UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
FORM
(Mark One)
| REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR (g) OF THE SECURITIES EXCHANGE ACT OF 1934 |
OR
| ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended |
OR
| TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the transition period from to |
OR
| SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 Date of event requiring this shell company report |
Commission file number:
(Exact name of Registrant as specified in its charter)
Nu Holdings Ltd.
(Translation of Registrant’s name into English)
(Jurisdiction of incorporation or organization)
+1 345 949 2648
(Address of principal executive offices)
Tel: +
Brazil
(Name, Telephone, E-mail and/or Facsimile number and Address of Company Contact Person)
Copies to:
Manuel Garciadiaz | Byron B. Rooney
Davis Polk & Wardwell LLP
450 Lexington Avenue | New York, NY 10017
Phone: (212) 450-4000 Fax: (212) 701-5800
Securities registered or to be registered pursuant to Section 12(b) of the Act:
| Title of each class | Trading Symbol | Name of each exchange on which registered |
Securities registered or to be registered pursuant to Section 12(g) of the Act:
None
Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act:
None
Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report.
The number of outstanding shares as of December 31, 2022 was Class A ordinary shares (including Class A ordinary shares underlying the BDRs), and Class B ordinary shares.
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
Yes ☐
If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934.
Yes ☐
Note – Checking the box above will not relieve any registrant required to file reports pursuant to Section 13 or 15(d) of the Securities Exchange Act of 1934 from their obligations under those Sections.
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Yes ☐
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the registrant was required to submit such files).
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act. (Check one):
Large Accelerated Filer ☐
Accelerated Filer ☐
If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards† provided pursuant to Section 13(a) of the Exchange Act. ☐
† The term “new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. ☒
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements: ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b): ☐
Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this annual report:
|
U.S. GAAP ☐ |
|
Other ☐ |
If “Other” has been checked in response to the previous question, indicate by check mark which financial statement item the registrant has elected to follow.
| Item 17 ☐ | Item 18 ☐ |
If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act).
Yes
☐
Dear shareholder:
It has been sixteen months since Nu’s IPO in December 2021, a celebrated milestone in our history and, in hindsight, I believe one of the best financial decisions we have made as a company. The buoyancy and optimism of the post-pandemic capital markets turned around quickly in January 2022, and we suddenly found ourselves in a much more challenging scenario as interest rates climbed across Latin America and the world. We believe that the strength of our balance sheet allowed us to focus all our attention on improving the cadence and efficiency of our execution through an uncertain 2022, while continuing to strengthen our long-term mission. We are happy to report that we could not be more excited with the milestones we achieved. But first, a bit on our mission.
Our mission
Nu’s mission is to fight complexity to empower people, and our long-term strategy can be summarized in a few words: we want our customers to love us fanatically. If we manage to accomplish this feat while also enabling a profitable business model, customers will keep choosing to do business with us, and we will succeed. To pursue this mission, we believe that we have built one of the best technology company teams in the world, operating under a set of strong cultural values of ownership, efficiency, teamwork, and nonconformism. Luckily, we have been well versed in adverse and volatile macroeconomic scenarios with capital constraints since we started in 2013 in Brazil, and as we see additional volatile waters in 2023, we believe we have all the tools in our toolkit to continue pursuing this mission.
Our product strategy
In pursuit of this mission, we decided in 2013 to begin addressing the significant consumer pain we saw in the Brazilian financial services market. We issued 12 purple credit cards, one to each member of our starting team, painstakingly committed to reinventing what used to be a completely commoditized product and seeking to leverage the benefits of being inherently digital in order to offer a product with zero fees. Since then, customer growth continues to surpass our every expectation, and we have worked tirelessly in building the significant infrastructure to help support this growth while creating a comprehensive portfolio of financial services for consumers and small businesses by working to maintain the highest Net Promoter Score in each country we operate in. We decided to begin our regional expansion by launching our credit card product in Mexico in 2019 and in Colombia in 2020, where growth has also come faster than we expected and have reached the #1 position of net cards issued for Mexico and Colombia during every month of 2022, according to the Mexican National Banking and Securities Commission (CNBV) and Financial Superintendence of Colombia (SFC).
More recently in Brazil, we have taken our next step of going beyond financial services to mitigate complexity on behalf of our customers via our Marketplace, where our customers can shop at a growing number of partners with additional credit limits and benefiting from special discounts and cashback that we are able to negotiate given our scale. We see our Marketplace as a way to increase our value proposition while redefining and increasing our addressable market.
Our results
As 2022 progressed and showed a more challenging environment than most people anticipated, our team, already hardened by the significant volatility we have seen as a company since our foundation, increased execution focus and made a number of key decisions that helped us ultimately deliver results we are proud of.
First, as we saw interest rates rising to over 14% in Brazil, we launched Money Boxes, an innovative in-app tool for customers to shift their checking account deposits into an organized investment portfolio. Six months later we were able to lower our cost of funding, with strong and sequential growth of both deposits and Money Boxes.
Second, in the context of a more challenging environment for asset quality in Brazil, we took several measures to safeguard our portfolios that included more restrictive personal loan origination while repricing our products and increasing resilience within our portfolios. In parallel, we accelerated the launch of secured lending, with the broad rollout of payroll deductible loans in Brazil recently announced, as I will detail later in this letter.
Third, we doubled down on efficiency moves to foster profitability and display the operating advantage of our model. As an example, the 2021 contingent share award was terminated, which will reduce our costs by US$70 million per year, but we believe it also shows how committed I am to accelerate value creation for all of our shareholders. We expect that our efficiency ratio will continue to improve progressively over the coming years as we seek to capture cost savings opportunities and reduce the rate of headcount growth going forward.
In addition to several product launches, such as new credit card features, Buy Now, Pay Later (“BNPL”) products, new insurance products and investment features, such as Money Boxes, other accomplishments of 2022 include:
| ● | During 2022, we welcomed 20.7 million new customers on our platform, while increasing our activity rate from 76% in 2021 to 82%. With that, we achieved the impressive milestone of 70.9 million clients in Brazil, or 44% of the adult population in the country, as of December 2022. Our expansion into Mexico and Colombia has also been notable, with total clients in these countries reaching 3.2 million and 565,000, respectively, as of December 31, 2022. Meanwhile, we have become the primary banking relationship for over 58% of our active customers who had been with us for more than 12 months as of December 31, 2022, compared to less than 55% as of December 31, 2021. Our strategic goal is to be the main bank account for our customers, not just a side wallet, and we believe these levels of primary banking relationship are best-in-class industry-wide. |
| ● | We
displayed our cross-sell capabilities with checking accounts, our second product, growing
51% YoY to approximately 53 million active customers at year-end, while our initial product,
credit cards, also expanded 36% YoY to approximately 34 million active customers. We believe
that a second product that becomes even more relevant than the first is a rare achievement
for a fintech company. Other products also followed a strong growth path during 2022, with
active unsecured personal loan, investment and insurance clients growing 126%, 111% and 100%
YoY, respectively. As per our internal analysis, we have become one of the five largest MSE
(Micro and Small Enterprises) players in Brazil in number of clients, with 2.5 million MSE
customers, surpassing 13% in the number of accounts for companies in this segment. |
| ● | We have already become the fourth largest card issuer in Brazil as of December 31, 2022, surpassing some of the incumbent banks, with our share of the card payment volume (PV) market (including credit, debit and prepaid) at 11.9% in 2022, 8.7% in 2021, 5.7% in 2020 and 3.7% in 2019, according to data from the Brazilian Credit Cards and Services Association. |
| ● | Our
interest-earning portfolio achieved US$4.0 billion or double the US$2.0 billion posted a
year before. We believe this shows the resilience
of our credit underwriting model, especially considering our current scale and Brazil’s
ongoing credit deterioration. In the meantime, we believe we have built a strong source of
funding in Brazil, growing our retail deposits by 55% YoY on a FX Neutral basis, to US$15.8
billion. Following the launch of the money box features concurrently with the adoption of
our new deposit interest payment framework, our average quarterly cost of funding improved
to an all-time low of 78% of the interbank deposit rate (CDI) in December 2022 (compared
to 98% in December 2021). |
| ● | Our credit-underwriting model was put to the test, and we understand it excelled amidst significant macroeconomic volatility, with our 90-day consumer finance delinquency rate, or NPL ratio, closing the year at 5.2%. This would imply 25% lower levels when compared to the industry average, adjusted by product, growth and income distribution, according to the Central Bank of Brazil and our own estimates. We believe our main credit underwriting advantages lie in our ability to assess what we call Ability and Willingness to Pay. On Ability to Pay, considering our lower unit costs and focus on technology, we expect to be able to: (a) enter pockets of the population that other players would be unwilling or unable to serve; (b) collect significant amounts of data that feeds and improves our credit models; and (c) rely on our strong relationships with primary banking clients to enable us to manage and mitigate the risks we take. On Willingness to Pay, by focusing our underwriting on primary banking clients, we believe we not only generate higher revenues, but also experience default rates that are 48% lower than those of non-primary customers as of December 31, 2022, based on our internal research. We believe this approach allows us to provide more accessible and efficient financial services while also managing risk more effectively. |
| ● | Monthly ARPAC was US$7.8 for the year ended December 31, 2022, compared to US$4.5 for the year ended December 31, 2021 (a 66% increase YoY compared to a US$4.7 on an FX neutral basis). In the meantime, our monthly average cost to serve per active customer remained stable at US$0.8 in 2022 and 2021, reinforcing the operational leverage advantage of our model. |
| ● | Finally, our total revenue increased by 182.2% (or 167.5% on a FX Neutral basis), reaching US$4.8 billion in 2022 from US$1.7 billion in 2021, while our gross profit increased 126.9% (or 115.1% on a FX Neutral basis) reaching US$1.7 billion in 2022 from US$0.7 billion in 2021. |
As proud as I am of what we accomplished in 2022, I am equally excited about our opportunities and goals going forward.
| ● | Firstly, our personal loan book, both unsecured and secured lending. On the former, we began introducing this product two years ago and have already achieved a 5% market share of outstanding receivables in Brazil, according to data from the Brazilian Central Bank. However, only 8% of our active customers in the country are active in this product with us. On the latter, we started testing this product in late 2022 and, we are commencing our full roll-out of secured lending through a fully digital distribution model that we believe is unparalleled in Brazil. We are starting this journey with federal public servants, where we are already observing promising initial indicators. |
| ● | Secondly, we prioritize “winning our fair share of wallet in the upmarket in Brazil,” with customer acquisition and then customer monetization. In terms of customer acquisition, we already have approximately 70% of Brazilians earning a monthly income above R$5,000 on our platform. Furthermore, approximately 60% of Brazilians who earn a monthly income above R$12,000 are also on our platform. This means that we have already made significant progress in the initial phase of our journey. In terms of customer monetization, we continue working to increase our share of wallet with those clients: Banking-Spending-Savings. For the first pillar, we expect upcoming launches of personal financial management services/tools to enhance user experience for this segment, helping to increase financial control and daily usage, which can foster engagement in our platform. For the second pillar, we intend to continue launching new products and enhancing credit limit adequacy. We understand this is critical for this segment, in contrast to our widespread low-and-grow credit methodology serving lower income individuals. Finally, for the third pillar, we have advanced – since the Easynvest acquisition completed two years ago – being the largest direct digital investment platform in Latin America in number of customers as of December 2022, according to our internal analysis. We expect to continue expanding our product shelf and cross sell opportunity in parallel with finalizing the integration of our investment platform into a single app. |
| ● | Thirdly, continue working on our growth model in our new geographies. We expect 2023 to be the year in which we can launch and deepen the penetration of Nu Account, our checking account product, in both Mexico and Colombia, aiming to accelerate the growth and sustainability of our platform in those countries. We understand this is important for three reasons. Firstly, we currently deny a large percentage of customer applications, between 60% and 70%, because they do not meet our credit score requirements for eligibility for our credit card product, the only product available in those countries. By introducing Nu Account, we can welcome customers who have not yet built up a credit score, thereby potentially expediting the growth of our platform with limited additional credit risk. Secondly, we believe that building a sustainable retail deposit platform, as we did in Brazil, is essential to growing our consumer credit business in concentrated markets such as Mexico and Colombia. We understand we cannot rely on wholesale funding or securitizations in the long-term. Thirdly, we expect the scale gained through the launch of Nu Account to benefit our credit underwriting model, which uses AI and machine-learning proprietary systems. We intend to continue investing significantly in both countries as we think the potential reward is substantial. |
While our consumer base is already significant in Brazil, we also believe our market shares across most of the product lines in which we play are still relatively low. As of December 2022, our market shares in Brazil stood at only 12%1 in credit cards, and less than 5%2 in effectively all other product lines we have in the country – while our customers already accounted for 44% of the adult population in Brazil and keep growing month after month. Today, we believe we have a strong footing in the three largest economies of Latin America, a US$1 trillion financial services market cap industry, as of December 31, 2022, according to our internal estimates.
1 Share of the card payment volume (PV) market (including credit, debit and prepaid cards), according to data from the Brazilian Credit Cards and Services Association.
2 Shares at the end of the period. For personal loans, share of outstanding receivables; for investments, share of Assets Under Management (AUC). Securities share considers the gross written premiums of the year, and Marketplace considers the Gross Merchandise Value (GMV) of the year. Sources: Brazilian Central Bank, Brazilian Credit Cards and Services Association, Brazilian Association of Financial and Capital Market Entities (ANBIMA), Private Insurance Superintendence (SUSEP) and Brazilian Electronic Commerce Association (ABCOMM).
We believe we are defining a new fintech category globally, one that we describe internally as a “Money Platform”: a technology platform that has the optimization of money on behalf of its users at its core. We understand this concept can hold significant power as successful management and optimization of finances are crucial factors in effectively engaging the entire adult global population. Money touches every aspect of life, and its significance cannot be overstated. People often pay excessive or unnecessary interests and fees to intermediaries that can further erode financial well-being. These costs can be detrimental to the economic welfare of an entire society. We believe we have a once in a generation opportunity to tackle this societal problem and unlock value to our stakeholders.
After establishing a significant consumer base in financial services, characterized by high consumer trust, brand loyalty, frequent usage, and sustainable profitability, we will be well-positioned to expand our offerings beyond financial services to address other relevant needs of our consumers. Under the concept of the “Money Platform,” we believe we can expand our addressable market while developing an additional array of essential capabilities, further accelerating our path to becoming “the one and only indispensable app” in our market.
This all makes us excited about still being in the first minute of the first half of this game. We look forward to partnering with you in this exciting journey that has just begun.
/s/ David Vélez Osorno
Founder, Chairman and Chief Executive Officer
Table of contents
| ITEM 16I. | Disclosure Regarding Foreign Jurisdictions that Prevent Inspections | 318 |
| PART III | ||
| ITEM 17. | FINANCIAL STATEMENTS | 319 |
| ITEM 18. | FINANCIAL STATEMENTS | 320 |
| ITEM 19. | EXHIBITS | 321 |
Presentation of Financial and Other Information
All references to “U.S. dollars,” “dollars,” or “US$” are to the U.S. dollar. All references to “IFRS” are to International Financial Reporting Standards, as issued by the International Accounting Standards Board, or "IASB".
Financial Statements
Nu Holdings Ltd. ("Nu") was incorporated in the Cayman Islands on February 26, 2016, as an exempted company incorporated with limited liability.
We maintain our books and records in U.S. dollars, which is the presentation currency for our financial statements and also our functional currency. The functional currency of our Brazilian, Mexican and Colombian operating entities, respectively, is the Brazilian real, the Mexican peso and the Colombian peso. The financial statements of each of our subsidiaries are maintained using the relevant functional currency for such subsidiary, which we determine is the currency that best reflects the economic substance of the underlying events and circumstances relevant to that entity. See note 2.a to our audited consolidated financial statements, included elsewhere in this annual report, for more information about our and our subsidiaries’ functional currencies.
Our consolidated financial statements were prepared in accordance with IFRS. Unless otherwise noted, our consolidated statement of financial position data presented herein as of December 31, 2022 and 2021 and the consolidated statements of profit or loss for the years ended December 31, 2022, 2021, and 2020 is stated in U.S. dollars, our reporting currency. Our consolidated financial information contained in this annual report is derived from our audited consolidated financial statements as of December 31, 2022 and 2021 and for the years ended December 31, 2022, 2021 and 2020, together with the notes thereto.
This financial information should be read in conjunction with “Item 5. Operating and Financial Review and Prospects” and our consolidated financial statements, including the notes thereto, included elsewhere in this annual report.
Our fiscal year ends on December 31. References in this annual report to a fiscal year, such as “fiscal year 2022,” relate to our fiscal year ended on December 31 of that calendar year.
Special Note Regarding Non-IFRS Financial Measures
This annual report presents our Adjusted Net Income (Loss) and certain FX Neutral measures and their respective reconciliations for the convenience of investors, which are non-IFRS financial measures. A non-IFRS financial measure is generally defined as a numerical measure of historical or future financial performance, financial position, or cash flow that purports to measure financial performance but excludes or includes amounts that would not be so adjusted in the most comparable IFRS measure. Adjusted Net Income (Loss) and the FX Neutral measures, however, should be considered in addition to, and not as a substitute for or superior to, profit (loss), or other measures of the financial performance prepared in accordance with IFRS.
Form 20-F | 2022 | 1 |
 |
Adjusted Net Income (Loss)
Adjusted Net Income (Loss) is prepared and presented to eliminate the effect of items from profit (loss) attributable to shareholders of the parent company that we do not consider indicative of our core operating performance within the period presented. We define Adjusted Net Income (Loss) as profit (loss) attributable to shareholders of the parent company, adjusted for expenses related to share-based compensation, allocated tax effects on share-based compensation, the expenses (revenue deduction) and allocated tax effects related to the IPO-related customer program (NuSócios), hedge of the tax effects on share-based compensation, finance costs with results with convertible instruments and the expense related to the termination of the 2021 Contingent Share Award (CSA) in 2022.
Adjusted Net Income (Loss) is presented because our management believes that this non-IFRS financial measure can provide useful information to investors, securities analysts and the public in their review of our operating and financial performance, although it is not calculated in accordance with IFRS or any other generally accepted accounting principles and should not be considered as a measure of performance in isolation. We also use Adjusted Net Income (Loss) as a key profitability measure to assess the performance of our business. We believe that Adjusted Net Income (Loss) is useful to evaluate our operating and financial performance for the following reasons:
| ● | Adjusted Net Income (Loss) is widely used by investors and securities analysts to measure a company’s operating performance without regard to items that can vary substantially from company to company and from period to period, depending on their accounting and tax methods, the book value and the market value of their assets and liabilities, and the method by which their assets were acquired; |
| ● | Non-cash equity grants made to executives, employees or consultants at a certain price and point in time, the income tax effects and the gains and losses of related hedges, do not necessarily reflect how our business is performing at any particular time and the related expenses are not considered to reflect our core operating performance; |
| ● | The expense related to the termination of the 2021 Contingent Share Award (CSA) is considered unusual and not expected to recur in the foreseeable future and does not necessarily reflect how our business is performing or how it is expected to perform in the future and is not considered to reflect our core operating performance; |
| ● | Expenses related to the customer program (NuSócios), and their income tax effects, do not necessarily reflect how our business is performing at any particular time as they were related to a specific marketing effort we carried out in connection with our initial public offering (IPO) and are not considered to reflect our core operating performance; and |
| ● | Finance costs with convertible instruments include fair value adjustments relating to the embedded derivative conversion feature, which are based upon subjective assumptions and do not reflect the cash cost of our convertible debt, and do not directly reflect how our business is performing at any particular time. The related expenses are not considered to reflect our core operating performance. |
Adjusted Net Income (Loss) is not a substitute for profit (loss) attributable to shareholders of the parent company, which is the IFRS measure of earnings. Additionally, our calculation of Adjusted Net Income (Loss) may be different from the calculation used by other companies, including our competitors in the technology and financial services industries, because other companies may not calculate these measures in the same manner as we do, and therefore, our measure may not be comparable to those of other companies. A reconciliation of our Adjusted Net Income (Loss) to its most directly comparable measure of income (loss) can be found in “Item 5. Operating and Financial Review and Prospects—A. Operating Results—Non-IFRS Financial Measures and Reconciliations.”
