V, §1A diff (2018 → 2019)
Added paragraphs (8143 words)
ITEM 1A. Risk Factors Regulatory Risks We are subject to complex and evolving global regulations that could harm our business and financial results. As a global payments technology company, we are subject to complex and evolving regulations that govern our operations. See Item 1 - Business-Government Regulation for more information on the most significant areas of regulation that affect our business. The impact of these regulations on us, our clients, and other third parties could limit our ability to enforce our payments system rules; require us to adopt new rules or change existing rules; affect our existing contractual arrangements; increase our compliance costs; require us to make our technology or intellectual property available to third parties, including competitors, in an undesirable manner; and reduce our revenue opportunities. As discussed in more detail below, we may face differing rules and regulations in matters like interchange reimbursement rates, preferred routing, domestic processing requirements, currency conversion, point-of-sale transaction rules and practices, privacy, data use or protection, licensing requirements, and associated product technology. As a result, the Visa operating rules and our other contractual commitments may differ from country to country or by product offering. Complying with these and other regulations increases our costs and could reduce our revenue opportunities. If widely varying regulations come into existence worldwide, we may have difficulty rapidly adjusting our product offerings, services, fees and other important aspects of our business in the regions where we operate. Our compliance programs and policies are designed to support our compliance with a wide array of regulations and laws, such as anti-money laundering, anti-corruption, competition, privacy and sanctions, and we continually enhance our compliance programs as regulations evolve. However, we cannot guarantee that our practices will be deemed compliant by all applicable regulatory authorities. In the event our controls should fail or we are found to be out of compliance for other reasons, we could be subject to monetary damages, civil and criminal penalties, litigation, investigations and proceedings, and damage to our global brands and reputation. Furthermore, the evolving and increased regulatory focus on the payments industry could negatively impact or reduce the number of Visa products our clients issue, the volume of payments we process, our revenues, our brands, our competitive positioning, our ability to use our intellectual property to differentiate our products and services, the quality and types of products and services we offer, the countries in which our products are used, and the types of consumers and merchants who can obtain or accept our products, all of which could harm our business. Increased scrutiny and regulation of the global payments industry, including with respect to interchange reimbursement fees, merchant discount rates, operating rules, risk management protocols and other related practices, could harm our business. Regulators around the world have been establishing or increasing their authority to regulate certain aspects of the payments industry. See Item 1. Business -Government Regulation for more information. In the U.S. and many other jurisdictions, we have historically set default interchange reimbursement fees. Even though we generally do not receive any revenue related to interchange reimbursement fees in a payment transaction (in the context of credit and debit transactions, those fees are paid by the acquirers to the issuers; the reverse is true for certain transactions like ATM), interchange reimbursement fees are a factor on which we compete with other payments providers and are therefore an important determinant of the volume of transactions we process. Consequently, changes to these fees, whether voluntarily or by mandate, can substantially affect our overall payments volumes and revenues. Interchange reimbursement fees, certain operating rules and related practices continue to be subject to increased government regulation globally, and regulatory authorities and central banks in a number of jurisdictions have reviewed or are reviewing these fees, rules, and practices. For example, regulations adopted by the U.S. Federal Reserve cap the maximum U.S. debit interchange reimbursement rate received by large financial institutions at 21 cents plus 5 basis points per transaction, plus a possible fraud adjustment of 1 cent. The Dodd-Frank Act also limits issuers’ and our ability to adopt network exclusivity and preferred routing in the debit and prepaid area, which also impacts our business. The EU’s IFR places an effective cap on consumer credit and consumer debit interchange fees for both domestic and cross-border transactions within the EEA (30 basis points and 20 basis points, respectively). EU member states have the ability to further reduce these interchange levels within their territories. Furthermore, the European Commission is in the process of conducting an impact assessment of the IFR, which could potentially result in lower and/or additional interchange fee caps and restrictions. Countries in other parts of the world, including the Latin America region have either adopted or are exploring interchange caps. For example, in March 2017, Argentina’s central bank passed regulations that cap interchange fees on credit and debit transactions. In March 2018, Brazil adopted interchange caps on debit transactions. When we cannot set default interchange reimbursement rates at optimal levels, issuers and acquirers may find our payments system less attractive. This may increase the attractiveness of other payments systems, such as our competitors’ closed-loop payments systems with direct connections to both merchants and consumers. We believe some issuers may react to such regulations by charging new or higher fees, or reducing certain benefits to consumers, which make our products less appealing to consumers. Some acquirers may elect to charge higher merchant discount rates regardless of the Visa interchange reimbursement rate, causing merchants not to accept our products or to steer customers to alternate payments systems or forms of payment. In addition, in an effort to reduce the expense of their payment programs, some issuers and acquirers have obtained, and may continue to obtain, incentives from us, including reductions in the fees that we charge, which may directly impact our revenues. In addition to the regulation of interchange reimbursement fees, a number of regulators impose restrictions on other aspects of our payments business. For example, many governments including, but not limited to governments in India and Turkey are using regulation to further drive down merchant discount rates, which could negatively affect the economics of our transactions. Some countries in Latin America, like Peru and Chile are relying on antitrust driven regulatory actions that can have implications for how the payments ecosystem and four party model operate. The Payment System Regulator’s review of the acquiring market in the United Kingdom could lead to additional regulatory pressure on our business. With increased merchant lobbying, we could also begin to see regulatory interest in network fees. Government regulations or pressure may also require us to allow other payments networks to support Visa products or services, or to have the other network’s functionality or brand marks on our products. As innovations in payment technology have enabled us to expand into new products and services, they have also expanded the potential scope of regulatory influence. For instance, new products and capabilities, including tokenization, push payments, and non-card based payment flows (e.g., B2B Connect) could bring increased licensing or authorization requirements in the countries where the product or capability is offered. In addition, the European Union’s requirement to separate scheme and processing adds costs and impacts the execution of our commercial, innovation and product strategies. We are also subject to central bank oversight in some markets, including, Brazil, Russia, the United Kingdom and within the European Union. This oversight could result in new governance, reporting, licensing, cybersecurity, processing infrastructure, capital, or credit risk management requirements. We could also be required to adopt policies and practices designed to mitigate settlement and liquidity risks, including increased requirements to maintain sufficient levels of capital and financial resources locally, as well as localized risk management or governance. Increased central bank oversight could also lead to new or different criteria for participation in and access to our payments system, including allowing non-traditional financial technology companies to act as issuers or acquirers. Additionally, regulators in other jurisdictions are considering or adopting approaches based on similar regulatory principles. Finally, regulators around the world increasingly take note of each other’s approaches to regulating the payments industry. Consequently, a development in one jurisdiction may influence regulatory approaches in another. The risks created by a new law, regulation or regulatory outcome in one jurisdiction have the potential to be replicated and to negatively affect our business in another jurisdiction or in other product offerings. For example, our settlement with the European Commission on cross-border interchange rates could draw the attention of regulators in other parts of the world. Similarly, new regulations involving one product offering may prompt regulators to extend the regulations to other product offerings. For example, credit payments could become subject to similar regulation as debit payments (or vice versa). For instance, the Reserve Bank of Australia initially capped credit interchange, but subsequently capped debit interchange as well. Government-imposed restrictions on international payment systems may prevent us from competing against providers in certain countries, including significant markets such as China, India and Russia. Governments in a number of jurisdictions shield domestic payment card networks, brands, and processors from international competition by imposing market access barriers and preferential domestic regulations. To varying degrees, these policies and regulations affect the terms of competition in the marketplace and undermine the competitiveness of international payments networks. In the future, public authorities may impose regulatory requirements that favor domestic providers or mandate that domestic payments processing be performed entirely within that country, which would prevent us from managing the end-to-end processing of certain transactions. In Russia, legislation effectively prevents us from processing domestic transactions. The central bank controlled national payment card system (NSPK) is the only entity allowed to process domestically. In China, UnionPay remains the sole processor of domestic payment card transactions and operates the sole domestic acceptance mark. Although we have filed an application with the People’s Bank of China (PBOC) to operate a Bank Card Clearing Institution (BCCI) in China, the timing and the procedural steps remain uncertain. The approval process might require several years, and there is no guarantee that the license to operate a BCCI will be approved or, if we obtain such license, that we will be able to successfully compete with domestic payments networks. Recent regulatory initiatives in India also suggest growing nationalistic priorities, including a data localization mandate passed by the government, which has cost implications for us and could affect our ability to effectively compete with domestic payment providers. Furthermore, regional groups of countries, such as the Gulf Cooperation Countries in the Middle East and a number of countries in Southeast Asia, are considering, or may consider, efforts to restrict our participation in the processing of regional transactions. The African Development Bank has also indicated an interest in supporting national payment systems in its efforts to expand financial inclusion and strengthen regional financial stability. Geopolitical events, including sanctions, trade tensions or other types of activities could potentially intensify any or all of these activities, which could adversely affect our business. Due to our inability to manage the end-to-end processing of transactions for cards in certain countries (e.g., Russia and Thailand), we depend on our close working relationships with our clients or third-party processors to ensure transactions involving our products are processed effectively. Our ability to do so may be adversely affected by regulatory requirements and policies pertaining to transaction routing or on-shore processing. Co-badging and co-residency regulations may pose additional challenges in markets where Visa competes with national networks for issuance and routing. For example, in China, certain banks have issued dual-branded cards for which domestic transactions in China are processed by UnionPay and transactions outside of China are processed by us or other international payments networks. The PBOC is contemplating that dual-branded cards could be phased out over time as new licenses are issued to international companies to participate in China’s domestic payments market. Accordingly, we have been working with Chinese issuers to issue Visa-only branded cards for international travel, and later for domestic transactions after we obtain a BCCI license. However, notwithstanding such efforts, the phase out of dual-branded cards may decrease our payment volumes and impact the revenue we generate in China. Mir and UnionPay have grown rapidly in Russia and China, respectively, and are actively pursuing international expansion plans, which could potentially lead to regulatory pressures on our international routing rule (which requires that international transactions on Visa cards be routed over VisaNet). Furthermore, although regulatory barriers shield Mir and UnionPay from competition in Russia and China, respectively, alternate payment providers such as Alipay and WeChat Pay have rapidly expanded into ecommerce, offline, and cross-border payments, which could make it difficult for us to compete even if our license is approved in China. Recently, with strong backing from China’s government, a new digital transaction routing system known as Netlink was established. The PBOC allowed Alipay and other digital payment providers to invest in Netlink. It and other such systems could have a competitive advantage in comparison with other international payments networks. In general, national laws that protect domestic providers or processing may increase our costs; decrease our payments volumes and impact the revenue we generate in those countries; decrease the number of Visa products issued or processed; impede us from utilizing our global processing capabilities and controlling the quality of the services supporting our brands; restrict our activities; limit our growth and the ability to introduce new products, services and innovations; force us to leave countries or prevent us from entering new markets; and create new competitors, all of which could harm our business. Laws and regulations regarding the handling of personal data and information may impede our services or result in increased costs, legal claims, or fines against us. Our business relies on the processing of data in many jurisdictions and the movement of data across national borders. Legal requirements relating to the collection, storage, handling, use, disclosure, transfer, and security of personal data continue to evolve, and regulatory scrutiny in this area is increasing around the world. Significant uncertainty exists as privacy and data protection laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. For example, the EU’s General Data Protection Regulation (GDPR) extends the scope of the EU data protection law to all companies processing data of EU residents, regardless of the company’s location. The law requires companies to meet new requirements regarding the handling of personal data. Although we have an extensive data privacy program that addresses the GDPR requirements, our ongoing efforts to comply with GDPR and other privacy and data protection laws (such as the new California Consumer Privacy Act effective as of January 2020 and the Brazilian General Data Protection Law effective as of February 2020) may entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. In addition, India has adopted a data localization law that requires all payment system operators to store domestic transaction data only in India. Such data localization requirements have cost implications for us, impact our ability to utilize the efficiencies and value of our global network, and could affect our strategy. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. The enactment of more restrictive laws, rules, regulations, or future enforcement actions or investigations could impact us through increased costs or restrictions on our business, and noncompliance could result in regulatory penalties and significant legal liability. We may be subject to tax examinations or disputes, or changes in tax laws. We exercise significant judgment in calculating our worldwide provision for income taxes and other tax liabilities. Although we believe our tax estimates are reasonable, many factors may limit their accuracy. We are currently under examination by, or in disputes with, the U.S. Internal Revenue Service, the UK’s HM Revenue & Customs as well as tax authorities in other jurisdictions, and we may be subject to additional examinations or disputes in the future. Relevant tax authorities may disagree with our tax treatment of certain material items and thereby increase our tax liability. Failure to sustain our position in these matters could harm our cash flow and financial position. In addition, changes in existing laws in the U.S. or foreign jurisdictions, or changes resulting from the Organization for Economic Cooperation and Development Program of Work, related to the revision of profit allocation and nexus rules and global base-erosion proposal, may also materially affect our effective tax rate. A substantial increase in our tax payments could have a material, adverse effect on our financial results. See also Note 19-Income Taxes to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. Litigation Risks We may be adversely affected by the outcome of litigation or investigations, despite certain protections that are in place. We are involved in numerous litigation matters, investigations, and proceedings asserted by civil litigants, governments, and enforcement bodies alleging, among other things, violations of competition and antitrust law, consumer protection law, and intellectual property law (these are referred to as “actions” in this section). Details of the most significant actions we face are described more fully in Note 20-Legal Matters to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. These actions are inherently uncertain, expensive, and disruptive to our operations. In the event we are found liable in any material action, particularly in a large class action lawsuit, such as one involving an antitrust claim entitling the plaintiff to treble damages, or we incur liability arising from a government investigation, we may be required to pay significant awards, settlements, or fines. In addition, settlement terms, judgments, or pressures resulting from actions may harm our business by requiring us to modify, among other things, the default interchange reimbursement rates we set, the Visa operating rules or the way in which we enforce those rules, our fees or pricing, or the way we do business. These actions or their outcomes may also influence regulators, investigators, governments, or civil litigants in the same or other jurisdictions, which may lead to additional actions against Visa. Finally, we are required by some of our commercial agreements to indemnify other entities for litigation brought against them, even if Visa is not a defendant. For certain actions like those that are U.S. covered litigation or VE territory covered litigation, as described in Note 5-U.S. and Europe Retrospective Responsibility Plans and Note 20-Legal Matters to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report, we have certain financial protections pursuant to the respective retrospective responsibility plans. The two retrospective responsibility plans are different in the protections they provide and the mechanisms by which we are protected. The failure of one or both of the retrospective responsibility plans to adequately insulate us from the impact of such settlements, judgments, losses, or liabilities could materially harm our financial condition or cash flows, or even cause us to become insolvent. Business Risks We face intense competition in our industry. The global payments space is intensely competitive. As technology evolves, new competitors or methods of payment emerge, and existing clients and competitors assume different roles. Our products compete with cash, checks, electronic funds, virtual currency payments, global or multi-regional networks, other domestic and closed-loop payments systems, and alternative payment providers primarily focused on enabling payments through ecommerce and mobile channels. As the global payments space becomes more complex, we face increasing competition from our clients, other emerging payment providers such as fintechs, and other digital payments and technology companies that have developed payments systems enabled through online activity in ecommerce and mobile channels. Our competitors may develop substantially better technology, have more widely adopted delivery channels or have greater financial resources. They may offer more effective, innovative or a wider range of programs, products, and services. They may use more effective advertising and marketing strategies that result in broader brand recognition, and greater issuance and merchant acceptance. They may also develop better security solutions or more favorable pricing arrangements. Moreover, even if we successfully adapt to technological change and the proliferation of alternative types of payment services by developing and offering our own services in these areas, such services may provide less favorable financial terms for us than we currently receive from VisaNet transactions, which could hurt our financial results and prospects. Certain of our competitors operate with different business models, have different cost structures, or participate in different market segments. Those business models may ultimately prove more successful or more adaptable to regulatory, technological, and other developments. In some cases, these competitors have the support of government mandates that prohibit, limit, or otherwise hinder our ability to compete for transactions within certain countries and regions. Some of our competitors, including American Express, Discover, private-label card networks, virtual currency providers, technology companies that enable the exchange of digital assets, and certain alternate payments systems like Alipay and WeChat Pay, operate closed-loop payments systems, with direct connections to both merchants and consumers. Government actions or initiatives such as the Dodd-Frank Act or the U.S. Federal Reserve’s FedNow initiatives may provide competitors with increased opportunities to derive competitive advantages from these business models, and may create new competitors, including in some cases the government itself. Similarly, regulation in Europe under PSD2 and the IFR may require us to open up access to, and allow participation in, our network to additional participants, and reduce the infrastructure investment and regulatory burden on competitors. We also run the risk of disintermediation due to factors such as emerging technologies, including mobile payments, alternate payment credentials, other ledger technologies or payment forms, and by virtue of increasing bilateral agreements between entities that prefer not to use our payments network for processing transactions. For example, merchants could process transactions directly with issuers, or processors could process transactions directly with issuers and acquirers. We expect the competitive landscape to continue to shift and evolve. For example: • competitors, clients, network participants, and others are developing or participating in alternate payment networks or products, such as mobile payment services, ecommerce payment services, P2P payment services, real-time and faster payment initiatives and payment services that permit ACH or direct debits from consumer checking accounts, that could reduce our role or otherwise disintermediate us from the transaction processing or the value-added services we provide to support such processing. Examples include initiatives from The Clearing House, an association consisting of large financial institutions that has developed its own faster payments system; Early Warning Services, which operates Zelle, a bank-offered alternative network that provides another platform for faster funds or real-time payments across a variety of payment types, including P2P, corporate and government disbursement, bill pay and deposit check transactions; and the Libra Association, which seeks to launch a new stablecoin crypto-currency (Libra Coin) and global blockchain-based payments network; • similarly, many countries are developing or promoting domestic networks, switches and real-time payment systems. To the extent these governments mandate local banks and merchants to use and accept these systems for domestic transactions and/or prohibit international payment networks, like Visa, from participating on those systems, we could face the risk of our business being disintermediated in those countries. Furthermore, in some regions, such as Southeast Asia, under the auspices of the Association of Southeast Asian Nations (ASEAN), some countries are looking into cross-border connectivity of such domestic systems; • parties that process our transactions may try to minimize or eliminate our position in the payments value chain; • parties that access our payment credentials, tokens and technologies, including clients, technology solution providers or others might be able to migrate account holders and other clients to alternate payment methods or use our payment credentials, tokens and technologies to establish or help bolster alternate payment methods and platforms; • participants in the payments industry may merge, form joint ventures or enable or enter into other business combinations that strengthen their existing business propositions or create new, competing payment services; and • new or revised industry standards related to EMV Secure Remote Commerce, cloud-based payments, tokenization or other payments-related technologies set by organizations such as the International Organization for Standardization, American National Standards Institute, World Wide Web Consortium, European Card Standards Group, PCI Co and EMVCo may result in additional costs and expenses for Visa and its clients, or otherwise negatively impact the functionality and competitiveness of our products and services. As the competitive landscape is quickly evolving, we may not be able to foresee or respond sufficiently to emerging risks associated with new businesses, products, services and practices. We may be asked to adjust our local rules and practices, develop or customize certain aspects of our payment services, or agree to business arrangements that may be less protective of Visa’s proprietary technology and interests in order to compete and we may face increasing operational costs and risk of litigation concerning intellectual property. Our failure to compete effectively in light of any such developments could harm our business and prospects for future growth. Our revenues and profits are dependent on our client and merchant base, which may be costly to win, retain, and maintain. Our financial institution clients and merchants can reassess their commitments to us at any time or develop their own competitive services. While we have certain contractual protections, our clients, including some of our largest clients, generally have flexibility to issue non-Visa products. Further, in certain circumstances, our financial institution clients may decide to terminate our contractual relationship on relatively short notice without paying significant early termination fees. Because a significant portion of our net revenues is concentrated among our largest clients, the loss of business from any one of these larger clients could harm our business, results of operations, and financial condition. In addition, we face intense competitive pressure on the prices we charge our financial institution clients. In order to stay competitive, we may need to adjust our pricing or offer incentives to our clients to increase payments volume, enter new market segments, adapt to regulatory changes, and expand their use and acceptance of Visa products and services. These include up-front cash payments, fee discounts, rebates, credits, performance-based incentives, marketing, and other support payments that impact our revenues and profitability. In addition, we offer incentives to certain merchants or acquirers to win routing preference in situations where other network functionality is enabled on our products and there is a choice of network routing options. Market pressures on pricing, incentives, fee discounts, and rebates could moderate our growth. If we are not able to implement cost containment and productivity initiatives in other areas of our business or increase our volumes in other ways to offset or absorb the financial impact of these incentives, fee discounts, and rebates, it may harm our net revenues and profits. In addition, it may be difficult or costly for us to acquire or conduct business with financial institutions or merchants that have longstanding exclusive, or nearly exclusive, relationships with our competitors. These financial institutions or merchants may be more successful and may grow more quickly than our existing clients or merchants. In addition, if there is a consolidation or acquisition of one or more of our largest clients or co-brand partners by a financial institution client or merchant with a strong relationship with one of our competitors, it could result in our business shifting to a competitor, which could put us at a competitive disadvantage and harm our business. Merchants’ and processors’ continued push to lower acceptance costs and challenge industry practices could harm our business. We rely in part on merchants and their relationships with our clients to maintain and expand the acceptance of Visa products. Certain large retail merchants have been exercising their influence in the global payments system in certain jurisdictions, such as the U.S., Canada and Europe, to attempt to lower their acceptance costs by lobbying for new legislation, seeking regulatory enforcement, filing lawsuits and in some cases, refusing to accept Visa products. If they are successful in their efforts, we may face increased compliance and litigation expenses and issuers may decrease their issuance of our products. For example, in the U.S., certain stakeholders have raised concerns regarding how payment security standards and rules may impact the cost of payment card acceptance. In addition to ongoing litigation related to the U.S. migration to EMV-capable cards and point-of-sale terminals, U.S. merchant-affiliated groups and processors have expressed concerns regarding the EMV certification process and some policymakers have concerns about the roles of industry bodies such as EMVCo and the Payment Card Industry Security Standards Council in the development of payment card standards. Additionally, some merchants and processors have advocated for changes to industry practices and Visa acceptance requirements at the point of sale, including the ability for merchants to accept only certain types of Visa products, to mandate only PIN authenticated transactions, to differentiate or steer among Visa product types issued by different financial institutions, and to impose surcharges on customers presenting Visa products as their form of payment. If successful, these efforts could adversely impact consumers’ usage of our products, lead to regulatory enforcement and/or litigation, increase our compliance and litigation expenses, and harm our business. We depend on relationships with financial institutions, acquirers, processors, merchants, and other third parties. As noted above, our relationships with industry participants are complex and require us to balance the interests of multiple third parties. For instance, we depend significantly on relationships with our financial institution clients and on their relationships with account holders and merchants to support our programs and services, and thereby compete effectively in the marketplace. We engage in discussions with merchants, acquirers, and processors to provide incentives to promote routing preference and acceptance growth. We also engage in many payment card co-branding efforts with merchants, who receive incentives from us. As emerging participants such as fintechs enter the payments industry, we engage in discussions to address the role they may play in the ecosystem, whether as, for example, an issuer, merchant, or digital wallet provider. As these and other relationships become more prevalent and take on a greater importance to our business, our success will increasingly depend on our ability to sustain and grow these relationships. In addition, we depend on our clients and third parties, including vendors and suppliers, to process transactions properly, provide various services associated with our payments network on our behalf, and otherwise adhere to our operating rules. To the extent that such parties fail to perform or deliver adequate services, it may result in negative experiences for account holders or others when using their Visa-branded payment products, which could harm our business and reputation. Our business could be harmed if we are not able to maintain and enhance our brand, if events occur that have the potential to damage our brand or reputation, or if we experience brand disintermediation. Our brand is globally recognized and is a key asset of our business. We believe that our clients and account holders associate our brand with acceptance, security, convenience, speed, and reliability. Our success depends in large part on our ability to maintain the value of our brand and reputation of our products and services in the payments ecosystem, elevate the brand through new and existing products, services and partnerships, and uphold our corporate reputation. The popularity of products that we have developed in partnership with technology companies and financial institutions may have the potential to cause consumer confusion or brand disintermediation at the point-of-sale and decrease the value of our brand. Our brand reputation may be negatively impacted by a number of factors, including authorization, clearing and settlement service disruptions; data security breaches; compliance failures by Visa, including our employees, agents, clients, partners or suppliers; negative perception of our industry, the industries of our clients or Visa-accepting merchants; ill-perceived actions by clients, partners or other third parties, such as sponsorship or co-brand partners; and fraudulent, risky, controversial or illegal activities using our payment products. If we are unable to maintain our reputation, the value of our brand may be impaired, which could harm our relationships with clients, account holders, and the public, as well as impact our business. Global