UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, DC 20549
FORM
(Mark One)
OR
For the fiscal year ended
OR
OR
Date of event requiring this shell company report:
Commission File Number:
(Exact name of Registrant as specified in its charter)
Washington, DC 20549
Not applicable
(Translation of Registrant’s name into English) (Jurisdiction of incorporation or organization)
(Address of Principal Executive Offices)
+
(Name, Telephone, Email and/or Facsimile number and Address of Company Contact Person)
Securities registered or to be registered pursuant to Section 12(b) of the Act:
Title of each class |
|
Trading Symbols |
|
Name of each exchange on which registered |
|
|
|||
|
|
Securities registered or to be registered pursuant to Section 12(g) of the Act: None
Securities for which there is a reporting obligation pursuant to Section 15(d) of the Act: None
Indicate the number of outstanding shares of each of the issuer’s classes of capital or common stock as of the close of the period covered by the annual report:
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act.
If this report is an annual or transition report, indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or 15(d)
of the Securities Exchange Act of 1934. Yes ☐
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit and post such files).
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, or an emerging growth company. See definition of “large accelerated filer,” “accelerated filer,” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filer |
☐ |
☒ |
|
Non-accelerated filer |
☐ |
Emerging growth company |
If an emerging growth company that prepares its financial statements in accordance with U.S. GAAP, indicate by check mark if the registrant has elected to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. ☐
The term "new or revised financial accounting standard” refers to any update issued by the Financial Accounting Standards Board to its Accounting Standards Codification after April 5, 2012.
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting over Section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report.
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect a correction of an error
to previously issued financial statements. ☐
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to §240.10D-1(b).
Indicate by check mark which basis of accounting the registrant has used to prepare the financial statements included in this filing:
by the International Accounting Standards Board ☐
If “Other” has been checked in response to the previous question indicate by check mark which financial statement item the registrant has elected to follow. Item 17 ☐ Item 18 ☐
If this is an annual report, indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Exchange Act). Yes
PAYSAFE LIMITED
TABLE OF CONTENTS
ii |
||
ii |
||
ii |
||
iii |
||
iv |
||
vi |
||
|
|
|
|
1 |
|
|
|
|
Item 1. |
1 |
|
Item 2. |
1 |
|
Item 3. |
1 |
|
Item 4. |
39 |
|
Item 4A. |
59 |
|
Item 5. |
59 |
|
Item 6. |
75 |
|
Item 7. |
87 |
|
Item 8. |
93 |
|
Item 9. |
94 |
|
Item 10. |
94 |
|
Item 11. |
101 |
|
Item 12. |
101 |
|
|
|
|
|
101 |
|
|
|
|
Item 13. |
101 |
|
Item 14. |
Material Modifications to the Rights of Security Holders and Use of Proceeds |
101 |
Item 15. |
101 |
|
Item 16A. |
103 |
|
Item 16B. |
103 |
|
Item 16C. |
103 |
|
Item 16D. |
104 |
|
Item 16E. |
Purchases of Equity Securities by the Issuer and Affiliated Purchasers |
104 |
Item 16F. |
104 |
|
Item 16G. |
104 |
|
Item 16H. |
105 |
|
Item 16I. |
Disclosure Regarding Foreign Jurisdictions that Prevent Inspections |
105 |
Item 16J. |
105 |
|
Item 16K. |
105 |
|
|
|
|
|
107 |
|
|
|
|
Item 17. |
107 |
|
Item 18. |
107 |
|
Item 19. |
108 |
|
|
|
|
F-1 |
i
EXPLANATORY NOTE
On December 7, 2020, Foley Trasimene Acquisition Corp. II, a Delaware corporation (“FTAC”), Paysafe Limited, an exempted limited company incorporated under the laws of Bermuda (“Paysafe Limited”), Merger Sub Inc., a Delaware corporation and direct, wholly owned subsidiary of Paysafe Limited (“Merger Sub”), Paysafe Bermuda Holding LLC, a Bermuda exempted limited liability company (the “LLC”), Pi Jersey Holdco 1.5 Limited, a private limited company incorporated under the laws of Jersey, Channel Islands (the “Accounting Predecessor”), and Paysafe Group Holdings Limited, a private limited company incorporated under the laws of England and Wales (“PGHL”), entered into the Agreement and Plan of Merger (the “Merger Agreement”). Pursuant to the Merger Agreement, among other things, (i) Merger Sub would merge with and into FTAC, with FTAC being the surviving corporation in the merger and an indirect subsidiary of Paysafe Limited (“Merger”) and each outstanding publicly traded share of FTAC Class A Common Stock and FTAC Class B Common Stock (other than certain excluded shares) would convert into the right to receive one common share, par value $0.001 per share (prior to "Reverse Stock Split" described below) of Paysafe Limited (“Company Common Shares”), (ii) PGHL would transfer and contribute the Accounting Predecessor to the Company in exchange for Company Common Shares and cash and (iii) each of FTAC’s publicly traded warrants that are outstanding immediately prior to the Effective Time of the Merger would, pursuant to and in accordance with the warrant agreement covering such warrants, automatically and irrevocably be modified to provide that such warrant will no longer entitle the holder thereof to purchase the amount of share(s) of FTAC common stock set forth therein and in substitution thereof such warrant will entitle the holder thereof to acquire the same number of Company Common Shares per warrant on the same terms. The Transaction, as defined herein, was consummated on March 30, 2021, and on March 31, 2021 Paysafe Limited’s common shares and warrants began trading on the NYSE under the symbols “PSFE” and “PSFE.WS,” respectively.