Form 20-F | 2022 | 2 |
| |
FX Neutral Measures
FX Neutral measures are prepared and presented to eliminate the effect of foreign exchange, or “FX,” volatility between the comparison periods, allowing management and investors to evaluate our financial performance despite variations in foreign currency exchange rates, which may not be indicative of our core operating results and business outlook.
FX Neutral measures are presented because our management believes that these non-IFRS financial measures can provide useful information to investors, securities analysts and the public in their review of our operating and financial performance, although they are not calculated in accordance with IFRS or any other generally accepted accounting principles and should not be considered as a measure of performance in isolation.
The FX Neutral measures included in this annual report were calculated to present what such measures in preceding years would have been had exchange rates remained stable from these preceding years until the date of our most recent financial information, as detailed below.
The FX Neutral measures for the years ended December 31, 2021 and 2020 were calculated by multiplying the as reported amounts of Adjusted Net Income (Loss) and the key business metrics for such years by the average Brazilian reais/U.S. dollars exchange rates for the years ended December 31, 2021 and 2020 (R$5.415 and R$5.240 to US$1.00, respectively), and using such results to re-translate the corresponding amounts back to U.S. dollars by dividing them by the average Brazilian reais/U.S. dollars exchange rate for the year ended December 31, 2022 (R$5.133 to US$1.00), so as to present what certain of our statement of profit and loss amounts and key business metrics would have been had exchange rates remained stable from these past periods/years until the year ended December 31, 2022. The average Brazilian reais/U.S. dollar exchange rate for the year ended December, 31, 2019 (R$3.952 to 1.00) was used to calculate, using the same methodology described above, the FX Neutral Revenue for 2019 which is an input to the FX Neutral Revenue growth (%) presented for the year 2020.
The average Brazilian reais/U.S. dollars exchange rates were calculated as the average of the month-end rates for each month in the years 2022, 2021, 2020 and 2019, as reported by Bloomberg.
FX Neutral measures for deposits and interest-earning portfolio presented in this annual report were calculated by multiplying the as reported amounts as of December 31, 2021 and 2020 by the spot Brazilian reais/U.S. dollars exchange rates as of these dates (R$5.576 and R$5.199 to US$1.00, respectively), and using such results to re-translate the corresponding amounts back to U.S. dollars by dividing them by using the spot rate as of December 31, 2022 (R$5.280 to US$1.00) so as to present what these amounts would have been had exchange rates been the same as those on December 31, 2022. The Brazilian reais/U.S. dollars exchange rates were calculated using rates as of such dates as reported by Bloomberg. The spot Brazilian reais/U.S. dollar exchange rate for the year ended December 31, 2019 (R$4.030 to 1.00) was used to calculate, using the same methodology described above, the FX Neutral Deposit and FX Neutral Interest-earning portfolio as of December 31, 2019 which are inputs to the FX Neutral Deposit growth (%) and FX Neutral Interest-earning portfolio growth (%), respectively, presented for the year 2020.
FX Neutral measures do not include adjustments for any other macroeconomic effect, such as local currency inflation effects, or any price adjustment to compensate for local currency inflation or devaluation. A reconciliation of our FX Neutral measures to the most directly comparable financial measure calculated and presented in accordance with IFRS can be found in “Item 5. Operating and Financial Review and Prospects—A. Operating Results—Non-IFRS Financial Measures and Reconciliations.”
Form 20-F | 2022 | 3 |
| |
Special Note Regarding Certain Operational Metrics
Customers and Active Customers
This annual report presents information regarding our number of customers and our number of monthly active customers.
Number of customers information is prepared and presented as an important indicator of the size and momentum of our business, particularly as we continue to operate at a high growth pace. We define customers for a given measurement period as the individuals or SMEs that have previously or within such measurement period opened an account with us and we exclude any such individuals or SMEs that have been charged-off or blocked or have voluntarily closed their account. Number of customers is presented because it allows us to track our capacity to attract and retain customers and can provide useful information to investors, securities analysts and the public in their review of our operating performance.
Monthly active customer information is prepared and presented as an important indicator of the size and momentum of our business based on the number of customers we consider to be active. We define monthly active customers as all customers that have generated revenue in the last 30 calendar days, for a given measurement period. Monthly active customers information is presented because it allows us to track our capacity to attract and retain active customers and can provide useful information to investors, securities analysts and the public in their review of our operating performance.
Moreover, we differentiate between total number of customers (which includes customers we consider to be non-active) and active customers, to enable our management to evaluate performance metrics exclusively on the customers that we define as active. Doing so allows us to track performance based on revenue (defined as Monthly ARPAC) and cost (defined as Monthly Average Cost to Serve). For an explanation of how we calculate Monthly ARPAC and Monthly Average Cost to Serve per Active Customer please see the “Glossary of Terms” and “Item 5. Operating and Financial Review and Prospects—A. Operating Results.”
Information regarding both total number of customers and monthly active customers should be analyzed in conjunction with other operating and financial metrics, and should not be considered as a measure of performance in isolation. Additionally, our calculation of these measures may be different from the calculation used by other companies, including our competitors in the technology and financial services industries, because other companies may not calculate these measures in the same manner as we do, and therefore, our measures may not be comparable to those of other companies.
Form 20-F | 2022 | 4 |
| |
Market Share and Other Information
This annual report contains data related to economic conditions in the markets in which we operate. The information contained in this annual report concerning economic conditions is based on publicly available information from third- party sources that we believe to be reasonable. Market data and certain industry forecast data used in this annual report were obtained from internal reports and studies, where appropriate, as well as estimates, market research, publicly available information (including information available from the U.S. Securities and Exchange Commission website) and industry publications. We obtained the information included in this annual report relating to the industry in which we operate, as well as the estimates concerning market shares, through internal research; a report from October 2021 and a profit pool analysis updated using a similar methodology as of March 2023 by management consulting company Oliver Wyman Consultoria em Estratégia de Negócios Ltda. commissioned by us; public information; publications on the industry prepared by official public sources, such as the Brazilian Association of Financial and Capital Markets Entities (Associação Brasileira das Entidades dos Mercados Financeiro e de Capitais, or “ANBIMA”); the World Bank; the International Monetary Fund, or the “IMF;” the Organization for Economic Co-operation and Development, or “OECD;” the Central Bank of Brazil; the Colombian Central Bank; the Central Bank of Mexico; the Inter-American Development Bank; the Brazilian Social and Economic Development Bank (Banco Nacional de Desenvolvimento Econômico e Social, or “BNDES”); the Brazilian Institute of Geography and Statistics (Instituto Brasileiro de Geografia e Estatística, or the “IBGE”); the Institute of Applied Economic Research (Instituto de Pesquisa Econômica Aplicada, or “IPEA”), the Superintendence of Private Insurance (Superintendência de Seguros Privados, or “SUSEP”), the CVM; the Colombian National Administrative Department of Statistics (DANE – Departamento Administrativo Nacional de Estadística); the Mexican National Institute of Statistics and Geography (INEGI – Instituto Nacional de Estadística, Geografía e Informática); the Brazilian Micro and Small Business Support Service (Serviço Brasileiro de Apoio às Micro e Pequenas Empresas) or “SEBRAE;” and the GSMA; and the Brazilian Association of Credit Card and Services Companies (Associação Brasileira de Empresas de Cartões de Crédito e Serviços), or “ABECS;” as well as private sources, such as B3, Bloomberg and Forbes, consulting and research companies in the Brazilian financial services industry, and Fundação Getulio Vargas, or “FGV,” among others. We estimate that we are one of the largest digital banking platforms in the world by comparing what we believe to be the largest (by number of customers) digital banking platforms around the world (according to public statements made by these platforms and data from an independent research firm) to the number of customers on our platform.
Industry publications generally state that the information they include has been obtained from sources believed to be reliable, but that the accuracy and completeness of such information is not guaranteed. Although we have no reason to believe any of this information or these reports are inaccurate in any material respect and believe and act as if they are reliable, we have not independently verified it. Governmental publications and other market sources, including those referred to above, generally state that their information was obtained from recognized and reliable sources, but the accuracy and completeness of that information is not guaranteed. In addition, the data that we compile internally and our estimates have not been verified by an independent source. Except as disclosed in this annual report, none of the publications, reports or other published industry sources referred to in this annual report were commissioned by us or prepared at our request. Except as disclosed in this annual report, we have not sought or obtained the consent of any of these sources to include such market data in this annual report.
Form 20-F | 2022 | 5 |
| |
Calculation of Net Promoter Score
Net promoter score, or “NPS,” is a widely known survey methodology that measures the willingness of customers to recommend a company’s products and services. It is used to gauge customers’ overall satisfaction with a company’s products and services and their loyalty to the brand, and it is typically based on customer surveys. NPS measures satisfaction using a scale of zero to 10 based on a customer’s response to the following question: “How likely is it that you would recommend Nu to a friend or colleague?” Responses of nine or 10 are considered “promoters.” Responses of seven or eight are considered neutral. Responses of six or less are considered “detractors.” The NPS, a percentage expressed as a numerical value, is calculated by subtracting the percentage of respondents who are detractors from the percentage who are promoters.
Rounding
We have made rounding adjustments to some of the figures included in this annual report. Accordingly, numerical figures shown as totals in some tables may not be an arithmetic aggregation of the figures that preceded them.
Form 20-F | 2022 | 6 |
| |
Cautionary Statement Regarding Forward-Looking Statements
This annual report contains forward-looking statements within the meaning of the federal securities laws, which statements involve substantial risks and uncertainties. Forward-looking statements generally relate to future events or our future financial or operating performance. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expect,” “plan,” “anticipate,” “could,” “intend,” “target,” “project,” “contemplate,” “believe,” “estimate,” “predict,” “potential,” or “continue,” or the negative of these words or other similar terms or expressions that concern our expectations, strategy, plans, or intentions. Forward-looking statements contained in this annual report include statements about:
| ● | general economic, financial, political, demographic and business conditions in Brazil, Mexico and Colombia, as well as any other countries we may serve in the future and their impact on our business; |
| ● | fluctuations in interest, inflation and exchange rates in Brazil, Mexico and Colombia and any other countries we may serve in the future; |
| ● | our ability to timely and efficiently implement any measures that are necessary to combat or reduce the impacts of the COVID-19 pandemic on our business, results of operations, cash flow, prospects, liquidity and financial condition; |
| ● | competition in the consumer technology and financial services industry; |
| ● | our ability to implement our business strategy; |
| ● | our ability to adapt to the rapid pace of technological changes in the sectors in which we operate; |
| ● | the reliability, performance, functionality and quality of our products and services, reliability and performance of our suitability, risk management and business continuity policies and processes; |
| ● | the availability of government authorizations on terms and conditions and within periods acceptable to us; |
| ● | our ability to continue attracting and retaining new appropriately-skilled employees; |
| ● | our capitalization and level of indebtedness; |
| ● | the interests of our founding shareholder; |
| ● | our ability to manage our growth effectively; |
| ● | our ability to successfully expand in Latin America and other new markets; |
| ● | changes in government regulations applicable to the financial services industry in Brazil, Mexico, Colombia and elsewhere; |
| ● | our ability to compete and conduct our business in the future; |
| ● | our ability to maintain, protect and enhance our brand and intellectual property; |
Form 20-F | 2022 | 7 |
| |
| ● | the success of operating initiatives, including advertising and promotional efforts and new product, service and concept development by us and our competitors; |
| ● | changes in consumer demands regarding the products and services we offer, and our ability to innovate to respond to such changes; |
| ● | changes in labor, distribution and other operating costs; |
| ● | our compliance with, and changes to, government laws, regulations and tax matters that currently apply to us; |
| ● | the size of our addressable markets, market share and market trends; |
| ● | other factors that may affect our financial condition, liquidity and results of operations; and |
| ● | other risk factors discussed under “Item 3. Key Information—D. Risk Factors.” |
We caution you that the foregoing list may not contain all of the forward-looking statements made in this annual report. You should not rely upon forward-looking statements as predictions of future events. We have based the forward-looking statements contained in this annual report primarily on our current expectations and projections about future events and trends that we believe may affect our business, financial condition, results of operations, and prospects. The outcome of the events described in these forward-looking statements is subject to risks, uncertainties, and other factors, including those described in “Item 3. Key Information—D. Risk Factors” and elsewhere in this annual report. Moreover, we operate in a very competitive and rapidly changing environment. New risks and uncertainties emerge from time to time and it is not possible for us to predict all risks and uncertainties that could have an impact on the forward-looking statements contained in this annual report. We cannot guarantee that the results, events, and circumstances reflected in the forward-looking statements will be achieved or occur, and actual results, events, or circumstances could differ materially from those described in the forward-looking statements.
Neither we nor any other person assumes responsibility for the accuracy and completeness of any of these forward- looking statements. Moreover, the forward-looking statements made in this annual report relate only to events as of the date on which the statements are made. We undertake no obligation to update any forward-looking statements made in this annual report to reflect events or circumstances after the date of this annual report or to reflect new information or the occurrence of unanticipated events, except as required by law. We may not actually achieve the plans, intentions, or expectations disclosed in our forward-looking statements and you should not place undue reliance on our forward- looking statements. Our forward-looking statements do not reflect the potential impact of any future acquisitions, mergers, dispositions, joint ventures or investments we may make.
In addition, statements that “we believe” and similar statements reflect our beliefs and opinions on the relevant subject. These statements are based upon information available to us as of the date of this annual report, and while we believe such information forms a reasonable basis for such statements, such information may be limited or incomplete, and our statements should not be read to indicate that we have conducted an exhaustive inquiry into, or review of, all potentially available relevant information. These statements are inherently uncertain and investors are cautioned not to unduly rely upon these statements.
Form 20-F | 2022 | 8 |
| |
PART I
Item 1. Identity of Directors, Senior Management and Advisors
| A. | Directors and Senior Management |
Not applicable.
| B. | Advisers |
Not applicable.
| C. | Auditors |
Not applicable.
Item 2. Offer Statistics and Expected Timetable
| A. | Offer Statistics |
Not applicable.
| B. | Method and Expected Timetable |
Not applicable.
Item 3. Key Information
| A. | [Reserved.] |
| B. | Capitalization and Indebtedness |
Not applicable.
| C. | Reasons for the Offer and Use of Proceeds |
Not applicable.
| D. | Risk Factors |
Risk Factors Summary
Investing in our Class A ordinary shares, including in the form of BDRs, involves risks. You should carefully consider the risks described below before making a decision to invest in our Class A ordinary shares or BDRs. If any of these risks actually materialize, our business, financial condition or results of operations would likely be materially adversely affected. In such a case, the trading price of our Class A ordinary shares and BDRs would likely decline, and you could lose all or part of your investment. The following is a summary of some of the principal risks we face:
Form 20-F | 2022 | 9 |
| |
Risks Relating to Our Business and Industry
| ● | Our business depends on a well-regarded and widely known brand, and any failure to maintain, protect and enhance our brand and image, including through effective marketing strategies, would harm our business, financial condition and results of operations. |
| ● | Failure to successfully implement and improve our risk management policies, procedures and methods, including our credit risk management system, would materially and adversely affect our business, results of operations and financial condition. |
| ● | Our international expansion efforts may not be successful, or may subject our business to increased risks. |
| ● | Our business is highly dependent on the proper functioning of information technology systems, particularly at scale. Any failure of these systems would disrupt our business and impair our ability to provide our services and products effectively to our customers. |
| ● | We depend on data centers operated by third parties and third-party Internet-hosting providers and cloud computing platforms, and any disruption in the operation of these facilities or platforms or access to the Internet would adversely affect our business. |
| ● | We have incurred losses since our inception, and we may not achieve profitability. |
Risks Relating to Intellectual Property, Privacy and Cybersecurity
| ● | Unauthorized disclosure of sensitive or confidential customer information or our failure or the perception by our customers that we failed to comply with privacy laws or properly address privacy concerns could harm our business and standing with our customers. |
| ● | Unauthorized disclosure of, improper access to, or destruction or modification of data through cybersecurity breaches, computer viruses or otherwise, or disruptions to our systems or services, could expose us to liability, protracted and costly litigation and damage our reputation. |
| ● | Claims by others that we infringe their proprietary technology or other rights could have a material and adverse effect on our business, financial condition and results of operations. |
Risks Relating to Regulatory Matters and Litigation
| ● | We are subject to extensive regulation and regulatory and governmental oversight as a digital banking platform and as a payment institution. Compliance with or violation of present or future regulations could be costly, expose us to substantial liability and force us to change our business practices, any of which could harm our business and results of operations. |
| ● | Certain ongoing legislative and regulatory initiatives under discussion by the Brazilian Congress, the Central Bank of Brazil, the Ministry of Finance, and the broader payments industry may result in changes to the regulatory framework of the Brazilian payments and financial industries and may have an adverse effect on us. |
| ● | We are subject to costs and risks associated with enhanced or changing laws and regulations affecting our business, including those relating to data privacy, security and protection. Developments in laws and regulations could harm our business, financial condition or results of operations. |
Form 20-F | 2022 | 10 |
| |
Risks Relating to the Countries in Which We Operate
| ● | Exchange rate and interest rate instability may have a material adverse effect on the economies of the countries in which we operate and the price of our Class A ordinary shares and BDRs. |
| ● | Disruption or volatility in global financial and credit markets could adversely affect the financial and economic environment in the countries in which we operate, most notably Brazil, Colombia and Mexico, which could have a material adverse effect on us. |
| ● | Governments have exercised, and continue to exercise, significant influence over the Brazilian economy and the other economies in which we operate. This influence, as well as political and economic conditions in Brazil and the other countries in which we operate, could harm us and the price of our Class A ordinary shares and BDRs. |
Risks Relating to Our Class A Ordinary Shares and our BDRs
| ● | An active trading market for our Class A ordinary shares may not be sustainable. If an active trading market is not maintained, you may not be able to sell your shares and you could lose a significant part of your investment. |
| ● | Our founding shareholder and CEO David Vélez owns 88.6% of our outstanding Class B ordinary shares, which represents approximately 76.1% of the voting power of our issued share capital. This concentration of ownership and voting power may limit your ability to influence corporate matters. |
| ● | We have granted the holders of our Class B ordinary shares preemptive rights to acquire shares that we may sell in the future, which may impair our ability to raise funds. |
Risks Relating to Our Business and Industry
Our business depends on a well-regarded and widely known brand, and any failure to maintain, protect and enhance our brand and image, including through effective marketing strategies, would harm our business, financial condition and results of operations.