economic, political, market, and social events or conditions may harm our business. Our revenues are dependent on the volume and number of payment transactions made by consumers, governments, and businesses whose spending patterns may be affected by prevailing economic conditions. In addition, more than half of our net revenues are earned outside the U.S. International cross-border transaction revenues represent a significant part of our revenue and are an important part of our growth strategy. Therefore, adverse macroeconomic conditions, including recessions, inflation, high unemployment, currency fluctuations, actual or anticipated large-scale defaults or failures, or slowdown of global trade could decrease consumer and corporate confidence and reduce consumer, government, and corporate spending which have a direct impact on our revenues. In addition, outbreaks of illnesses, pandemics, or other local or global health issues, political uncertainties, international hostilities, armed conflict, or unrest, and natural disasters could impact our operations, our clients, our activities in a particular location, and cross-border travel and spend. Geopolitical trends towards nationalism, protectionism, and restrictive visa requirements, as well as continued activity and uncertainty around economic sanctions could limit the expansion of our business in those regions. The current trade environment reduces the likelihood of having our Bank Card Clearing Institution application in China approved. In addition, any decline in cross-border travel and spend could impact the number of cross-border transactions we process and our currency exchange activities, which in turn would reduce our international transaction revenues. A decline in economic conditions could impact our clients as well, and their decisions could reduce the number of cards, accounts, and credit lines of their account holders, which ultimately impact our revenues. They may also implement cost-reduction initiatives that reduce or eliminate marketing budgets, and decrease spending on optional or enhanced, value-added services from us. Any events or conditions that impair the functioning of the financial markets, tighten the credit market, or lead to a downgrade of our current credit rating could increase our future borrowing costs and impair our ability to access the capital and credit markets on favorable terms, which could affect our liquidity and capital resources, or significantly increase our cost of capital. If clients default on their settlement obligations, it may also impact our liquidity. Any of these events could adversely affect our volumes and revenue. Our indemnification obligation to fund settlement losses of our clients exposes us to significant risk of loss and may reduce our liquidity. We indemnify issuers and acquirers for settlement losses they may suffer due to the failure of another issuer or acquirer to honor its settlement obligations in accordance with the Visa operating rules. In certain instances, we may indemnify issuers or acquirers in situations in which a transaction is not processed by our system. This indemnification creates settlement risk for us due to the timing difference between the date of a payment transaction and the date of subsequent settlement. Our indemnification exposure is generally limited to the amount of unsettled Visa payment transactions at any point in time and any subsequent amounts that may fall due relating to adjustments for previously processed transactions. Concurrent settlement failures involving more than one of our largest clients, several of our smaller clients, or systemic operational failures could negatively impact our financial position. Even if we have sufficient liquidity to cover a settlement failure, we may be unable to recover the amount of such payment. This could expose us to significant losses and harm our business. See Note 11-Settlement Guarantee Management to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. The United Kingdom’s withdrawal from the European Union could harm our business and financial results. In June 2016, voters in the United Kingdom approved the withdrawal of the United Kingdom from the European Union (commonly referred to as “Brexit”). In March 2017, the UK government initiated the exit process under Article 50 of the Treaty of the European Union, commencing a period of up to two years for the United Kingdom and the other EU member states to negotiate the terms of the withdrawal, which was subsequently postponed until January 31, 2020. Uncertainty over the terms of the United Kingdom’s departure from the European Union could cause political and economic uncertainty in the United Kingdom and the rest of Europe, which could harm our business and financial results. Brexit could lead to legal uncertainty and potentially divergent national laws and regulations in the United Kingdom and European Union. We, as well as our clients who have significant operations in the United Kingdom, may incur additional costs and expenses as we adapt to potentially divergent regulatory frameworks from the rest of the European Union and as a result, our Visa operating rules and contractual commitments in the United Kingdom and the rest of the European Union may be impacted. In addition, applications may need to be made for regulatory authorization and permission in separate EU member states following Brexit. These factors may impact our ability to operate and process data in the European Union and United Kingdom seamlessly. This and other Brexit-related issues may require changes to our legal entity structure and/or operations in the United Kingdom and the European Union. Any of these effects of Brexit, among others, could harm our business and financial results. Technology and Cybersecurity Risks Failure to anticipate, adapt to or keep pace with new technologies in the payments industry could harm our business and impact future growth. The global payments industry is undergoing significant and rapid technological change, including mobile and other proximity payment technologies, ecommerce, tokenization, cryptocurrencies, and new authentication technologies such as biometrics, distributed ledger and blockchain technologies. As a result, we expect new services and technologies to continue to emerge and evolve. In addition to our own initiatives and innovations, we work closely with third parties, including potential competitors, for the development of and access to new technologies. It is difficult, however, to predict which technological developments or innovations will become widely adopted and how those technologies may be regulated. Moreover, some of the new technologies could be subject to intellectual property-related lawsuits or claims, potentially impacting our development efforts and/or requiring us to obtain licenses. If we or our partners fail to adapt and keep pace with new technologies in the payments space in a timely manner, it could harm our ability to compete, decrease the value of our products and services to our clients, impact our intellectual property or licensing rights, harm our business and impact our future growth. A disruption, failure or breach of our networks or systems, including as a result of cyber-attacks, could harm our business. Our cybersecurity and processing systems, as well as those of financial institutions, merchants, and third-party service providers, have experienced in limited instances and may continue to experience errors, interruptions, delays or damage from a number of causes, including power outages, hardware, software and network failures, computer viruses, malware or other destructive software, internal design, manual or usage errors, cyber-attacks, terrorism, workplace violence or wrongdoing, catastrophic events, natural disasters and severe weather conditions. Furthermore, our visibility and role in the global payments industry may also put our company at a greater risk of being targeted by hackers. In the normal course of our business, we have been the target of malicious cyber-attack attempts. We have been and may continue to be impacted by attacks and data security breaches of financial institutions, merchants, or third-party processors. We are also aware of instances where nation states have sponsored attacks against some of our financial institution clients, and other instances where merchants and issuers have encountered substantial data security breaches affecting their customers, some of whom were Visa account holders. Such attacks and breaches have resulted, and may continue to result in, fraudulent activity and ultimately, financial losses to Visa’s clients, and it is difficult to predict the direct or indirect impact of future attacks or breaches to our business. Numerous and evolving cybersecurity threats, including advanced and persistent cyber-attacks, phishing and social engineering schemes, particularly on our internet applications, could compromise the confidentiality, availability, and integrity of data in our systems or the systems of our third-party service providers. Because the techniques used to obtain unauthorized access, or to disable or degrade systems change frequently, have become increasingly more complex and sophisticated, and may be difficult to detect for periods of time, we may not anticipate these acts or respond adequately or timely. The security measures and procedures we, our financial institution and merchant clients, other merchants and third-party service providers in the payments ecosystem have in place to protect sensitive consumer data and other information may not be successful or sufficient to counter all data security breaches, cyber-attacks, or system failures. In some cases, the mitigation efforts may be dependent on third parties who may not deliver to the required contractual standards or whose hardware, software or network services may be subject to error, defect, delay, or outage. Although we devote significant resources to our cybersecurity and supplier risk management programs and have implemented security measures to protect our systems and data, and to prevent, detect and respond to data security incidents, there can be no assurance that our efforts will prevent these threats. These events could significantly disrupt our operations; impact our clients and consumers; damage our reputation and brand; result in litigation or claims, violations of applicable privacy and other laws, and regulatory scrutiny, investigations, actions, fines or penalties; result in damages or changes to our business practices; decrease the overall use and acceptance of our products; decrease our volume, revenues and future growth prospects; and be costly, time consuming and difficult to remedy. In the event of damage or disruption to our business due to these occurrences, we may not be able to successfully and quickly recover all of our critical business functions, assets, and data through our business continuity program. Furthermore, while we maintain insurance, our coverage may not sufficiently cover all types of losses or claims that may arise. Structural and Organizational Risks We may not achieve the anticipated benefits of our acquisitions or strategic investments, and may face risks and uncertainties as a result. As part of our overall business strategy, we make acquisitions and strategic investments. We may not achieve the anticipated benefits of our current and future acquisitions and strategic investments and they may involve significant risks and uncertainties, including: • disruption to our ongoing business, including diversion of resources and management’s attention from our existing business • greater than expected investment of resources or operating expenses • failure to develop the acquired business adequately • the data security, cybersecurity and operational resilience posture of our acquired companies, or companies we invest in or partner with, may not be adequate • difficulty, expense or failure of implementing controls, procedures and policies at the acquired company • challenges of integrating new employees, business cultures, business systems and technologies • failure to retain employees, clients or partners of the acquired business • in the case of foreign acquisitions, risks related to the integration of operations across different cultures and languages • the economic, political and regulatory risks associated with operating in new businesses, regions or countries. For more information on regulatory risks, please see Item 1 - Business-Government Regulations and Item 1A - Risk Factors-Regulatory Risks above • discovery of unidentified issues and related liabilities after the acquisition or investment was made • failure to mitigate the deficiencies and liabilities of the acquired business • dilutive issuance of equity securities, if new securities are issued • the incurrence of debt • negative impact on our financial position and/or statement of operations • anticipated benefits, synergies or value of the investment or acquisition not materializing We may be unable to attract, hire, and retain a highly qualified and diverse workforce, including key management. The talents and efforts of our employees, particularly our key management, are vital to our success. Our management team has significant industry experience and would be difficult to replace. We may be unable to retain them or to attract other highly qualified employees, particularly if we do not offer employment terms that are competitive with the rest of the labor market. Ongoing changes in laws and policies regarding immigration and work authorizations have made it more difficult for employees to work in, or transfer among, jurisdictions in which we have operations and could continue to impair our ability to attract and retain qualified employees. Failure to attract, hire, develop, motivate, and retain highly qualified and diverse employee talent, to develop and implement an adequate succession plan for the management team, or to maintain a corporate culture that fosters integrity, innovation, and collaboration could disrupt our operations and adversely affect our business and our future success. The conversions of our class B and class C common stock or series B and series C preferred stock into shares of class A common stock would result in voting dilution to, and could impact the market price of, our existing class A common stock. The market price of our class A common stock could fall as a result of many factors. Under our U.S. retrospective responsibility plan, upon final resolution of our U.S. covered litigation, all class B common stock will become convertible into class A common stock. Our series B and series C preferred stock will become convertible into class A common stock in stages based on developments in current and potential litigation and will become fully convertible no later than 2028 (subject to a holdback to cover any pending claims). Conversion of our class B and class C common stock into class A common stock, or our series B and series C preferred stock into class A common stock, would increase the amount of class A common stock outstanding, which could adversely affect the market price of our existing class A common stock and would dilute the voting power of existing class A common stockholders. Holders of our class B and C common stock and series B and series C preferred stock may have different interests than our class A common stockholders concerning certain significant transactions. Although their voting rights are limited, holders of our class B and C common stock and, in certain specified circumstances, holders of our series B and series C preferred stock, can vote on certain significant transactions. With respect to our class B and C common stock, these transactions include a proposed consolidation or merger, a decision to exit our core payments business and any other vote required under Delaware law. With respect to our series B and series C preferred stock, voting rights are limited to proposed consolidations or mergers in which holders of the series B and series C preferred stock would either (i) receive shares of stock or other equity securities with preferences, rights and privileges that are not substantially identical to the preferences, rights and privileges of the applicable series of preferred stock or (ii) receive securities, cash or other property that is different from what our class A common stockholders would receive. Because the holders of classes of capital stock other than class A common stock are our current and former financial institution clients, they may have interests that diverge from our class A common stockholders. As a result, the holders of these classes of capital stock may not have the same incentive to approve a corporate action that may be favorable to the holders of class A common stock, and their interests may otherwise conflict with interests of our class A common stockholders. Delaware law, provisions in our certificate of incorporation and bylaws, and our capital structure could make a merger, takeover attempt, or change in control difficult. Provisions contained in our certificate of incorporation and bylaws and our capital structure could delay or prevent a merger, takeover attempt, or change in control that our stockholders may consider favorable. For example, except for limited exceptions: • no person may beneficially own more than 15% of our class A common stock (or 15% of our total outstanding common stock on an as-converted basis), unless our board of directors approves the acquisition of such shares in advance • no competitor or an affiliate of a competitor may hold more than 5% of our total outstanding common stock on an as-converted basis • the affirmative votes of the class B and C common stock and series B and series C preferred stock are required for certain types of consolidations or mergers • our stockholders may only take action during a stockholders’ meeting and may not act by written consent • only the board of directors, Chairman, or CEO may call a special meeting of stockholders ITEM 1B.
