of our total voting power. In addition: • our stockholders are not entitled to the right to cumulate votes in the election of directors • our stockholders are not entitled to act by written consent • a vote of 80% or more of all of the outstanding shares of our stock then entitled to vote is required for stockholders to amend any provision of our bylaws • any representative of a competitor of Mastercard or of Mastercard Foundation is disqualified from service on our board of directors Mastercard Foundation’s substantial stock ownership, and restrictions on its sales, may impact corporate actions or acquisition proposals favorable to, or favored by, the other public stockholders. As of February 9, 2018, Mastercard Foundation owned 112,181,762 shares of Class A common stock, representing approximately 10.8% of our general voting power. Mastercard Foundation may not sell or otherwise transfer its shares of Class A common stock prior to May 1, 2027, except to the extent necessary to satisfy its charitable disbursement requirements, for which purpose earlier sales are permitted. Mastercard Foundation is permitted to sell all of its remaining shares after May 1, 2027. The directors of Mastercard Foundation are required to be independent of us and our customers. The ownership of Class A common stock by Mastercard Foundation, together with the restrictions on transfer, could discourage or make more difficult acquisition proposals favored by the other holders of the Class A common stock. In addition, because Mastercard Foundation is restricted from selling its shares for an extended period of time, it may not have the same interest in short or medium-term movements in our stock price as, or incentive to approve a corporate action that may be favorable to, our other stockholders. ITEM 1B.

Current §1A text (2018)

Show full section (10272 words)

ITEM 1A. RISK FACTORS Legal and Regulatory Payments Industry Regulation Global regulatory and legislative activity directly related to the payments industry may have a material adverse impact on our overall business and results of operations. Regulators increasingly seek to regulate certain aspects of payments systems such as ours, or establish or expand their authority to do so. Many jurisdictions have enacted such regulations. These regulations have established, and could further expand, obligations or restrictions with respect to the types of products and services that we may offer to financial institutions for consumers, the countries in which our integrated products and services may be used, the way we structure and operate our business and the types of consumers and merchants who can obtain or accept our products or services. New regulations and oversight could also relate to our clearing and settlement activities (including risk management policies and procedures, collateral requirements, participant default policies and procedures, the ability to complete timely switching of financial transactions, and capital and financial resource requirements). In addition, several central banks or similar regulatory bodies around the world have increased, or are seeking to increase, their formal oversight of the electronic payments industry and, in some cases, are considering designating certain payments networks as “systemically important payment systems” or “critical infrastructure.” These obligations, designations and restrictions may further expand and could conflict with each other as more jurisdictions impose oversight of payment systems. Some enacted regulations require financial institutions to provide third party payment processors access to consumer payment accounts. This may enable these third party payment processors to route transactions away from Mastercard products by offering account information or payment initiation services directly to people who currently use our products. This may also allow these processors to commoditize the data that are included in the transactions. New authentication standards have been enacted requiring additional verification information from consumers to complete transactions. This may increase the number of transactions that consumers abandon if we are unable to ensure a frictionless authentication experience. An increase in the rate of abandoned transactions could adversely impact our volumes or other operational metrics. Increased regulation and oversight of payment systems may result in costly compliance burdens or otherwise increase our costs. Such laws or compliance burdens could result in issuers and acquirers being less willing to participate in our payments system, reduce the benefits offered in connection with the use of our products (making our products less desirable to consumers), reduce the volume of domestic and cross-border transactions or other operational metrics, disintermediate us, impact our profitability and limit our ability to innovate or offer differentiated products and services, all of which could materially and adversely impact our financial performance. Regulators could also require us to obtain prior approval for changes to its system rules, procedures or operations, or could require customization with regard to such changes, which could impact market participant risk and therefore risk to us. Such regulatory changes could lead to new or different criteria for participation in and access to our payments system by financial institutions or other customers. Moreover, failure to comply with the laws and regulations to which we are subject could result in fines, sanctions, civil damages or other penalties, which could materially and adversely affect our overall business and results of operations, as well as have an impact on our brand and reputation. Increased regulatory, legislative and litigation activity with respect to interchange rates could have an adverse impact on our business. Interchange rates are a significant component of the costs that merchants pay in connection with the acceptance of our products. Although we do not earn revenues from interchange, interchange rates can impact the volume of transactions we see on our payment products. If interchange rates are too high, merchants may stop accepting our products or route debit transactions away from our network. If interchange rates are too low, issuers may stop promoting our integrated products and services, eliminate or reduce loyalty rewards programs or other account holder benefits (e.g., free checking or low interest rates on balances), or charge fees to account holders (e.g., annual fees or late payment fees). Governments and merchant groups in a number of countries have implemented or are seeking interchange rate reductions through legislation, competition law, central bank regulation and litigation. See “Government Regulation” and Note 20 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details. If issuers cannot collect or we are forced to reduce interchange rates, issuers may be less willing to participate in our four-party payments system, or may reduce the benefits offered in connection with the use of our products, reducing the attractiveness of our products to consumers. In particular, potential changes to interregional interchange fees as a result of the proposed resolution of the European Commission’s investigation could impact our cross-border transaction activity disproportionately versus competitors that are not subject to similar reductions. These and other impacts could lower transaction volumes, and/or make proprietary three-party networks or other forms of payment more attractive. Issuers could reduce the benefits associated with our products or choose to charge higher fees to consumers to attempt to recoup a portion of the costs incurred for their services. In addition, issuers could seek to decrease the expense of their payment programs by seeking a reduction in the fees that we charge to them, particularly if regulation has a disproportionate impact on us as compared to our competitors in terms of the fees we can charge. This could make our products less desirable to consumers, reduce the volume of transactions and our profitability, and limit our ability to innovate or offer differentiated products. We are devoting substantial resources to defending our right to establish interchange rates in regulatory proceedings, litigation and legislative activity. The potential outcome of any of these activities could have a more positive or negative impact on us relative to our competitors. If we are ultimately unsuccessful in defending our ability to establish interchange rates, any resulting legislation, regulation and/or litigation may have a material adverse impact on our overall business and