FINANCIAL STATEMENT PRESENTATION
Paysafe Limited
Paysafe Limited was incorporated by PGHL under the laws of Bermuda on November 23, 2020 for the purpose of effectuating the Transaction. Prior to the Transaction, Paysafe Limited had no material assets and did not operate any businesses. The Transaction resulted in Paysafe Limited acquiring, and becoming the successor to, the Accounting Predecessor. Simultaneously, it completed the combination with the public shell company, FTAC, with an exchange of the shares and warrants issued by Paysafe Limited for those of FTAC. The Transaction was accounted for as a capital reorganization followed by the combination with FTAC, which was treated as a recapitalization. Following the Transaction, both the Accounting Predecessor and FTAC are indirect wholly owned subsidiaries of Paysafe Limited.
The Accounting Predecessor
As a result of the Transaction being accounted for as a capital reorganization, Pi Jersey Holdco 1.5 Limited was deemed to be the Accounting Predecessor of Paysafe Limited. The accompanying consolidated financial statements for all years presented include the accounts of Paysafe Limited, and its subsidiaries after giving effect to the Transaction with FTAC that completed on March 30, 2021.
Reverse Stock Split
On December 12, 2022, we effected a 1-for-12 reverse stock split of our issued and outstanding common stock (the “Reverse Stock Split”). As a result of the Reverse Stock Split, each issued and outstanding share of our common stock, and the per share exercise price of and number of shares of our common stock underlying our outstanding equity awards were automatically proportionally adjusted based on the 1-for-12 Reverse Stock Split ratio. No fractional shares of common stock were issued in connection with the reverse stock split, and all such fractional interests were rounded up to the nearest whole number.
Except as otherwise provided herein, all share and per-share amounts of our common stock, equity awards, warrants and other outstanding equity rights have been adjusted to give effect to the Reverse Stock Split for all periods presented. The Reverse Stock Split amended the par value of our common stock from $0.001 to $0.012 per share, but did not modify any voting rights or other terms of our common stock.
CAUTIONARY NOTE REGARDING FORWARD-LOOKING STATEMENTS
This report on Form 20-F (including information incorporated by reference herein, the “Report”) contains or may contain forward-looking statements as defined in Section 27A of the Securities Act of 1933, as amended (the “Securities Act”), and Section 21E of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), that involve significant risks and uncertainties. All statements other than statements of historical facts are forward-looking statements. These forward-looking statements include information about our
ii
possible or assumed future results of operations or our performance. Words such as “anticipate,” “appear,” “approximate,” “believe,” “continue,” “could,” “estimate,” “expect,” “foresee,” “intends,” “may,” “might,” “plan,” “possible,” “potential,” “predict,” “project,” “seek,” “should,” “would” and variations of such words and similar expressions (or the negative version of such words or expressions) may identify forward-looking statements, but the absence of these words does not mean that a statement is not forward-looking. The risk factors and cautionary language referred to or incorporated by reference in this Report provide examples of risks, uncertainties and events that may cause actual results to differ materially from the expectations described in our forward-looking statements, including among other things, the items identified below and those identified in the section entitled “Item 3.D. Risk Factors” of this Report:
Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date of this Report. Although we believe that the expectations reflected in such forward-looking statements are reasonable, there can be no assurance that such expectations will prove to be correct. These statements involve known and unknown risks and are based upon a number of assumptions and estimates which are inherently subject to significant uncertainties and contingencies, many of which are beyond our control. Actual results may differ materially from those expressed or implied by such forward-looking statements. Accordingly, forward-looking statements should not be relied upon as representing our views as of any subsequent date, and we do not undertake any obligation to update forward-looking statements to reflect events or circumstances after the date they were made, whether as a result of new information, future events or otherwise, except as may be required under applicable securities laws.
INDUSTRY AND MARKET DATA
In this Report, we present industry data, forecasts, information and statistics regarding the markets in which we compete as well as our analysis of statistics, data and other information that we have derived from third parties, including independent consultant reports, publicly available information, various industry publications and other published industry sources (including FIS and IBM). Independent consultant reports, industry publications and other published industry sources generally indicate that the information contained therein was obtained from sources believed to be reliable. Such information is supplemented where necessary with our own internal estimates and information obtained from discussions with our customers, taking into account publicly available information about other industry participants and our management’s judgment where information is not publicly available. This information appears in “Item 4.B. Information on the Company—Business Overview,” “Item 5. Operating and Financial Review and Prospects” and other sections of this Report.
Forecasts and other forward-looking information obtained from these sources are subject to the same qualifications and uncertainties as the other forward-looking statements in this Report. These forecasts and forward-looking information are subject to uncertainty and risk due to a variety of factors, including those described under “Item 3.D. Risk Factors” of this Report. These and other factors could cause results to differ materially from those expressed in any forecasts or estimates. Some market data and statistical information are also based on our good faith estimates, which are derived from management’s knowledge of our industry and such independent sources referred to above. Certain market, ranking and industry data included elsewhere in this Report, including the size of certain markets and our size or position and the positions of our competitors within these markets, including its services relative to its competitors, are based on estimates by us. These estimates have been derived from management’s knowledge and experience in the markets in which we operate, as well as information obtained from surveys, reports by market research firms, our customers, distributors, suppliers, trade and business organizations and other contacts in the markets in which we operate and have not been verified by independent sources. Unless otherwise noted, all of our market share and market position information presented in this Report is an approximation. Our market share
iii
and market position in each of our business segments, unless otherwise noted, is based on our volume relative to the estimated volume in the markets served by each of our business segments. References herein to Paysafe being a leader in a market or product category refer to our belief that we have a leading market share position in each specified market, unless the context otherwise requires. As there are no publicly available sources supporting this belief, it is based solely on our internal analysis of our volume as compared to the estimated volume of our competitors. In addition, the discussion herein regarding our various end markets is based on how it defines the end markets for its products, which products may be either part of larger overall end markets or end markets that include other types of products and services.