Removed paragraphs (7863 words)
ITEM 1A. Risk Factors Regulatory Risks Increased regulation of the global payments industry, including with respect to interchange reimbursement fees, operating rules, and related practices, could harm our business. Regulators around the world have been establishing or increasing their authority to regulate certain aspects of the payments industry. See Item 1. Business -Government Regulation for more information. In the United States and many other jurisdictions, we have historically set default interchange reimbursement fees. Even though we generally do not receive any revenue related to interchange reimbursement fees in a payment transaction (those fees are paid by the acquirers to the issuers), interchange reimbursement fees are a factor on which we compete with other payments providers and are therefore an important determinant of the volume of transactions we process. Consequently, changes to these fees, whether voluntarily or by mandate, can substantially affect our overall payments volumes and revenues. Interchange reimbursement fees, certain operating rules and related practices continue to be subject to increased government regulation globally, and regulatory authorities and central banks in a number of jurisdictions have reviewed or are reviewing these fees, rules, and practices. For example, the U.S. Federal Reserve caps the maximum U.S. debit interchange reimbursement rate received by large financial institutions at 21 cents plus 5 basis points per transaction, plus a possible fraud adjustment of 1 cent. The Dodd-Frank Act also limits issuers' and our ability to adopt network exclusivity and preferred routing in the debit and prepaid area, which also impacts our business. The EU’s IFR places an effective cap on consumer credit and consumer debit interchange fees for both domestic and cross-border transactions within Europe (30 basis points and 20 basis points, respectively). EU member states have the ability to further restrict these interchange levels within their territories. More recently, in March 2017, Argentina's central bank passed regulations that cap interchange fees on credit and debit transactions. In addition to the regulation of interchange reimbursement fees, a number of regulators impose restrictions on other aspects of our payments business. For example, government regulations or pressure may require us to allow other payments networks to support Visa products or services, or to have the other network's functionality or brand marks on our products. As innovations in payment technology have enabled us to expand into new products and services, they have also expanded the potential scope of regulatory influence. In addition, the European Union’s requirement to separate scheme and processing adds costs and continues to impact the efficient integration of Visa Europe; the execution of our commercial, innovation and product strategies; our ability to provide effective account holder services; the amount of data available for use in fraud and risk systems; and loyalty services. We are also subject to central bank oversight in some markets, including the United Kingdom and within the European Union. This oversight could result in new governance, reporting, licensing, cybersecurity, processing infrastructure, capital, or credit risk management requirements. We could also be required to adopt policies and practices designed to mitigate settlement and liquidity risks, including increased requirements to maintain sufficient levels of capital and financial resources locally, as well as localized risk management or governance. Increased central bank oversight could also lead to new or different criteria for participation in and access to our payments system, including allowing non-traditional financial technology companies to act as issuers or acquirers. Additionally, regulators in other jurisdictions are considering or adopting approaches based on similar regulatory principles. Regulators around the world increasingly take note of each other’s approaches to regulating the payments industry. Consequently, a development in one jurisdiction may influence regulatory approaches in another. The risks created by a new law or regulation in one jurisdiction have the potential to be replicated and to negatively affect our business in another jurisdiction or in other product offerings. Similarly, new regulations involving one product offering may prompt regulators to extend the regulations to other product offerings. For example, credit payments could become subject to similar regulation as debit payments. Additionally, regulation in an individual country could expand. For example, the Reserve Bank of Australia initially capped credit interchange, but subsequently capped debit interchange as well. When we cannot set default interchange reimbursement rates at optimal levels, issuers and acquirers may find our payments system less attractive. This may increase the attractiveness of other payments systems, such as our competitors' closed-loop payments systems with direct connections to both merchants and consumers. We believe some issuers may react to such regulations by charging new or higher fees, or reducing certain benefits to consumers, which make our products less appealing to consumers. Some acquirers may elect to charge higher merchant discount rates regardless of the Visa interchange reimbursement rate, causing merchants not to accept our products or to steer customers to alternate payments systems or forms of payment. In addition, in an effort to reduce the expense of their payment programs, some issuers and acquirers have obtained, and may continue to obtain, incentives from us, including reductions in the fees that we charge, which may directly impact our revenues. For these reasons, increased global regulation of the payments industry may make our products less desirable, diminish our ability to compete, reduce our transaction volumes, and harm our business. Government-imposed restrictions on payment systems may prevent us from competing against providers in certain countries, including significant markets such as China and Russia. Governments in a number of jurisdictions shield domestic payment card networks, brands, and processors from international competition by imposing market access barriers and preferential domestic regulations. To varying degrees, these policies and regulations affect the terms of competition in the marketplace and undermine the competitiveness of international payments networks. In the future, public authorities may impose regulatory requirements that favor domestic providers or mandate that domestic payments processing be performed entirely within that country, which would prevent us from managing the end-to-end processing of certain transactions. In Russia, legislation effectively prevents us from processing domestic transactions. The central bank controlled national payment card system (NSPK) is the only entity allowed to process domestically. In China, UnionPay remains the sole processor of domestic payment card transactions and operates the sole domestic acceptance mark. Although we have filed an application with the People's Bank of China (PBOC) to operate a Bank Card Clearing Institution (BCCI) in China, the timing and the procedural steps remain uncertain. The approval process might require several years, and there is no guarantee that the license to operate a BCCI will be approved or, if we obtain such license, that we will be able to successfully compete with domestic payments networks. Furthermore, due to our inability to manage the end-to-end processing of transactions for cards in certain countries, we depend on our close working relationships with our clients or third-party processors to ensure transactions involving our products are processed effectively. Our ability to do so may be adversely affected by regulatory requirements and policies pertaining to transaction routing or on-shore processing. Co-badging and co-residency regulations may pose additional challenges in markets where Visa competes with national schemes for issuance and routing. For example, in China, certain banks have issued dual-branded cards for which domestic transactions in China are processed by UnionPay and transactions outside of China are processed by us or other international payments networks. The PBOC is contemplating that dual-branded cards could be phased out over time as new licenses are issued to international companies to participate in China’s domestic payments market. Accordingly, we have been working with Chinese issuers to issue Visa-only branded cards for international travel, and later for domestic transactions after we obtain a BCCI license. However, notwithstanding such efforts, the phase out of dual-branded cards may decrease our payment volumes and impact the revenue we generate in China. Mir and UnionPay have grown rapidly in Russia and China, respectively, and are actively pursuing international expansion plans. Although regulatory barriers shield Mir and UnionPay from competition in Russia and China, respectively, alternate payment providers such as Alipay and WeChat Pay have rapidly expanded into e-commerce, offline, and cross-border payments, which could make it difficult for us to compete even if our license is approved in China. Earlier this year, with strong backing from China’s government, a new digital transaction routing system known as Netlink was established. The PBOC allowed Alipay and other digital payment providers to invest in Netlink. It and other such systems could have a competitive advantage in comparison with other international payments networks. In general, national laws that protect domestic processing may increase our costs; decrease our payments volumes and impact the revenue we generate in those countries; decrease the number of Visa products issued or processed; impede us from utilizing our global processing capabilities and controlling the quality of the services supporting our brands; restrict our activities; limit our growth and the ability to introduce new products, services and innovations; force us to leave countries or prevent us from entering new markets; and create new competitors, all of which could harm our business. We are subject to complex and evolving global regulations that could harm our business and financial results. As a global payments technology company, we are subject to complex and evolving regulations that govern our operations. See Item 1 - Business-Government Regulation for more information on the most significant areas of regulation that affect our business. The impact of these regulations on us, our clients, and other third parties could limit our ability to enforce our payments system rules; require us to adopt new rules or change existing rules; affect our existing contractual arrangements; increase our compliance costs; require us to make our technology or intellectual property available to third parties, including competitors, in an undesirable manner; and reduce our revenue opportunities. We may face differing rules and regulations in matters like interchange reimbursement rates, preferred routing, domestic processing requirements, currency conversion, point-of-sale transaction rules and practices, privacy, data use or protection, and associated product technology. As a result, the Visa rules and our other contractual commitments may differ from country to country or by product offering. Complying with these and other regulations increases our costs and could reduce our revenue opportunities. If widely varying regulations come into existence worldwide, we may have difficulty rapidly adjusting our product offerings, services, fees, and other important aspects of our business in the various regions where we operate. Our compliance programs and policies are designed to support our compliance with a wide array of regulations and laws, such as anti-money laundering, sanctions and anti-corruption, and we continually enhance our compliance programs as regulations evolve. However, we cannot guarantee that our practices will be deemed compliant by all applicable regulatory authorities. In the event our controls should fail or we are found to be out of compliance for other reasons, we could be subject to monetary damages, civil and criminal penalties, litigation, investigations and proceedings, and damage to our global brands and reputation. Furthermore, the evolving and increased regulatory focus on the payments industry could negatively impact or reduce the number of Visa products our clients issue, the volume of payments we process, our revenues, our brands, our competitive positioning, our ability to use our intellectual property to differentiate our products and services, the quality and types of products and services we offer, the countries in which our products are used, and the types of consumers and merchants who can obtain or accept our products, all of which could harm our business. Laws and regulations regarding the handling of personal data and information may impede our services or result in increased costs, legal claims, or fines against us. Our business relies on the processing of data in many jurisdictions and the movement of data across national borders. Legal requirements relating to the collection, storage, handling, use, disclosure, transfer, and security of personal data continue to evolve, and regulatory scrutiny in this area is increasing around the world. Significant uncertainty exists as privacy and data protection laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. For example, the GDPR, which becomes effective in May 2018, extends the scope of the EU data protection law to all companies processing data of EU residents, regardless of the company’s location. The law requires companies to meet new requirements regarding the handling of personal data, including new rights such as the “portability” of personal data. Although we have an extensive program underway to address GDPR requirements, our efforts to comply with GDPR and other privacy and data protection laws may entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. The enactment of more restrictive laws, rules, regulations, or future enforcement actions or investigations could impact us through increased costs or restrictions on our business, and noncompliance could result in regulatory penalties and significant legal liability. We may be subject to tax examinations or disputes, or changes in tax laws. We exercise significant judgment in calculating our worldwide provision for income taxes and other tax liabilities. Although we believe our tax estimates are reasonable, many factors may limit their accuracy. We are currently under examination by, or in disputes with, the U.S. Internal Revenue Service, the UK’s HM Revenue & Customs as well as tax authorities in other jurisdictions, and we may be subject to additional examinations or disputes in the future. Relevant tax authorities may disagree with our tax treatment of certain material items and thereby increase our tax liability. Failure to sustain our position in these matters could harm our cash flow and financial position. In addition, changes in existing laws, such as recent proposals for fundamental U.S. and international tax reform or those resulting from the Base Erosion and Profit Shifting project being conducted by the Organization for Economic Cooperation and Development, may also increase our effective tax rate. A substantial increase in our tax payments could have a material, adverse effect on our financial results. See also Note 18-Income Taxes to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. Litigation Risks We may be adversely affected by the outcome of litigation or investigations, despite certain protections that are in place. We are involved in numerous litigation matters, investigations, and proceedings asserted by civil litigants, governments, and enforcement bodies alleging violations of competition and antitrust law, consumer protection law, and intellectual property law, among others (these are referred to as "actions" in this section). Details of the most significant actions we face are described more fully in Note 19-Legal Matters to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. These actions are inherently uncertain, expensive, and disruptive to our operations. In the event we are found liable in any material action, particularly in a large class action lawsuit or an antitrust claim entitling the plaintiff to treble damages, or arising from a government investigation, we may be required to pay significant awards, settlements, or fines. In addition, settlement terms, judgments, or pressures resulting from actions may harm our business by requiring us to modify the default interchange reimbursement rates we set, revise the Visa rules, or the way in which we enforce our rules, modify our fees or pricing, or modify the way we do business. The outcome of these actions may also influence regulators, investigators, governments, or civil litigants in the same or other jurisdictions, which may lead to the assertion of additional actions against Visa. Finally, we are required by some of our commercial agreements to indemnify other entities for litigation asserted against them, even if Visa is not a defendant. For certain actions like the U.S. covered litigation and the VE territory covered litigation, which are described in Note 3-U.S. and Europe Retrospective Responsibility Plans and Note 19-Legal Matters to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report, we have certain protections as provided in the respective retrospective responsibility plans. The two retrospective responsibility plans are different in the protections they provide and the mechanisms by which we are able to either fund settlements or judgments in the case of the U.S. covered litigation or recoup covered losses in the case of the VE territory covered litigation. The failure of one or both of the retrospective responsibility plans to adequately insulate us from the impact of such settlements, judgments, losses, or liabilities could materially harm our financial condition or cash flows, or even cause us to become insolvent. Business Risks We face intense competition in our industry. The global payments space is intensely competitive. As technology evolves, new competitors emerge and existing clients, and competitors assume different roles. Our products compete with cash, checks, electronic funds, virtual currency payments, global or multi-regional networks, other closed-loop payments systems, and alternate payment providers primarily focused on enabling payments through ecommerce and mobile channels. As the global payments space becomes more complex, we face increasing competition from our clients, emerging payment providers, and other digital and technology companies. Many of these providers have developed payments systems enabled through online activity in ecommerce and mobile channels, and are seeking to expand into other channels that compete with or replace our products and services. Additionally, some of our competitors may develop substantially better technology, more widely adopted delivery channels or have greater financial resources. They may offer more innovative or a wider range of programs, products, and services. They may use more effective advertising and marketing strategies that result in broader brand recognition, and greater issuance and merchant acceptance. They may also develop better security solutions or more favorable pricing arrangements. Moreover, even if we successfully adapt to technological change and the proliferation of alternative types of payment services by developing and offering our own services in these areas, such services may provide less favorable financial terms for us than we currently receive from VisaNet transactions, which could hurt our financial results and prospects. Certain of our competitors operate with different business models, have different cost structures, or participate in different market segments. Those business models may ultimately prove more successful or more adaptable to regulatory, technological, and other developments. In some cases, these competitors have the support of government mandates that prohibit, limit, or otherwise hinder our ability to compete for transactions within certain countries and regions. Some of our competitors, including American Express, Discover, private-label card networks, virtual currency providers, technology companies that enable the exchange of digital assets, and certain alternate payments systems, operate closed-loop payments systems, with direct connections to both merchants and consumers. Government actions or initiatives such as the Dodd-Frank Act or the U.S. Federal Reserve’s Faster Payments initiatives may provide them with increased opportunities to derive competitive advantages from these business models. Similarly, regulation in Europe under PSD2 and the IFR, and in the United Kingdom through the PSR, may require us to open up access to, and allow participation in, our network to additional participants, and reduce the infrastructure investment and regulatory burden on potential competitors. We also run the risk of disintermediation due to factors such as emerging technologies, including mobile payments, alternate payment credentials, other ledger technologies or payment forms, and by virtue of increasing bilateral agreements between entities that prefer not to use our payments network for processing transactions. For example, merchants could process transactions directly with issuers, or processors could process transactions directly with issuers and acquirers. We expect the competitive landscape to continue to shift and evolve. For example: • competitors, clients and others are developing alternate payment networks or products that could disintermediate us from the transaction processing or the value-added services we provide to support such processing. Examples include initiatives from The Clearing House, an association comprised of large financial institutions that is developing its own faster payments system, and Early Warning Services, which operates Zelle, a bank-offered alternative network that provides another platform for faster funds or real-time payments across a variety of payment types, including P2P, corporate and government disbursement, bill pay and deposit check transactions; • similarly, multiple countries are developing or promoting real-time payment systems or mandating local networks with clients that also present a risk of disintermediation to our business; • competition may increase from alternate types of payment services, such as mobile payment services, ecommerce payment services, P2P payment services, faster payment initiatives and payment services that permit ACH or direct debits from consumer checking accounts; • parties that process our transactions may try to minimize or eliminate our position in the payments value chain; • parties that access our payment credentials, tokens and technologies, including clients, technology solution providers or others might be able to migrate account holders and other clients to alternate payment methods or use our payment credentials, tokens and technologies to establish or help bolster alternate payment methods and platforms; • we may need to adjust our local rules and practices to remain competitive amidst evolving regulatory landscapes and competitors’ practices; • we may be asked to develop or customize certain aspects of our payment services for use by consumers, processors or other third parties, thereby increasing operational costs; • we may need to agree to business arrangements that may be less protective of Visa’s proprietary technology and interests in order to compete and we may face increasing risk of litigation concerning intellectual property, as more technology companies compete with our offerings; • participants in the payments industry may merge, form joint ventures or enable or enter into other business combinations that strengthen their existing business propositions or create new, competing payment services; • as this landscape is quickly evolving, we may not be able to foresee or respond sufficiently to emerging risks associated with new business, products, services and practices; or • new or revised industry standards related to EMV chip payment technology, cloud-based payments, tokenization or other technologies set by organizations such as the International Organization for Standardization, American National Standards Institute and EMVCo may result in additional costs and expenses for Visa and its clients, or otherwise negatively impact the functionality and competitiveness of our products and services. Our failure to compete effectively in light of any such developments could harm our business and prospects for future growth. Our revenues and profits are dependent on our client and merchant base, which may be costly to win, retain, and maintain. Our financial institution clients and merchants can reassess their commitments to us at any time or develop their own competitive services. While we have certain contractual protections, our clients, including some of our largest clients, generally have flexibility to issue non-Visa products. Further, in certain circumstances, our financial institution clients may decide to terminate our contractual relationship on relatively short notice without paying significant early termination fees. Because a significant portion of our operating revenues is concentrated among our largest clients, the loss of business from any one of these larger clients could harm our business, results of operations, and financial condition. In order to stay competitive, we offer incentives to our clients to increase payments volume, enter new market segments, and expand their use and acceptance of Visa products and services. These include up-front cash payments, fee discounts, rebates, credits, performance-based incentives, marketing, and other support payments that impact our revenues and profitability. In