results of operations. In addition, regulatory proceedings and litigation could result (and in some cases has resulted) in us being fined and/or having to pay civil damages, the amount of which could be material. Current regulatory activity could be extended to additional jurisdictions or products, which could materially and adversely affect our overall business and results of operations. Regulators around the world increasingly replicate other regulators’ approaches with regard to the regulation of payments and other industries. Consequently, regulation in any one country, state or region may influence regulatory approaches in other countries, states or regions. Similarly, new laws and regulations within a country, state or region involving one product may lead to regulation of similar or related products. For example, regulations affecting debit transactions could lead to regulation of other products (such as credit). As a result, the risks to our business created by any one new law or regulation are magnified by the potential it has to be replicated in other jurisdictions or involve other products within any particular jurisdiction. These include matters like interchange rates, potential direct regulation of our network fees and pricing, network standards and network exclusivity and routing agreements. Conversely, if widely varying regulations come into existence worldwide, we may have difficulty adjusting our products, services, fees and other important aspects of our business to meet the varying requirements. Either of these outcomes could materially and adversely affect our overall business and results of operations. Limitations on our ability to restrict merchant surcharging could materially and adversely impact our results of operations. We have historically implemented policies, referred to as no-surcharge rules, in certain jurisdictions, including the United States, that prohibit merchants from charging higher prices to consumers who pay using our products instead of other means. Authorities in several jurisdictions have acted to end or limit the application of these no-surcharge rules (or indicated interest in doing so). Additionally, we have modified our no-surcharge rules to permit U.S. merchants to surcharge credit cards, subject to certain limitations. It is possible that over time merchants in some or all merchant categories in these jurisdictions may choose to surcharge as permitted by the rule change. This could result in consumers viewing our products less favorably and/or using alternative means of payment instead of electronic products, which could result in a decrease in our overall transaction volumes, and which in turn could materially and adversely impact our results of operations. Preferential or Protective Government Actions Preferential and protective government actions related to domestic payment services could adversely affect our ability to maintain or increase our revenues. Governments in some countries have acted, or in the future may act, to provide resources, preferential treatment or other protection to selected national payment and switching providers, or have created, or may in the future create, their own national provider. This action may displace us from, prevent us from entering into, or substantially restrict us from participating in, particular geographies, and may prevent us from competing effectively against those providers. For example: • Governments in some countries are considering, or may consider, regulatory requirements that mandate switching of domestic payments either entirely in that country or by only domestic companies. • Some jurisdictions are considering requirements to collect, process and/or store data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications. • Geopolitical events and resulting OFAC sanctions, adverse trade policies or other types of government actions could lead jurisdictions affected by those sanctions to take actions in response that could adversely affect our business. • Regional groups of countries are considering, or may consider, efforts to restrict our participation in the switching of regional transactions. Such developments prevent us from utilizing our global switching capabilities for domestic or regional customers. Our efforts to effect change in, or work with, these countries may not succeed. This could adversely affect our ability to maintain or increase our revenues and extend our global brand. Privacy, Data Protection and Security Regulation of privacy, data protection, security and the digital economy could increase our costs, as well as negatively impact our growth. We are subject to increasingly complex regulations related to privacy, data protection and information security in the jurisdictions in which we do business. These regulations could result in negative impacts to our business. As we continue to develop integrated products and services to meet the needs of a changing marketplace, as well as acquire new companies, we may expand our information profile through the collection of additional data from additional sources and across multiple channels. This expansion could amplify the impact of these regulations on our business. Regulation of privacy and data protection and information security often times require monitoring of and changes to our data practices in regard to the collection, use, disclosure, storage, transfer and/or security of personal and sensitive information. We are also subject to enhanced compliance and operational requirements in the European Union, and policymakers around the globe are using these requirements as a reference to adopt new or updated privacy laws that could result in similar or stricter requirements in other jurisdictions. Some jurisdictions are also considering requirements to collect, process and/or store data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications. Other jurisdictions are considering adopting sector-specific regulations for the payments industry, including forced data sharing requirements or additional verification requirements that overlap or conflict with, or diverge from, general privacy rules. Failure to comply with these laws, regulations and requirements could result in fines, sanctions or other penalties, which could materially and adversely affect our results of operations and overall business, as well as have an impact on our reputation. New requirements or reinterpretations of existing requirements in these areas, or the development of new regulatory schemes related to the digital economy in general, may also increase our costs and could impact the products and services we offer and other aspects of our business, such as fraud monitoring, the development of information-based products and solutions and technology operations. In addition, these requirements may increase the costs to our customers of issuing payment products, which may, in turn, decrease the number of our payment products that they issue. Moreover, due to account data compromise events and privacy abuses by other companies, as well as the disclosure of monitoring activities by certain governmental agencies in combination with the use of artificial intelligence and new technologies, there has been heightened legislative and regulatory scrutiny around the world that could lead to further regulation and requirements and/or future enforcement. Those developments have also raised public attention on companies’ data practices and have changed consumer and societal expectations for enhanced privacy and data protection. Any of these developments could materially and adversely affect our overall business and results of operations. In addition, fraudulent activity could encourage regulatory intervention, which could damage our reputation and reduce the use and acceptance of our integrated products and services or increase our compliance costs. Criminals are using increasingly sophisticated methods to capture consumer account information to engage in illegal activities such as counterfeiting or other fraud. As outsourcing and specialization become common in the payments industry, there are more third parties involved in processing transactions using our payment products. While we are taking measures to make card and digital payments more secure, increased fraud levels involving our integrated products and services, or misconduct or negligence by third parties switching or otherwise servicing our integrated products and services, could lead to regulatory intervention, such as enhanced security requirements, as well as damage to our reputation. Other Regulation Regulations that directly or indirectly apply to Mastercard as a result of our participation