We believe our brand has contributed significantly to the historical success of our business. Maintaining, protecting and enhancing our brand is critical to expanding our customer base, our loan portfolio and our third-party partnerships, as well as increasing engagement with our products and services. Our success in this regard will depend largely on our ability to remain – or, in markets into which we expand, become – widely known, gain and maintain our customers’ trust, be a technology leader and provide reliable, high-quality and secure products and services that continue to meet the needs of our customers at competitive prices, as well as the effectiveness of our marketing efforts and our ability to differentiate our services and platform capabilities from competitors’ products and services.
We believe that maintaining and promoting our brand in a cost-effective manner is critical to achieving widespread acceptance of our products and services and to expand our customer base. Maintaining and promoting our brand will depend largely on our ability to continue to provide useful, reliable and innovative products and services, which we may not do successfully. Our brand promotion activities may not generate customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in promoting our brand. If we fail to successfully promote and maintain our brand or if we incur excessive expenses in this effort, we would lose significant market share and our business would be materially and adversely affected. Further, our success in the introduction and promotion of new products and services, as well as the promotion of existing products and services, may be partly dependent on our visibility on third-party advertising platforms. Changes in the way these platforms operate or changes in their advertising prices or other terms could make the introduction and promotion of our products and services and our brand more expensive or more difficult. If we are unable to market and promote our brand on third- party platforms effectively, our ability to acquire new customers would be materially harmed, which would adversely affect our business, financial condition and results of operations.
Form 20-F | 2022 | 11 |
| |
Failure to successfully implement and improve our risk management policies, procedures and methods, including our credit risk management system, would materially and adversely affect our business, results of operations and financial condition.
The management of risk is an integral part of our activities. We seek to monitor and manage our risk exposure through a variety of separate but complementary financial, credit, market, operational, compliance and legal policies, procedures and reporting systems, among others. We employ a broad and diversified set of risk monitoring and risk mitigation techniques, which may not be fully effective in mitigating our risk exposure in all economic market environments or against all types of risk, including risks that we may fail to identify or anticipate.
We use certain tools and metrics for managing market risk, including statistical models, which are based upon our use of observed historical market behavior. We apply statistical and other tools to these observations to quantify our market risk. However, in part because these tools and metrics are based on historical market behavior, and in part because the models do not take all market risks into account, they may fail to predict future market risks, including those that arise from factors we did not anticipate or correctly evaluate in our statistical models. This would limit our ability to effectively manage our market risk, which could result in our losses being significantly greater than predicted.
Because certain of our operating subsidiaries are financial or payments institutions, our business is also subject to inherent credit risk. An important feature of our credit risk management system is an internal credit score system that assesses the particular risk profile of a customer. As this process involves detailed analysis of a customer that takes into account both quantitative and qualitative factors, it is subject to error, and our internal risk models may not always be able to accurately predict the future credit risk of our customers or assign an accurate credit score, which may result in our exposure to higher credit risks than indicated by our risk management system. We also rely on certain publicly available customer credit information, information relating to credit agreements and other public sources to assess a customer’s creditworthiness. Due to limitations in the availability of information and the underdeveloped information infrastructure in the markets in which we operate, our assessment of credit risk associated with a particular customer may not be based on complete, accurate or reliable information. In addition, we cannot ensure that our credit scoring systems collect complete or accurate information reflecting the actual behavior of customers or that their credit risk can be assessed correctly. Without complete, accurate and reliable information, we have to rely on other publicly available resources and our internal resources, which may not be effective. As a result, our ability to effectively manage our credit risk and subsequently determine our credit loss allowances may be materially adversely affected.
Relatedly, we are exposed to counterparty risk, which may arise from, for example, investing in securities of third parties, entering into derivative contracts under which counterparties have obligations to make payments to us or executing securities, futures or currency trades from proprietary trading activities that fail to settle at the required time due to non-delivery by the counterparty or systems failure by clearing agents, clearing houses or other financial intermediaries. Many of the routine transactions we enter into expose us to significant risk in the event of default by one of our significant counterparties, although we do not currently face specific counterparty risk from concentration within our loan portfolio. If these risks give rise to losses, this could materially and adversely affect us. Separately, because we routinely transact with counterparties in the financial services industry, including brokers and dealers, commercial banks, investment banks and other institutional customers, defaults by, and even rumors or questions about the solvency of, certain financial institutions and the financial services industry could lead to market-wide liquidity problems that could lead to substantial losses for our business.
Form 20-F | 2022 | 12 |
| |
We also face operational and foreign exchange risk. Although we have adopted policies and procedures to identify, monitor and manage our operational risk, these policies and procedures may not be fully effective. For a discussion of the risks we face with respect to foreign exchange rates, see “—Risks Relating to the Countries in Which We Operate—Exchange rate and interest rate instability may have a material adverse effect on the economies of the countries in which we operate and the price of our Class A ordinary shares and BDRs.”
If our policies and procedures are not fully effective or we are not successful in capturing all risks to which we are or may be exposed, we may suffer harm to our reputation or be subject to litigation or regulatory actions that could have a material adverse effect on our business, results of operations or financial condition. Further, if management were to rely on risk models – whether with respect to market, credit or operational risks – that were flawed or poorly developed, implemented or used, or if management were to misunderstand or use such information for purposes for which it was not designed, we may fail to adequately manage our risk. In addition, if existing or potential customers or counterparties believe our risk management is inadequate, they could take their business elsewhere or seek to limit their transactions with us. Further, certain of the models and other analytical and judgment-based estimations we use in managing risk are subject to review by, and require the approval of, our regulators. If our models do not comply with their expectations, our regulators may require us to make changes to such models, may approve them with additional capital requirements or we may be precluded from using them, any of which could limit our ability to operate our businesses.
Failure to effectively implement, consistently monitor or continuously refine our risk management systems may result in a material adverse effect on our reputation, operating results and financial condition.
Our international expansion efforts may not be successful, or may subject our business to increased risks.
We currently operate in Brazil, Mexico and Colombia, and we have information technology and support operations in Germany, the United States and Uruguay. As part of our growth strategy, we may expand our operations by offering our products and services in additional regions, as well as additional countries in Latin America, where we have little or no experience, and by expanding our business in the jurisdictions in which we currently operate. We may not be successful in expanding our operations into these or other markets in a cost-effective or timely manner, if at all, and our products and services may not experience the same market adoption in such international jurisdictions as we have enjoyed in Brazil. In particular, the expansion of our business into new geographies (or the further expansion in geographies in which we currently operate) may depend on the local regulatory environment or require a close commercial relationship with one or more local banks or other intermediaries, which could prevent, delay or limit the introductions of our products and services in such countries. Local regulatory environments may vary widely in terms of scope and sophistication.
Further, our international expansion efforts have and will continue to place a significant strain on our personnel (including management), technical, operational and financial resources, and our current resources may not be adequate to support our planned geographical expansion. We also may not be able to recoup our investments in new geographies in a timely manner, if at all. If our expansion efforts are unsuccessful, including because potential customers in a given jurisdiction fail to adopt our products and services, our reputation and brand may be harmed, and our ability to grow our business and revenue may be adversely affected.
Form 20-F | 2022 | 13 |
| |
Even if our international expansion efforts are successful, international operations will subject our business to increased risks, including:
| ● | increased licensing and regulatory requirements; |
| ● | competition from service providers or other entrenched market participants that have greater experience in the local markets than we do; |
| ● | increased costs associated with and difficulty in obtaining, maintaining, processing, transmitting, storing, handling and protecting intellectual property, proprietary rights and sensitive data; |
| ● | changes to the way we do business as compared with our current operations; |
| ● | a lack of acceptance of our products and services; |
| ● | the ability to support and integrate with local third-party service providers; |
| ● | difficulties in staffing and managing foreign operations in an environment of diverse culture, language, laws and customs; |
| ● | difficulties in recruiting and retaining qualified employees and maintaining our company culture; |
| ● | increased travel, infrastructure and legal and compliance costs; |
| ● | compliance obligations under multiple, potentially conflicting and changing, legal and regulatory regimes, including those governing financial institutions, payments, data privacy, data protection, information security, anti-corruption, anti-bribery and anti-money laundering; |
| ● | compliance with complex and potentially conflicting and changing tax regimes; |
| ● | potential tariffs, sanctions, fines or other trade restrictions; |
| ● | exchange rate exposure; |
| ● | increased exposure to public health issues such as the COVID-19 pandemic, and related industry and governmental actions to address these issues; and |
| ● | regional economic and political instability. |
As a result of these risks, our international expansion efforts may not be successful or may be hampered, which would limit our ability to grow our business.
Our business is highly dependent on the proper functioning of information technology systems, particularly at scale. Any failure of these systems would disrupt our business and impair our ability to provide our services and products effectively to our customers.
Our continued growth depends in part on the ability of our existing and potential customers to access our products and platform capabilities at any time and within an acceptable amount of time. Continued access to our products and platform capabilities depends on the efficient and uninterrupted operation of numerous systems, including our computer systems, software, data centers and telecommunications networks, as well as the systems of third parties, such as credit and debit card transaction authorization providers, national financial system network infrastructure providers, back office and business process support, information technology production and support, Internet and telephone connections, network access, data center infrastructure services and cloud storage and computing. However, these systems and technologies are vulnerable to disruptions, failures or slowdowns. We have experienced, and may in the future experience, disruptions, outages and other performance problems due to a variety of factors, including infrastructure changes, introductions of new functionality, human or software errors, capacity constraints due to an overwhelming number of customers accessing our products and platform capabilities simultaneously, denial of service attacks or other security-related incidents, natural disasters, power outages, terrorist attacks, hostilities, and other events beyond our control.
Form 20-F | 2022 | 14 |
| |
As our business grows, it may become increasingly difficult to maintain and improve the performance of our information technology systems, especially during peak usage times and as our products and platform capabilities become more complex and our customer traffic increases. To the extent that we do not effectively address capacity constraints, upgrade our systems as needed and continually develop our technology and network architecture to accommodate actual and anticipated changes in technology, our business, financial condition and results of operations may be adversely affected. Specifically, if our products and platform capabilities are unavailable or if our customers are unable to access our products and platform capabilities within a reasonable amount of time, we may experience a loss of customers, lost or delayed market acceptance of our platform and products, delays in payment to us by customers, injury to our reputation and brand, the diversion of our resources, additional operating and development costs, loss of revenue, legal claims against us, the loss of licenses, loss of Central Bank of Brazil authorizations or fines or other penalties imposed by the Central Bank of Brazil (including intervention, temporary special management systems, the imposition of insolvency proceedings or the out-of-court liquidation of our operating subsidiaries), or by the Brazilian National Data Protection Authority (Autoridade Nacional de Proteção de Dados, or the “ANPD”). In addition, we do not maintain insurance policies specifically for property and business interruptions, meaning we would directly and without setoff incur any losses we suffer as a result of the aforementioned occurrences. For further information, see “—Our insurance policies may not be sufficient to cover all claims.”
Our business is highly dependent on the ability of our information technology systems to accurately process a large number of highly complex transactions across numerous and diverse markets and products in a timely manner and at high processing speeds, and on our ability to rely on our digital technologies, computer and email services, software and networks, as well as on the secure processing, storage and transmission of confidential data and other information on our computer systems and networks. Specifically, the proper functioning of our financial control, risk management, accounting, customer service and other data processing systems is critical to our business and our ability to compete effectively. Any failure to deliver an effective and secure service, or any performance issue that arises with a service, could result in significant processing or reporting errors or other losses. See “—We depend on data centers operated by third parties and third-party internet-hosting providers and cloud computing platforms, and any disruption in the operation of these facilities or platforms or access to the Internet would adversely affect our business.”
We do not operate all of our systems on a real-time basis and cannot assure that our business activities would not be materially disrupted if there were a partial or complete failure of any of these primary information technology systems or communication networks. In particular, because all customer transactions on Nu’s Platforms occur on our mobile application, any failure of our mobile application would cause our platform and services to be unavailable to our customers. Such failures could be caused by, among other things, major natural catastrophes, software bugs, computer virus attacks, conversion errors due to system upgrading, security breaches caused by unauthorized access to information or systems or malfunctions, loss or corruption of data, software, hardware or other computer equipment. Any such failures would disrupt our business and impair our ability to provide our services and products effectively to our customers, which could adversely affect our reputation as well as our business, results of operations and financial condition.
Our ability to remain competitive and achieve further growth will depend in part on our ability to upgrade our information technology systems and increase our capacity on a timely and cost-effective basis. We must continually make significant investments and improvements in our information technology infrastructure in order to remain competitive. We cannot guarantee that in the future we will be able to maintain the level of capital expenditures necessary to support the improvement or upgrading of our information technology systems. Any substantial failure to improve or upgrade our information technology systems effectively or on a timely basis would materially and adversely affect our business, financial condition or results of operations.
Form 20-F | 2022 | 15 |
| |
We depend on data centers operated by third parties and third-party internet-hosting providers and cloud computing platforms, and any disruption in the operation of these facilities or platforms or access to the Internet would adversely affect our business.
Our business requires the ongoing availability and uninterrupted operation of internal and external transaction processing systems and services. We primarily serve our customers from third-party data center hosting facilities provided by a third-party service provider, which we rely on to operate certain aspects of our products and services, and we depend on third-party Internet-hosting providers and third-party bandwidth providers for continuous and uninterrupted access to the Internet to operate our business. Any disruption of or interference with our use of such services would impair our ability to deliver our products and services to our customers, resulting in customer dissatisfaction, damage to our reputation, loss of customers and harm to our business. Further, we have designed our products and services and computer systems to use data processing, storage capabilities and other services provided by such third-party service providers. As such, we cannot easily switch our operations to another cloud provider, so any disruption of or interference with our use of such providers’ services would increase our operating costs and could materially and adversely affect our business, financial condition and results of operations, and we might not be able to secure service from an alternative provider on similar terms or at all.
While we maintain oversight of our third-party data center hosting facilities and Internet-hosting providers, such third parties are ultimately responsible for maintaining their own network security, disaster recovery and system management procedures, and such third-parties do not guarantee that our customers’ access to our solutions will be uninterrupted, error-free or secure. These third-party providers may experience website disruptions, outages and other performance problems, which may be caused by a variety of factors, including infrastructure changes, human or software errors, viruses, security attacks, fraud, spikes in customer usage and denial of service issues. In some instances, we may not be able to identify the cause or causes of these performance problems within an acceptable period of time. In particular, we do not control the operation of the third-party data center hosting facilities, and such facilities are vulnerable to damage or interruption from human error, intentional bad acts, power loss, hardware failures, telecommunications failures, improper operation, unauthorized entry, data loss, power loss, cyberattacks, fires, wars, terrorist attacks, floods, earthquakes, hurricanes, tornadoes, natural disasters or similar catastrophic events. They also could be subject to break-ins, computer viruses, sabotage, intentional acts of vandalism and other misconduct. The occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or terminate our hosting arrangement or other unanticipated problems could result in lengthy interruptions in the delivery of our solutions, cause system interruptions, prevent our customers from accessing their accounts online, reputational harm and loss of critical data, prevent us from supporting our solutions or cause us to incur additional expense in arranging for new facilities and support.
If we lose the services of one or more of our Internet-hosting or bandwidth providers for any reason or if their services are disrupted, for example due to viruses or denial of service or other attacks on their systems, or due to human error, intentional bad acts, power loss, hardware failures, telecommunications failures, fires, wars, terrorist attacks, floods, earthquakes, hurricanes, tornadoes or similar catastrophic events, we could experience disruption in our ability to offer our solutions and adverse perception of our solutions’ reliability, or we could be required to retain the services of replacement providers, which could increase our operating costs and materially and adversely affect our business, financial condition and results of operations.
Form 20-F | 2022 | 16 |
| |
Furthermore, prolonged interruption in the availability, or reduction in the speed or other functionality, of our products or services could materially harm our reputation and business. Frequent or persistent interruptions in our products and services could cause customers to believe that our products and services are unreliable, leading them to switch to our competitors or to avoid our products and services, and would likely permanently harm our reputation and business.
Any of the foregoing, in addition to any of the factors described in “—We are dependent on third-party service providers in our operations, any failure of a third-party service provider could disrupt our operations,” could have a material adverse effect on our business, financial condition and results of operations.
Negative publicity about us (including our directors or employees) or our industry could adversely affect our business, financial condition, results of operations and future prospects.
Negative publicity about us (including our directors or employees) or our industry, including the transparency, fairness, customer experience, quality and reliability of our products or services, effectiveness of our risk model, our ability to effectively manage and resolve complaints, our privacy and security practices, our ESG and diversity and inclusion practices, litigation, regulatory activity, misconduct by or statements made by our directors or employees, funding sources, capital and liquidity positions, service providers or others in our industry, could adversely affect our reputation and the confidence in, and the use of, our products and services. More recently, we also have been subject to negative publicity and market speculations surrounding our activities related to asset management in January 2023. This and any future negative publicity could harm our reputation and cause disruptions to business. Any such reputational harm could further affect the behavior of customers and, as a result, materially and adversely affect our business, results of operations, financial condition and future prospects.
The credit quality of our loan portfolio may deteriorate and our ECL allowance could be insufficient to cover our losses, which would have a material adverse effect on our business, financial condition and results of operations.
Risks arising from changes in credit quality and the recoverability of amounts due from counterparties are inherent in many aspects of our businesses, in particular our customer credit card and lending businesses. We expect the amount of reported non-performing loans to increase in the future on an absolute basis as a result of the expected growth in our total loan portfolio, the credit quality of which may turn out to be worse than anticipated. The amount of reported non-performing loans may also increase due to factors beyond our control, such as adverse changes in the credit quality of our borrowers and counterparties or a general deterioration in economic conditions in the markets in which we operate.
Our provisions for credit losses are based on our current assessments and expectations concerning various factors affecting the quality of our loan portfolio. These factors include, among other things, our borrowers’ financial condition, government macroeconomic policies, interest rates and the legal and regulatory environment. As many of these factors are beyond our control and there is no infallible method for predicting loan and credit losses, we cannot guarantee that our current or future reserves for credit losses will be sufficient to cover actual losses. If our assessment of and expectations concerning the above-mentioned factors differ from actual developments, if the quality of our total loan portfolio deteriorates, for any reason, or if the future actual losses exceed our estimates of expected losses, we may be required to increase our provisions for credit losses, which may adversely affect our financial condition. As such, any unexpected increase in the level of our non-performing loans could have a material adverse effect on our financial condition.
Form 20-F | 2022 | 17 |
| |
We depend on key management, as well as our experienced and capable employees, and any failure to attract, motivate and retain our employees would harm our ability to maintain and grow our business.
Our business functions at the intersection of rapidly changing technological, social, economic and regulatory developments that require a wide-ranging set of expertise and intellectual capital. Our future success is significantly dependent upon the continued service of our executives and other key employees, and in particular our founding shareholder and chief executive officer David Vélez. If we lose the services of any member of management or any key employee, we may not be able to locate a suitable or qualified replacement, and we may incur additional expenses to recruit and train a replacement, which would severely disrupt our business and growth.
To maintain and grow our business, we will need to identify, attract, hire, develop, motivate and retain highly skilled employees, which requires significant time, expense and effort. Competition for highly skilled personnel is intense, in our industry in particular. We may need to invest significant amounts of cash and equity to attract and retain new employees, and we may never realize returns on these investments. In addition, from time to time, there may be changes in our management team that may be disruptive to our business. If our management team, including any new hires that we make, fail to work together effectively and to execute our plans and strategies on a timely basis, our business would be harmed.