addition, we offer incentives to certain merchants or acquirers to win routing preference in situations where other network functionality is enabled on our products and there is a choice of network routing options. Market pressures on providing incentives, fee discounts, and rebates could moderate our growth. If we are not able to implement cost containment and productivity initiatives in other areas of our business or increase our volumes in other ways to offset the financial impact of these incentives, fee discounts, and rebates, it may harm our net revenues and profits. In addition, it may be difficult or costly for us to acquire or conduct business with financial institutions or merchants that have longstanding exclusive, or nearly exclusive, relationships with our competitors. These financial institutions or merchants may be more successful and may grow more quickly than our existing clients or merchants. In addition, if there is a consolidation or acquisition of one or more of our largest clients or co-brand partners by a financial institution client or merchant with a strong relationship with one of our competitors, it could result in our business shifting to a competitor, which could put us at a competitive disadvantage and harm our business. Merchants' and processors' continued push to lower acceptance costs and challenge industry practices could harm our business. We rely in part on merchants and their relationships with our clients to maintain and expand the acceptance of Visa products. Certain large retail merchants have been exercising their influence in the global payments system in certain jurisdictions, such as the United States, to attempt to lower their acceptance costs by lobbying for new legislation, seeking regulatory enforcement, filing lawsuits and in some cases, refusing to accept Visa products. If they are successful in their efforts, we may face increased compliance and litigation expenses and issuers may decrease their issuance of our products. For example, in the United States, the cost of payment card acceptance has emerged in the context of payment security. A number of merchant trade associations claim that EMV cards without PIN cardholder verification are not worth the investment. The October 2015 liability shift and ongoing transition to EMV resulted in calls for a PIN verification mandate. U.S. merchant-affiliated groups and processors have expressed concerns regarding the EMV certification process. Some policymakers have called upon U.S. competition authorities to consider potential concerns arising from the roles of industry bodies such as EMVCo and the Payment Card Industry Security Standards Council. Additionally, some merchants and processors have advocated for changes to industry practices and Visa acceptance requirements at the point of sale, including the ability for merchants to accept only certain types of Visa products, to mandate only PIN authenticated transactions, to differentiate or steer among Visa product types issued by different financial institutions, and to impose surcharges on customers presenting Visa products as their form of payment. If successful, these efforts could adversely impact consumers' usage of our products, lead to regulatory enforcement and/or litigation, increase our compliance and litigation expenses, and harm our business. We depend on relationships with our financial institution clients, acquirers, merchants, and other third parties. We depend significantly on relationships with our financial institution clients and on their relationships with account holders and merchants to support our programs and services, and thereby compete effectively in the marketplace. Our relationships with industry participants are complex and require us to balance the interests of multiple third parties. For example, in the United States, the EMV migration has been resisted by certain merchants, leading to conflicts and litigation concerning the timing and scope of the liability shift, chargebacks, and debit routing, among others. We engage in discussions with merchants, acquirers, and processors to provide incentives to promote routing preference and acceptance growth. We engage in many payment card co-branding efforts with merchants, who receive incentives from us. As these and other relationships become more prevalent and take on a greater importance to our business, our success will increasingly depend on our ability to sustain and grow these relationships. In addition, we depend on third parties, including suppliers, and our financial institution clients to provide various services associated with our payments network on our behalf. To the extent that such parties fail to perform or deliver adequate services, our business and reputation could be harmed. If we are not able to maintain and enhance our brands, if events occur that damage our reputation or brands or we experience brand disintermediation, it could harm our business. Our brands are globally recognized and are key assets of our business. We believe that our clients and account holders associate our brands with acceptance, security, convenience, speed, and reliability. Our success depends in large part on our ability to maintain the value of our brands and reputation of our products and services in the payments ecosystem, elevate the brand through new and existing products, services and partnerships, and uphold our corporate reputation. The increased use or popularity of products that we have developed in partnership with large technology and financial institution companies could result in consumer confusion or brand disintermediation and decrease the value of our brand. We may not succeed in addressing consumer confusion and brand disintermediation due to the challenges of evolving digital form factors and ecommerce technologies. Our brands and reputation may be negatively impacted by a number of factors, including data security breaches; compliance failures; negative perception of our industry or the industries of our clients; actions by clients or other third parties, such as sponsorship partners that do not reflect our views or are inconsistent with our own business practices; and fraudulent, controversial or illegal activities using our payment products. If we are unable to maintain our reputation, our reputation is damaged or any threatened or resulting claims arise as a result, the value of our brands may be impaired, which could harm our relationships with clients, account holders, and the public, as well as impact our business. Global economic, political, market, and social events or conditions may harm our business. Our revenues are dependent on the volume and number of payment transactions made by consumers, governments, and businesses, whose spending patterns may be affected by prevailing economic conditions. In addition, almost half of our operating revenues are earned outside the United States. International transaction revenues represent a significant part of our revenue and are an important part of our growth strategy. Therefore, adverse macroeconomic conditions, including recessions, inflation, high unemployment, currency fluctuations, actual or anticipated large-scale defaults or failures, or slowdown of global trade, could decrease consumer and corporate confidence and reduce consumer, government, and corporate spending, which have a direct impact on our revenues. In addition, outbreaks of illnesses, pandemics, or other local or global health issues, political uncertainties, international hostilities, armed conflict, or unrest, and natural disasters could impact our operations, our clients, our activities in a particular location, and cross-border travel and spend. Geopolitical trends towards nationalism, protectionism, and restrictive visa requirements, as well as continued activity and uncertainty around economic sanctions could also reduce cross-border travel and spend. Any such decline in cross-border activity could impact the number of cross-border transactions we process and our currency exchange activities, which in turn would reduce our international transaction revenues. A decline in economic conditions could impact our clients as well, and their decisions to reduce the number of cards, accounts, and credit lines of their account holders, which ultimately impact our revenues. They may also implement cost-reduction initiatives that reduce or eliminate marketing budgets, and decrease spending on optional or enhanced, value-added services from us. Any events or conditions that impair the functioning of the financial markets, tighten the credit market, or lead to a downgrade of our current credit rating could increase our future borrowing costs and impair our ability to access the capital and credit markets on favorable terms, which could affect our liquidity and capital resources, or significantly increase our cost of capital. If clients default on their settlement obligations, it may also impact our liquidity. Any of these events could adversely affect the growth of our volumes and revenue. Our indemnification obligation to fund settlement losses of our clients exposes us to significant risk of loss and may reduce our liquidity. We indemnify issuers and acquirers for settlement losses they may suffer due to the failure of another issuer or acquirer to honor its settlement obligations in accordance with the Visa rules. In certain instances, we may indemnify issuers or acquirers even in situations in which a transaction is not processed by our system. This indemnification creates settlement risk for us due to the timing difference between the date of a payment transaction and the date of subsequent settlement. Our indemnification exposure is generally limited to the amount of unsettled Visa payment transactions at any point in time and any subsequent amounts that may fall due relating to adjustments for previously processed transactions. Concurrent settlement failures involving more than one of our largest clients, several of our smaller clients, or systemic operational failures could negatively impact our financial position. Even if we have sufficient liquidity to cover a settlement failure, we may be unable to recover the amount of such payment. This could expose us to significant losses and harm our business. See Note 10-Settlement Guarantee Management to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. The United Kingdom’s withdrawal from the European Union could harm our business and financial results. In June 2016, voters in the United Kingdom approved the withdrawal of the United Kingdom from the European Union (commonly referred to as "Brexit"). In March 2017, the UK government initiated the exit process under Article 50 of the Treaty of the European Union, commencing a period of up to two years for the United Kingdom and the other EU member states to negotiate the terms of the withdrawal. Uncertainty over the terms of the United Kingdom’s departure from the European Union could cause political and economic uncertainty in the United Kingdom and the rest of Europe, which could harm our business and financial results. Brexit could lead to legal uncertainty and potentially divergent national laws and regulations in the United Kingdom and European Union. We, as well as our clients who have significant operations in the United Kingdom, may incur additional costs and expenses as we adapt to potentially divergent regulatory frameworks from the rest of the European Union and as a result, our Visa rules and contractual commitments in the United Kingdom may be impacted. In addition, because we conduct business in and have operations in the United Kingdom, we may need to apply for regulatory authorization and permission in separate EU member states. These factors may impact our ability to operate in the European Union and United Kingdom seamlessly. Any of these effects of Brexit, among others, could harm our business and financial results. Technology and Cybersecurity Risks Failure to anticipate, adapt to or keep pace with new technologies in the payments industry could harm our business and impact our future growth. The global payments industry is undergoing significant and rapid technological change, including mobile and other proximity payment and acceptance technologies, ecommerce, tokenization, crypto-currencies, new authentication technologies, including biometrics, distributed ledger and blockchain technologies, and as a result we expect new services and technologies to continue to emerge and evolve. In addition to our own initiatives and innovations, we work closely with third parties, including some potential competitors, for the development of and access to new technologies. It is difficult, however, to predict which technological developments or innovations will become widely adopted and how these technologies may be regulated. Moreover, some of these new technologies could be subject to intellectual property-related lawsuits or assertions, potentially impacting our development efforts and/or requiring us to obtain licenses. If we or our partners fail to adapt or keep pace with new technologies in the payments space in a timely manner, it could harm our ability to compete, decrease the value of our products and services to our clients, impact our intellectual property or licensing rights, and harm our business and impact our future growth. A failure in or breach of our networks or systems, including as a result of cyber-attacks, could harm our business. Our cybersecurity and processing systems, as well as those of financial institutions, merchants, and third-party service providers, may experience damage or disruption from a number of causes, including power outages, computer and telecommunication failures, computer viruses, malware or other destructive software, internal design, manual or usage errors, cyber-attacks, terrorism, workplace violence or wrongdoing, catastrophic events, natural disasters and severe weather conditions. Our visibility and role in the global payments industry may also put us at a greater risk of being targeted by hackers. In the normal course of our business, we have been the target of malicious cyber-attack attempts. We may also be impacted by breaches of our financial institution clients, merchants or third-party processors. For instance, several merchants have encountered substantial data breaches affecting their customers, some of whom were Visa account holders. Although these merchant breaches have not had a direct, material impact on us, we believe these incidents are likely to continue and we are unable to predict the direct or indirect impact of these future attacks to our business. In addition, numerous and evolving cybersecurity threats, including advanced and persistent cyber-attacks, phishing and social engineering schemes, particularly on our internet applications, could compromise the confidentiality, availability, and integrity of data in our systems. The security measures and procedures we, our clients, merchants, and third-party service providers have in place to protect sensitive consumer data and other information may not be successful or sufficient to counter all data breaches, cyber-attacks, or system failures. Although we devote significant resources to our cybersecurity programs and have implemented security measures to protect our systems and data, and to prevent, detect and respond to data security incidents, there can be no assurance that our efforts will prevent these threats. Because the techniques used to obtain unauthorized access, or to disable or degrade systems change frequently, have become increasingly more complex and sophisticated, and may be difficult to detect for periods of time, we may not anticipate these acts or respond adequately or timely. As these threats continue to evolve and increase, we may be required to devote significant additional resources in order to modify and enhance our security controls and to identify and remediate any security vulnerabilities. If we are sued in connection with any data security breach or system failure, we could be involved in protracted litigation. If unsuccessful in defending such lawsuits, we may have to pay damages or change our business practices, any of which could harm our business. In addition, any reputational damage resulting from a data security breach or system failure at one or more of our clients, merchants or other third parties could decrease the use and acceptance of our products, which could harm our payments volume, revenues and future growth prospects. Finally, a breach or failure may also subject Visa to additional regulations or governmental or regulatory investigations, which could result in significant compliance costs, fines or enforcement actions, or potential restrictions imposed by regulators on our ability to process transactions. We may experience errors, interruptions, delays, or cessations of service in our information technology infrastructure and processing systems, which could significantly disrupt our operations; impact our clients and consumers; damage our reputation; result in litigation, violations of applicable privacy and other laws, and regulatory fines or penalties; decrease the overall use and acceptance of our products; and be costly, time consuming and difficult to remedy. In the event of damage or disruption to our business due to these occurrences, we may not be able to successfully and quickly recover all of our critical business functions, assets, and data through our business continuity program. Furthermore, while we maintain insurance, our coverage may not sufficiently cover all types of losses or claims that may arise. Structural and Organizational Risks Failure to maintain interoperability with Visa Europe's systems during the integration could damage the business and global perception of our brands. In June 2016, we acquired Visa Europe. While Visa Europe's systems are being integrated with our legacy systems, we will continue to maintain mostly separate authorization, clearing, and settlement systems. As a result, we have to ensure that the two systems can process every transaction involving both of our territories, regardless of where the transaction originates. Visa Europe's independent system operations could present challenges to our business in the event of increasing costs or difficulties in maintaining the interoperability of our respective systems during the integration phase. The separation of payment card scheme and processing may also exacerbate this risk. Any inconsistency in the payment processing services and products between Visa Europe and our legacy operations could negatively affect the experience of consumers using Visa products globally. Moreover, we are beginning the process of migrating European activity onto VisaNet's systems in 2018 and successfully integrating our systems is expected to be time consuming, costly and technologically challenging. Failure to authorize, clear, and settle inter-territory transactions quickly and accurately could harm our business and impair the global perception of our brands. We may not achieve the anticipated benefits of our acquisitions or strategic investments, and may face risks and uncertainties as a result. As part of our overall business strategy, we may make acquisitions and strategic investments. For example, we believe the acquisition of Visa Europe positions us to create additional value through increased scale, efficiencies realized by the integration of both businesses, and benefits related to Visa Europe’s transition from an association to a for-profit enterprise, although there can be no guarantee that we will realize these benefits. Our current and future acquisitions and strategic investments may involve significant risks and uncertainties, including: • disruption to our ongoing business, including diversion of resources and management’s attention from our existing business; • greater than expected investment of resources or operating expenses; • failure to develop the acquired business adequately; • difficulty implementing controls, procedures, and policies at the acquired company; • challenges of integrating new employees, business cultures, business systems, and technologies; • failure to retain employees, clients, or partners of the acquired business; • in the case of foreign acquisitions, risks related to the integration of operations across different cultures and languages, and the economic, political, and regulatory risks associated with operating in new regions or countries. For more information on regulatory risks, please see Item 1 - Business-Government Regulations and Item 1A - Risk Factors-Regulatory Risks above; • discovery of unidentified issues after the acquisition or investment was made; • failure to mitigate the liabilities of the acquired business; • dilutive issuance of equity securities, if new securities are issued; • the incurrence of debt; • negative impact on our financial position and/or statement of operations; and • anticipated benefits, synergies, or value of the investment or acquisition not materializing. We may be unable to attract, hire, and retain a highly qualified and diverse workforce, including key management. The talents and efforts of our employees, particularly our key management, are vital to our success. Our management team has significant industry experience and would be difficult to replace. We may be unable to retain them or to attract other highly qualified employees, particularly if we do not offer employment terms that are competitive with the rest of the labor market. Changes in laws and policies regarding immigration and work authorizations could make it more difficult for employees to work in, or transfer among, jurisdictions in which we have operations and could impair our ability to attract and retain qualified employees. Failure to attract, hire, develop, motivate, and retain highly qualified and diverse employee talent, or failure to develop and implement an adequate succession plan for the management team, could disrupt our operations and adversely affect our business and our future success. The conversions of our class B and class C common stock or series B and series C preferred stock into shares of class A common stock would result in voting dilution to, and could impact the market price of, our existing class A common stock. The market price of our class A common stock could fall as a result of many factors. Under our U.S. retrospective responsibility plan, upon final resolution of our U.S. covered litigation, all class B common stock will become convertible into class A common stock. In connection with the acquisition of Visa Europe, we issued series B and series C preferred stock, which will become convertible into class A common stock in stages based on developments in current and potential litigation and will become fully convertible no later than 2028 (subject to a holdback to cover any pending claims). Conversion of our class B and class C common stock into class A common stock, or our series B and series C preferred stock into class A common stock, would increase the amount of class A common stock outstanding, which could adversely affect the market price of our existing class A common stock and would dilute the voting power of existing class A common stockholders. Holders of our class B and C common stock and series B and series C preferred stock may have different interests than our class A common stockholders concerning certain significant transactions. Although their voting rights are limited, holders of our class B and C common stock and, in certain specified circumstances, holders of our series B and series C preferred stock, can vote on certain significant transactions. With respect to our class B and C common stock, these transactions include a proposed consolidation or merger, a decision to exit our core payments business and any other vote required under Delaware law. With respect to our series B and series C preferred stock, voting rights are limited to proposed consolidations or mergers in which holders of the series B and series C preferred stock would either (i) receive shares of stock or other equity securities with preferences, rights and privileges that are not substantially identical to the preferences, rights and privileges of the applicable series of preferred stock or (ii) receive securities, cash or other property that is different from what our class A common stockholders would receive. Because the holders of classes of capital stock other than class A common stock are our current and former financial institution clients, they may have interests that diverge from our class A common stockholders. As a result, the holders of these classes of capital stock may not have the same incentive to approve a corporate action that may be favorable to the holders of class A common stock, and their interests may otherwise conflict with interests of our class A common stockholders. Delaware law, provisions in our certificate of incorporation and bylaws, and our capital structure could make a merger, takeover attempt, or change in control difficult. Provisions contained in our certificate of incorporation and bylaws, and our capital structure could delay or prevent a merger, takeover attempt, or change in control that our stockholders may consider favorable. For example, except for limited exceptions: • no person may beneficially own more than 15% of our class A common stock (or 15% of our total outstanding common stock on an as-converted basis), unless our board of directors approves the acquisition of such shares in advance; • no competitor or an affiliate of a competitor may hold more than 5% of our total outstanding common stock on an as-converted basis; • the affirmative votes of the class B and C common stock and series B and series C preferred stock are required for certain types of consolidations or mergers; • our stockholders may only take action during a stockholders’ meeting and may not act by written consent; and • only the board of directors, Chairman, or CEO may call a special meeting of stockholders. ITEM 1B.