in the global payments industry may materially and adversely affect our overall business and results of operations. We are subject to regulations that affect the payments industry in the many jurisdictions in which our integrated products and services are used. Many of our customers are also subject to regulations applicable to banks and other financial institutions that, at times, consequently affect us. Regulation of the payments industry, including regulations applicable to us and our customers, has increased significantly in the last several years. See “Business - Government Regulation” in Part I, Item 1 for a detailed description of such regulation and related legislation. Examples include: • Anti-Money Laundering, Counter Terrorist Financing, Economic Sanctions and Anti-Corruption - We are subject to AML and CTF laws and regulations globally, including the U.S. Bank Secrecy Act and the USA PATRIOT Act, as well as the various economic sanctions programs, including those imposed and administered by OFAC. The economic sanctions programs administered by OFAC restrict financial transactions and other dealings with certain countries and geographies (specifically Crimea, Cuba, Iran, North Korea and Syria) and with persons and entities included in OFAC sanctions lists including the SDN List. Iran, Sudan and Syria have been identified by the U.S. State Department as terrorist-sponsoring states. We are also subject to anti-corruption laws and regulations globally, including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act, which, among other things, generally prohibit giving or offering payments or anything of value for the purpose of improperly influencing a business decision or to gain an unfair business advantage. A violation and subsequent judgment or settlement against us, or those with whom we may be associated, under these laws could subject us to substantial monetary penalties, damages, and/or have a significant reputational impact. • Account-based Payment Systems - In the U.K., the Treasury has expanded the Bank of England’s oversight of certain payment system providers that are systemically important to U.K.’s payment network. As a result of these changes, aspects of our Vocalink business are now subject to the U.K. payment system oversight regime and are directly overseen by the Bank of England. • Issuer Practice Legislation and Regulation - Our financial institution customers are subject to numerous regulations, which impact us as a consequence. In addition, certain regulations (such as PSD2 in the EEA) may disintermediate issuers. If our customers are disintermediated in their business, we could face diminished demand for our integrated products and services. In addition, existing or new regulations in these or other areas may diminish the attractiveness of our products to our customers. • Regulation of Internet and Digital Transactions - Proposed legislation in various jurisdictions relating to Internet gambling and other digital areas such as cyber-security and copyright and trademark infringement could impose additional compliance burdens on us and/or our customers, including requiring us or our customers to monitor, filter, restrict, or otherwise oversee various categories of payment transactions. Increased regulatory focus on us, such as in connection with the matters discussed above, may result in costly compliance burdens and/or may otherwise increase our costs. Similarly, increased regulatory focus on our customers may cause such customers to reduce the volume of transactions processed through our systems, or may otherwise impact the competitiveness of our products. Actions by regulators could influence other organizations around the world to enact or consider adopting similar measures, amplifying any potential compliance burden. Finally, failure to comply with the laws and regulations discussed above to which we are subject could result in fines, sanctions or other penalties. Each may individually or collectively materially and adversely affect our financial performance and/or our overall business and results of operations, as well as have an impact on our reputation. We could be subject to adverse changes in tax laws, regulations and interpretations or challenges to our tax positions. We are subject to tax laws and regulations of the U.S. federal, state and local governments as well as various non-U.S. jurisdictions. Potential changes in existing tax laws, including future regulatory guidance, may impact our effective tax rate and tax payments. There can be no assurance that changes in tax laws or regulations, both within the U.S. and the other jurisdictions in which we operate, will not materially and adversely affect our effective tax rate, tax payments, financial condition and results of operations. Similarly, changes in tax laws and regulations that impact our customers and counterparties or the economy generally may also impact our financial condition and results of operations. In addition, tax laws and regulations are complex and subject to varying interpretations, and any significant failure to comply with applicable tax laws and regulations in all relevant jurisdictions could give rise to substantial penalties and liabilities. Any changes in enacted tax laws, rules or regulatory or judicial interpretations; any adverse outcome in connection with tax audits in any jurisdiction; or any change in the pronouncements relating to accounting for income taxes could materially and adversely impact our effective tax rate, tax payments, financial condition and results of operations. Litigation Liabilities we may incur or limitations on our business related to any litigation or litigation settlements could materially and adversely affect our results of operations. We are a defendant on a number of civil litigations and regulatory proceedings and investigations, including among others, those alleging violations of competition and antitrust law and those involving intellectual property claims. See Note 20 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details regarding the allegations contained in these complaints and the status of these proceedings. In the event we are found liable in any material litigations or proceedings, particularly in the event we may be found liable in a large class-action lawsuit or on the basis of an antitrust claim entitling the plaintiff to treble damages or under which we were jointly and severally liable, we could be subject to significant damages, which could have a material adverse impact on our overall business and results of operations. Certain limitations have been placed on our business in recent years because of litigation and litigation settlements, such as changes to our no-surcharge rule in the United States. Any future limitations on our business resulting from litigation or litigation settlements could impact our relationships with our customers, including reducing the volume of business that we do with them, which may materially and adversely affect our overall business and results of operations. Business and Operations Competition and Technology Substantial and intense competition worldwide in the global payments industry may materially and adversely affect our overall business and results of operations. The global payments industry is highly competitive. Our payment programs compete against all forms of payment, including cash and checks; electronic, mobile and e-commerce payment platforms; cryptocurrencies; ACH payment services; and other payments networks, which can have several competitive impacts on our business: • Some of our traditional competitors, as well as alternative payment service providers, may have substantially greater financial and other resources than we have, may offer a wider range of programs and services than we offer or may use more effective advertising and marketing strategies to achieve broader brand recognition or merchant acceptance than we have. • Our ability to compete may also be affected by the outcomes of litigation, competition-related regulatory proceedings, central bank activity and legislative activity. Certain of our competitors operate three-party payments systems with direct connections to both merchants and consumers and these competitors may derive competitive advantages from their business models. If we continue to attract more regulatory scrutiny than these competitors because we operate a four-party system, or we are regulated because of the system we operate in a way in which our competitors are not, we could lose business to these competitors. See “Business-Competition” in Part I, Item 1. If we are not able to differentiate ourselves from our competitors, drive value for our customers and/or effectively align our resources with our goals and objectives, we may not be able to compete effectively against these threats. Our competitors may also more effectively introduce their own innovative programs and services that adversely impact our growth. We also compete against new entrants that have developed alternative payments systems, e-commerce payments systems and payments systems for mobile devices, as well as physical store locations. A number of these new entrants rely principally on the Internet to support their services and may enjoy lower costs than we do, which could put us at a competitive disadvantage. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations. Disintermediation from stakeholders both within and outside of the payments value chain could harm our business. As the payments industry continues to develop and change, we face disintermediation and related risks, including: • Parties that process our transactions in certain countries may try to eliminate our position as an intermediary in the payment process. For example, merchants could switch (and in some cases are switching) transactions directly with issuers. Additionally, processors could process transactions directly between issuers and acquirers. Large scale consolidation within processors could result in these processors developing bilateral agreements or in some cases switching the entire transaction on their own network, thereby disintermediating us. • Regulation in the EEA may disintermediate us by enabling third-party providers opportunities to route payment transactions away from our networks and towards other forms of payment. • Although we partner with technology companies (such as digital players and mobile providers) that leverage our technology, platforms and networks to deliver their products, they could develop platforms or networks that disintermediate us from digital payments and impact our ability to compete in the digital economy. This risk is heightened when we have relationships with these entities where we share Mastercard data. While we share this data in a controlled manner subject to applicable anonymization and privacy and data protection standards, without proper oversight we could inadvertently share too much data which could give the partner a competitive advantage. • Competitors, customers, technology companies, governments and other industry participants may develop products that compete with or replace value-added products and services we currently provide to support our switched transaction and payment offerings. These products could replace our own switching and payments offerings or could force us to change our pricing or practices for these offerings. In addition, governments that develop national payment platforms may promote their platforms in such a way that could put us at a competitive disadvantage in those markets. • Participants in the payments industry may merge, create joint ventures or form other business combinations that may strengthen their existing business services or create new payment products and services that compete with our services. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations. Continued intense pricing pressure may materially and adversely affect our overall business and results of operations. In order to increase transaction volumes, enter new markets and expand our Mastercard-branded cards and enabled products and services, we seek to enter into business agreements with customers through which we offer incentives, pricing discounts and other support that promote our products. In order to stay competitive, we may have to increase the amount of these incentives and pricing discounts. Over the past several years, we have experienced continued pricing pressure. The demand from our customers for better pricing arrangements and greater rebates and incentives moderates our growth. We may not be able to continue our expansion strategy to switch additional transaction volumes or to provide additional services to our customers at levels sufficient to compensate for such lower fees or increased costs in the future, which could materially and adversely affect our overall business and results of operations. In addition, increased pressure on prices increases the importance of cost containment and productivity initiatives in areas other than those relating to customer incentives. In the future, we may not be able to enter into agreements with our customers if they require terms that we are unable or unwilling to offer, and we may be required to modify existing agreements in order to maintain relationships and to compete with others in the industry. Some of our competitors are larger and have greater financial resources than we do and accordingly may be able to charge lower prices to our customers. In addition, to the extent that we offer discounts or incentives under such agreements, we will need to further increase transaction volumes or the amount of services provided thereunder in order to benefit incrementally from such agreements and to increase revenue and profit, and we may not be successful in doing so, particularly in the current regulatory environment. Our customers also may implement cost reduction initiatives that reduce or eliminate payment product marketing or increase requests for greater incentives or greater cost stability. These factors could have a material adverse impact on our overall business and results of operations. Rapid and significant technological developments and changes could negatively impact our overall business and results of operations or limit our future growth. The payments industry is subject to rapid and significant technological changes, which can impact our business in several ways: • Technological changes, including continuing developments of technologies in the areas of smart cards and devices, contactless and mobile payments, e-commerce, cryptocurrency and block chain technology, machine learning and AI, could result in new technologies that may be superior to, or render obsolete, the technologies we currently use in our programs and services. Moreover, these changes could result in new and innovative payment methods and products that could place us at a competitive disadvantage and that could reduce the use of our products. • We rely in part on third parties, including some of our competitors and potential competitors, for the development of and access to new technologies. The inability of these companies to keep pace with technological developments, or the acquisition of these companies by competitors, could negatively impact our offerings. • Our ability to develop and adopt new services and technologies may be inhibited by industry-wide solutions and standards (such as those related to EMV, tokenization or other safety and security technologies), and by resistance from customers or merchants to such changes. • Our ability to develop evolving systems and products may be inhibited by any difficulty we may experience in attracting and retaining technology experts. • Our ability to adopt these technologies can also be inhibited by intellectual property rights of third parties. We have received, and we may in the future receive, notices or inquiries from patent holders (for example, other operating companies or non-practicing entities) suggesting that we may be infringing certain patents or that we need to license the use of their patents to avoid infringement. Such notices may, among other things, threaten litigation against us or our customers or demand significant license fees. • Our ability to develop new technologies and reflect technological changes in our payments offerings will require resources, which may result in additional expenses. • We work with technology companies (such as digital players and mobile providers) that use our technology to enhance payment safety and security and to deliver their payment-related products and services quickly and efficiently to consumers. Our inability to keep pace technologically could negatively impact the willingness of these customers to work with us, and could encourage them to use their own technology and compete against us. We cannot predict the effect of technological changes on our business, and our future success will depend, in part, on our ability to anticipate, develop or adapt to technological changes and evolving industry standards. Failure to keep pace with these technological developments or otherwise bring to market products that reflect these technologies could lead to a decline in the use of our products, which could have a material adverse impact on our overall business and results of