Our internal data and estimates are based upon information obtained from trade and business organizations and other contacts in the markets in which we operate and management’s understanding of industry conditions. Although we believe that such information is reliable, we have not had this information verified by any independent sources.
This Report contains trademarks, service marks, trade names and copyrights of other companies, which are the property of their respective owners. Solely for convenience, some of the trademarks, service marks, trade names and copyrights referred to in this presentation may be listed without the TM, SM © or ® symbols, but Paysafe will assert, to the fullest extent under applicable law, the rights of the applicable owners, if any, to these trademarks, service marks, trade names and copyrights.
SUMMARY RISK FACTORS
An investment in our shares involves substantial risks and uncertainties that may adversely affect our business, financial condition and results of operations and cash flows. Some of the more significant challenges and risks relating to an investment in our company include, among other things, the following:
iv
v
DEFINED TERMS
Unless otherwise stated or unless the context otherwise requires, all references to “we,” “us,” “our,” “Paysafe” or the “Company” refer to (i) Pi Jersey Holdco 1.5 Limited prior to the consummation of the Transaction and to (ii) Paysafe Limited following the consummation of the Transaction.
In addition, in this document:
“Accounting Predecessor” means Pi Jersey Holdco 1.5 Limited, a private limited company incorporated under the laws of Jersey, Channel Islands. “Additional I/C Loans” means FTAC’s loans out of the Available Cash Amount, caused by the Company, to certain Subsidiaries of the Company following the FTAC Contribution.
“Affiliate” means, with respect to any specified Person, any Person that, directly or indirectly, controls, is controlled by, or is under common control with, such specified Person, through one or more intermediaries or otherwise; provided, except for the Company and its Subsidiaries, no Affiliate or portfolio company (as such term is commonly understood in the private equity industry) of funds advised by affiliates of CVC or Blackstone or any of their respective Affiliates shall be considered an Affiliate of the Company or any of its Subsidiaries.
“Available Cash Amount” means, as of immediately prior to Closing, all available Cash and Cash Equivalents of FTAC and its Subsidiaries, including (i) all amounts in the Trust Account (after reduction for the aggregate amount of payments required to be made in connection with FTAC Stockholder Redemption), (ii) the PIPE Investment Proceeds, and (iii) the aggregate amount of cash proceeds from the FTAC Financing.
“Blackstone” means Blackstone Inc.
“Blackstone Investors” means certain funds affiliated with Blackstone.
“CAGR” means compounded annual growth rate.
“Cannae” means Cannae Holdings and Cannae LLC. “Cannae Holdings” means Cannae Holdings, Inc.
“Cannae LLC” means Cannae Holdings LLC, a wholly-owned subsidiary of Cannae Holdings.
“Cash and Cash Equivalents” means, for any Person, all cash and cash equivalents (including marketable securities, checks and bank deposits); provided, however that with respect to PGHL and its Subsidiaries, such amount shall (x) exclude segregated account funds and liquid assets as more fully described on Exhibit F-1 attached to the Merger Agreement and (y) include any costs, fees and expenses associated with refinancing or repricing the existing indebtedness of the Company (in accordance with the Merger Agreement) that have not been paid on or prior to the Closing Date.
“CBI” means the Central Bank of Ireland.
“Closing” means the closing of the transactions contemplated by the Transaction and the PIPE Investment agreements.
“Closing Date” means the date on which the Closing is completed.
“Code” means the U.S. Internal Revenue Code of 1986, as amended.
“Company Board” means the board of directors of the Company from time to time.
“Company Bye-laws” means the second amended bye-laws of the Company.
“Company Common Share(s)” means the common shares, par value $0.012 per share, of Paysafe Limited and any successors thereto.
“Company LLC Contribution” means the transfer and contribution of FTAC and the Accounting Predecessor by the Company to the LLC in exchange for LLC Interests immediately following the I/C Loan.
“Company Warrants” means warrants that will entitle the holder thereof to purchase for $138.00 per share one Company Common Share in lieu of one share of FTAC Class A Common Stock (subject to adjustment in accordance with the Warrant Agreement).
vi
“CVC” means CVC Advisers Limited.
“CVC Investors” means Pi Holdings Jersey Limited and Pi Syndication LP.
“CVC Party” means Pi Holdings Jersey Limited.
“DGCL” means the Delaware General Corporation Law.
“Effective Time” has the meaning specified in Section 2.04 of the Merger Agreement.
“ERISA” means Employee Retirement Income Security Act of 1974.
“EU” means European Union.
“EUR” means Euro, the legal currency of the European Union.
"EURIBOR" is defined as the Euro Interbank Offer Rate which represents the average interest rate at which European banks lend to each other.
“Executive Management” means members of the executive management of Paysafe.
“Existing Paysafe Shareholders” means CVC Investors, Blackstone Investors and Executive Management.
“FCA” means the UK Financial Conduct Authority and any successor authority thereto.