Current §1A text (2019)
Show full section (8158 words)
ITEM 1A. Risk Factors Regulatory Risks We are subject to complex and evolving global regulations that could harm our business and financial results. As a global payments technology company, we are subject to complex and evolving regulations that govern our operations. See Item 1 - Business-Government Regulation for more information on the most significant areas of regulation that affect our business. The impact of these regulations on us, our clients, and other third parties could limit our ability to enforce our payments system rules; require us to adopt new rules or change existing rules; affect our existing contractual arrangements; increase our compliance costs; require us to make our technology or intellectual property available to third parties, including competitors, in an undesirable manner; and reduce our revenue opportunities. As discussed in more detail below, we may face differing rules and regulations in matters like interchange reimbursement rates, preferred routing, domestic processing requirements, currency conversion, point-of-sale transaction rules and practices, privacy, data use or protection, licensing requirements, and associated product technology. As a result, the Visa operating rules and our other contractual commitments may differ from country to country or by product offering. Complying with these and other regulations increases our costs and could reduce our revenue opportunities. If widely varying regulations come into existence worldwide, we may have difficulty rapidly adjusting our product offerings, services, fees and other important aspects of our business in the regions where we operate. Our compliance programs and policies are designed to support our compliance with a wide array of regulations and laws, such as anti-money laundering, anti-corruption, competition, privacy and sanctions, and we continually enhance our compliance programs as regulations evolve. However, we cannot guarantee that our practices will be deemed compliant by all applicable regulatory authorities. In the event our controls should fail or we are found to be out of compliance for other reasons, we could be subject to monetary damages, civil and criminal penalties, litigation, investigations and proceedings, and damage to our global brands and reputation. Furthermore, the evolving and increased regulatory focus on the payments industry could negatively impact or reduce the number of Visa products our clients issue, the volume of payments we process, our revenues, our brands, our competitive positioning, our ability to use our intellectual property to differentiate our products and services, the quality and types of products and services we offer, the countries in which our products are used, and the types of consumers and merchants who can obtain or accept our products, all of which could harm our business. Increased scrutiny and regulation of the global payments industry, including with respect to interchange reimbursement fees, merchant discount rates, operating rules, risk management protocols and other related practices, could harm our business. Regulators around the world have been establishing or increasing their authority to regulate certain aspects of the payments industry. See Item 1. Business -Government Regulation for more information. In the U.S. and many other jurisdictions, we have historically set default interchange reimbursement fees. Even though we generally do not receive any revenue related to interchange reimbursement fees in a payment transaction (in the context of credit and debit transactions, those fees are paid by the acquirers to the issuers; the reverse is true for certain transactions like ATM), interchange reimbursement fees are a factor on which we compete with other payments providers and are therefore an important determinant of the volume of transactions we process. Consequently, changes to these fees, whether voluntarily or by mandate, can substantially affect our overall payments volumes and revenues. Interchange reimbursement fees, certain operating rules and related practices continue to be subject to increased government regulation globally, and regulatory authorities and central banks in a number of jurisdictions have reviewed or are reviewing these fees, rules, and practices. For example, regulations adopted by the U.S. Federal Reserve cap the maximum U.S. debit interchange reimbursement rate received by large financial institutions at 21 cents plus 5 basis points per transaction, plus a possible fraud adjustment of 1 cent. The Dodd-Frank Act also limits issuers’ and our ability to adopt network exclusivity and preferred routing in the debit and prepaid area, which also impacts our business. The EU’s IFR places an effective cap on consumer credit and consumer debit interchange fees for both domestic and cross-border transactions within the EEA (30 basis points and 20 basis points, respectively). EU member states have the ability to further reduce these interchange levels within their territories. Furthermore, the European Commission is in the process of conducting an impact assessment of the IFR, which could potentially result in lower and/or additional interchange fee caps and restrictions. Countries in other parts of the world, including the Latin America region have either adopted or are exploring interchange caps. For example, in March 2017, Argentina’s central bank passed regulations that cap interchange fees on credit and debit transactions. In March 2018, Brazil adopted interchange caps on debit transactions. When we cannot set default interchange reimbursement rates at optimal levels, issuers and acquirers may find our payments system less attractive. This may increase the attractiveness of other payments systems, such as our competitors’ closed-loop payments systems with direct connections to both merchants and consumers. We believe some issuers may react to such regulations by charging new or higher fees, or reducing certain benefits to consumers, which make our products less appealing to consumers. Some acquirers may elect to charge higher merchant discount rates regardless of the Visa interchange reimbursement rate, causing merchants not to accept our products or to steer customers to alternate payments systems or forms of payment. In addition, in an effort to reduce the expense of their payment programs, some issuers and acquirers have obtained, and may continue to obtain, incentives from us, including reductions in the fees that we charge, which may directly impact our revenues. In addition to the regulation of interchange reimbursement fees, a number of regulators impose restrictions on other aspects of our payments business. For example, many governments including, but not limited to governments in India and Turkey are using regulation to further drive down merchant discount rates, which could negatively affect the economics of our transactions. Some countries in Latin America, like Peru and Chile are relying on antitrust driven regulatory actions that can have implications for how the payments ecosystem and four party model operate. The Payment System Regulator’s review of the acquiring market in the United Kingdom could lead to additional regulatory pressure on our business. With increased merchant lobbying, we could also begin to see regulatory interest in network fees. Government regulations or pressure may also require us to allow other payments networks to support Visa products or services, or to have the other network’s functionality or brand marks on our products. As innovations in payment technology have enabled us to expand into new products and services, they have also expanded the potential scope of regulatory influence. For instance, new products and capabilities, including tokenization, push payments, and non-card based payment flows (e.g., B2B Connect) could bring increased licensing or authorization requirements in the countries where the product or capability is offered. In addition, the European Union’s requirement to separate scheme and processing adds costs and impacts the execution of our commercial, innovation and product strategies. We are also subject to central bank oversight in some markets, including, Brazil, Russia, the United Kingdom and within the European Union. This oversight could result in new governance, reporting, licensing, cybersecurity, processing infrastructure, capital, or credit risk management requirements. We could also be required to adopt policies and practices designed to mitigate settlement and liquidity risks, including increased requirements to maintain sufficient levels of capital and financial resources locally, as well as localized risk management or governance. Increased central bank oversight could also lead to new or different criteria for participation in and access to our payments system, including allowing non-traditional financial technology companies to act as issuers or acquirers. Additionally, regulators in other jurisdictions are considering or adopting approaches based on similar regulatory principles. Finally, regulators around the world increasingly take note of each other’s approaches to regulating the payments industry. Consequently, a development in one jurisdiction may influence regulatory approaches in another. The risks created by a new law, regulation or regulatory outcome in one jurisdiction have the potential to be replicated and to negatively affect our business in another jurisdiction or in other product offerings. For example, our settlement with the European Commission on cross-border interchange rates could draw the attention of regulators in other parts of the world. Similarly, new regulations involving one product offering may prompt regulators to extend the regulations to other product offerings. For example, credit payments could become subject to similar regulation as debit payments (or vice versa). For instance, the Reserve Bank of Australia initially capped credit interchange, but subsequently capped debit interchange as well. Government-imposed restrictions on international payment systems may prevent us from competing against providers in certain countries, including significant markets such as China, India and Russia. Governments in a number of jurisdictions shield domestic payment card networks, brands, and processors from international competition by imposing market access barriers and preferential domestic regulations. To varying degrees, these policies and regulations affect the terms of competition in the marketplace and undermine the competitiveness of international payments networks. In the future, public authorities may impose regulatory requirements that favor domestic providers or mandate that domestic payments processing be performed entirely within that country, which would prevent us from managing the end-to-end processing of certain transactions. In Russia, legislation effectively prevents us from processing domestic transactions. The central bank controlled national payment card system (NSPK) is the only entity allowed to process domestically. In China, UnionPay remains the sole processor of domestic payment card transactions and operates the sole domestic acceptance mark. Although we have filed an application with the People’s Bank of China (PBOC) to operate a Bank Card Clearing Institution (BCCI) in China, the timing and the procedural steps remain uncertain. The approval process might require several years, and there is no guarantee that the license to operate a BCCI will be approved or, if we obtain such license, that we will be able to successfully compete with domestic payments networks. Recent regulatory initiatives in India also suggest growing nationalistic priorities, including a data localization mandate passed by the government, which has cost implications for us and could affect our ability to effectively compete with domestic payment providers. Furthermore, regional groups of countries, such as the Gulf Cooperation Countries in the Middle East and a number of countries in Southeast Asia, are considering, or may consider, efforts to restrict our participation in the processing of regional transactions. The African Development Bank has also indicated an interest in supporting national payment systems in its efforts to expand financial inclusion and strengthen regional financial stability. Geopolitical events, including sanctions, trade tensions or other types of activities could potentially intensify any or all of these activities, which could adversely affect our business. Due to our inability to manage the end-to-end processing of transactions for cards in certain countries (e.g., Russia and Thailand), we depend on our close working relationships with our clients or third-party processors to ensure transactions involving our products are processed effectively. Our ability to do so may be adversely affected by regulatory requirements and policies pertaining to transaction routing or on-shore processing. Co-badging and co-residency regulations may pose additional challenges in markets where Visa competes with national networks for issuance and routing. For example, in China, certain banks have issued dual-branded cards for which domestic transactions in China are processed by UnionPay and transactions outside of China are processed by us or other international payments networks. The PBOC is contemplating that dual-branded cards could be phased out over time as new licenses are issued to international companies to participate in China’s domestic payments market. Accordingly, we have been working with Chinese issuers to issue Visa-only branded cards for international travel, and later for domestic transactions after we obtain a BCCI license. However, notwithstanding such efforts, the phase out of dual-branded cards may decrease our payment volumes and impact the revenue we generate in China. Mir and UnionPay have grown rapidly in Russia and China, respectively, and are actively pursuing international expansion plans, which could potentially lead to regulatory pressures on our international routing rule (which requires that international transactions on Visa cards be routed over VisaNet). Furthermore, although regulatory barriers shield Mir and UnionPay from competition in Russia and China, respectively, alternate payment providers such as Alipay and WeChat Pay have rapidly expanded into ecommerce, offline, and cross-border payments, which could make it difficult for us to compete even if our license is approved in China. Recently, with strong backing from China’s government, a new digital transaction routing system known as Netlink was established. The PBOC allowed Alipay and other digital payment providers to invest in Netlink. It and other such systems could have a competitive advantage in comparison with other international payments networks. In general, national laws that protect domestic providers or processing may increase our costs; decrease our payments volumes and impact the revenue we generate in those countries; decrease the number of Visa products issued or processed; impede us from utilizing our global processing capabilities and controlling the quality of the services supporting our brands; restrict our activities; limit our growth and the ability to introduce new products, services and innovations; force us to leave countries or prevent us from entering new markets; and create new competitors, all of which could harm our business. Laws and regulations regarding the handling of personal data and information may impede our services or result in increased costs, legal claims, or fines against us. Our business relies on the processing of data in many jurisdictions and the movement of data across national borders. Legal requirements relating to the collection, storage, handling, use, disclosure, transfer, and security of personal data continue to evolve, and regulatory scrutiny in this area is increasing around the world. Significant uncertainty exists as privacy and data protection laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. For example, the EU’s General Data Protection Regulation (GDPR) extends the scope of the EU data protection law to all companies processing data of EU residents, regardless of the company’s location. The law requires companies to meet new requirements regarding the handling of personal data. Although we have an extensive data privacy program that addresses the GDPR requirements, our ongoing efforts to comply with GDPR and other privacy and data protection laws (such as the new California Consumer Privacy Act effective as of January 2020 and the Brazilian General Data Protection Law effective as of February 2020) may entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. In addition, India has adopted a data localization law that requires all payment system operators to store domestic transaction data only in India. Such data localization requirements have cost implications for us, impact our ability to utilize the efficiencies and value of our global network, and could affect our strategy. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. The enactment of more restrictive laws, rules, regulations, or future enforcement actions or investigations could impact us through increased costs or restrictions on our business, and noncompliance could result in regulatory penalties and significant legal liability. We may be subject to tax examinations or disputes, or changes in tax laws. We exercise significant judgment in calculating our worldwide provision for income taxes and other tax liabilities. Although we believe our tax estimates are reasonable, many factors may limit their accuracy. We are currently under examination by, or in disputes with, the U.S. Internal Revenue Service, the UK’s HM Revenue & Customs as well as tax authorities in other jurisdictions, and we may be subject to additional examinations or disputes in the future. Relevant tax authorities may disagree with our tax treatment of certain material items and thereby increase our tax liability. Failure to sustain our position in these matters could harm our cash flow and financial position. In addition, changes in existing laws in the U.S. or foreign jurisdictions, or changes resulting from the Organization for Economic Cooperation and Development Program of Work, related to the revision of profit allocation and nexus rules and global base-erosion proposal, may also materially affect our effective tax rate. A substantial increase in our tax payments could have a material, adverse effect on our financial results. See also Note 19-Income Taxes to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. Litigation Risks We may be adversely affected by the outcome of litigation or investigations, despite certain protections that are in place. We are involved in numerous litigation matters, investigations, and proceedings asserted by civil litigants, governments, and enforcement bodies alleging, among other things, violations of competition and antitrust law, consumer protection law, and intellectual property law (these are referred to as “actions” in this section). Details of the most significant actions we face are described more fully in Note 20-Legal Matters to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. These actions are inherently uncertain, expensive, and disruptive to our operations. In the event we are found liable in any material action, particularly in a large class action lawsuit, such as one involving an antitrust claim entitling the plaintiff to treble damages, or we incur liability arising from a government investigation, we may be required to pay significant awards, settlements, or fines. In addition, settlement terms, judgments, or pressures resulting from actions may harm our business by requiring us to modify, among other things, the default interchange reimbursement rates we set, the Visa operating rules or the way in which we enforce those rules, our fees or pricing, or the way we do business. These actions or their outcomes may also influence regulators, investigators, governments, or civil litigants in the same or other jurisdictions, which may lead to additional actions against Visa. Finally, we are required by some of our commercial agreements to indemnify other entities for litigation brought against them, even if Visa is not a defendant. For certain actions like those that are U.S. covered litigation or VE territory covered litigation, as described in Note 5-U.S. and Europe Retrospective Responsibility Plans and Note 20-Legal Matters to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report, we have certain financial protections pursuant to the respective retrospective responsibility plans. The two retrospective responsibility plans are different in the protections they provide and the mechanisms by which we are protected. The failure of one or both of the retrospective responsibility plans to adequately insulate us from the impact of such settlements, judgments, losses, or liabilities could materially harm our financial condition or cash flows, or even cause us to become insolvent. Business Risks We face intense competition in our industry. The global payments space is intensely competitive. As technology evolves, new competitors or methods of payment emerge, and existing clients and competitors assume different roles. Our products compete with cash, checks, electronic funds, virtual currency payments, global or multi-regional networks, other domestic and closed-loop payments systems, and alternative payment providers primarily focused on enabling payments through ecommerce and mobile channels. As the global payments space becomes more complex, we face increasing competition from our clients, other emerging payment providers such as fintechs, and other digital payments and technology companies that have developed payments systems enabled through online activity in ecommerce and mobile channels. Our competitors may develop substantially better technology, have more widely adopted delivery channels or have greater financial resources. They may offer more effective, innovative or a wider range of programs, products, and services. They may use more effective advertising and marketing strategies that result in broader brand recognition, and greater issuance and merchant acceptance. They may also develop better security solutions or more favorable pricing arrangements. Moreover, even if we successfully adapt to technological change and the proliferation of alternative types of payment services by developing and offering our own services in these areas, such services may provide less favorable financial terms for us than we currently receive from VisaNet transactions, which could hurt our financial results and prospects. Certain of our competitors operate with different business models, have different cost structures, or participate in different market segments. Those business models may ultimately prove more successful or more adaptable to regulatory, technological, and other developments. In some cases, these competitors have the support of government mandates that prohibit, limit, or otherwise hinder our ability to compete for transactions within certain countries and regions. Some of our competitors, including American Express, Discover, private-label card networks, virtual currency providers, technology companies that enable the exchange of digital assets, and certain alternate payments systems like Alipay and WeChat Pay, operate closed-loop payments systems, with direct connections to both merchants and consumers. Government actions or initiatives such as the Dodd-Frank Act or the U.S. Federal Reserve’s FedNow initiatives may provide competitors with increased opportunities to derive competitive advantages from these business models, and may create new competitors, including in some cases the government itself. Similarly, regulation in Europe under PSD2 and the IFR may require us to open up access to, and allow participation in, our network to additional participants, and reduce the infrastructure investment and regulatory burden on competitors. We also run the risk of disintermediation due to factors such as emerging technologies, including mobile payments, alternate payment credentials, other ledger technologies or payment forms, and by virtue of increasing bilateral agreements between entities that prefer not to use our payments network for processing transactions. For example, merchants could process transactions directly with issuers, or processors could process transactions directly with issuers and acquirers. We expect the competitive landscape to continue to shift and evolve. For example: • competitors, clients, network participants, and others are developing or participating in alternate payment networks or products, such as mobile payment services, ecommerce payment services, P2P payment services, real-time and faster payment initiatives and payment services that permit ACH or direct debits from consumer checking accounts, that could reduce our role or otherwise disintermediate us from the transaction processing or the value-added services we provide to support such processing. Examples include initiatives from The Clearing House, an association consisting of large financial institutions that has developed its own faster payments system; Early Warning Services, which operates Zelle, a bank-offered alternative network that provides another platform for faster funds or real-time payments across a variety of payment types, including P2P, corporate and government disbursement, bill pay and deposit check transactions; and the Libra Association, which seeks to launch a new stablecoin crypto-currency (Libra Coin) and global blockchain-based payments network; • similarly, many countries are developing or promoting domestic networks, switches and real-time payment systems. To the extent these governments mandate local banks and merchants to use and accept these systems for domestic transactions and/or prohibit international payment networks, like Visa, from participating on those systems, we could face the risk of our business being disintermediated in those countries. Furthermore, in some regions, such as Southeast Asia, under the auspices of the Association of Southeast Asian Nations (ASEAN), some countries are looking into cross-border connectivity of such domestic systems; • parties that process our transactions may try to minimize or eliminate our position in the payments value chain; • parties that access our payment credentials, tokens and technologies, including clients, technology solution providers or others might be able to migrate account holders and other clients to alternate payment methods or use our payment credentials, tokens and technologies to establish or help bolster alternate payment methods and platforms; • participants in the payments industry may merge, form joint ventures or enable or enter into other business combinations that strengthen their existing business propositions or create new, competing payment services; and • new or revised industry standards related to EMV Secure Remote Commerce, cloud-based payments, tokenization or other payments-related technologies set by organizations such as the International Organization for Standardization, American National Standards Institute, World Wide Web Consortium, European Card Standards Group, PCI Co and EMVCo may result in additional costs and expenses for Visa and its clients, or otherwise negatively impact the functionality and competitiveness of our products and services. As the competitive landscape is quickly evolving, we may not be able to foresee or respond sufficiently to emerging risks associated with new businesses, products, services and practices. We may be asked to adjust our local rules and practices, develop or customize certain aspects of our payment services, or agree to business arrangements that may be less protective of Visa’s proprietary technology and interests in order to compete and we may face increasing operational costs and risk of litigation concerning intellectual property. Our failure to compete effectively in light of any such developments could harm our business and prospects for future growth. Our revenues and profits are dependent on our client and merchant base, which may be costly to win, retain, and maintain. Our financial institution clients and merchants can reassess their commitments to us at any time or develop their own competitive services. While we have certain contractual protections, our clients, including some of our largest clients, generally have flexibility to issue non-Visa products. Further, in certain circumstances, our financial institution clients may decide to terminate our contractual relationship on relatively short notice without paying significant early termination fees. Because a significant portion of our net revenues is concentrated among our largest clients, the loss of business from any one of these larger clients could harm our business, results of operations, and financial condition. In addition, we face intense competitive pressure on the prices we charge our financial institution clients. In order to stay competitive, we may need to adjust our pricing or offer incentives to our clients to increase payments volume, enter new market segments, adapt to regulatory changes, and expand their use and acceptance of Visa products and services. These include up-front cash payments, fee discounts, rebates, credits, performance-based incentives, marketing, and other support payments that impact our revenues and profitability. In addition, we offer incentives to certain merchants or acquirers to win routing preference in situations where other network functionality is enabled on our products and there is a choice of network routing options. Market pressures on pricing, incentives, fee discounts, and rebates could moderate our growth. If we are not able to implement cost containment and productivity initiatives in other areas of our business or increase our volumes in other ways to offset or absorb the financial impact of these incentives, fee discounts, and rebates, it may harm our net revenues and profits. In addition, it may be difficult or costly for us to acquire or conduct business with financial institutions or merchants that have longstanding exclusive, or nearly exclusive, relationships with our competitors. These financial institutions or merchants may be more successful and may grow more quickly than our existing clients or merchants. In addition, if there is a consolidation or acquisition of one or more of our largest clients or co-brand partners by a financial institution client or merchant with a strong relationship with one of our competitors, it could result in our business shifting to a competitor, which could put us at a competitive disadvantage and harm our business. Merchants’ and processors’ continued push to lower acceptance costs and challenge industry practices could harm our business. We rely in part on merchants and their relationships with our clients to maintain and expand the acceptance of Visa products. Certain large retail merchants have been exercising their influence in the global payments system in certain jurisdictions, such as the U.S., Canada and Europe, to attempt to lower their acceptance costs by lobbying for new legislation, seeking regulatory enforcement, filing lawsuits and in some cases, refusing to accept Visa products. If they are successful in their efforts, we may face increased compliance and litigation expenses and issuers may decrease their issuance of our products. For example, in the U.S., certain stakeholders have raised concerns regarding how payment security standards and rules may impact the cost of payment card acceptance. In addition to ongoing litigation related to the U.S. migration to EMV-capable cards and point-of-sale terminals, U.S. merchant-affiliated groups and processors have expressed concerns regarding the EMV certification process and some policymakers have concerns about the roles of industry bodies such as EMVCo and the Payment Card Industry Security Standards Council in the development of payment card standards. Additionally, some merchants and processors have advocated for changes to industry practices and Visa acceptance requirements at the point of sale, including the ability for merchants to accept only certain types of Visa products, to mandate only PIN authenticated transactions, to differentiate or steer among Visa product types issued by different financial institutions, and to impose surcharges on customers presenting Visa products as their form of payment. If successful, these efforts could adversely impact consumers’ usage of our products, lead to regulatory enforcement and/or litigation, increase our compliance and litigation expenses, and harm our business. We depend on relationships with financial institutions, acquirers, processors, merchants, and other third parties. As noted above, our relationships with industry participants are complex and require us to balance the interests of multiple third parties. For instance, we depend significantly on relationships with our financial institution clients and on their relationships with account holders and merchants to support our programs and services, and thereby compete effectively in the marketplace. We engage in discussions with merchants, acquirers, and processors to provide incentives to promote routing preference and acceptance growth. We also engage in many payment card co-branding efforts with merchants, who receive incentives from us. As emerging participants such as fintechs enter the payments industry, we engage in discussions to address the role they may play in the ecosystem, whether as, for example, an issuer, merchant, or digital wallet provider. As these and other relationships become more prevalent and take on a greater importance to our business, our success will increasingly depend on our ability to sustain and grow these relationships. In addition, we depend on our clients and third parties, including vendors and suppliers, to process transactions properly, provide various services associated with our payments network on our behalf, and otherwise adhere to our operating rules. To the extent that such parties fail to perform or deliver adequate services, it may result in negative experiences for account holders or others when using their Visa-branded payment products, which could harm our business and reputation. Our business could be harmed if we are not able to maintain and enhance our brand, if events occur that have the potential to damage our brand or reputation, or if we experience brand disintermediation. Our brand is globally recognized and is a key asset of our business. We believe that our clients and account holders associate our brand with acceptance, security, convenience, speed, and reliability. Our success depends in large part on our ability to maintain the value of our brand and reputation of our products and services in the payments ecosystem, elevate the brand through new and existing products, services and partnerships, and uphold our corporate reputation. The popularity of products that we have developed in partnership with technology companies and financial institutions may have the potential to cause consumer confusion or brand disintermediation at the point-of-sale and decrease the value of our brand. Our brand reputation may be negatively impacted by a number of factors, including authorization, clearing and settlement service disruptions; data security breaches; compliance failures by Visa, including our employees, agents, clients, partners or suppliers; negative perception of our industry, the industries of our clients or Visa-accepting merchants; ill-perceived actions by clients, partners or other third parties, such as sponsorship or co-brand partners; and fraudulent, risky, controversial or illegal activities using our payment products. If we are unable to maintain our reputation, the value of our brand may be impaired, which could harm our relationships with clients, account holders, and the public, as well as impact our business. Global economic, political, market, and social events