Furthermore, our international expansion and our business in general may be materially adversely affected if legislative or administrative changes to immigration or visa laws and regulations impair our hiring processes or projects involving personnel who are not citizens of the country where their work is to be performed. If we are not able to add and retain employees effectively, our ability to achieve our strategic objectives will be adversely affected, and our business and growth prospects will be harmed.
Increases in our compensation expenses for our management that will be recognized in our future results may have an adverse effect on our accounting results.
Our operations and strategies depend on the attraction and retention of qualified personnel with different levels of expertise, and as such, we offer competitive compensation structures. As discussed in “Item 6. Directors, Senior Management and Employees—B. Compensation - Employee Benefit and Share Plans—2021 Contingent Share Award (CSA),” the cost of compensation for our managers increased in the year ended December 31, 2022 compared to the year ended December 31, 2021 primarily as a result of the US$78.0 million expense related to the Contingent Share Award. On November 29, 2022 the Contingent Share Award was voluntarily terminated by a decision of David Vélez in order to improve Nubank’s efficiency and reduce the potential dilution of our other shareholders.
If we fail to manage our growth effectively, our business would be harmed.
We have experienced and expect in the near term to continue to experience rapid growth. For instance, our total revenue increased by 182.2%, reaching US$4,792.2 million in 2022 from US$1,698.0 million in 2021. On a FX Neutral basis, our total revenue increased by 167.5%, reaching US$4,792.2 million in 2022 from US$1,791.4 million in 2021. See “Presentation of Financial and Other Information—Special Note Regarding Non-IFRS Financial Measures—FX Neutral Measures.” The number of our full-time employees increased by 33%, reaching 8,049 on December 31, 2022 compared to 6,068 on December 31, 2021. Our growth has placed and will continue to place significant demands on our administrative, operational and financial resources. Our ability to effectively manage our growth will depend on a number of factors, including our ability to:
| ● | expand our sales and marketing, technology, finance and administration teams; |
| ● | grow our facilities and infrastructure; |
| ● | adapt and scale our information technology systems; |
Form 20-F | 2022 | 18 |
| |
| ● | refine our operational, financial and risk management controls and reporting systems and procedures; |
| ● | recruit, integrate, train and retain a growing employee base and maintain our corporate culture; |
| ● | maintain and grow our customer base and provide quality customer service; and |
| ● | obtain, maintain, protect and develop our strategic assets, including our intellectual property and other proprietary rights. |
Executing on these factors will require significant capital expenditures and the allocation of valuable management and employee resources. We may be unable to effectively manage any future growth in an efficient, cost-effective or timely manner, or at all. Any failure to successfully implement systems enhancements and improvements will likely negatively impact our ability to manage our expected growth, ensure uninterrupted operation of key business systems and comply with the rules and regulations that are applicable to public reporting companies. Moreover, if we do not effectively manage the growth of our business and operations, the quality of our platform would suffer, which would negatively affect our reputation, results of operations and overall business. Furthermore, we encourage employees to quickly develop and launch new features for our products and services; as we grow, we may not be able to execute as quickly as smaller, more efficient organizations.
A decline in the use of credit or prepaid cards as a payment mechanism for consumers or adverse developments with respect to the payment processing industry in general would have a materially adverse effect on our business, financial condition and results of operations.
If consumers do not continue to use credit or prepaid cards as a payment mechanism for their transactions or if there is a change in the mix of payments between cash, credit, and prepaid cards and other means of payment, including real-time payments, that is adverse to us, it would have a material adverse effect on our business, financial condition and results of operations. We believe future growth in the use of credit, prepaid cards and other means of payment will be driven by the cost, ease-of-use and quality of services offered to consumers and businesses. In order to consistently increase and maintain our profitability, consumers and businesses must continue to use electronic payment methods including credit, debit and prepaid cards and real-time payment methods, such as Pix. Moreover, if there is an adverse development in the payments industry or Brazilian market in general, such as new legislation or regulation that makes it more difficult for our customers to do business or utilize such payment mechanisms, our business, financial condition and results of operations may be adversely affected.
We have historically derived a substantial portion of our revenue from our credit card business, and losses or a significant reduction in our credit card business, or our failure to successfully expand and diversify our revenue sources beyond our credit card business, would adversely affect our business, financial condition and results of operations.
The commercial success of our consumer technology platform has depended and may continue to depend in part on the success of our credit card business. We have historically derived a significant portion of our revenue from (i) the interchange fees we collect when a customer uses a Nu credit card to make a purchase and (ii) the interest rates we receive from the financing or revolving of Nu credit card balance by our customers. In the year ended December 31, 2022, interchange fees and interest related to credit cards accounted for 19.1% and 21.21% of our revenue, respectively (27.8% and 21.1% in the year ended December 31, 2021). While we expect our revenue concentration to decline in the future as we expand our suite of products and services, our efforts to diversify our revenue sources, such as new products and regional diversification, may not be successful and our reliance on credit card-related revenue may increase. Further, our revenue would be significantly harmed if we were to lose all or a substantial portion of our credit card business, whether due to loss of customers, regulatory or legislative developments or otherwise. In particular, our revenue would be harmed if the interchange fees that we collect or the interest rates that we charge become capped by regulators (or, in markets in which regulatory caps already exist, if such caps were reduced). Please see “—Risks Relating to Regulatory Matters and Litigation—Certain ongoing legislative and regulatory initiatives under discussion by the Brazilian Congress, the Central Bank of Brazil, the Ministry of Finance and the broader payments industry may result in changes to the regulatory framework of the Brazilian payments and financial industries, which may have an adverse effect on our business and cause us to incur increased compliance costs.”
Form 20-F | 2022 | 19 |
| |
Further, on July 2, 2021, Brazilian Law No. 14,181, or the “Over Indebtedness Law,” created a chapter in the Brazilian Consumer Protection Code dedicated to responsible credit and financial education, with new provisions that require specific information to be provided to the consumer when granting credit or in installment sales, such as the effective monthly interest rate, interest on arrears and late payment charges. Moreover, Decree No. 11,150 was published on July 26, 2022, determining a “base minimum” (“mínimo existencial”) for the prevention, treatment and conciliation of situations of over-indebtedness in consumer debt, at the rate of 25% of the minimum wage. According to the decree, this rate corresponds to the salary value that must be preserved when indebted people negotiate payment of these debts with financial institutions. The Federal Executive, however, is analyzing a possible review of such rate, either to increase it or to allow judges to decide the value on a case-by-case basis.
This new set of rules and the review of the “existential minimum” value may contribute to driving customers and potential customers away from our credit portfolio, which could adversely impact our business, financial condition and results of operations. For more information, see “—A decline in the use of credit or prepaid cards as a payment mechanism for consumers or adverse developments with respect to the payment processing industry in general would have a materially adverse effect on our business, financial condition and results of operations.”
If we are unable to attract new and retain existing customers, our business, financial condition and results of operations will be adversely affected.
We believe that our customer base is the cornerstone of our business. The growth of our business depends on existing customers expanding their use of our products and services and on our ability to attract new customers, including customers who may be reluctant to seek alternatives to incumbent financial institutions, by offering new products and services. If we are unable to attract new customers to our platform or encourage customers to broaden their use of our products and services, our growth may slow or stop, and our business may be materially and adversely affected.
Our ability to maintain and expand our customer base depends on a number of factors, including our ability to provide relevant and timely products and services to meet their changing needs at a reasonable cost. We have invested and will continue to invest in improving our platform and our suite of products and services. For example, in 2021, we acquired NuInvest, our broker-dealer subsidiary, and have announced plans to expand our insurance broker activities. However, if new or improved features, products and services fail to meet shifting customer demands and fail to attract new customers or encourage existing customers to expand their engagement with our products and services, our growth may slow or decline. Further, these and other new products and services must achieve high levels of market acceptance before we are able to recoup our up-front investment costs, which may never occur if such products and services fail to attract new and retain existing customers.
Our existing and new products and services, including our payments, investments, insurance and credit solutions, could fail to attract new and retain existing customers for many reasons, including:
Form 20-F | 2022 | 20 |
| |
| ● | we may fail to predict market demand accurately and provide products and services that meet this demand in a timely fashion; |
| ● | customers may not like, find useful or agree with any changes we make to our products or services; |
| ● | the reliability, performance or functionality of our products and services could be compromised or the quality of our products and services could decline; |
| ● | we may fail to provide sufficient customer support; |
| ● | customers may dislike our pricing, in particular in comparison to the pricing of competing products and services; |
| ● | competing products and services may be introduced or anticipated to be introduced by our competitors; and |
| ● | there may be negative publicity about our products and services or our platform’s performance or effectiveness, including negative publicity on social media platforms. |
Further, our customers have no obligation to continue to use our products and services, and we can make no assurances that our customers will continue to do so. We generally do not have long-term contracts with our customers; customer deposits and investments may be withdrawn without notice, and the consumer credit solutions we offer may be prepaid and canceled at any time. Further, recent changes in regulations have increasingly enabled customers to more easily switch to our competitors.
Any one or a combination of these factors could lead to customer attrition, and in particular at rates that are higher than we expect, which would adversely affect our business, financial condition and results of operations.
If we cannot keep pace with rapid technological developments to provide new and innovative products and services, the use of our products and services and, consequently, our revenue could decline or our revenue growth rate could slow.
Rapid, significant and disruptive technological changes have impacted or may in the future impact the industries in which we operate, including changes in:
| ● | artificial intelligence and machine learning (e.g., in relation to fraud and risk assessment); |
| ● | payment technologies (e.g., real-time payments, payment card tokenization, virtual and crypto currencies, including distributed ledger and blockchain technologies, and proximity payment technology, such as near-field communication and other contactless payments); |
| ● | mobile and internet technologies (e.g., mobile phone app technology); |
| ● | commerce technologies, including for use in-store, online and via mobile, virtual, augmented or social-media channels; and |
| ● | digital banking features (e.g., balance and fraud monitoring and notifications). |
Form 20-F | 2022 | 21 |
| |
In order to remain competitive and maintain and enhance customer experience and the quality of our products and services, we must continuously invest in the development of new products and features to keep pace with technological developments. We currently rely, and expect to continue to rely, in part, on certain third parties for the development of, and access to, new technologies. However, there can be no assurance that our development efforts, including through such third-party providers, will be successful, as we or such third parties may experience cost overruns, delays in delivery, performance failure or lack of customer adoption, among other potential issues. Further, there can be no assurance that our financial resources will be sufficient to maintain the levels of investment required to support such development efforts, which may require substantial capital commitment. Any failure in our development efforts, including any failure to adopt emerging technologies or to accurately predict and address market demand, and any delay in delivery of new products or services integrating emerging technologies, could render our services less desirable, or even obsolete, to our customers. Furthermore, our competitors may have the ability to devote more financial and operational resources than we can to the development of new technologies and services and, if successful, their development efforts could render our services less desirable to customers, resulting in the loss of customers or a reduction in the fees we can generate. If our development efforts prove unsuccessful, or if we are unable to develop, adapt to or access technological changes on a timely and cost-effective basis, our business, financial condition and results of operations could be materially adversely affected.
We are dependent on third-party service providers in our operations, any failure of a third-party service provider could disrupt our operations.
We utilize numerous third-party service providers in our operations, including payments, credit card transaction processing, back office and business process support, information technology production and support, Internet connections, network access and cloud computing. For example, our credit and debit (pre-paid) card transaction authorization is provided by Mastercard, our infrastructure services and connection to the National Brazilian Financial System Network, or “RSFN,” depends on the infrastructure of Market Telecommunications Network (Rede de Telecomunicações para o Mercado Ltda.), or “RTM,” a datacenter and link provider, our cloud data processing and storage services and, separately, our datacenter infrastructure services are both provided by third-party service providers, among other third-party service providers on which we rely for the continuity of our business. A failure by a third-party service provider could expose us to an inability to provide contractual services to our customers in a timely manner. Additionally, if a third-party service provider is unable to provide these services, we may incur significant costs to either internalize some of these services or find a suitable alternative. Significantly, certain third-party service providers, including Mastercard, are the sole source or one of a limited number of sources of the services they provide for us. It would be difficult and disruptive for us to replace some of our third-party vendors in a timely manner if they were unwilling or unable to provide us with these services in the future (as a result of their financial or business conditions or otherwise), and our business and operations likely would be materially adversely affected. Further, any failure in the performance of our due diligence processes and controls related to the supervision and oversight of these third parties in detecting and addressing conflicts of interest, fraudulent activity, data breaches and cyber-attacks, noncompliance with relevant securities and other laws could cause us to suffer financial loss, regulatory sanctions or damage to our reputation.
Inadequacy or disruption of our disaster recovery plans and procedures in the event of a catastrophe would adversely affect our operations.
We have made a significant investment in our infrastructure, and our operations are dependent on our ability to protect the continuity of our infrastructure against damage from catastrophe or natural disaster, breach of security, cyber-attack, loss of power, telecommunications failure or other natural or man-made events. A catastrophic event could have a direct negative impact on us by adversely affecting our customers, partners, third-party service providers, employees or facilities, or an indirect impact on us by adversely affecting the financial markets or the overall economy. If our business continuity and disaster recovery plans and procedures were disrupted, inadequate or unsuccessful in the event of a catastrophe, we could experience a material adverse interruption of our operations.
Form 20-F | 2022 | 22 |
| |
We serve our customers using third-party data centers and cloud services. While we have electronic access to the infrastructure and components of our platform that are hosted by third parties, we do not control the operation of these facilities. Consequently, we may be subject to service disruptions as well as failures to provide adequate support for reasons that are outside of our direct control. These data centers and cloud services are vulnerable to damage or interruption from a variety of sources, including earthquakes, floods, fires, power loss, system failures, cyber-attacks, physical or electronic break-ins, human error or interference (including by employees, former employees or contractors), and other catastrophic events. Our data centers may also be subject to local administrative actions, changes to legal or permitting requirements and litigation to stop, limit or delay operations. Despite precautions taken at these facilities, such as disaster recovery and business continuity arrangements, the occurrence of a natural disaster or an act of terrorism, a decision to close the facilities without adequate notice or other unanticipated problems at these facilities could result in interruptions or delays in our services, impede our ability to scale our operations or have other adverse impacts upon our business. See “—We depend on data centers operated by third parties and third-party Internet-hosting providers and cloud computing platforms, and any disruption in the operation of these facilities or platforms or access to the Internet would adversely affect our business.”
Our disclosure controls and procedures over financial reporting may not prevent or detect all errors or acts of fraud.
Disclosure controls and procedures, including internal controls over financial reporting, are designed to provide reasonable assurance that information required to be disclosed by us in reports filed or submitted under the U.S. Securities Exchange Act of 1934, as amended, or the “Exchange Act,” and the applicable rules and regulations of the CVM is accumulated and communicated to management, and recorded, processed, summarized and reported within the time periods specified in the SEC’s and the CVM’s respective rules and forms.
These disclosure controls and procedures have inherent limitations, which include the possibility that judgments in decision-making can be faulty and result in errors or mistakes. Additionally, controls can be circumvented by any unauthorized override of the controls. Consequently, our business is exposed to risk from potential noncompliance with policies, employee misconduct, negligence and fraud, which could result in regulatory sanctions, civil claims and serious reputational or financial harm. In particular, it is not always possible to deter employee misconduct, and the precautions we take to prevent and detect this activity may not always be effective. Accordingly, because of the inherent limitations in the control system, misstatements due to error or fraud may occur and not be detected.
In the past, we had identified material weaknesses in our internal control over financial reporting. If we fail to identify and remediate other material weaknesses and maintain effective internal controls over financial reporting, we may be unable to accurately report our results of operations, meet our reporting obligations or prevent fraud.
In connection with a structured review of our internal control over our consolidated financial statements for the year ended December 31, 2021, we identified certain material weaknesses in our internal control over financial reporting related to (i) IT systems change management processes and (ii) IT user identity and access management processes. All of which were originally identified in connection with a structured review of our internal control over financial reporting and procedures initiated by our management more than one year prior to the initial prospectus of our IPO and the audit of our consolidated financial statements for the year ended, December 31, 2020. We took actions to remediate the material weaknesses relating to our internal controls over financial reporting, including the improvement of change management processes and of identity and access management processes. As a result of the remediation activities and controls in place as of December 31, 2022, we have remediated our previously disclosed material weaknesses as of such date.
Form 20-F | 2022 | 23 |
| |
We cannot guarantee that the actions we may take in the future will be sufficient to prevent or avoid potential future material weaknesses. Any failure to maintain effective internal control over financial reporting could severely inhibit our ability to accurately report our consolidated financial condition or results of operations, which could cause investors to lose confidence in our financial statements, and the trading price of our Class A ordinary shares to decline. In addition, if we fail to maintain the adequacy of our internal control over financial reporting, as accounting standards are modified, supplemented or amended from time to time, we may not be able to conclude on an ongoing basis that we have effective internal control over financial reporting in accordance with Section 404 of the Sarbanes-Oxley Act of 2002. See “Item 15. Controls and Procedures—D. Changes in Internal Control over Financial Reporting.”
If we fail to maintain an effective internal control environment, we could suffer material misstatements in our financial statements, fail to meet our reporting obligations or fail to prevent fraud, which would likely cause investors to lose confidence in our reported financial information. This could, in turn, limit our access to capital markets, harm our results of operations, and lead to a decline in the trading price of our Class A common shares. Additionally, ineffective internal control over financial reporting could expose us to increased risk of fraud or misuse of corporate assets and subject us to potential delisting from NYSE, regulatory investigations and civil or criminal sanctions. We are subject to the Sarbanes-Oxley Act, which requires, among other things, that we establish and maintain effective internal control over financial reporting and disclosure controls and procedures. Under the current rules of the SEC, we are required to perform system and process evaluation and testing of our internal controls over financial reporting to allow management to assess their effectiveness. Our testing may in the future reveal deficiencies in our internal controls that are deemed to be material weaknesses or significant deficiencies and render our internal controls over financial reporting ineffective. If we or our management identifies material weaknesses or significant deficiencies in our internal controls over financial reporting, the market price of our Class A common shares may decline and we may be subject to investigations or sanctions by the SEC, the Financial Industry Regulatory Authority, Inc., or “FINRA,” or other regulatory authorities, as well as litigation. Further, in terms of regulations and legislation in Brazil, all Brazilian financial and payment institutions, which includes some of our Brazilian subsidiaries, must maintain internal guidelines and procedures to control their respective financial, operational and information systems, and must comply with all applicable legislation. CMN Resolution No. 4,595 of August 28, 2017 provides that Brazilian financial institutions must implement and maintain a compliance policy compatible with its nature, size, complexity, structure, risk profile and business model. Central Bank of Brazil Resolution No. 65 of January 26, 2021, provides similar rules for Brazilian payment institutions. In accordance with CMN Resolution No. 2,554 of September 24, 1998, the executive officers of Brazilian financial and payment institutions are responsible for implementing efficient internal control structures that set out control responsibilities and procedures and establish objectives and procedures applicable to all levels of the institution, among other requirements. The executive officers are also responsible for ensuring compliance with all internal procedures.
We have incurred losses since our inception, and we may not achieve profitability.
We have incurred losses since our inception. We incurred a loss of US$364.6 million, US$165.3 million and US$171.5 million for the years ended December 31, 2022, 2021 and 2020, respectively. We will need to generate and sustain increased revenue levels and decrease proportionate expenses in future periods to achieve profitability. In addition, we intend to expand our customer base, and continue to invest in developing products and services that we believe will improve the experiences of our customers and therefore improve our long-term results of operations. However, customer acquisition could cause us to incur losses in the short term because a material portion of the costs associated with new customers are generally incurred up front, while revenue is uncertain and mostly recognized thereafter as customers make interest payments and utilize our services. Likewise, improvements in products and services have and will continue to cause us to incur significant up-front costs and may not result in the long-term benefits that we expect, which could materially and adversely affect our business. If any of these costs materially rise in the future, our expenses may rise significantly. If we are unable to generate adequate revenue growth and manage our expenses, we may continue to incur losses and may not attain profitability.