“Forward Purchase Agreement” means the forward purchase agreement, dated as of July 31, 2020, between FTAC and Cannae Holdings, Inc.
“Founder” means Trasimene Capital FT, LP II.
“Founder LLC Contribution” means the contribution by Founder of FTAC Class C Common Stock to the LLC in exchange for exchangeable units.
“FTAC” means Foley Trasimene Acquisition Corp. II.
“FTAC Class A Common Stock” means the Class A common stock, par value $0.0001 per share, of FTAC.
“FTAC Class B Common Stock” means the Class B common stock, par value $0.0001 per share, of FTAC.
“FTAC Common Stock” means FTAC Class A Common Stock and FTAC Class B Common Stock.
“FTAC Contribution” means, immediately following the Company LLC Contribution, the transfer by the LLC to the Accounting Predecessor, or a Subsidiary of the Accounting Predecessor, of all of the stock of FTAC, consummated prior to the consummation to the Additional I/C Loans.
“FTAC Financing” means the equity financing to be provided pursuant to the Forward Purchase Agreement.
“FTAC Stockholders” means the holders of shares of FTAC Common Stock.
“GAAP” means generally accepted accounting principles in the United States.
“GDPR” means the EU’s General Data Protection Regulation 2016/679, as amended.
“Group” means, where appropriate, Paysafe and its subsidiaries.
“HMRC” means HM Revenue & Customs.
“I/C Loans” means the loans made by FTAC to the Company and the Accounting Predecessor out of the Available Cash Amount, made prior to the consummation of the Company LLC Contribution, FTAC Contribution and the Additional I/C Loans.
vii
"LIBOR" is defined as the London Interbank Offered Rate and represents the basic rate of interest used in lending between banks on the London interbank market and also used as a reference for setting the interest rate on other loans.
“Lien” means any mortgage, deed of trust, pledge, hypothecation, encumbrance, easement, license, option, right of first refusal, security interest or other lien of any kind.
“LLC” means, Paysafe Bermuda Holding LLC, a Bermuda exempted limited liability company.
“LLC Contribution” means, collectively, the Founder LLC Contribution and the Company LLC Contribution.
“LLC Interests” means the limited liability company interests in the LLC.
“Merger” means, immediately following the Founder LLC Contribution, on the terms and subject to the conditions of the Merger Agreement and in accordance with the DGCL and other applicable Laws, a business combination transaction by and among the Parties by which Merger Sub will merge with and into FTAC, with FTAC being the surviving corporation of the Merger, consummated prior to the consummation of the I/C Loans, the Company LLC Contribution, the FTAC Contribution and the Additional I/C Loans.
“Merger Agreement” means the agreement and plan of merger made and entered into as of December 7, 2020, by and among FTAC, the Company, Merger Sub, the LLC, the Accounting Predecessor and PGHL.
“Merger Sub” means Paysafe Merger Sub Inc., a Delaware corporation and direct, wholly owned subsidiary of the Company. “NYSE” means the New York Stock Exchange.
“OECD” means the Organization for Economic Co-operation and Development.
“Omnibus Incentive Plan” means the Paysafe Limited 2021 Omnibus Incentive Plan attached as Exhibit H to the Merger Agreement.
“Paysafe Consolidated Financial Statements” means the Consolidated Statements of Financial Position of Paysafe Limited as of December 31, 2023 and 2022 and the related Consolidated Statements of Comprehensive Loss, Shareholders' Equity, and Cash Flows, for the three years ended December 31, 2023.
“Paysafe Limited” means Paysafe Limited, an exempted limited company incorporated under the laws of Bermuda.
"Paysafe Holdings II" means Paysafe Group Holdings II Ltd.
“Paysafe Parties” means PGHL, the Accounting Predecessor, Merger Sub and the LLC.
“PCAOB” means the Public Company Accounting Oversight Board.
“PGHL” means Paysafe Group Holdings Limited, a private limited company incorporated under the laws of England and Wales.
“Pi Topco” means Pi Jersey Topco Limited, a company incorporated in Jersey.
“PIPE Investment” means the commitments obtained by FTAC from certain investors for a private placement of Company Common Shares pursuant to those certain Subscription Agreements.
“PIPE Investment Proceeds” mean the aggregate amount funded and paid to the Company by the PIPE Investors pursuant to their Subscription Agreements.
“PIPE Investor” means an investor party to a Subscription Agreement.
“Principal Shareholders” means, collectively, the Founder, Cannae LLC, the CVC Investors and the Blackstone Investors.
“Registration Rights Agreement” means the agreement entered into by the Company, Pi Topco, PGHL, Cannae LLC, the Founder, the CVC Party and the Blackstone Investors in connection with the consummation of the Merger, attached to the Merger Agreement as Exhibit D.
viii
“Shareholders Agreement” means the agreement entered into by the Company, Pi Topco, PGHL and the Principal Shareholders in connection with the consummation of the Merger, attached to the Merger Agreement as Exhibit D.
“SMB” means small and medium-sized businesses.
"SOFR" is defined as Secured Overnight Financing Rate and represents a secured overnight interest rate.
“Subscription Agreement” means each individual subscription agreement entered into by each PIPE Investor.
“Transaction” means the transactions contemplated by the Merger Agreement, including the Merger, the Paysafe Contribution, the FTAC Contribution, the Founder LLC Contribution, the Company LLC Contribution.
“Trasimene Capital” means Trasimene Capital Management, LLC, a financial advisory firm led by William P. Foley, II, a former director of Paysafe Limited.