operations. Operating a real-time account-based payment network presents risks that could materially affect our business. Our acquisition of Vocalink in 2017 added real-time account-based payment technology to the suite of capabilities we offer. While expansion into this space presents business opportunities, there are also regulatory and operational risks associated with administering a real-time account-based payment network. British regulators have designated this platform to be “critical national infrastructure” and regulators in other countries may in the future expand their regulatory oversight of real-time account-based payment systems in similar ways. In addition, any prolonged service outage on this network could result in quickly escalating impacts, including potential intervention by the Bank of England and significant reputational risk to Vocalink and us. For a discussion of the regulatory risks related to our real-time account-based payment platform, see our risk factor in “Risk Factors - Payments Industry Regulation” in this Part I, Item 1A. Furthermore, the complexity of this payment technology requires careful management to address security vulnerabilities that are different from those faced on our core network. Operational difficulties, such as the temporary unavailability of our services or products, or security breaches on our real-time account-based payment network could cause a loss of business for these products and services, result in potential liability for us and adversely affect our reputation. Working with new customers and end users as we expand our integrated products and services can present operational challenges, be costly and result in reputational damage if the new products or services do not perform as intended. The payments markets in which we compete are characterized by rapid technological change, new product introductions, evolving industry standards and changing customer and consumer needs. In order to remain competitive and meet the needs of the payments market, we are continually involved in diversifying our integrated products and services. These efforts carry the risks associated with any diversification initiative, including cost overruns, delays in delivery and performance problems. These projects also carry risks associated with working with different types of customers, for example organizations such as corporations that are not financial institutions and non-governmental organizations (“NGOs”), and end users than those we have traditionally worked with. These differences may present new operational challenges in the development and implementation of our new products or services. Our failure to render these integrated products and services could make our other integrated products and services less desirable to customers, or put us at a competitive disadvantage. In addition, if there is a delay in the implementation of our products or services or if our products or services do not perform as anticipated, we could face additional regulatory scrutiny, fines, sanctions or other penalties, which could materially and adversely affect our overall business and results of operations, as well as negatively impact our brand and reputation. Information Security and Service Disruptions Information security incidents or account data compromise events could disrupt our business, damage our reputation, increase our costs and cause losses. Information security risks for payments and technology companies such as ours have significantly increased in recent years in part because of the proliferation of new technologies, the use of the Internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, terrorists and other external parties. These threats may derive from fraud or malice on the part of our employees or third parties, or may result from human error or accidental technological failure. These threats include cyber-attacks such as computer viruses, malicious code, phishing attacks or information security breaches and could lead to the misappropriation of consumer account and other information and identity theft. Our operations rely on the secure processing, transmission and storage of confidential, proprietary and other information in our computer systems and networks. Our customers and other parties in the payments value chain, as well as account holders, rely on our digital technologies, computer systems, software and networks to conduct their operations. In addition, to access our integrated products and services, our customers and account holders increasingly use personal smartphones, tablet PCs and other mobile devices that may be beyond our control. We, like other financial technology organizations, routinely are subject to cyber-threats and our technologies, systems and networks have been subject to attempted cyber-attacks. Because of our position in the payments value chain, we believe that we are likely to continue to be a target of such threats and attacks. Additionally, geopolitical events and resulting government activity could also lead to information security threats and attacks by affected jurisdictions and their sympathizers. To date, we have not experienced any material impact relating to cyber-attacks or other information security breaches. However, future attacks or breaches could lead to security breaches of the networks, systems or devices that our customers use to access our integrated products and services, which in turn could result in the unauthorized disclosure, release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information (including account data information) or data security compromises. Such attacks or breaches could also cause service interruptions, malfunctions or other failures in the physical infrastructure or operations systems that support our businesses and customers (such as the lack of availability of our value-added services), as well as the operations of our customers or other third parties. In addition, they could lead to damage to our reputation with our customers and other parties and the market, additional costs to us (such as repairing systems, adding new personnel or protection technologies or compliance costs), regulatory penalties, financial losses to both us and our customers and partners and the loss of customers and business opportunities. If such attacks are not detected immediately, their effect could be compounded. Despite various mitigation efforts that we undertake, there can be no assurance that we will be immune to these risks and not suffer material breaches and resulting losses in the future, or that our insurance coverage would be sufficient to cover all losses. Our risk and exposure to these matters remain heightened because of, among other things, the evolving nature of these threats, our prominent size and scale and our role in the global payments and technology industries, our plans to continue to implement our digital and mobile channel strategies and develop additional remote connectivity solutions to serve our customers and account holders when and how they want to be served, our global presence, our extensive use of third-party vendors and future joint venture and merger and acquisition opportunities. As a result, information security and the continued development and enhancement of our controls, processes and practices designed to protect our systems, computers, software, data and networks from attack, damage or unauthorized access remain a priority for us. As cyber-threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Any of the risks described above could materially adversely affect our overall business and results of operations. In addition to information security risks for our systems, we also routinely encounter account data compromise events involving merchants and third-party payment processors that process, store or transmit payment transaction data, which affect millions of Mastercard, Visa, Discover, American Express and other types of account holders. Further events of this type may subject us to reputational damage and/or lawsuits involving payment products carrying our brands. Damage to our reputation or that of our brands resulting from an account data breach of either our systems or the systems of our customers, merchants and other third parties could decrease the use and acceptance of our integrated products and services. Such events could also slow or reverse the trend toward electronic payments. In addition to reputational concerns, the cumulative impact of multiple account data compromise events could increase the impact of the fraud resulting from such events by, among other things, making it more difficult to identify consumers. Moreover, while