Form 20-F | 2022 | 24 |
| |
Our results of operations and operating metrics may fluctuate, which may cause the market price of our Class A ordinary shares and BDRs to decline.
Our results of operations may vary significantly and are not necessarily an indication of future performance. These fluctuations may be a result of a variety of factors, some of which are beyond our control. In particular, our results of operations and operating metrics are subject to volatility based on consumer spending levels. The electronic payments industry in general depends heavily on the overall level of consumer spending, which may be adversely affected by general or localized economic conditions that impact consumer confidence, consumer spending, consumer discretionary income or changes in consumer purchasing habits. A sustained deterioration in general economic conditions in the markets in which we operate, including a rise in unemployment rates or increases in interest rates, may cause a reduction in overall consumer spending, thereby causing a decline in the number of transactions made by our cardholders or in the average amount spent per transaction, which would adversely impact our results of operations. In addition, our business is affected by customer behavior throughout the year and experiences seasonal fluctuations. We are aware, based on historical information, that months in which certain holidays fall, such as Black Friday and Christmas, generate higher levels of consumption and thus positively benefit our total transaction volume and related revenue. Relatedly, February is a month with lower revenue given fewer calendar days and thus a lower monthly volume of transactions.
In addition to consumer spending levels and seasonality, our results of operations may fluctuate as a result of changes in our ability to attract and retain new customers, increased competition in the markets in which we operate, our ability to expand our operations in new and existing markets, our ability to maintain an adequate growth rate and effectively manage that growth, our ability to keep pace with technological changes in the industries in which we operate, changes in governmental or other regulations affecting our business, harm to our brand or reputation, and other risks described elsewhere in this annual report.
Further, from time to time, we have made and may make decisions that will have a negative effect on our short-term operating results if we believe those decisions will improve our operating results over the long term. These decisions may not produce the long-term benefits that we expect, or they may be inconsistent with the expectations of investors and research analysts, either of which could cause the price of our Class A ordinary shares and BDRs to decline.
Our business with crypto assets is subject to a fast-evolving and uncertain regulatory landscape and any adverse changes to, or our failure to comply with, any laws and regulations could adversely affect our brand, reputation, business, operating results, and financial condition. In addition, failure of operation systems may cause loss to us or our customers.
As part of our suite of products and services, we enable our customers to purchase and sell certain crypto assets in our platform (NuCrypto) and have launched our own token (NuCoin) as part of a loyalty program. Any failure by us or our partners to maintain the necessary controls or to manage crypto assets and funds appropriately and in compliance with applicable regulatory requirements and cybersecurity considerations could result in potential loss of cryptocurrencies, reputational harm, regulatory enforcement actions, significant financial losses, lead customers to discontinue or reduce their use of our and our partners’ products, and result in significant penalties and fines and additional restrictions, which could adversely impact our business, operating results, and financial condition. The significant regulatory uncertainty regarding crypto assets and crypto trading platforms, including in Brazil, may restrict, limit, regulate in excessive and burdensome manner the investment in crypto assets or prohibit the use of such assets and/or related transactions in different jurisdictions, which could adversely affect our activities, the manner in which we currently conduct some aspects of our business and, as a result, our financial condition, results of operations and the market price of our Class A ordinary shares.
Form 20-F | 2022 | 25 |
| |
Consequently, we are subject to potential litigation from clients who may lose their investments in cryptocurrency due to market volatility, or as a result of operational failures and from the uncertain regulatory landscape. For more information on our token (NuCoin) see “Item 4. Information on the Company — A— History and Development of the Company — Distribution of our own token.”
Our systems, the systems of our third-party service providers and partners, and certain crypto asset and blockchain networks have experienced, and may experience in the future, service interruptions because of hardware and software defects or malfunctions, distributed denial-of-service and other cyberattacks, insider threats, break-ins, sabotage, human error, vandalism, earthquakes, hurricanes, floods, fires, and other natural disasters, power losses, disruptions in telecommunications services, fraud, military or political conflicts, terrorist attacks, computer viruses or other malware, and other events. Significant or persistent interruptions in our services or in services of third-party service providers and partners could harm our reputation and negatively affect our business, operating results, and financial condition.
Real or perceived inaccuracies in our key operating metrics may harm our reputation, results of operations and financial condition.
We track certain key operating metrics such as number of customers, monthly active customers, activity rate, purchase volume, deposits, interest-earning portfolio, monthly ARPAC, monthly average cost to serve per customer, client acquisition cost and our NPS, among other metrics, which are not independently verified by any third party. While the metrics presented in this annual report are based on what we believe to be reasonable assumptions and estimates, our internal systems and tools have a number of limitations, and our methodologies for tracking these metrics may change over time. In addition, limitations or errors with respect to how we measure data or with respect to the data that we measure may affect our understanding of certain details of our business, which could affect our long-term strategies. If the internal systems and tools we use to track these metrics understate or overstate performance or contain algorithmic or other technical errors, the key operating metrics we report may not be accurate. If investors do not perceive our operating metrics to be accurate, or if we discover material inaccuracies with respect to these figures, our reputation may be significantly harmed, and our results of operations and financial condition could be adversely affected.
We have a limited operating history with financial results that may not be indicative of future performance, and our revenue growth rate is likely to slow as our business matures.
We were founded in 2013 and began operations in Brazil in 2014, in Mexico in 2019 and in Colombia in 2020. As a result of our limited operating history, our ability to accurately forecast our future results of operations is limited and subject to a number of uncertainties. Our historical revenue growth and other historical results should not be considered indicative of our future performance. In particular, over the long-term, we expect that our revenue growth will slow as our business matures. It is also possible that our revenue growth does not reach the levels we expect, or declines for any number of reasons, including slowing demand for our products, increasing competition, changes to technology, a decrease in the growth of our overall market, increased regulation or our failure, for any reason, to take advantage of growth opportunities. If our assumptions regarding our future revenue growth and other operating and financial results are incorrect or change, our operating and financial results could differ materially from our expectations.
Form 20-F | 2022 | 26 |
| |
Our insurance policies may not be sufficient to cover all claims.
Our insurance policies may not adequately cover all risks to which we are exposed. A significant claim not covered by our insurance, in full or in part, may result in significant expenditures by us. Moreover, we may not be able to maintain insurance policies in the future at reasonable costs or on acceptable terms, which may adversely affect our business and the trading price of our Class A ordinary shares and BDRs.
Fraud could have a material adverse effect on our business, financial condition and results of operations.
We offer products and services to a large number of customers, and we are responsible for vetting and monitoring these customers and determining whether the transactions we process for them are legitimate. When our products and services are used to process illegitimate transactions and we settle those funds, we are unable to recover them, suffer losses and incur liabilities. These types of illegitimate transactions can also expose us to governmental and regulatory sanctions. The highly automated nature of, and liquidity offered by, our payments services make us a target for illegal or improper uses, including fraudulent or illegal sales of goods or services, money laundering and terrorist financing. Identity thieves and those committing fraud using stolen or fabricated credit card or account numbers, or other deceptive or malicious practices, potentially can steal significant amounts of money from businesses like ours. It is possible that incidents of fraud could increase in the future. Failure to effectively manage risk and prevent fraud would increase our liability, and could have a material adverse effect on our business, financial condition and results of operations.
If we are unable to integrate our products with a variety of operating systems, software applications, platforms and hardware that are developed by others, our solutions may not operate effectively, our products may become less marketable, less competitive or obsolete and our business, financial condition and results of operations may be harmed.
Our products must integrate with a variety of network, hardware and software platforms, and we need to continuously modify and enhance our products to adapt to changes in hardware, software, networking, browser and database technologies. In particular, we have developed our technology platform to easily integrate with third-party applications through the interaction of application programming interfaces, or “APIs.” In general, we rely on the fact that the providers of such software systems continue to allow us access to their APIs to enable these integrations. To date, we generally have not relied on long-term written contracts to govern our relationship with these providers. Instead, we are subject to the standard terms and conditions for application developers of such providers, which govern the distribution, operation and fees of such software systems, and which are subject to change by such providers from time to time. Our business could be harmed if any provider of such software or other technologies or systems:
| ● | discontinues or limits our access to its APIs; |
| ● | modifies its terms of service or other policies, including fees charged to or other restrictions on us or other application developers; |
| ● | changes how customer information is accessed by us, our partners or our customers; |
| ● | establishes more favorable relationships with one or more of our competitors; or |
| ● | develops or otherwise favors its own competitive offerings over ours. |
Although we actively monitor our partners and multi-source vendors, we cannot prevent our providers of software or other technologies from changing the features of their APIs, discontinuing their support of such APIs, restricting our access to their APIs or altering the terms governing their use in a manner that is adverse to our business. If our partners or multi-source vendors were to take such actions, our capabilities that depend on such APIs would be impaired until we are able to find a replacement partner or develop an in-house solution, which could significantly diminish the value of our platform and harm our business, operating results and financial condition. In addition, third-party services and products are constantly evolving, and we may not be able to modify our platform to maintain its compatibility with such services and products as they continue to develop, or we may not be able to make such modifications in a timely and cost-effective manner, any of which could harm our business, operating results and financial condition.
Form 20-F | 2022 | 27 |
| |
If we are unable to operate effectively on mobile platforms, our business, financial condition and results of operations could be materially adversely affected.
Our future growth and success are dependent in part on our ability to provide a functional, reliable and user-friendly mobile platform to our customers. In particular, as we expand geographically, we will need to provide solutions for customers living in areas with low Internet connectivity, reduced bandwidth and latency issues. Our success will also depend on the interoperability of our offerings with a range of third-party technologies, systems, networks, operating systems and standards, including iOS and Android, and the availability of our mobile apps in app stores and in “super-app” environments.
The success of our mobile app could be harmed by factors outside our control, such as:
| ● | actions taken by mobile app distributors; |
| ● | unfavorable treatment received by our mobile apps, especially as compared to competing apps, such as the placement of our mobile apps in a mobile app download store; |
| ● | increased costs in the distribution and use of our mobile app; |
| ● | changes, bugs or technical issues in mobile operating systems, such as iOS and Android, device manufacturers or mobile carriers that degrade the functionality of our mobile website or mobile apps or give preferential treatment to competitive offerings; |
| ● | changes to the terms of service or policies of mobile operating systems, device manufacturers or mobile carriers that reduce or eliminate our ability to distribute applications, limit our ability to target or measure the effectiveness of our applications or impose fees or other changes related to our delivery of our applications; and |
| ● | government action limiting the accessibility of our mobile app. |
Further, we are subject to the standard policies and terms of service of third-party operating systems, as well as policies and terms of service of the various application stores that make our application and experiences available to our customers. These policies and terms of service govern the availability, promotion, distribution, content and operation generally of applications and experiences on such operating systems and stores. Each provider of these operating systems and stores has broad discretion to change and interpret its terms of service and policies with respect to our platform and any such changes, which may be driven by many factors, including increased competition, may be unfavorable to us and our customers’ use of our platform. If we were to violate, or an operating system provider or application store believes that we have violated, its terms of service or policies, that operating system provider or application store could limit or discontinue our access to its operating system or store. In some cases, these terms of service or policies may not be clear or our interpretation of the requirements may not align with the interpretation of the operating system provider or application store, which could lead to inconsistent enforcement of these terms of service or policies against us. Any limitation or discontinuation of our access to any third-party platform or application store could adversely affect our business, financial condition or results of operations.
Form 20-F | 2022 | 28 |
| |
Additionally, in order to deliver a high-quality mobile experience for our customers, it is important that our products and services work well with a range of mobile technologies, products, systems, networks, hardware and standards that we do not control, and that we have good relationships with mobile operating system partners, device manufacturers and mobile carriers. We may not be successful in maintaining or developing relationships with key participants in the mobile ecosystem or in developing products that operate effectively with these technologies, products, systems, networks or standards. In the event that it is more difficult for our customers to access and use our mobile platform, or if our customers choose not to access or use our mobile platform on their mobile devices or use mobile products that do not offer access to our mobile platform, our customer growth and engagement could be harmed. The risks associated with our dependency on our mobile application may be exacerbated by the frequency with which customers change or upgrade their devices. In the event customers choose devices that do not already include or support our platform or do not install our mobile apps when they change or upgrade their devices, our customer engagement may be further harmed.
Any acquisition, partnership or joint venture that we make or enter into could disrupt our business and harm our financial condition and results of operations.
As part of our growth strategy, we intend to continue to evaluate opportunities to acquire, or form partnerships or joint ventures with businesses, technologies, services and products as such opportunities arise. In January 2022, we concluded the acquisition of Olivia (artificial intelligence based personal finance management). In 2021, these opportunities included Easynvest (investments, June 2021), Juntos (conversational platform, July 2021), Creditas (secured credit, September 2021), SpinPay (checkout solutions, October 2021), Akala (Mexican financial cooperative, December 2021). We may enter into other strategic transactions or arrangements in the future. We may not, however, be able to identify appropriate acquisition, partnership or joint venture targets in the future, and our efforts to identify such targets may result in a loss of time and financial resources. In addition, we may not be able to successfully negotiate or finance such future acquisitions, partnerships or joint ventures successfully or on favorable terms, or to effectively integrate acquisitions into our current business, and we may lose customers or personnel as a result of any such strategic transaction (in particular the customers and personnel of an acquired business). The process of integrating an acquired business, technology, service or product into our business may divert management’s attention from our core business, and may result in unforeseen operating difficulties and expenditures and generate unforeseen pressures and strains on our organizational culture. Moreover, we may be unable to realize the expected benefits, synergies or developments that we initially anticipate from such a strategic transaction.
Financing an acquisition or other strategic transaction could result in dilution to existing shareholders from issuing equity securities or convertible debt securities, or a weaker balance sheet from using cash or incurring debt, and equity or debt financing may not be available to us on favorable terms, if at all. In addition, in connection with an acquisition, it is possible that the goodwill that has been attributed, or may be attributed, to the target may have to be written down if the valuation assumptions are required to be reassessed as a result of any deterioration in the underlying profitability, asset quality and other relevant matters. There can be no assurance that we will not have to write down the value attributed to goodwill in the future, which would adversely affect our results of operations and net assets.
Furthermore, we may be unable to complete a proposed transaction if we are unable to obtain required regulatory approvals, which may include approval by the Central Bank of Brazil or Brazil’s Administrative Council for Economic Defense (Conselho Administrativo de Defesa Econômica, or “CADE”), or other applicable regulatory authorities in the various jurisdictions in which we or a potential acquisition target operate. Even if we are able to obtain regulatory approval, such approval could be subject to certain conditions, which could prevent us from competing for certain customers or in certain lines of business. In addition, we may face contingent liabilities in connection with our acquisitions and joint ventures, including, among others, (1) judicial or administrative proceeding or contingencies relating to the company, asset or business acquired, including civil, regulatory, tax, labor, social security, environmental and intellectual property proceedings or contingencies; and (2) financial, reputational and technical issues, including with respect to accounting practices, financial statement disclosures and internal controls, as well as other regulatory or compliance matters, all of which we may not have identified as part of our due diligence process and that may not be sufficiently indemnifiable under the relevant acquisition or joint venture agreement. We cannot guarantee that any acquisition, partnership or joint venture we make will not have a material adverse effect on our business, financial condition and results of operations.
Form 20-F | 2022 | 29 |
| |
Substantial and increasingly intense competition within our industry may harm our business, financial condition, results of operations, and prospects.
The Latin American market for financial services, and in particular the Brazilian, Mexican and Colombian financial services markets, have become increasingly competitive in recent years. We face significant competition from traditional Brazilian, other Latin American and international banks and other neobanks, payment services providers, investment advisors and brokers, in addition to other new financial technology companies, startups and non-financial companies operating in certain segments of the financial services industry in which we operate. We expect competition to intensify in the future, both as emerging technologies continue to enter the marketplace and as large financial incumbents increasingly seek to innovate the services that they offer that compete with our platform.
Specifically, we face competition in the consumer credit, investment, payments and insurance segments. Our main competitors in the Brazilian consumer credit space include Itaú Unibanco S.A., Banco Bradesco S.A., Banco Santander (Brasil) S.A., Banco Caixa Econômica Federal and Banco do Brasil S.A. In the Brazilian investment segment, in addition to certain of our competitors in the consumer credit space, our main competitors include Banco BTG Pactual S.A., Banco Inter S.A. and XP Inc. In the Brazilian payments space, in addition to certain of our competitors in the consumer credit and investment spaces, we face competition from MercadoPago Instituição de Pagamento Ltda., PicPay Instituição de Pagamento S.A., PagSeguro Digital Ltd. and StoneCo Ltd., among others. In addition to existing competition, new competitors may enter the market or existing competitors may offer new or expand existing products or services.
Many of our competitors, in particular traditional banks or competitors that are affiliated with traditional banks, have substantially greater financial, operational and marketing resources than we do. Accordingly, these competitors may be able to offer more extensive or enhanced products and services to customers, or offer such products and services at more attractive rates (including more attractive rates on deposits and rates on loans) or on better terms. As a result, we may be forced to increase our deposit rates, or lower the rates we charge for loans or the fees we charge for other services, or devote significant financial resources to our marketing efforts or developing customized products and services that customers demand, in order to maintain and expand our market share. If this were to occur, we would need to enhance cost control to maintain our margins, and if we are unable to control our costs, our margins and results of operations may be adversely affected. In particular, we have relied primarily on low-touch organic methods of customer acquisition, including an unpaid direct referral method. However, this method of customer acquisition may not be as productive as we would like going forward and could put us at a competitive disadvantage compared to competitors with high-touch customer acquisition models or greater marketing resources. If we are unable to acquire customers through our low-touch organic methods, we may have to increase our marketing investments, or could be unable to grow our revenue and our operating results could be adversely affected.
In addition, certain of our competitors in certain product areas and markets may not be subject to the same regulatory requirements that we are. For example, due to the volume of our payment transactions, we were required to obtain authorization from the Central Bank of Brazil to conduct our business as an issuer of post-paid payment instruments and an issuer of electronic currency, while certain other payment or financial institutions, including certain competitors, can operate without such authorization so long as their payment volume remains below certain thresholds. Further, as a regulated payment institution, our subsidiary Nu Pagamentos is required to comply with a set of regulations that is not applicable to non-regulated payment institutions, including minimum equity capital, minimum net equity, compulsory segregation of customers’ funds maintained in payment accounts, internal controls and cybersecurity requirements, among others. In addition, our subsidiary Nu Financeira, a Brazilian financial institution, had undertaken a commitment before the Central Bank of Brazil to operate with a Basel minimum capital adequacy ratio of 14.0% which was a higher capital ratio than those applicable to most other financial institutions operating in Brazil. Such commitment was revoked on July 15, 2022, provided that Nu Financeira continues to comply with the provisions of CMN Resolution No. 4,958/21. Nu Financeira is currently subject to a minimum capital adequacy ratio of 10.5%, in line with the capital ratio applicable to most financial institutions operating in Brazil. As a result, our competitors who are not subject to similar regulatory requirements may be able to offer products and services at lower costs, which could put pressure on the pricing and terms that we offer and, as a result, our profit margins.