“Treasury Regulations” means the regulations, including proposed and temporary regulations, promulgated under the Code.
“U.S. dollar,” “USD,” “US$” and “$” mean the legal currency of the United States.
“VAT” means any: (a) tax imposed in compliance with the council directive of 28 November 2006 on the common system of value added tax (EC Directive 2006/112) (including, in relation to the UK, value added tax imposed by the Value Added Tax Act 1994 and legislation and regulations supplemental thereto); and (b) other tax of a similar nature (including, without limitation, sales tax, use tax, consumption tax and goods and services tax), whether imposed in a member state of the European Union in substitution for, or levied in addition to, such tax referred to in (a), or elsewhere.
“Warrant Agreement” means that certain Warrant Agreement, dated as of August 21, 2020, between FTAC and Continental Stock Transfer & Trust Company, a New York corporation.
ix
PART I
ITEM 1. IDENTITY OF DIRECTORS, SENIOR MANAGEMENT AND ADVISERS
Not applicable.
ITEM 2. OFFER STATISTICS AND EXPECTED TIMETABLE
Not applicable.
ITEM 3. KEY INFORMATION
A. [Reserved]
B. Capitalization and Indebtedness
The following section summarizes the terms of our principal indebtedness.
Credit Facilities
Current Debt Facilities
On June 28, 2021, Paysafe refinanced its former debt facilities by entering into a Senior Facilities Agreement (the “2021 Senior Facilities”) and issuing Senior Secured Notes (the “2021 Secured Notes”). The proceeds of these facilities and notes were used to repay the remaining former debt facilities:
As of December 31, 2023 and 2022, the 2021 Senior Facilities and 2021 Secured Notes consist of the following:
In addition, the 2021 Senior Facilities provide that Paysafe Holdings II has the right at any time, subject to customary conditions, to request incremental term loans or incremental revolving credit commitments in an aggregate principal amount of up to (a) the greater of (1) $430.0 million and (2) an amount equal to 100% of Paysafe Holdings II’s trailing twelve-month consolidated EBITDA (as such term is defined in the credit agreement) at the time of determination plus (b) an amount equal to all voluntary prepayments, repurchases, redemptions and other retirements of the term loans under the credit agreements and certain other incremental equivalent debt and permanent revolving credit commitment reductions under the credit agreements, in each case prior to or simultaneous with the date of any such incurrence (to the extent not funded with the proceeds of long-term debt other than revolving loans) plus (c) an additional unlimited amount so long as Paysafe Holdings II (I) in the case of incremental indebtedness that is secured by the collateral under the credit agreements on a pari passu basis with the First Lien Term Loan, does not exceed a specified pro forma first lien net leverage ratio, and (II) in the case of unsecured incremental indebtedness (or indebtedness not secured by all or a portion of the collateral securing the 2021 Senior Facilities), either does not exceed a specified total net leverage ratio or satisfies a specified fixed charge coverage ratio. The lenders under the 2021 Senior Facilities are not under any obligation to provide any such incremental loans or commitments, and any such addition of or increase in loans will be subject to certain customary conditions precedent and other provisions.
Paysafe Finance PLC and Paysafe Holdings (US) Corp., collectively referred to in this section as the “First Lien Term Loan Borrowers,” are the borrowers under the First Lien Term Loan. Paysafe Holdings UK Limited, Paysafe Holdings (US) Corp. and Paysafe Payment Processing Solutions LLC (referred to in this section as the “Revolving Credit Borrowers”) are the borrowers under the First Lien Revolving Credit Facility. The First Lien Term Loan Borrowers and the Revolving Credit Borrowers are collectively referred to in this section as the “Borrowers.”
1
Interest Rate and Fees
Borrowings under the USD First Lien Term Loan bear interest at a rate per annum equal to USD SOFR, determined in accordance with the credit agreements (including a floor of 0.50% per annum), plus the applicable margin (which is currently 2.75%) and credit spread adjustment ("CSA"). During 2023, the reference rate on USD Term loans transitioned from LIBOR to SOFR due to the discontinuation of USD LIBOR. While LIBOR and SOFR historically trend together, LIBOR is generally higher than SOFR. Due to the difference in these rates, the Alternative Reference Rates Committee ("ARRC") has recommended that a credit spread adjustment be added to SOFR to compensate for the difference between the two rates. Borrowings under the EUR First Lien Term Loan bear interest at a rate per annum equal to EURIBOR, determined in accordance with the credit agreements (including a floor of 0.00% per annum), plus the applicable margin (which is currently 3.00%). The USD Notes and EUR Notes carry a coupon of 4.00% and 3.00% respectively, payable semi-annually.
Borrowings under the First Lien Revolving Credit Facility bear interest at a rate equal to SOFR, EURIBOR or equivalent (as applicable), determined in accordance with the 2021 Senior Facilities Agreement (including a floor of 0.00% per annum), plus the applicable margin (which is currently 2.25%). The applicable margin for the 2021 Senior Facilities is subject to adjustment based on Paysafe Holdings II’s consolidated first lien net leverage ratio.
In addition to paying interest on outstanding principal under the 2021 Senior Facilities, Paysafe Holdings II will continue to be required to pay a commitment fee to the lenders under the First Lien Revolving Credit Facility in an amount equal to 30% of the applicable margin in respect of the First Lien Revolving Credit Facility multiplied by the aggregate undrawn commitments under the First Lien Revolving Credit Facility, payable quarterly in arrears. Paysafe Holdings II will also continue to be required to pay customary letter of credit fees and annual agency fees to the agent and security agent.