or conditions may harm our business. Our revenues are dependent on the volume and number of payment transactions made by consumers, governments, and businesses whose spending patterns may be affected by prevailing economic conditions. In addition, more than half of our net revenues are earned outside the U.S. International cross-border transaction revenues represent a significant part of our revenue and are an important part of our growth strategy. Therefore, adverse macroeconomic conditions, including recessions, inflation, high unemployment, currency fluctuations, actual or anticipated large-scale defaults or failures, or slowdown of global trade could decrease consumer and corporate confidence and reduce consumer, government, and corporate spending which have a direct impact on our revenues. In addition, outbreaks of illnesses, pandemics, or other local or global health issues, political uncertainties, international hostilities, armed conflict, or unrest, and natural disasters could impact our operations, our clients, our activities in a particular location, and cross-border travel and spend. Geopolitical trends towards nationalism, protectionism, and restrictive visa requirements, as well as continued activity and uncertainty around economic sanctions could limit the expansion of our business in those regions. The current trade environment reduces the likelihood of having our Bank Card Clearing Institution application in China approved. In addition, any decline in cross-border travel and spend could impact the number of cross-border transactions we process and our currency exchange activities, which in turn would reduce our international transaction revenues. A decline in economic conditions could impact our clients as well, and their decisions could reduce the number of cards, accounts, and credit lines of their account holders, which ultimately impact our revenues. They may also implement cost-reduction initiatives that reduce or eliminate marketing budgets, and decrease spending on optional or enhanced, value-added services from us. Any events or conditions that impair the functioning of the financial markets, tighten the credit market, or lead to a downgrade of our current credit rating could increase our future borrowing costs and impair our ability to access the capital and credit markets on favorable terms, which could affect our liquidity and capital resources, or significantly increase our cost of capital. If clients default on their settlement obligations, it may also impact our liquidity. Any of these events could adversely affect our volumes and revenue. Our indemnification obligation to fund settlement losses of our clients exposes us to significant risk of loss and may reduce our liquidity. We indemnify issuers and acquirers for settlement losses they may suffer due to the failure of another issuer or acquirer to honor its settlement obligations in accordance with the Visa operating rules. In certain instances, we may indemnify issuers or acquirers in situations in which a transaction is not processed by our system. This indemnification creates settlement risk for us due to the timing difference between the date of a payment transaction and the date of subsequent settlement. Our indemnification exposure is generally limited to the amount of unsettled Visa payment transactions at any point in time and any subsequent amounts that may fall due relating to adjustments for previously processed transactions. Concurrent settlement failures involving more than one of our largest clients, several of our smaller clients, or systemic operational failures could negatively impact our financial position. Even if we have sufficient liquidity to cover a settlement failure, we may be unable to recover the amount of such payment. This could expose us to significant losses and harm our business. See Note 11-Settlement Guarantee Management to our consolidated financial statements included in Item 8 - Financial Statements and Supplementary Data of this report. The United Kingdom’s withdrawal from the European Union could harm our business and financial results. In June 2016, voters in the United Kingdom approved the withdrawal of the United Kingdom from the European Union (commonly referred to as “Brexit”). In March 2017, the UK government initiated the exit process under Article 50 of the Treaty of the European Union, commencing a period of up to two years for the United Kingdom and the other EU member states to negotiate the terms of the withdrawal, which was subsequently postponed until January 31, 2020. Uncertainty over the terms of the United Kingdom’s departure from the European Union could cause political and economic uncertainty in the United Kingdom and the rest of Europe, which could harm our business and financial results. Brexit could lead to legal uncertainty and potentially divergent national laws and regulations in the United Kingdom and European Union. We, as well as our clients who have significant operations in the United Kingdom, may incur additional costs and expenses as we adapt to potentially divergent regulatory frameworks from the rest of the European Union and as a result, our Visa operating rules and contractual commitments in the United Kingdom and the rest of the European Union may be impacted. In addition, applications may need to be made for regulatory authorization and permission in separate EU member states following Brexit. These factors may impact our ability to operate and process data in the European Union and United Kingdom seamlessly. This and other Brexit-related issues may require changes to our legal entity structure and/or operations in the United Kingdom and the European Union. Any of these effects of Brexit, among others, could harm our business and financial results. Technology and Cybersecurity Risks Failure to anticipate, adapt to or keep pace with new technologies in the payments industry could harm our business and impact future growth. The global payments industry is undergoing significant and rapid technological change, including mobile and other proximity payment technologies, ecommerce, tokenization, cryptocurrencies, and new authentication technologies such as biometrics, distributed ledger and blockchain technologies. As a result, we expect new services and technologies to continue to emerge and evolve. In addition to our own initiatives and innovations, we work closely with third parties, including potential competitors, for the development of and access to new technologies. It is difficult, however, to predict which technological developments or innovations will become widely adopted and how those technologies may be regulated. Moreover, some of the new technologies could be subject to intellectual property-related lawsuits or claims, potentially impacting our development efforts and/or requiring us to obtain licenses. If we or our partners fail to adapt and keep pace with new technologies in the payments space in a timely manner, it could harm our ability to compete, decrease the value of our products and services to our clients, impact our intellectual property or licensing rights, harm our business and impact our future growth. A disruption, failure or breach of our networks or systems, including as a result of cyber-attacks, could harm our business. Our cybersecurity and processing systems, as well as those of financial institutions, merchants, and third-party service providers, have experienced in limited instances and may continue to experience errors, interruptions, delays or damage from a number of causes, including power outages, hardware, software and network failures, computer viruses, malware or other destructive software, internal design, manual or usage errors, cyber-attacks, terrorism, workplace violence or wrongdoing, catastrophic events, natural disasters and severe weather conditions. Furthermore, our visibility and role in the global payments industry may also put our company at a greater risk of being targeted by hackers. In the normal course of our business, we have been the target of malicious cyber-attack attempts. We have been and may continue to be impacted by attacks and data security breaches of financial institutions, merchants, or third-party processors. We are also aware of instances where nation states have sponsored attacks against some of our financial institution clients, and other instances where merchants and issuers have encountered substantial data security breaches affecting their customers, some of whom were Visa account holders. Such attacks and breaches have resulted, and may continue to result in, fraudulent activity and ultimately, financial losses to Visa’s clients, and it is difficult to predict the direct or indirect impact of future attacks or breaches to our business. Numerous and evolving cybersecurity threats, including advanced and persistent cyber-attacks, phishing and social engineering schemes, particularly on our internet applications, could compromise the confidentiality, availability, and integrity of data in our systems or the systems of our third-party service providers. Because the techniques used to obtain unauthorized access, or to disable or degrade systems change frequently, have become increasingly more complex and sophisticated, and may be difficult to detect for periods of time, we may not anticipate these acts or respond adequately or timely. The security measures and procedures we, our financial institution and merchant clients, other merchants and third-party service providers in the payments ecosystem have in place to protect sensitive consumer data and other information may not be successful or sufficient to counter all data security breaches, cyber-attacks, or system failures. In some cases, the mitigation efforts may be dependent on third parties who may not deliver to the required contractual standards or whose hardware, software or network services may be subject to error, defect, delay, or outage. Although we devote significant resources to our cybersecurity and supplier risk management programs and have implemented security measures to protect our systems and data, and to prevent, detect and respond to data security incidents, there can be no assurance that our efforts will prevent these threats. These events could significantly disrupt our operations; impact our clients and consumers; damage our reputation and brand; result in litigation or claims, violations of applicable privacy and other laws, and regulatory scrutiny, investigations, actions, fines or penalties; result in damages or changes to our business practices; decrease the overall use and acceptance of our products; decrease our volume, revenues and future growth prospects; and be costly, time consuming and difficult to remedy. In the event of damage or disruption to our business due to these occurrences, we may not be able to successfully and quickly recover all of our critical business functions, assets, and data through our business continuity program. Furthermore, while we maintain insurance, our coverage may not sufficiently cover all types of losses or claims that may arise. Structural and Organizational Risks We may not achieve the anticipated benefits of our acquisitions or strategic investments, and may face risks and uncertainties as a result. As part of our overall business strategy, we make acquisitions and strategic investments. We may not achieve the anticipated benefits of our current and future acquisitions and strategic investments and they may involve significant risks and uncertainties, including: • disruption to our ongoing business, including diversion of resources and management’s attention from our existing business • greater than expected investment of resources or operating expenses • failure to develop the acquired business adequately • the data security, cybersecurity and operational resilience posture of our acquired companies, or companies we invest in or partner with, may not be adequate • difficulty, expense or failure of implementing controls, procedures and policies at the acquired company • challenges of integrating new employees, business cultures, business systems and technologies • failure to retain employees, clients or partners of the acquired business • in the case of foreign acquisitions, risks related to the integration of operations across different cultures and languages • the economic, political and regulatory risks associated with operating in new businesses, regions or countries. For more information on regulatory risks, please see Item 1 - Business-Government Regulations and Item 1A - Risk Factors-Regulatory Risks above • discovery of unidentified issues and related liabilities after the acquisition or investment was made • failure to mitigate the deficiencies and liabilities of the acquired business • dilutive issuance of equity securities, if new securities are issued • the incurrence of debt • negative impact on our financial position and/or statement of operations • anticipated benefits, synergies or value of the investment or acquisition not materializing We may be unable to attract, hire, and retain a highly qualified and diverse workforce, including key management. The talents and efforts of our employees, particularly our key management, are vital to our success. Our management team has significant industry experience and would be difficult to replace. We may be unable to retain them or to attract other highly qualified employees, particularly if we do not offer employment terms that are competitive with the rest of the labor market. Ongoing changes in laws and policies regarding immigration and work authorizations have made it more difficult for employees to work in, or transfer among, jurisdictions in which we have operations and could continue to impair our ability to attract and retain qualified employees. Failure to attract, hire, develop, motivate, and retain highly qualified and diverse employee talent, to develop and implement an adequate succession plan for the management team, or to maintain a corporate culture that fosters integrity, innovation, and collaboration could disrupt our operations and adversely affect our business and our future success. The conversions of our class B and class C common stock or series B and series C preferred stock into shares of class A common stock would result in voting dilution to, and could impact the market price of, our existing class A common stock. The market price of our class A common stock could fall as a result of many factors. Under our U.S. retrospective responsibility plan, upon final resolution of our U.S. covered litigation, all class B common stock will become convertible into class A common stock. Our series B and series C preferred stock will become convertible into class A common stock in stages based on developments in current and potential litigation and will become fully convertible no later than 2028 (subject to a holdback to cover any pending claims). Conversion of our class B and class C common stock into class A common stock, or our series B and series C preferred stock into class A common stock, would increase the amount of class A common stock outstanding, which could adversely affect the market price of our existing class A common stock and would dilute the voting power of existing class A common stockholders. Holders of our class B and C common stock and series B and series C preferred stock may have different interests than our class A common stockholders concerning certain significant transactions. Although their voting rights are limited, holders of our class B and C common stock and, in certain specified circumstances, holders of our series B and series C preferred stock, can vote on certain significant transactions. With respect to our class B and C common stock, these transactions include a proposed consolidation or merger, a decision to exit our core payments business and any other vote required under Delaware law. With respect to our series B and series C preferred stock, voting rights are limited to proposed consolidations or mergers in which holders of the series B and series C preferred stock would either (i) receive shares of stock or other equity securities with preferences, rights and privileges that are not substantially identical to the preferences, rights and privileges of the applicable series of preferred stock or (ii) receive securities, cash or other property that is different from what our class A common stockholders would receive. Because the holders of classes of capital stock other than class A common stock are our current and former financial institution clients, they may have interests that diverge from our class A common stockholders. As a result, the holders of these classes of capital stock may not have the same incentive to approve a corporate action that may be favorable to the holders of class A common stock, and their interests may otherwise conflict with interests of our class A common stockholders. Delaware law, provisions in our certificate of incorporation and bylaws, and our capital structure could make a merger, takeover attempt, or change in control difficult. Provisions contained in our certificate of incorporation and bylaws and our capital structure could delay or prevent a merger, takeover attempt, or change in control that our stockholders may consider favorable. For example, except for limited exceptions: • no person may beneficially own more than 15% of our class A common stock (or 15% of our total outstanding common stock on an as-converted basis), unless our board of directors approves the acquisition of such shares in advance • no competitor or an affiliate of a competitor may hold more than 5% of our total outstanding common stock on an as-converted basis • the affirmative votes of the class B and C common stock and series B and series C preferred stock are required for certain types of consolidations or mergers • our stockholders may only take action during a stockholders’ meeting and may not act by written consent • only the board of directors, Chairman, or CEO may call a special meeting of stockholders ITEM 1B.