Form 20-F | 2022 | 30 |
| |
Further, competition in the financial services industry in Brazil and certain other Latin American markets (including Mexico and Colombia) has increased, both as a result of recent consolidations among financial institutions in such markets, adversely affecting the ability of new market entrants to access material amounts of equity capital, and as a consequence of changes in regulations that (i) increased the ability of customers to switch between financial institutions, (ii) enabled financial institutions to access the financial and personal information of customers, and (iii) established rules for an instant payment arrangement. For example, on May 4, 2020, the CMN and the Central Bank of Brazil implemented the Open Financial System, or “open finance,” in Brazil to facilitate the new market entrants’ access to the financial markets as well as to encourage competition between financial institutions. In particular, the implementing regulations make available to various participants in the Brazilian financial system data relating to customers (where consented to) and services of financial institutions. As participants of open finance, we are required to share standardized data related to our customers, service channels, products and services, which make it easier for other market participants to compete with us. Mexico and Colombia are likewise in the process of implementing an open finance system. Further implementation of open finance may intensify competition in the industry, as the sharing of information between institutions may make it easier for competitors to offer better credit terms and conditions, enabling customers to move such financial obligations from our platform to other competing platforms, which would adversely affect our interest income and therefore our results of operations.
In addition, on November 16, 2020, the Central Bank of Brazil launched the instant payment system, or “Pix,” and the Instant Payment System, or “SPI,” which enable electronic fund transfers in real time around the clock. This ecosystem promotes innovation of the existing payment infrastructure. Although the regulations relating the Pix and SPI ecosystems are subject to further developments from time to time, such initiatives may promote greater competition in the industry, and could cause customers to transition away from the solutions we offer, towards Pix or SPI solutions. In particular, Pix makes processing payments faster and less expensive, fosters additional competition and allows new entrants to join the market, while also serving as a significant source of data that will contribute to the ongoing transformation of the financial industry in Brazil. Such developments could therefore materially and adversely affect our business and results of operations.
If we are unable to successfully compete, the demand for our platform, products and services could stagnate or substantially decline, and we could fail to retain or grow the number of customers using our platform, which would materially and adversely affect our business, results of operations, financial condition and prospects.
Form 20-F | 2022 | 31 |
| |
Our hedging strategy may not be able to prevent losses.
We use a range of strategies and instruments, including entering into derivative and other transactions, to hedge our exposure to market, credit and operational risks. Nevertheless, we may not be able to hedge all risks to which we are exposed, whether partially or in full, and the hedging strategies and instruments on which we rely may not achieve their intended purpose. Any failure in our hedging strategy or in the hedging instruments on which we rely could result in losses to us and have a material adverse effect on our business, financial condition and results of operations. In addition, our decision not to hedge our foreign exchange exposure originated by our investments in Brazil, Colombia and Mexico could negatively harm our financial condition and results of operations.
Financial instruments, including derivative instruments, securities, cash and cash equivalents that are substantially composed of securities and compulsory and other deposits at central banks represented 56.9% and 64.1% of our total assets as of December 31, 2022 and 2021, respectively. Any realized or unrealized future gains or losses from our investments or hedging strategies could have a significant impact on our income. These gains and losses, which we account for when we sell or assess the fair value of investments in financial instruments, can vary considerably from one period to another. If, for example, we enter into derivatives transactions to protect ourselves against decreases in interest rates and interest rates instead increase, we may incur financial losses. We cannot forecast the amount of gains or losses in any future period, and the variations experienced from one period to another do not necessarily provide a meaningful forward-looking reference point. Gains or losses in our investment portfolio may create volatility in revenue levels, and we may not earn a return on our consolidated investment portfolio, or on a part of the portfolio in the future, and any losses on our securities and derivative financial instruments could materially and adversely affect our income and financial condition. In addition, any decrease in the value of our investment and derivatives portfolios may result in a decrease in our capital ratios, which could impair our ability to engage in lending activity at the levels we currently anticipate.
Such derivative transactions also subject us to market, credit and operational risks, including basis risk (the risk of loss associated with variations in the spread between the asset yield and the funding or hedge cost) and credit or default risk (the risk of insolvency or other inability of the counterparty to a particular transaction to perform its obligations thereunder). Further, the execution and performance of these transactions depend on our ability to maintain adequate control and administration systems. Our ability to adequately monitor, analyze and report derivative transactions continues to depend, largely, on our information technology systems. These factors further increase the risks associated with these transactions.
Liquidity and funding risks are inherent in our business. Because our principal sources of funds are short-term deposits, a sudden shortage of funds would heighten our liquidity risk and increase our costs of funding.
Liquidity risk is the risk that we either do not have available sufficient financial resources to meet our obligations as they become due or can secure them only at excessive cost. This risk is inherent in our business and can be heightened by a number of factors, including over-reliance on a particular source of funding, changes in credit ratings or market-wide phenomena such as market dislocation. Constraints in the supply of liquidity, including in interbank lending, can materially and adversely affect the cost of funding our business, and extreme liquidity constraints may affect our current operations, our growth potential and our ability to fulfill regulatory liquidity requirements.
We currently rely primarily on retail deposits as our main source of funding. As of December 31, 2022, we had US$15.8 billion of retail deposits, 95.5% of which were payable on demand, while we had US$14.2 billion of cash and cash equivalents and securities, composed substantially of liquid government bonds, and US$2.8 billion in compulsory and other deposits at central banks. The ongoing availability of funding through retail deposits is sensitive to a variety of factors beyond our control, including general economic conditions, the confidence of retail depositors in the economy, in the financial services industry and in us, the availability and extent of deposit guarantees and competition for deposits between banks or with other products. Any of these factors could significantly increase the amount of retail deposit withdrawals that we experience in a short period of time, thereby reducing our ability to access retail deposit funding on economically appropriate and reasonable terms, or at all, in the future. This would have a material adverse effect on our results of operations, financial condition and prospects.
Form 20-F | 2022 | 32 |
| |
Increases in our costs of funding would also increase our liquidity risk. Our cost of obtaining funds is directly related to prevailing interest rates and to our credit spreads, with increases in these factors increasing our cost of funding. Credit spread variations are market driven and may be influenced by market perceptions of our creditworthiness. Changes to interest rates and our credit spreads occur continuously and may be unpredictable and highly volatile. Disruption and volatility in the global financial markets could have a material adverse effect on our ability to access capital and liquidity on financial terms acceptable to us, or at all. In the event of a sudden or unexpected shortage of funds in the banking system, we cannot guarantee that we will be able to maintain levels of funding without incurring high funding costs, a reduction in the term of funding instruments or the liquidation of certain assets, which would materially adversely affect our business. Further, if the supply of retail deposits decreases or ceases to become available, we may be forced to raise the rates we pay on deposits, with a view to attracting more customers, and if retail deposits become excessively expensive, we may be forced to sell assets, potentially at depressed prices. The persistence or worsening of these adverse market conditions or an increase in base interest rates could have a material adverse effect on our ability to access liquidity and could increase our cost of funding, which would adversely affect our results of operations and financial condition.
Our ability to manage our funding base may also be affected by changes in regulation, including the compulsory reserve requirements applicable to our operating subsidiaries in Brazil. For more information on Brazil’s compulsory reserve requirements, see “—Risks Relating to Regulatory Matters and Litigation—Increases in reserve, compulsory deposit, minimum capital and contributions to deposit insurance requirements may have a material adverse effect on us.”
Changes in market and economic conditions could adversely affect our loan portfolio and decrease the demand for our products and services.
The financial markets, and in turn the financial services industry, are affected by many factors, such as U.S. and foreign economic conditions and general trends in business and finance that are beyond our control, which could be adversely affected by changes in the equity or debt marketplaces, unanticipated changes in currency exchange rates, interest rates, inflation rates, the yield curve, financial crises, war, terrorism, natural disasters and other factors that are difficult to predict. A severe or prolonged downturn or periods of market turmoil in the U.S., Brazilian, Mexican, Colombian or international financial markets (or in other foreign markets in the jurisdictions in which we currently or may in the future operate) could materially and adversely affect the liquidity, credit ratings, businesses and financial conditions of our borrowers, which could in turn increase our non-performing loan ratios, impair our loan and other financial assets and result in decreased demand for borrowings in general. Specifically, we have credit exposure to borrowers which have entered or may shortly enter into insolvency or similar proceedings. We may experience material losses from this exposure. In addition, investments may lose value and our investment customers may choose to withdraw assets or transfer them to investments that they perceive to be more secure, which would adversely affect our income and liquidity positions. Any downturn in financial markets could have a material adverse effect on our results of operations, financial condition or business.
Form 20-F | 2022 | 33 |
| |
We may not be able to generate sufficient cash to service our indebtedness and may be forced to take other actions to satisfy our obligations under the terms of our indebtedness, which may not be successful.
As of December 31, 2022, we had total indebtedness of US$617.4 million (comprising US$11.5 million in instruments eligible as capital, US$585.6 million in borrowings and financing and US$20.4 million in lease liabilities). Our ability to make scheduled payments on or to refinance our indebtedness depends on our financial condition and operating performance, which are subject to prevailing economic and competitive conditions and certain financial, business and other factors beyond our control. We may not be able to maintain a level of cash flow from operating activities sufficient to permit us to pay the principal and interest on our indebtedness. If our cash flows and capital resources are insufficient to fund our debt service obligations, we may be forced to reduce or delay acquisitions and capital expenditures, sell assets, seek additional capital or restructure or refinance our indebtedness. Our ability to restructure or refinance indebtedness will depend on the condition of the capital markets and our financial condition at such time. Any refinancing of indebtedness could be at higher interest rates and may require us to comply with more onerous covenants, which could further restrict our business operations.
The terms of existing or future debt instruments may restrict us from adopting some of these alternatives. Our existing credit facilities contain restrictive covenants, including customary limitations on the incurrence of certain indebtedness and liens. Our ability to comply with these covenants may be affected by events beyond our control, and breaches of these covenants could result in a default under our credit facilities and any future financing agreements into which we may enter, which in turn could cause our outstanding indebtedness under our credit facilities and any future financing agreements that we may enter into under these terms to become immediately due and payable.
In addition, any failure to make payments of interest and principal on our outstanding indebtedness on a timely basis could harm our ability to incur additional indebtedness. In the absence of sufficient cash flows and capital resources, we would face substantial liquidity problems and might be required to dispose of material assets or operations to meet our debt service and other obligations. See “Item 5. Operating and Financial Review and Prospects—B. Liquidity and Capital Resources” for more information. Any of these circumstances could adversely affect our results of operations, financial condition or business.
Our holding company structure makes us dependent on the operations of our subsidiaries.
As a holding company, our corporate purpose is to invest, as a partner or shareholder, in other companies, consortia or joint ventures in Brazil, Mexico and Colombia, where most of our operations are located, and outside of these jurisdictions. Accordingly, our material assets are our direct and indirect equity interests in our subsidiaries, and we are therefore dependent upon the results of operations of and, in turn, the payments, dividends and distributions from, our subsidiaries for funds to pay our operating and other expenses and to pay future cash dividends or distributions, if any, to holders of our Class A ordinary shares or BDRs. We may be required to pay taxes on distributions made by our operating subsidiaries to us under the local laws applicable to such subsidiaries. For example, despite the new government in Brazil, elected in 2022, having announced that it will begin the tax reform with the simplification of taxes on consumption, we believe it is very likely that in another instance they will address the income taxes on the distribution of dividends. There are some bills before Congress about taxation on dividends (eg. Bill No. 2,337/21) and any imposition of or increases in the taxation on the distribution of dividends (or similar payments or distributions, such as interest on shareholders’ equity) may adversely affect us.
In addition, the payments, dividends and distributions from our subsidiaries to us for funds to pay future cash dividends or distributions, if any, to holders of our Class A ordinary shares or BDRs could be restricted under financing arrangements that we or our subsidiaries may enter into in the future, and such subsidiaries may be required to obtain the approval of lenders to make such payments to us. Furthermore, we may be adversely affected if the governmental authorities of the jurisdictions in which we operate impose legal restrictions on dividend distributions by our local subsidiaries, and exchange rate fluctuations will affect the U.S. dollar value of any distributions our subsidiaries make with respect to our equity interests in those subsidiaries.
Form 20-F | 2022 | 34 |
| |
We rely on the Mastercard payment scheme to process our transactions. If we fail to comply with the applicable requirements of the Mastercard payment scheme, Mastercard could seek to fine us, suspend us or terminate our registration, which would have a material adverse effect on our business, financial condition and results of operations.
We rely on payment schemes to process our transactions, and a significant source of our revenue comes from processing transactions through the Mastercard payment scheme. We must pay a fee for this service, and from time to time, the payment schemes may increase the fees that they charge for each transaction using one of their cards, subject to certain limitations.
Payment networks establish their own rules and standards that allocate liabilities and responsibilities among the payment networks and their participants. These rules and standards, including the Payment Card Industry Data Security Standard, govern a variety of areas, including how consumers and customers may use their cards, the security features of cards, security standards for processing, data protection and information security and allocation of liability for certain acts or omissions, including liability in the event of a data breach. The payment schemes routinely update and modify their requirements; the payment card networks could adopt new operating rules or interpret or reinterpret existing rules that we or our processors might find difficult or even impossible to follow or costly to implement. These changes may be made for any number of reasons, including as a result of changes in the regulatory environment, to maintain or attract new participants or to serve the strategic initiatives of the networks, and may impose additional costs and expenses on or be disadvantageous to us. Such changes may impact our ongoing cost of doing business, and we may not, in every circumstance, be able to pass through such costs to our customers. For example, changes in the payment card network rules regarding chargebacks may affect our ability to dispute chargebacks and the amount of losses we incur from chargebacks. If we fail to make such changes or otherwise resolve the issue with the payment card networks, the networks could disqualify us from processing transactions if satisfactory controls are not maintained, which would have a material adverse effect on our business, financial condition and results of operations.
We are subject to audit by the payment networks to ensure compliance with applicable rules and standards, and may be directly liable to the payment card networks for rule violations. If we do not comply with the payment scheme requirements, the payment schemes could seek to fine us, suspend us or terminate our registrations that allow us to process transactions on their schemes, and we could lose our ability to make payments using virtual cards or any other payment form factor enabled by the network. If we are unable to recover amounts relating to fines from or pass through costs to our customers or other associated participants, we would experience a financial loss. The termination of our registration due to failure to comply with the applicable requirements of the Mastercard payment scheme, or any changes in the payment scheme rules that would impair our registration, could require us to stop using the Mastercard payment scheme to process our transactions, which would have a material adverse effect on our business, financial condition and results of operations.
Form 20-F | 2022 | 35 |
| |
We may require additional capital in the future, which may not be available on acceptable terms or at all.
In the future, we may need to raise additional capital to fund our expansion (organically or through strategic acquisitions), to develop new or enhanced services or products or to respond to competitive pressures, or to comply with regulatory capital adequacy requirements discussed in “Item 4. Information on the Company—B. Business Overview—Regulatory Overview—Brazil—Other Rules—Prudential Framework and Limits of Exposure.” Such financing may not be available on terms favorable to us or at all. If adequate funds are not available or are not available on acceptable terms, we may not be able to fund our expansion, take advantage of acquisition opportunities, develop or enhance services or products or respond to competitive pressures, which would have a material adverse effect on our business, results of operations and financial condition. If we raise additional funds through the issuance of equity or convertible debt securities, our shareholders will experience dilution and the securities that we issue may have rights, preferences and privileges senior to those of our Class A ordinary shares, and the market price of our Class A ordinary shares and BDRs could decline. Any additional funds raised through debt financing will likely require our compliance with restrictive covenants that impose operating and financial restrictions on us, including restrictions on our ability to incur additional indebtedness, create liens, make acquisitions, dispose of assets and make restricted payments, among others. See “Item 5. Operating and Financial Review and Prospects—B. Liquidity and Capital Resources—Indebtedness.” In addition, such indebtedness may require us to maintain certain financial ratios. These restrictions may limit our ability to obtain future financings, to withstand a future downturn in our business or the economy in general, or to otherwise conduct necessary corporate activities. A breach of any such covenant would likely result in a default under the applicable agreement, which, if not waived, could result in acceleration of the indebtedness outstanding.
Risks Relating to Intellectual Property, Privacy and Cybersecurity
Unauthorized disclosure of sensitive or confidential customer information or our failure or the perception by our customers that we failed to comply with privacy laws or properly address privacy concerns could harm our reputation, business, financial condition and results of operations
We collect, store, handle, transmit, use and otherwise process certain personal information and other customer data in our business. A significant risk associated with our operations is the secure transmission of confidential information over public networks. The perception of privacy concerns, whether or not valid, may harm our business and results of operations. We must ensure that all collection, use, storage, dissemination, transfer, disposal and other processing of data for which we are responsible comply with relevant data protection and privacy laws. The protection of our customer, employee and company data is critical to us. We rely on commercially available systems, software, tools and monitoring to provide secure processing, transmission and storage of confidential customer information, such as credit card and other personal information. Despite the security measures we have in place, our facilities and systems, and those of our third-party service providers, may be vulnerable to security breaches, acts of vandalism, computer viruses, misplaced or lost data, programming or human errors or other similar events.
In February 2022, an environment in NuInvest was unavailable for a short period of time as part of a distributed denial of service, or “DDoS”, as a result of a cybersecurity attack initiated by external agents that had limited impact on the authentication flow during the attack and did not result in financial losses to us or our customers. The incident was mitigated by adjusting our web application firewall to filter those malicious requests, followed by post-incident actions to strengthen our protections against this type of attack. As a consequence, we were able to reduce the impact of this unavailability of NuInvest investment products for consumers and prevent new denial of service attempts against our investments ecosystem.
Any security breach, or any perceived failure involving the misappropriation, loss or other unauthorized disclosure of confidential information, as well as any failure or perceived failure to comply with laws, policies, legal obligations or industry standards regarding data privacy and protection, whether by us or our vendors, could damage our reputation, expose us to litigation risk and liability, subject us to negative publicity, disrupt our operations and harm our business. Our security measures may fail to prevent security breaches, which could harm our business, financial condition and results of operations.
Form 20-F | 2022 | 36 |
| |
Unauthorized disclosure of, improper access to, or destruction or modification of data through cybersecurity breaches, computer viruses or otherwise, or disruptions to our systems or services, could expose us to liability, protracted and costly litigation and damage our reputation.
Our business involves the collection, storage, transmission and other processing of customers’ personal data, including names, addresses, identification numbers, account numbers, account balances, loan positions and trading and investment portfolio information. We also have arrangements in place with certain third-party service providers that require us to share certain customer information. Our and such third parties’ ability to protect such personal data and customer information is dependent on our ability to prevent cybersecurity breaches and unauthorized access and disclosure.
An increasing number of organizations, including large customers and businesses, other large technology companies, financial institutions and government institutions have disclosed breaches of their information security systems, some of which have involved sophisticated and highly targeted attacks, including on portions of their websites, networks or infrastructure, or those of third parties who provide services to them. Information security risks for financial and technology companies such as ours in particular have significantly increased recently, in part because of new technologies, the use of the Internet and telecommunications technologies (including mobile devices) to conduct financial and other business transactions and the increased sophistication and activities of organized crime, hackers, terrorists and other external parties. For example, in 2020, we experienced a phishing attack that compromised two Nu employee corporate accounts and resulted in an unauthorized disclosure of an immaterial amount of confidential data (though it did not result in direct financial losses or harm our strategic plans or business operations or legal proceedings). Because of our position in the payments value chain, we believe that we are likely to continue to be a target of such threats and attacks. In addition, due to the size and complexity of our technology platform and services, the amount of personal data and other data that we store and the number of customers, employees and third-party providers with access to personal data and other data, we may be the target of a variety of intentional and inadvertent cybersecurity attacks and other security-related incidents and threats, which could result in a material adverse effect on our reputation, business, financial condition and results of operation.