Prepayments
The credit agreements require Paysafe Holdings II to prepay outstanding loans under the 2021 Senior Facilities, subject to certain exceptions, with:
In addition, unless the lenders holding a majority of the outstanding loans and commitments under each credit agreement consent, each of the credit agreements provide that upon a change of control (determined in accordance with the credit agreements) or a sale of all or substantially all of the business and/or assets of the group, the 2021 Senior Facilities will be canceled and all amounts thereunder will become immediately due and payable.
Paysafe Holdings II may elect to apply the foregoing mandatory prepayments (i) if the consolidated total net leverage ratio is less than or equal to 6.25:1.00, between the First Lien Term Loans, and the Secured Notes on a pro rata basis.
The Borrowers may voluntarily, in minimum amounts set forth in the credit agreements, repay outstanding loans or reduce outstanding commitments under the 2021 Senior Facilities at any time without premium or penalty, subject to reimbursements of the lenders’ breakage costs actually incurred in the case of a prepayment of borrowings prior to the last day of the relevant interest period. Subject to the Intercreditor Agreement, the foregoing voluntary prepayments may be applied to any class of loans under the 2021 Senior Facilities as Paysafe Holdings II or the Borrowers shall direct.
Amortization and Maturity
The USD First Lien Term Loan amortizes in equal quarterly installments in aggregate annual amounts equal to 1.00% of the principal amount of the USD First Lien Term Loan outstanding as of the date of the closing of the 2021 Senior Facilities, with the balance being payable at maturity on June 28, 2028. Principal amounts outstanding under the EUR First Lien Term Loan are due and payable in full at maturity on June 28, 2028. Principal amounts outstanding under the First Lien Revolving Credit Facility are due and payable in full at final maturity on December 28, 2027.
Guarantees and Security
2
All obligations of the obligors under the credit agreements are unconditionally guaranteed by all guarantors under the credit agreements, such guarantors being material wholly owned direct and indirect restricted subsidiaries of Paysafe Holdings II that are organized in the UK, the United States, Canada or the jurisdiction of incorporation of any Borrower and by Paysafe Holdings II, with customary exceptions and certain agreed security principles including, among other things, where providing such guarantees is not permitted by law, regulation or contract or would result in adverse tax consequences.
Subject to the Intercreditor Agreement, all obligations of the obligors under the credit agreements and the guarantees of such obligations, are secured, subject to permitted liens, certain agreed security principles and other exceptions, by: (i) a pledge of all of the shares issued by the Borrowers and each subsidiary guarantor (subject to certain exceptions), (ii) a security interest in all material intercompany loan receivables of the Borrowers and each guarantor and (iii) in the case of any obligor organized in the UK, security interests in substantially all tangible and intangible personal property (subject to certain exceptions and exclusions) and a floating charge over substantially all of the assets of the relevant obligor.
Subject to certain agreed security principles, the aggregate EBITDA (determined in accordance with the credit agreements) of all guarantors as of the end of each fiscal year must not represent less than 80% of the aggregate EBITDA of Paysafe Holdings II and its restricted subsidiaries as of the end of each fiscal year.
Certain Covenants and Events of Default
The credit agreements contain a number of negative covenants that, among other things, restrict, subject to certain exceptions, the ability of Paysafe Holdings II and its restricted subsidiaries to:
In addition, with respect to the First Lien Revolving Credit Facility, the 2021 Senior Facilities Agreement requires Paysafe Holdings II to maintain, as of the last day of each four fiscal quarter period, a maximum consolidated first lien net leverage ratio of 7.50 to 1.00 only if, as of the last day of any fiscal quarter, revolving loans under the First Lien Revolving Credit Facility are outstanding in an aggregate amount greater than 40% of the total commitments under the First Lien Revolving Credit Facility at such time. The financial maintenance covenant is subject to customary equity cure rights.
The credit agreements also contain certain customary representations and warranties, affirmative covenants and events of default. If an event of default occurs, the lenders under the 2021 Senior Facilities will be entitled to take various actions, including the acceleration of amounts due under the credit agreements and all actions permitted to be taken by a secured creditor.
Paysafe Payment Revolving Credit Facility
On June 18, 2019, Paysafe Payment Processing Solutions LLC (“Paysafe Payment”) entered into a credit agreement for a $50 million revolving credit facility with Woodforest National Bank, as administrative agent (as amended and restated on January 21, 2020, the “Paysafe Payment Credit Agreement”). On June 27, 2022, Paysafe Payment amended the Paysafe Payment Credit Agreement with PNC National Bank as administrative agent. The amended Paysafe Credit Agreement provides for a $75 million revolving credit facility, the maturity date of which is June 27, 2025.
The proceeds of the Paysafe Revolving Credit Facility may be used for working capital and other general corporate purposes, other than for the repayment of debt or for personal, family, household or agricultural purposes.
3
Interest Rate and Fees
Borrowings under the Paysafe Revolving Credit Facility bear interest at a floating rate per annum which can be, at Paysafe Payment’s option, either (i) SOFR for a specified interest period plus 2.70% or (ii) U.S. Prime rate minus 0.25%. Paysafe Payment will also continue to be required to pay customary annual agency fees to the administrative agent.