most of the lawsuits resulting from account data breaches do not involve direct claims against us and while we have releases from many issuers and acquirers, we could still face damage claims, which, if upheld, could materially and adversely affect our results of operations. Such events could have a material adverse impact on our transaction volumes, results of operations and prospects for future growth, or increase our costs by leading to additional regulatory burdens being imposed on us. Service disruptions that cause us to be unable to process transactions or service our customers could materially affect our overall business and results of operations. Our transaction switching systems and other offerings may experience interruptions as a result of technology malfunctions, fire, weather events, power outages, telecommunications disruptions, terrorism, workplace violence, accidents or other catastrophic events. Our visibility in the global payments industry may also put us at greater risk of attack by terrorists, activists, or hackers who intend to disrupt our facilities and/or systems. Additionally, we rely on third-party service providers for the timely transmission of information across our global data network. Inadequate infrastructure in lesser-developed markets could also result in service disruptions, which could impact our ability to do business in those markets. If one of our service providers fails to provide the communications capacity or services we require, as a result of natural disaster, operational disruptions, terrorism, hacking or any other reason, the failure could interrupt our services. Although we maintain a business continuity program to analyze risk, assess potential impacts, and develop effective response strategies, we cannot ensure that our business would be immune to these risks, because of the intrinsic importance of our switching systems to our business, any interruption or degradation could adversely affect the perception of the reliability of products carrying our brands and materially adversely affect our overall business and our results of operations. Financial Institution Customers and Other Stakeholder Relationships Losing a significant portion of business from one or more of our largest financial institution customers could lead to significant revenue decreases in the longer term, which could have a material adverse impact on our business and our results of operations. Most of our financial institution customer relationships are not exclusive and may be terminated by our customers. Our customers can reassess their commitments to us at any time in the future and/or develop their own competitive services. Accordingly, our business agreements with these customers may not reduce the risk inherent in our business that customers may terminate their relationships with us in favor of relationships with our competitors, or for other reasons, or might not meet their contractual obligations to us. In addition, a significant portion of our revenue is concentrated among our five largest financial institution customers. Loss of business from any of our large customers could have a material adverse impact on our overall business and results of operations. Exclusive/near exclusive relationships certain customers have with our competitors may have a material adverse impact on our business. Certain customers have exclusive, or nearly-exclusive, relationships with our competitors to issue payment products, and these relationships may make it difficult or cost-prohibitive for us to do significant amounts of business with them to increase our revenues. In addition, these customers may be more successful and may grow faster than the customers that primarily issue our payment products, which could put us at a competitive disadvantage. Furthermore, we earn substantial revenue from customers with nearly-exclusive relationships with our competitors. Such relationships could provide advantages to the customers to shift business from us to the competitors with which they are principally aligned. A significant loss of our existing revenue or transaction volumes from these customers could have a material adverse impact on our business. Consolidation in the banking industry could materially and adversely affect our overall business and results of operations. The banking industry has undergone substantial, accelerated consolidation in the past. Consolidations have included customers with a substantial Mastercard portfolio being acquired by institutions with a strong relationship with a competitor. If significant consolidation among customers were to continue, it could result in the substantial loss of business for us, which could have a material adverse impact on our business and prospects. In addition, one or more of our customers could seek to merge with, or acquire, one of our competitors, and any such transaction could also have a material adverse impact on our overall business. Consolidation could also produce a smaller number of large customers, which could increase their bargaining power and lead to lower prices and/or more favorable terms for our customers. These developments could materially and adversely affect our results of operations. Our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and, in many jurisdictions, their ability to effectively manage or help manage our brands. While we work directly with many stakeholders in the payments system, including merchants, governments and large digital companies and other technology companies, we are, and will continue to be, significantly dependent on our relationships with our issuers and acquirers and their respective relationships with account holders and merchants to support our programs and services. Furthermore, we depend on our issuing partners and acquirers to continue to innovate to maintain competitiveness in the market. We do not issue cards or other payment devices, extend credit to account holders or determine the interest rates or other fees charged to account holders. Each issuer determines these and most other competitive payment program features. In addition, we do not establish the discount rate that merchants are charged for acceptance, which is the responsibility of our acquiring customers. As a result, our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and the strength of our relationships with them. In turn, our customers’ success depends on a variety of factors over which we have little or no influence, including economic conditions in global financial markets or their disintermediation by competitors or emerging technologies, as well as regulation. If our customers become financially unstable, we may lose revenue or we may be exposed to settlement risk. See our risk factor in “Risk Factors - Settlement and Third-Party Obligations” in this Part I, Item 1A with respect to how we guarantee certain third-party obligations for further discussion. With the exception of the United States and a select number of other jurisdictions, most in-country (as opposed to cross-border) transactions conducted using Mastercard, Maestro and Cirrus cards are authorized, cleared and settled by our customers or other processors. Because we do not provide domestic switching services in these countries and do not, as described above, have direct relationships with account holders, we depend on our close working relationships with our customers to effectively manage our brands, and the perception of our payments system, among consumers in these countries. We also rely on these customers to help manage our brands and perception among regulators and merchants in these countries, alongside our own relationships with them. From time to time, our customers may take actions that we do not believe to be in the best interests of our payments system overall, which may materially and adversely impact our business. Merchants’ continued focus on acceptance costs may lead to additional litigation and regulatory proceedings and increase our incentive program costs, which could materially and adversely affect our profitability. Merchants are important constituents in our payments system. We rely on both our relationships with them, as well as their relationships with our issuer and acquirer customers, to continue to expand the acceptance of our integrated products and services. We also work with merchants to help them enable new sales channels, create better purchase experiences, improve efficiencies, increase revenues and fight fraud. In the retail industry, there is a set of larger merchants with increasingly global scope and influence. We believe that these merchants are having a significant impact on all participants in