The techniques used to obtain unauthorized, improper or illegal access to our systems, our data or our customers’ data, to disable or degrade service, or to sabotage systems are constantly evolving may be difficult to detect quickly and often are not recognized until launched against a target. Unauthorized parties may attempt to gain access to our systems or facilities through various means, including, among others, hacking into our systems or those of our customers, partners or vendors, attempting to fraudulently induce our employees, customers, partners, vendors or other users of our systems into disclosing usernames, passwords, payment card information or other sensitive information, which may in turn be used to access our information technology systems, or installing malicious software. Certain efforts may be supported by significant financial and technological resources, making them even more sophisticated and difficult to detect.
Although we have developed systems and processes that are designed to protect our networks, applications, accounts and the confidentiality, integrity and availability of data and customer data and our information technology systems and to prevent data loss and other security breaches, and expect to continue to expend significant additional resources to bolster these protections, these security measures cannot provide absolute security and there can be no assurance that our safety and security measures (and those of our third-party providers) will prevent damage to, or interruption or breach of, our information systems and operations. Our information technology and infrastructure may be vulnerable to cyberattacks or security breaches, and third parties may be able to access our customers’ personal or proprietary information and card data that are stored on or accessible through those systems. In addition to traditional computer “hackers,” malicious code (such as viruses and worms), phishing, ransomware, social engineering attacks, unauthorized access or misuse and denial-of-service attacks, sophisticated criminal networks as well as nation-state and nation-state supported actors now engage in attacks, including advanced persistent threat intrusions. Our security measures may also be breached due to human error, malfeasance, fraud or malice on the part of employees, accidental technological failures, system errors or vulnerabilities, or other irregularities. Further, nearly all of our employees are working remotely, which may cause heightened vulnerability to cyberattacks across our business and those of our service providers. In the event our or our third-party providers’ protection efforts are unsuccessful and our systems or solutions are compromised, we could suffer substantial harm.
Form 20-F | 2022 | 37 |
| |
Our Audit and Risk Committee has oversight responsibilities over cybersecurity risk management and meets at least quarterly with our management to discuss financial and non-financial risks and internal controls, including information security and cybersecurity matters and our cybersecurity program. In particular, our Audit and Risk Committee is involved in the oversight of our cybersecurity policies and procedures and is periodically updated on material cybersecurity risks and cybersecurity issues, if any, by management. Our Audit and Risk Committee also communicates with our independent audit firm regarding their annual audit procedures. Nevertheless, there can be no assurance that we can prevent service interruptions or security breaches in our systems or the unauthorized or inadvertent wrongful use or disclosure of confidential information that could adversely affect our business operations or result in the loss, misappropriation or unauthorized access to or use or disclosure of, or the prevention of access to, confidential information.
Any actual or perceived cybersecurity attacks, security breaches, phishing attacks, ransomware attacks, computer malware, computer viruses, computer hacking attacks, unauthorized access, coding or configuration errors or similar incidents experienced by us or our third-party service providers could interrupt our operations, result in our systems or services being unavailable, result in the loss, compromise corruption or improper disclosure of data or personal data, subject us to regulatory or administrative investigations and orders, litigation, disputes, sanctions, indemnity obligations, damages for contract breach or penalties for violation of applicable laws or regulations, impair our ability to provide our solutions and meet our customers’ requirements, materially harm our reputation and brand, result in significant legal and financial exposure (including customer claims), lead to loss of customer confidence in, or decreased use of, our products and services, and adversely affect our business, financial condition and results of operations. In addition, any breaches of network or data security at our customers, partners or third-party service providers (including data center and cloud computing providers) could have similar negative effects. We could be forced to expend significant financial and operational resources in response to a security breach, including repairing system damage, increasing security protection costs by deploying additional personnel and modifying or enhancing our protection technologies, investigating and remediating any information security vulnerabilities and defending against and resolving legal and regulatory claims, all of which could divert resources and the attention of our management and key personnel and materially and adversely affect our business, financial condition and results of operations.
Specifically, because we leverage third-party providers, including cloud, software, data center and other critical technology vendors to deliver our solutions to our customers, we rely heavily on the data security technology practices and policies adopted by these third-party providers. Such third-party providers have access to personal data and other data about our customers and employees, and some of these providers in turn subcontract with other third-party providers. Our ability to monitor our third-party providers’ data security is limited. A vulnerability in a third-party provider’s software or systems, a failure of our third-party providers’ safeguards, policies or procedures, or a breach of a third-party provider’s software or systems could result in the compromise of the confidentiality, integrity or availability of our systems or the data housed in our third-party solutions.
Form 20-F | 2022 | 38 |
| |
Many jurisdictions have enacted laws requiring companies to notify individuals, regulatory authorities and others of security breaches involving certain types of data or information technology systems. Security compromises experienced by others in our industry, our customers, our third-party service providers or us may lead to public disclosures and widespread negative publicity. Any security compromise in our industry, whether actual or perceived, could erode customer confidence in the effectiveness of our security measures, negatively impact our ability to attract new customers, cause existing customers to elect not to renew or expand their use of our platform, services and products or subject us to third-party lawsuits, regulatory fines or other actions or liabilities, which could materially and adversely affect our business, financial condition and results of operations
Likewise, agreements with certain service providers may require us to notify them in the event of a security breach. Such mandatory disclosures are costly, could lead to negative publicity, may cause our customers to lose confidence in the effectiveness of our security measures and require us to expend significant capital and other resources to respond to and alleviate problems caused by the actual or perceived security breach. Further, a data security compromise or operational disruption impacting us or one of our critical vendors, or system unavailability or damage due to other circumstances, may give rise to a customer’s right to terminate its contract with us. In these circumstances, it may be difficult or impossible to cure such a breach in order to prevent customers from potentially terminating their contracts with us. Furthermore, although our customer contracts typically include limitations on our potential liability, we cannot guarantee that such limitations of liability would be adequate.
Additionally, although we maintain insurance policies covering cyber-attacks, such policies may not be adequate to reimburse us for losses caused by security breaches, and we may not be able to collect fully, if at all, under these policies. The successful assertion of one or more large claims against us that exceed available insurance coverage, or the occurrence of changes in our insurance policies, including premium increases in or the imposition of large deductible or coinsurance requirements, could adversely affect our business, financial condition and results of operations.
For information on the data protection and privacy laws and regulations to which we are subject and the risks associated therewith, see “—Risks Relating to Regulatory Matters and Litigation—We are subject to costs and risks associated with enhanced or changing laws and regulations affecting our business, including those relating to data privacy, security and protection. Developments in these and other laws and regulations could harm our business, financial condition or results of operations.”
Claims by others that we infringe their proprietary technology or other rights could have a material and adverse effect on our business, financial condition and results of operations.
We may be subject to costly litigation in the event that third parties assert claims that our services or technology infringe, misappropriate or otherwise violate their intellectual property or proprietary rights. Third parties may have, or may eventually be issued, patents that could be infringed, misappropriated or otherwise violated by our services or technology, and any of these third parties could make a claim of infringement against us. As we face increasing competition and gain an increasingly high profile, the possibility of intellectual property rights claims against us grows. We may also be subject to claims by third parties for breach of copyright, trademark, license usage or other intellectual property rights. Any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit and regardless of the outcome, could cause us to incur substantial costs defending against the claim, distract our management from our business, require us to redesign or cease use of such intellectual property, pay substantial amounts to satisfy judgments or settle claims or lawsuits, pay substantial royalty or licensing fees, or satisfy indemnification obligations that we have with certain parties with whom we have commercial relationships. The outcome of any allegation is often uncertain. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. In addition, any claim of infringement, misappropriation or other violation of intellectual property rights by a third party, even those without merit and regardless of the outcome, may result in a limitation on our ability to use the intellectual property subject to these claims or could prevent us from registering our brands as trademarks. Additionally, in recent years, individuals and groups have been purchasing intellectual property assets for the sole purpose of making claims of infringement and attempting to extract settlements from companies like ours. Even if we believe that such claims are without merit, defending against such claims is time-consuming and expensive and could result in the diversion of the time and attention of our management and employees.
Form 20-F | 2022 | 39 |
| |
Claims of intellectual property infringement, misappropriation or other violation also might require us to redesign around such violated services, which may be expensive, time-consuming or infeasible, enter into costly settlement or license agreements, pay costly damage awards (including treble damages and attorneys’ fees if we are found to have willfully infringed a patent or other intellectual property right), change our brands or face a temporary or permanent injunction prohibiting us from commercializing, using, marketing or selling the violating technology, products or services or using certain of our brands. We may not be able to obtain any required license on commercially reasonable terms or at all. Even if we were able to obtain a license, it could be non-exclusive, thereby giving our competitors and other third parties access to the same technologies licensed to us, and it could require us to make substantial licensing and royalty payments.
Claims that we have misappropriated the confidential information or trade secrets of third parties could similarly harm our business. If we are required to make substantial payments or undertake any of the other actions noted above as a result of any intellectual property infringement, misappropriation or violation claims against us, such payments, costs or actions could have a material adverse effect on our competitive position, business, financial condition and results of operations.
Additionally, in certain of our agreements with customers and other third parties, we agree to indemnify them for losses related to, among other things, claims by third parties of intellectual property infringement, misappropriation or other violation. From time to time, customers or other third parties have required, and may in the future require, us to indemnify them for such infringement, misappropriation or violation, breach of confidentiality or violation of applicable law, among other things. Although we normally seek to contractually limit our liability with respect to such obligations, some of these indemnity agreements may provide for uncapped liability and some indemnity provisions survive termination or expiration of the applicable agreement. Any legal claims from customers or other third parties could result in substantial liabilities and reputational harm, and could have adverse effects on our relationship with such customers and other third parties. Even if we have an agreement for indemnification against such costs, the indemnifying party, if any, may be unable to uphold its contractual obligations. Any of the foregoing could negatively impact our business, revenue and earnings.
Form 20-F | 2022 | 40 |
| |
Our intellectual property rights are valuable, and any inability to protect them could reduce the value of our products, services and brand.
We believe the protection of our intellectual property, including our trademarks, patents, copyrights, domain names, trade dress, trade secrets, software and industrial designs, is critical to our success. We rely on, and expect to continue to rely on, a combination of contractual rights in various agreements with our employees, independent contractors, consultants and third parties with whom we have relationships, as well as trademarks and trade secrets in the United States, Brazil, Argentina, Mexico, Colombia and elsewhere internationally to establish and protect our intellectual property and proprietary rights, including technology. Third parties may challenge, invalidate, circumvent, infringe, misappropriate or otherwise violate our intellectual property and other proprietary rights, or such intellectual property may not be sufficient to permit us to take advantage of current market trends or otherwise to provide competitive advantages, which could result in costly redesign efforts, discontinuance of certain service offerings or other competitive harm. Others, including our competitors, may independently develop similar technology, duplicate our services or design around our intellectual property, and in such cases, we could not assert our intellectual property rights against such parties. Despite our efforts to protect our proprietary rights, there can be no assurance that our intellectual property rights will be sufficient to protect against others offering products or services that are substantially similar to ours and compete with our business or to prevent unauthorized parties from copying aspects of our technology. For example, it is possible that third parties, including our competitors, may obtain patents that overlap or compete with our technology. If third parties obtain patent protection with respect to such technologies, they may assert that our technology infringes their patents and seek to charge us a licensing fee or otherwise preclude the use of our technology.
In addition to registered intellectual property rights such as trademark registrations, we rely on non-registered proprietary information and technology, such as trade secrets, confidential information, know-how and technical information. In order to protect our proprietary information and technology, we rely in part on nondisclosure and confidentiality agreements with parties who have access to them, including our employees, independent contractors, corporate collaborators, advisors and other third parties, which place restrictions on the use and disclosure of this intellectual property. We also enter into confidentiality and invention assignment agreements with our employees and consultants. We cannot guarantee that we have entered into such agreements with each party that may have or have had access to our trade secrets or proprietary information or otherwise developed intellectual property for us, including our technology and processes. Individuals not subject to invention assignment agreements may make adverse ownership claims to our current and future intellectual property. Additionally, these agreements may be insufficient or breached, or otherwise fail to prevent unauthorized use or disclosure of our confidential information, intellectual property or technology, and may not provide an adequate remedy in the event of unauthorized use or disclosure of our confidential information, intellectual property or technology. As a result, our intellectual property, including trade secrets, may be disclosed or become known to our competitors, which could cause us to lose any competitive advantage resulting from this intellectual property. Additionally, to the extent that our employees, independent contractors or other third parties with whom we do business use intellectual property owned by others in their work for us, disputes may arise as to the rights in related or resulting know-how and inventions.
Further, we may be unable to obtain trademark protection for our technologies and brands, and our existing trademark registrations and applications, and any trademarks that may be used in the future, may not provide us with competitive advantages or distinguish our products and services from those of our competitors. In addition, our trademarks may be contested, circumvented or found to be unenforceable, weak or invalid, and we may not be able to prevent third parties from infringing or otherwise violating them.
Form 20-F | 2022 | 41 |
| |
We may have to litigate to enforce or determine the scope and enforceability of our intellectual property rights, trade secrets and know-how, which is expensive, could cause a diversion of resources and may not prove successful. Furthermore, because of the substantial amount of discovery required in connection with intellectual property litigation, there is a risk that some of our confidential information could be compromised by disclosure during this type of litigation. An adverse outcome in such litigation or proceedings may expose us to a loss of our competitive position, expose us to significant liabilities or require us to seek licenses that may not be available on commercially acceptable terms, if at all. Further, we will not be able to protect our intellectual property rights if we are unable to enforce our rights, and effective intellectual property protection may not be available in every country in which we offer our products and services. The laws of certain countries where we do business or may do business in the future may not recognize intellectual property rights or protect them to the same extent as do the laws of the United States. In addition, any changes in, or unexpected interpretations of, intellectual property laws may compromise our ability to enforce our trade secret and intellectual property rights. Failure to obtain or maintain protection of our trade secrets or other proprietary information could harm our competitive position and materially and adversely affect our business and results of operations.
Also, because of the rapid pace of technological change in our industry, aspects of our business and our services rely on technologies developed or licensed by third parties, and we may not be able to obtain or continue to obtain licenses and technologies from these third parties on reasonable terms or at all. See “—Our business and platform depend in part on intellectual property and proprietary rights and technology licensed from or otherwise made available to us by third parties. If we fail to comply with our obligations under license or technology agreements with third parties, we may be required to pay damages and we could lose license rights that are critical to our business.” The loss of intellectual property protection, the inability to obtain third-party intellectual property or delay or refusal by relevant regulatory authorities to approve pending intellectual property registration applications could harm our business and ability to compete.
Our use of third-party open source software could negatively affect our ability to offer and sell our solutions and subject us to possible litigation.
Our solutions incorporate and are dependent to some extent on the use and development of third-party open source software, including Python, Java, JavaScript, Flutter, Dart, Swift, among others programming languages, and we intend to continue our use and development of open source software in the future. Such open source software is generally licensed by its authors or other third parties under open source licenses and is typically freely accessible, usable and modifiable. Pursuant to such open source licenses, we may be subject to certain conditions, including requirements that we offer our proprietary software that incorporates open source software for no cost, that we make available source code for modifications or derivative works we create based upon, incorporating or using the open source software and that we license such modifications or derivative works under the terms of the particular open source license. If an author or other third party that uses or distributes such open source software were to allege that we had not complied with the conditions of one or more of these licenses, we could be required to incur significant legal expenses defending against such allegations and could be subject to significant damages, enjoined from the use or sale of our solutions that contained or are dependent upon the open source software and required to comply with the foregoing conditions, which could disrupt the distribution and sale of some of our products and services. Additionally, we could face claims from third parties claiming ownership of, or demanding release of, any open source software or derivative works that we have developed using such software, which could include proprietary source code, or otherwise seeking to enforce the terms of the applicable open source license. These claims could result in litigation and could require us to make our software source code freely available, which would put us at a competitive disadvantage, purchase a costly license (with binding clauses that restrict our ability to commercialize and develop the implicated products or services), or cease offering the implicated products or services unless and until we can re-engineer such source code in a manner that avoids infringement. This reengineering process could require us to expend significant additional research and development resources, and we may not be able to complete the re-engineering process successfully. Litigation could be costly for us to defend, have a negative effect on our financial condition and results of operations or require us to devote additional research and development resources to change the source code underlying our platform, products and services. The terms of many open source licenses to which we are subject have not been interpreted by courts, and there is a risk that open source software licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to provide, or distribute the products or services related to, the open source software subject to those licenses. As there is little or no legal precedent governing the interpretation of many of the terms of certain of these licenses, the potential impact of these terms on our business is uncertain and may result in unanticipated obligations regarding our solutions and technologies.
Form 20-F | 2022 | 42 |
| |
In addition to risks related to license requirements, use of open source software can lead to greater risks than use of third-party commercial software, as open source licensors generally do not provide warranties, indemnification or other contractual protections regarding infringement claims or the quality of the code, controls on the origin or development of the software, or remedies against the licensors. Many of the risks associated with usage of open source software cannot be eliminated and could adversely affect our business. Although we seek to comply with our obligations under the various applicable licenses for open source software, it is possible that we may not be aware of all instances where open source software has been incorporated into our proprietary software or used in connection with our solutions or our corresponding obligations under open source licenses. We do not have open source software usage policies or monitoring procedures in place. We rely on multiple software programmers to design our proprietary software and we cannot be certain that our programmers have not incorporated open source software into our proprietary software that we intend to maintain as confidential or that they will not do so in the future. To the extent that we are required to disclose the source code of certain of our proprietary software developments to third parties, including our competitors, in order to comply with applicable open source license terms, such disclosure could harm our intellectual property position, competitive advantage, financial condition and results of operations. In addition, to the extent that we have failed to comply with our obligations under particular licenses for open source software, we may lose the right to continue to use and exploit such open source software in connection with our operations and solutions, which could disrupt and adversely affect our business.
Our business and platform depend in part on intellectual property and proprietary rights and technology licensed from or otherwise made available to us by third parties. If we fail to comply with our obligations under license or technology agreements with third parties, we may be required to pay damages and we could lose license rights that are critical to our business.
Our business and platform depend in part on intellectual property and proprietary rights and technology licensed from or otherwise made available to us by third parties and, in the future, we may enter into additional agreements that grant us valuable intellectual property licenses or rights to technology. If we fail to comply with our obligations under license or technology agreements with third parties, we may be required to pay damages and we could lose license rights that are critical to our business.
Our business and our platform rely in part on certain intellectual property, including technologies, data, content and software developed and licensed to us by third parties, and in the future we may enter into additional agreements that provide us with licenses to valuable intellectual property or technology. If we fail to comply with any of the obligations under our license agreements, we may be required to pay damages and the licensor may have the right to terminate the license. Termination by the licensor would cause us to lose valuable rights, and could prevent us from selling our products and services, or inhibit our ability to commercialize future products and services. Our business would suffer if any current or future licenses terminate, if the licensors fail to abide by the terms of the license, if the licensors fail to enforce licensed patents against infringing third parties, if the licensed intellectual property rights are found to be invalid or unenforceable, or if we are unable to enter into necessary licenses on acceptable terms.