Prepayments
The Paysafe Payment Credit Agreement requires Paysafe Payment to prepay outstanding loans under the Paysafe Revolving Credit Facility (i) immediately, if the principal amount of borrowings under the Paysafe Revolving Credit Facility exceeds the aggregate commitments thereunder or (ii) within 30 days, if the proceeds of borrowings under the Paysafe Revolving Credit Facility are used to fund certain permitted acquisitions. Paysafe Payment may voluntarily, in minimum amounts set forth in the Paysafe Payment Credit Agreement, repay outstanding loans or reduce outstanding commitments under the Paysafe Revolving Credit Facility at any time without premium or penalty.
Maturity
Principal amounts outstanding under the Paysafe Revolving Credit Facility are due and payable in full at maturity on June 27, 2025.
Guarantees and Security
All obligations of Paysafe Payment under the Paysafe Payment Credit Agreement are unconditionally guaranteed by Paysafe Holdings II.
All obligations of Paysafe Payment under the Paysafe Payment Credit Agreement and the guarantees of such obligations, are secured, subject to permitted liens and other exceptions, by perfected security interests in the accounts, collateral accounts and liquid assets of Paysafe Payment, and certain contracts, documents, general intangibles, letter-of-credit rights, proceeds and records relating thereto (subject to certain exceptions and exclusions).
C. Reasons for the Offer and Use of Proceeds
Not applicable.
D. Risk Factors
Risks Related to Paysafe’s Business and Industry
Our focus on the large entertainment verticals can increase risk relative to other companies in the global payments industry.
We operate in the global entertainment verticals, which include: iGaming, travel, streaming/video gaming, retail/hospitality and digital assets. Although this focus distinguishes us from industry peers, it also increases risks inherent in our business and broader industry. For example:
4
The enhanced risks resulting from our core focus can materialize suddenly and without warning, which may result in increased volatility in our results of operations compared with other companies in our industry that do not provide services to companies in the entertainment verticals, and could result in a material adverse effect on our business, financial condition, results of operations and future prospects.
Cyberattacks and security vulnerabilities could result in disruption, loss of customer and merchant funds and personal data, including financial data, as well as serious harm to our reputation, business, and financial condition.
Our information technology (“IT”) security systems, software and networks and those of the customers and third parties with whom we interact may be vulnerable to unauthorized access (from the Internet, from within or by third parties), computer viruses or other malicious code, denial of service or other cybersecurity threats, which could result in the unauthorized access, loss, theft, changes to, unavailability, destruction or disclosure of confidential, proprietary, financial or personal information relating to merchants, customers and employees. Such unauthorized access, loss, theft, changes to, unavailability, destruction or disclosure of confidential, proprietary, financial or personal information could result in identity theft, misuse of pin codes, the loss of card payment details that are stored on our system, and/or the loss of funds stored in customers’ wallets and prepaid cards and other monetary loss or have other material impacts on our business. We, like other financial technology organizations, as well as our customers and third parties with whom we interact, are routinely subject to cybersecurity threats and our and their technologies, IT systems and networks have been victims of cyberattacks in the past. Information security risks for payment and technology companies such as ours have significantly increased in recent years and in particular with remote work driven by the pandemic, in part because of the proliferation of new technologies, the use of the internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, terrorists and other external parties. Geopolitical events and resulting government activity could also lead to information security threats and attacks by affected jurisdictions and their sympathizers.
We are responsible for data security for ourselves and for third parties with whom we partner, including with respect to complying with rules and regulations established by the payment networks and card networks. These third parties include merchants, our distribution partners, our third-party payment processors and other third-party service providers and agents. We and other third parties collect, process, store and/or transmit personal information, such as names, contact details, addresses, social security numbers, credit or debit card numbers, expiration dates, driver’s license numbers, bank account numbers and bank routing information as well as certain information gathered during our Know Your Customer (“KYC”) procedures. We have ultimate liability to the payment networks and our partner banks for our failure or the failure of third parties with whom we contract to protect this data in accordance with payment network requirements. The loss, destruction or unauthorized modification of merchant or consumer data by us or our contracted third parties could result in significant fines, sanctions, proceedings or actions against us by governmental bodies, regulatory and supervisory bodies, the payment networks, consumers, merchants or others, and could harm our business and reputation. In addition, a breach or other cybersecurity incident at a third party with whom we interact has in the past, and could in the future, result in our inability to safeguard our customers' information and funds.
Certain products particular to our eCash Solutions division are identified by unique PIN codes assigned to them at the point of sale, and when a customer uses the voucher on a merchant website. These active voucher PINs are stored in our systems. Due to the anonymous nature of these PINs, a theft and subsequent fraudulent utilization of PINs (either due to third-party hacking or due to internal fraud by an employee) could result in the original voucher holder’s inability to use his or her vouchers. While customer verification and fraud management procedures are in place to mitigate this risk, we would honor the payment by the original voucher holder from our own funds and therefore incur a loss. Our Digital Wallet business, on the other hand, could suffer from a loss of funds if a third-party hacker or an employee is successful in taking over one of our customer’s accounts as well as suffer the costs of any subsequent reimbursement to customers. Additionally, loss of payment card information could also lead us to incur card re-issuing costs, which depending on the size of the data breach could be significant. Significant losses incurred as a result of such activity would have a material adverse effect on our results of operations and, depending on the nature of such fraudulent attacks, we may be required to notify relevant regulators and other authorities such as law enforcement. Any adverse publicity as a result of such theft and fraudulent utilization could adversely affect our reputation and the demand for our products.