the global payments industry, including Mastercard. Some large merchants have supported the legal, regulatory and legislative challenges to interchange fees that Mastercard has been defending, including the U.S. merchant litigations. See our risk factor in “Risk Factors - Risks Related to Our Participation in the Payments Industry” in this Part I, Item 1A with respect to payments industry regulation, including interchange fees. The continued focus of merchants on the costs of accepting various forms of payment, including in connection with the growth of digital payments, may lead to additional litigation and regulatory proceedings. Certain larger merchants are also able to negotiate incentives from us and pricing concessions from our issuer and acquirer customers as a condition to accepting our products. We also make payments to certain merchants to incentivize them to create co-branded payment programs with us. As merchants consolidate and become even larger, we may have to increase the amount of incentives that we provide to certain merchants, which could materially and adversely affect our results of operations. Competitive and regulatory pressures on pricing could make it difficult to offset the costs of these incentives. Additionally, if the rate of merchant acceptance growth slows our business could suffer. Our work with governments exposes us to unique risks that could have a material impact on our business and results of operations. As we increase our work with national, state and local governments, both indirectly through financial institutions and with them directly as our customers, we may face various risks inherent in associating or contracting directly with governments. These risks include, but are not limited to, the following: • Governmental entities typically fund projects through appropriated monies. Changes in governmental priorities or other political developments, including disruptions in governmental operations, could impact approved funding and result in changes in the scope, or lead to the termination of, the arrangements or contracts we or financial institutions enter into with respect to our payment products and services. • Our work with governments subjects us to U.S. and international anti-corruption laws, including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act. A violation and subsequent judgment or settlement under these laws could subject us to substantial monetary penalties and damages and have a significant reputational impact. • Working or contracting with governments, either directly or via our financial institution customers, can subject us to heightened reputational risks, including extensive scrutiny and publicity, as well as a potential association with the policies of a government as a result of a business arrangement with that government. Any negative publicity or negative association with a government entity, regardless of its accuracy, may adversely affect our reputation. Settlement and Third-Party Obligations Our role as guarantor, as well as other contractual obligations, expose us to risk of loss or illiquidity. We are a guarantor of certain third-party obligations, including those of certain of our customers. In this capacity, we are exposed to credit and liquidity risk from these customers and certain service providers. We may incur significant losses in connection with transaction settlements if a customer fails to fund its daily settlement obligations due to technical problems, liquidity shortfalls, insolvency or other reasons. Concurrent settlement failures of more than one of our larger customers or of several of our smaller customers either on a given day or over a condensed period of time may exceed our available resources and could materially and adversely affect our results of operations. We have significant contractual indemnification obligations with certain customers. Should an event occur that triggers these obligations, such an event could materially and adversely affect our overall business and result of operations. Global Economic and Political Environment Global economic, political, financial and societal events or conditions could result in a material and adverse impact on our overall business and results of operations. Adverse economic trends in key countries in which we operate may adversely affect our financial performance. Such impact may include, but is not limited to, the following: • Customers mitigating their economic exposure by limiting the issuance of new Mastercard products and requesting greater incentive or greater cost stability from us. • Consumers and businesses lowering spending, which could impact cross-border travel patterns (on which a significant portion of our revenues is dependent). • Government intervention (including the effect of laws, regulations and/or government investments on or in our financial institution customers), as well as uncertainty due to changing political regimes in executive, legislative and/or judicial branches of government, that may have potential negative effects on our business and our relationships with customers or otherwise alter their strategic direction away from our products. • Tightening of credit availability that could impact the ability of participating financial institutions to lend to us under the terms of our credit facility. Additionally, we switch substantially all cross-border transactions using Mastercard, Maestro and Cirrus-branded cards and generate a significant amount of revenue from cross-border volume fees and fees related to switched transactions. Revenue from switching cross-border and currency conversion transactions for our customers fluctuates with the levels and destinations of cross-border travel and our customers’ need for transactions to be converted into their base currency. Cross-border activity may be adversely affected by world geopolitical, economic, weather and other conditions. These include the threat of terrorism and outbreaks of flu, viruses and other diseases, as well as major environmental events. The uncertainty that could result from such events could decrease cross-border activity. Additionally, any regulation of interregional interchange fees could also negatively impact our cross-border activity. In each case, decreased cross-border activity could decrease the revenue we receive. Any of these developments could have a material adverse impact on our overall business and results of operations. Adverse currency fluctuations and foreign exchange controls could negatively impact our results of operations. During 2018, approximately 67% of our revenue was generated from activities outside the United States. This revenue (and the related expense) could be transacted in a non-functional currency or valued based on a currency other than the functional currency of the entity generating the revenues. Resulting exchange gains and losses are included in our net income. Our risk management activities provide protection with respect to adverse changes in the value of only a limited number of currencies and are based on estimates of exposures to these currencies. In addition, some of the revenue we generate outside the United States is subject to unpredictable currency fluctuations including devaluation of currencies where the values of other currencies change relative to the U.S. dollar. If the U.S. dollar strengthens compared to currencies in which we generate revenue, this revenue may be translated at a materially lower amount than expected. Furthermore, we may become subject to exchange control regulations that might restrict or prohibit the conversion of our other revenue currencies into U.S. dollars, such as what we have experienced in Venezuela. The occurrence of currency fluctuations or exchange controls could have a material adverse impact on our results of operations. The United Kingdom’s proposed withdrawal from the European Union could harm our business and financial results. In June 2016, voters in the United Kingdom approved the withdrawal of the U.K. from the E.U. (commonly referred to as “Brexit”). The U.K. government triggered Article 50 of the Lisbon Treaty on March 29, 2017, which commenced the official E.U. withdrawal process. Uncertainty over the terms of the U.K.’s departure from the E.U. could cause political and economic uncertainty in the U.K. and the rest of Europe, which could harm our business and financial results. Brexit could lead to legal uncertainty and potentially divergent national laws and regulations in the U.K. and E.U. We, as well as our clients who have significant operations in the U.K., may incur additional costs and expenses as we adapt to potentially divergent regulatory frameworks