Form 20-F | 2022 | 43 |
| |
In addition, our rights to certain technologies are licensed to us on a non-exclusive basis. The owners of these non-exclusively licensed technologies are therefore free to license them to third parties, including our competitors, on terms that may be superior to those offered to us, which would place us at a competitive disadvantage. Moreover, our licensors may own or control intellectual property that has not been licensed to us and, as a result, we may be subject to claims, regardless of their merit, that we are infringing or otherwise violating the licensor’s rights. In addition, the agreements under which we license intellectual property or technology from third parties are generally complex, and certain provisions in such agreements may be susceptible to multiple interpretations. The resolution of any contract interpretation disagreement that may arise could narrow what we believe to be the scope of our rights to the relevant intellectual property or technology, or increase what we believe to be our financial or other obligations under the relevant agreement.
Further, the licensed components may become obsolete, defective or incompatible with future versions of our services, relationships with the third-party licensors or technology providers may deteriorate, or our agreements with the third-party licensors or technology providers may expire or be terminated. Additionally, some of these licenses or other grants of rights may not be available to us in the future on terms that are acceptable, or at all, or that allow our platform, products and services to remain competitive. Our inability to obtain licenses or rights on favorable terms could have a material and adverse effect on our business and results of operations. Furthermore, incorporating intellectual property or proprietary rights licensed from or otherwise made available to us by third parties on a non-exclusive basis in our products or services could limit our ability to protect the intellectual property and proprietary rights in our services and our ability to restrict third parties from developing, selling or otherwise providing similar or competitive technology using the same third-party intellectual property or proprietary rights.
We seek to have all the necessary licenses and other grants of rights from third parties to use technology and software that we do not own. However, the licensing or acquisition of third-party intellectual property rights is a competitive area, and several more established companies may pursue strategies to license or acquire third-party intellectual property rights that we may consider attractive or necessary. These established companies may have a competitive advantage over us due to their size, capital resources and greater development or commercialization capabilities. In addition, companies that perceive us to be a competitor may be unwilling to assign or license rights to us. Even if such licenses are available, we may be required to pay the licensor substantial royalties based on sales of our products and services. Such royalties are a component of the cost of our products or services and may affect the margins on our products and services. Further, a third party could allege that we are infringing its rights. Our failure to obtain necessary licenses or other rights on acceptable terms, or litigation or claims arising out of intellectual property matters, may harm or restrict our business. In addition, we could be found liable for significant monetary damages, including treble damages and attorneys’ fees, if we are found to have willfully infringed a patent or other intellectual property right. Any such litigation or the failure to obtain any necessary licenses or other rights could adversely impact our business, financial position and results of operations.
Risks Relating to Regulatory Matters and Litigation
We are subject to extensive regulation and regulatory and governmental oversight as a digital banking platform and as a payment institution. Compliance with or violation of present or future regulations could be costly, expose us to substantial liability and force us to change our business practices, any of which could harm our business and results of operations.
Because we conduct the majority of our operations in Brazil, we are predominately subject to regulation under Brazilian law and by Brazilian authorities, some of which may be periodically amended or revoked. The Brazilian financial and payment markets and Brazilian financial and payment institutions are subject to extensive regulatory control by the Brazilian government, principally by the Central Bank of Brazil, the Brazilian Securities Commission (Comissão de Valores Mobiliários, or the “CVM”), the Brazilian Monetary Council (Conselho Monetário Nacional, or the “CMN”), and the Brazilian stock exchange (B3 S.A. – Brasil, Bolsa, Balcão, or the “B3”), which, in each case, materially affects our business.
Form 20-F | 2022 | 44 |
| |
Because certain of our subsidiaries are financial services payment institutions in Brazil, our business is subject to Brazilian laws and regulations relating to electronic payments in Brazil, including Federal Law No. 12,865/13, as well as to financial services, including Federal Law No. 4,595 of December 31, 1964, as amended, or the “Banking Law” and Federal Law No. 6,385/76 and related rules and regulations issued by the CMN, the Central Bank of Brazil, the CVM and, as a public company in Brazil, the CVM and the B3 with regard to the rules related to foreign issuers. In addition, the activity of one of our subsidiaries as an insurance broker is subject to various laws and regulations in Brazil, such as Federal Law No. 4,594/64, Decree Law No. 73/66 and certain other rules and regulations issued by the National Private Insurance Council (Conselho Nacional de Seguros Privados, or the “CNSP”) and the Brazilian Superintendence of Private Insurance (Superintendência de Seguros Privados, or the “SUSEP”), among others.
The laws, rules, and regulations that govern our business include those relating to deposit-taking, cross-border and domestic money transmission, foreign exchange, payments services (such as payment processing and settlement services), consumer financial protection, tax, anti-money laundering and terrorist financing and rules relating to unclaimed property. Specifically, we are subject to anti-money laundering and terrorist financing laws and regulations in multiple jurisdictions that prohibit, among other things, involvement in transferring the proceeds of criminal or terrorist activities. We could be subject to liability and forced to change our business practices if we were found to be subject to, or in violation of, any laws or regulations impacting our ability to maintain a banking account in the countries where we operate, or if existing or new legislation or regulations applicable to financial institutions in the countries where we maintain a banking account were to result in banks in those countries being unwilling or unable to establish and maintain banking accounts for us. As regulated payment and financial institutions in Brazil, certain of our operating subsidiaries are subject to rules and regulations relating to minimum equity capital, minimum net equity and other regulatory capital requirements and reference equity, compulsory deposits and contributions, internal controls, anti-money laundering, know your customer obligations, sanctions, ombudsman and customer service, internal auditing, cybersecurity and bank secrecy, among others. See “Item 4. Information on the Company—B. Business Overview—Regulatory Overview” for a detailed description of the regulatory requirements applicable to us and our operating subsidiaries. In addition, as our business continues to develop and expand, we may become subject to additional rules and regulations, which may limit or change how we conduct our business.
These laws, rules and regulations are enforced by multiple authorities and governing bodies in Brazil, including the Central Bank of Brazil, the CVM and the CMN. In their supervisory roles, the Central Bank of Brazil, the CVM and the CMN seek to maintain the safety and soundness of financial and payment institutions with the aim of strengthening the protection of customers and the financial system. Their continuing supervision of financial and payment institutions is conducted through a variety of regulatory tools, including the collection of information by way of prudential returns, reports obtained from skilled persons, visits to firms and regular meetings with management to discuss issues such as performance, risk management and strategy. As a result, we face increased supervisory scrutiny (resulting in increasing internal compliance costs and supervision fees), and in the event of a breach of our regulatory obligations we are likely to face more stringent scrutiny and potentially significant fines.
Form 20-F | 2022 | 45 |
| |
Changes in regulations in Brazil and international markets in which we operate may expose us to increased compliance costs and limit our ability to pursue certain business opportunities or provide certain products and services. The regulation governing Brazilian payment and financial institutions is continuously evolving, including as a result of political, economic and social events, and the Central Bank of Brazil has reacted actively and extensively to developments in our industry. Specifically, Brazilian regulators frequently update prudential standards in accordance with the recommendations of the Basel Committee on Banking Supervision, in particular with respect to capital and liquidity, which could impose additional significant regulatory burdens on us, including additional and material capital requirements applicable to certain of our subsidiaries’ activities as payment institutions. For instance, as a result of Public Consultation No. 78 of November 2020, the Central Bank of Brazil enacted a new framework providing for prudential rules applicable to payment institutions, (such as Nu Pagamentos), increasing the capital and prudential requirements to which we are subject. This framework includes Central Bank of Brazil Resolutions No. 197, 198, 199, 200, 201 and 202, all dated March 11, 2022. The new prudential requirements are expected to be enforceable according to an implementation calendar: the new rules are expected to come into force in July 2023, and full implementation is expected to take place in January 2025. As an example, if definitive regulation applicable to type 3 conglomerates - which will be the conglomerate led by Nu Pagamentos - had been in force as of December 31, 2022, Nu Pagamentos conglomerate would have been subject to a minimum regulatory capital of US$1 billion (R$5.3 billion) as of December 31, 2022, which would represent an increase of US$261 million (R$1.4 billion) compared to the requirements applicable jointly to Nu Pagamentos and Nu Financeira under current regulations. See “Item 4. Information on the Company—B. Business Overview—Regulatory Overview—Brazil—Other Rules—Prudential Framework and Limits of Exposure—Payment Institutions” for more information about potential changes to prudential regulations applicable to payment institutions in Brazil. Our operations could also be adversely affected by changes with respect to restrictions on remittances abroad and other exchange controls as well as by interpretations of the law by courts and agencies in a manner that differs from our legal advisors’ opinions. There can be no assurance that future changes in regulations or in their interpretation or application will not have a material adverse effect on us.
The measures of the Central Bank of Brazil and the amendment of existing laws and regulations, or the adoption of new laws or regulations, could adversely affect our ability to provide loans, make investments or render certain financial and payment services. No assurance can be given generally that laws or regulations will be adopted, enforced or interpreted in a manner that will not have a material adverse effect on our business and results of operations. As some of the Brazilian banking laws and regulations have been recently issued or become effective, the manner in which those laws and related regulations are applied to the operations of financial and payment institutions is still evolving. Moreover, to the extent that these recently adopted regulations are implemented inconsistently in Brazil, we may face higher compliance costs. Furthermore, regulatory authorities have substantial discretion in how to regulate financial and payment institutions, and this discretion, and the regulatory mechanisms available to the regulators, have been increasing during recent years. Regulation may be imposed on an ad hoc basis by governments and regulators (such as caps on interchange fees or interest rates, which could negatively affect our business, financial condition and results of operations given the importance of consumer credit products to our revenue), and these ad hoc regulations may especially affect financial institutions that may be deemed to be systemically important.
Although we have a compliance program focused on applicable laws, rules and regulations and are continually investing in this program, in the event of non-compliance with laws or regulations, we may nonetheless be subject to fines or other penalties in one or more jurisdictions levied by federal, state or local regulators, as well as those levied by foreign regulators. In addition to fines, penalties for failing to comply with applicable rules and regulations could include significant criminal and civil lawsuits, including against our management and controlling shareholder, disgorgement of profits, forfeiture of significant assets, loss of required licenses or approvals or other enforcement actions, including insolvency proceedings instituted by the Central Bank of Brazil. Any disciplinary or punitive action by our regulators or failure to obtain required operating authorizations could seriously harm our business and results of operations. We could also be required to make changes to our business practices or compliance programs as a result of regulatory scrutiny. In addition, any perceived or actual failure to comply with applicable laws, rules and regulations could have a significant impact on our reputation and could cause us to lose existing customers, prevent us from obtaining new customers, require us to expend significant funds to remedy problems caused by non-compliance and to avert further non-compliance.
Form 20-F | 2022 | 46 |
| |
We also have operations outside of Brazil, including in Mexico and Colombia, along with information technology and business support operations in Argentina, Germany and the United States. In particular, in Mexico, our products are offered by a financial institution (Sociedad Financiera Popular, subject to the Popular Savings and Credit Law). Similar to financial entities in Brazil, financial entities in Mexico are subject to extensive regulation and the oversight of the Mexican National Banking and Securities Commission (Comisión Nacional Bancaria de Valores, or the “CNBV”). Mexican authorities have been reviewing the regulations applicable to financial entities (for example, the enactment of the Fintech Law in 2018) and closely supervise financial technology companies. Changes to these laws and other applicable laws and regulations (for instance, regarding open banking, cybersecurity, customer digital onboarding) have been discussed by the Mexican regulators, and could materially affect our operations in Mexico. In Colombia, our credit card product is offered by a commercial entity that is subject to extensive regulation, including those governing consumer protection (namely Law No. 1,480 of 2011, Decree No. 1,074 of 2015 and the Sole Circular of the Industry and Trade Superintendence) and data protection (Law No. 1,581 of 2012). In addition, interest rates in Colombia are capped, as provided in the Colombian Commercial and Criminal Codes. Our activities in Colombia are subject to the supervision of the Industry and Trade Superintendence with regards to consumer relations, data protection and antitrust. Furthermore, the new Colombian Government has shown concrete intentions to promote inclusion and competition via new open banking and instant payments regulation, expected to be discussed in 2023. Changes in these and other applicable laws or regulations in the countries in which we operate, or the adoption of new laws and related regulations, may require us to modify our business practices and may have an adverse effect on us.
Given the volume, granularity, frequency and scale of regulatory and other reporting requirements, we must maintain a clear data strategy to enable consistent data aggregation, reporting and management. Inadequate management information systems or processes, including those relating to risk data aggregation and risk reporting, could lead to a failure to meet regulatory reporting requirements or other internal or external information demands, and we may face supervisory measures as a result.
Certain ongoing legislative and regulatory initiatives under discussion by the Brazilian Congress, the Central Bank of Brazil, the Ministry of Finance and the broader payments industry may result in changes to the regulatory framework of the Brazilian payments and financial industries, which may have an adverse effect on our business and cause us to incur increased compliance costs.
In recent years, the Central Bank of Brazil issued several regulations related to the Brazilian payments market, aiming to increase the use of electronic payments, increase competitiveness in the sector, strengthen governance and risk management practices in the industry, encourage the development of new solutions and the differentiation of products to consumers and promote the increased use of electronic payment means. Such measures include the following regulations enacted by the Central Bank of Brazil: (i) Resolution No. 246, effective as of April 1, 2023 and which, among other matters, imposes a maximum limit for the interchange fee levied on (a) all prepaid card transactions in Brazil to 0.7%; and (b) all debit card transactions to 0.5%; (ii) Resolution of the Central Bank of Brazil No. 1/2020, which created the instant payment ecosystem; and (iii) Joint Resolution No. 1/2020, which governs the Open Financial System (Open Finance) initiative in Brazil.
In addition to such recently enacted regulations, the Brazilian Congress, Central Bank of Brazil and the broader payments industry are discussing legislative and regulatory initiatives that would modify the regulatory framework of the Brazilian payments and financial industries. For instance, the Brazilian Congress is considering enacting new legislation that, if signed into law as currently drafted, would limit interest rates, particularly for credit cards facilities (rotativo do cartão) and overdrafts facilities (cheque especial) – with regard to the latter, with limits that are more restrictive than those already recently imposed by the Central Bank of Brazil (maximum of 8% monthly rate and 150% yearly rate).
Form 20-F | 2022 | 47 |
| |
These discussions are in various phases of development, whether as part of legislative, regulatory or private initiatives in the industry, and the overall impact of any such reform proposals is difficult to estimate. Any such changes in laws, regulations or market practices have the potential to alter the type or volume of the card-based transactions we process and our payment services and could adversely affect our business, results of operations and financial condition. For further information on the regulatory landscape, please see “Item 4. Information on the Company—B. Business Overview— Regulatory Overview—Brazil.
We are subject to anti-corruption, anti-bribery and anti-money laundering laws and regulations and may be subject to sanctions.
We operate in jurisdictions that have a high risk for corruption and we are subject to various anti-corruption, anti- bribery and anti-money laundering laws and regulations, as well as those relating to sanctions, including the Brazilian Federal Law No. 12,846/2013, or the “Clean Company Act,” the Brazilian Federal Law No. 9,613/1998, or the “Brazilian Anti-Money Laundering Law,” the Brazilian Federal Law No. 8,429/1992, or the “Brazilian Public Improbity Law,” the Brazilian Federal Law No. 7,492/1986 or the “White-Collar Crime Law”, the Brazilian Federal Law No. 14,133/2021, and the United States Foreign Corrupt Practices Act of 1977, as amended, or the “FCPA,” among others. Each of the Clean Company Act, the Brazilian Anti-Money Laundering Act, the Brazilian Public Improbity Law and the FCPA impose liability against companies who engage in bribery of government officials, either directly or through intermediaries.
Anti-money laundering, anti-bribery, anti-corruption and sanctions laws and regulations to which we are subject require us, among other things, to conduct full customer due diligence (including sanctions and politically exposed person screening) and keep our customer, account and transaction information up to date. We are also required to report suspicious transactions and activity to appropriate law enforcement following full investigation. We have implemented financial crime policies and procedures detailing what is required from those responsible. However, we rely heavily on our employees to assist us by spotting such illegal and improper activities and reporting them, and our employees have varying degrees of experience in recognizing criminal tactics and understanding the level of sophistication of criminal organizations. If we decide to instead outsource any of our customer due diligence, customer screening or anti-financial crime operations, we would remain responsible and accountable for full compliance and any breaches. In addition, we rely upon our relevant counterparties to a large degree to maintain and appropriately apply their own appropriate compliance measures, procedures and internal policies. If we are unable to apply the necessary scrutiny and oversight of employees, third parties to whom we outsource certain tasks and processes or counterparties, we increase the risk of regulatory breach.
Financial crime – and the surrounding regulatory landscape – is continually evolving. Our ability to comply with changing applicable legal requirements depends on our ability to improve detection and reporting capabilities and reduce variation in control processes and oversight accountability, which requires proactive and adaptable responses from us and ongoing changes to systems and operational activities. While we maintain policies and procedures aimed at detecting and preventing the use of our platform for money laundering and other financial crime-related activities, emerging technologies, such as cryptocurrencies and blockchain, could limit our ability to track the movement of funds and therefore present a risk to our company. Even known threats can never be fully eliminated, and there will be instances where our platform may be used by other parties to engage in money laundering and other illegal or improper activities. Further, compliance with these laws and regulations requires sophisticated automated systems, which may fail.
Form 20-F | 2022 | 48 |
| |
Regulators may increase enforcement of or modify our obligations, which may require us to make adjustments to our compliance program, including the procedures we use to verify the identity of our customers and to monitor our transactions. Specifically, regulators regularly reexamine the transaction volume thresholds that we must obtain and any change in such thresholds could result in increased compliance costs. For example, the Central Bank of Brazil enacted Circular No. 3,978, which became effective on October 1, 2020 and provided new guidelines with a risk-based approach for anti-money laundering and terrorist financing policies, procedures and controls. Under these guidelines, a regulated institution has the discretion to determine which procedures it will adopt for each customer, based on the internal risk assessment concerning the committing of crimes relating to money laundering and terrorism financing latent in the regulated entity’s business. Overall, we may not be able to comply, in a timely manner or at all, with new regulations, or obtain appropriate exemptions from regulatory authorities, and any new requirements or changes to existing requirements could impose significant costs, result in delays to planned product improvements, make it more difficult for new customers to join our platform and reduce the attractiveness of our products and services.
While we have developed and implemented policies and procedures designed to ensure compliance by us and our personnel with applicable anti-corruption, anti-bribery, anti-money laundering and sanctions laws and regulations, such policies and procedures may not be effective in all instances to prevent violations, either directly or through intermediaries. Violations of – or even accusations of or associations with violations of – anti-corruption, anti-bribery, anti-money laundering or sanctions laws and regulations could result in criminal liability, administrative and civil lawsuits, significant fines and penalties (including being added to “black lists” that would prohibit certain parties from engaging in transactions with us), forfeiture of significant assets and reputational harm. If we are unable to fully comply with applicable laws, regulations and expectations, our regulators and relevant law enforcement agencies have the ability and authority to require a complete review of our business systems, day-to-day supervision by external consultants and ultimately the revocation of licenses necessary to conduct our business. The foregoing could have a material adverse effect on our operating results, financial condition and prospects.
Misconduct of our directors, officers, employees, consultants