from the rest of the E.U. We may also face additional complexity with regard to immigration and travel rights for our employees located in the U.K. and the E.U. These factors may impact our ability to operate in the E.U. and U.K. seamlessly. Any of these effects of Brexit, among others, could harm our business and financial results. Brand and Reputational Impact Negative brand perception may materially and adversely affect our overall business. Our brands and their attributes are key assets of our business. The ability to attract consumers to our branded products and retain them depends upon the external perception of us and our industry. Our business may be affected by actions taken by our customers, merchants or other organizations that impact the perception of our brands or the payments industry in general. From time to time, our customers may take actions that we do not believe to be in the best interests of our brands, such as creditor practices that may be viewed as “predatory”. Moreover, adverse developments with respect to our industry or the industries of our customers may also, by association, impair our reputation, or result in greater regulatory or legislative scrutiny. We have also been pursuing the use of social media channels at an increasingly rapid pace. Under some circumstances, our use of social media, or the use of social media by others as a channel for criticism or other purposes, could also cause rapid, widespread reputational harm to our brands by disseminating rapidly and globally actual or perceived damaging information about us, our products or merchants or other end users who utilize our products. Also, as we are headquartered in the United States, a negative perception of the United States could impact the perception of our company, which could adversely affect our business. Such perception and damage to our reputation could have a material and adverse effect to our overall business. Lack of visibility of our brand in our products and services, or in the products and services of our partners who use our technology, may materially and adversely affect our business. As more players enter the global payments system, the layers between our brand and consumers and merchants increase. In order to compete with other powerful consumer brands that are also becoming part of the consumer payment experience, we often partner with those brands on payment solutions. These brands include large digital companies and other technology companies who are our customers and use our networks to build their own acceptance brands. In some cases, our brand may not be featured in the payment solution or may be secondary to other brands. Additionally, as part of our relationships with some issuers, our payment brand is only included on the back of the card. As a result, our brand may either be invisible to consumers or may not be the primary brand with which consumers associate the payment experience. This brand invisibility, or any consumer confusion as to our role in the consumer payment experience, could decrease the value of our brand, which could adversely affect our business. Talent and Culture We may not be able to attract, hire and retain a highly qualified and diverse workforce, or maintain our corporate culture, which could impact our ability to grow effectively. Our performance largely depends on the talents and efforts of our employees, particularly our key personnel and senior management. We may be unable to retain or to attract highly qualified employees. The market for key personnel is highly competitive, particularly in technology and other skill areas significant to our business. Additionally, changes in immigration and work permit laws and regulations and related enforcement have made it difficult for employees to work in, or transfer among, jurisdictions in which we have operations and could impair our ability to attract and retain qualified employees. Failure to attract, hire, develop, motivate and retain highly qualified and diverse employee talent, or to maintain a corporate culture that fosters innovation, creativity and teamwork could harm our overall business and results of operations. We rely on key personnel to lead with integrity. To the extent our leaders behave in a manner that is not consistent with our values, we could experience significant impact to our brand and reputation, as well as to our corporate culture. Acquisitions Acquisitions, strategic investments or entry into new businesses could disrupt our business and harm our results of operations or reputation. Although we may continue to evaluate and/or make strategic acquisitions of, or acquire interests in joint ventures or other entities related to, complementary businesses, products or technologies, we may not be able to successfully partner with or integrate them, despite original intentions and focused efforts. In addition, such an integration may divert management’s time and resources from our core business and disrupt our operations. Moreover, we may spend time and money on acquisitions or projects that do not meet our expectations or increase our revenue. To the extent we pay the purchase price of any acquisition in cash, it would reduce our cash reserves available to us for other uses, and to the extent the purchase price is paid with our stock, it could be dilutive to our stockholders. Furthermore, we may not be able to successfully finance the business following the acquisition as a result of costs of operations, including any litigation risk which may be inherited from the acquisition. Any acquisition or entry into a new business could subject us to new regulations with which we would need to comply. This compliance could increase our costs, and we could be subject to liability or reputational harm to the extent we cannot meet any such compliance requirements. Our expansion into new businesses could also result in unanticipated issues which may be difficult to manage. Class A Common Stock and Governance Structure Provisions in our organizational documents and Delaware law could be considered anti-takeover provisions and have an impact on change-in-control. Provisions contained in our amended and restated certificate of incorporation and bylaws and Delaware law could be considered anti-takeover provisions, including provisions that could delay or prevent entirely a merger or acquisition that our stockholders consider favorable. These provisions may also discourage acquisition proposals or have the effect of delaying or preventing entirely a change in control, which could harm our stock price. For example, subject to limited exceptions, our amended and restated certificate of incorporation prohibits any person from beneficially owning more than 15% of any of the Class A common stock or any other class or series of our stock with general voting power, or more than 15% of our total voting power. In addition: • our stockholders are not entitled to the right to cumulate votes in the election of directors • our stockholders are not entitled to act by written consent • a vote of 80% or more of all of the outstanding shares of our stock then entitled to vote is required for stockholders to amend any provision of our bylaws • any representative of a competitor of Mastercard or of Mastercard Foundation is disqualified from service on our board of directors Mastercard Foundation’s substantial stock ownership, and restrictions on its sales, may impact corporate actions or acquisition proposals favorable to, or favored by, the other public stockholders. As of February 8, 2019, Mastercard Foundation owned 112,181,762 shares of Class A common stock, representing approximately 11.1% of our general voting power. Mastercard Foundation may not sell or otherwise transfer its shares of Class A common stock prior to May 1, 2027, except to the extent necessary to satisfy its charitable disbursement requirements, for which purpose earlier sales are permitted. Mastercard Foundation is permitted to sell all of its remaining shares after May 1, 2027, subject to certain conditions. The directors of Mastercard Foundation are required to be independent of us and our customers. The ownership of Class A common stock by Mastercard Foundation, together with the restrictions on transfer, could discourage or make more difficult acquisition proposals favored by the other holders of the Class A common stock. In addition, because Mastercard Foundation is restricted from selling its shares for an extended period of time, it may not have the same interest in short or medium-term movements in our stock price as, or incentive to approve a corporate action that may be favorable to, our other stockholders. ITEM 1B.