Despite various mitigation efforts that we undertake, there can be no assurance that we and our third party partners will be immune to these risks and not suffer material security incidents and resulting losses in the future, or that our insurance coverage would be sufficient to cover the related financial losses over and above the excess of the insurance policy. The techniques used to obtain unauthorized,
5
improper, or illegal access to our systems, our data (including our confidential business information and intellectual property rights) or our customers’ data (including our merchants and consumers), to disable or degrade our services, demand ransom or to sabotage our systems are constantly evolving and have become increasingly complex and sophisticated. These techniques may be difficult to detect quickly, and may not be recognized or detected until after they have been launched against a target. Threats to our IT systems and our associated third parties’ IT systems may result from human error, fraud or malice on the part of employees or third parties, including state-sponsored organizations with significant financial and technological resources, organized crime groups or from accidental technological failure. For example, certain of our employees require access to sensitive data that could be used to commit identity theft or fraud. While we have internal controls in place surrounding system access and segregation of duties, if unauthorized individuals gain access to this data, the risk of malfeasance is heightened. Concerns about security increase when we transmit information electronically, even though we encrypt certain communications and data to reduce this risk, because such transmissions can be subject to attack, interception or loss. Also, computer viruses can be distributed and spread rapidly over the internet and could infiltrate our systems or those of our contracted third parties. Denial of service, ransomware, or other attacks could be launched against us for a variety of purposes, including interfering with our services or to create a diversion for other malicious activities. These or similar types of actions and attacks could disrupt our delivery of services or make them unavailable. As cybersecurity threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Any of the risks described above could materially adversely affect our overall business, financial condition and results of operations.
We and our third party partners have experienced and will likely continue to regularly experience denial-of-service and other cyberattacks and security events. In such circumstances, our data encryption practices and other protective measures have not always prevented and in the future may not prevent, as applicable, unauthorized access service disruption or system sabotage.
Regardless of whether an actual or perceived breach is attributable to our products, such a breach could, among other things:
In addition, a significant cybersecurity breach of our systems or communications could result in payment networks prohibiting us from processing transactions on their networks or the loss of our sponsor banks that facilitate our participation in the payment networks, either of which could materially impede our ability to conduct our business. We may also be subject to liability for claims relating to misuse of personal information, such as unauthorized marketing, or violation of data privacy laws. In addition, our agreements with our sponsor banks and our third-party payment processors (as well as payment network requirements) require us to take certain protective measures to ensure the confidentiality of merchant and consumer data. Any failure to adequately comply with these protective measures could result in fees, penalties, litigation or termination of our sponsor bank agreements. Although we generally require that our agreements with distribution partners or our service providers who may have access to merchant or consumer data include confidentiality obligations that restrict these parties from using or disclosing any merchant or consumer data except as necessary to perform their services under the applicable agreements, we cannot guarantee that these contractual measures will be followed or will be adequate to prevent the unauthorized access, use, modification, destruction or disclosure of data or allow us to seek damages from the contracted party. In addition, many of our merchants are small and medium businesses that may have fewer resources dedicated to data security and may thus experience data breaches. Any unauthorized use, modification, destruction or disclosure of data could result in protracted and costly litigation, and cause us to incur significant losses.
6
Global and regional economic conditions could materially harm our business.
Our operations and performance depend significantly on global and regional economic conditions. Uncertainty about global and regional economic events and conditions may impact our ability to conduct business in certain areas and may result in consumers and businesses postponing or lowering spending in response to, among other factors:
In addition, many of our merchants are small businesses and these businesses may be disproportionately adversely affected by economic downturns or conditions and may fail at a higher rate than larger or more established businesses. If spending by their customers declines, or if customer behavior is otherwise adversely impacted by rising inflation, these businesses would experience reduced sales and process fewer payments with us or, if they cease to operate, stop using our products and services altogether. Small businesses frequently have limited budgets and limited access to capital, and they may choose to allocate their spending to items other than our financial or marketing services, especially in times of economic uncertainty or in recessions. These and other global and regional economic events and conditions could have a material adverse impact on the demand for our products and services. Furthermore, any financial turmoil affecting the banking system or financial markets could cause additional consolidation of the financial services industry, significant financial service institution failures, new or incremental tightening in the credit markets, low liquidity, and extreme volatility or distress in the fixed income, credit, currency, and equity markets, which could have a material adverse impact on our results of operations, financial condition and future prospects.
Our international operations subject us to increased risks, which could harm our business.
We have extensive international operations and our customers are resident in over 120 countries and territories. There are risks inherent in doing business internationally on both a domestic (i.e., in-country) and cross-border basis, including, but not limited to:
7
Violations of the complex UK, Irish, U.S. and other international laws, rules and regulations that apply to our international operations may result in fines, criminal actions, or sanctions against us, our officers, or our employees; prohibitions on the conduct of our business; and damage to our reputation. Although we have implemented policies and procedures designed to promote compliance with these laws, there can be no assurance that our employees, contractors, or agents will not violate our policies. These risks are inherent in our international operations and expansion, may increase our costs of doing business internationally, and could harm our business.
We may not be successful at acquiring, investing in or integrating businesses, entering into joint ventures or divesting businesses.
We expect to continue pursuing strategic and targeted acquisitions, investments and joint ventures to enhance or add to our skills and capabilities or offerings of services and solutions, or to enable us to expand in certain geographic and other markets. For example, in the past few years, we have expanded into the Latin America market. However, our broader plan to expand into markets and grow in the markets we are in may not succeed. We may not be successful in identifying additional suitable investment opportunities. We also might not succeed in completing targeted transactions or achieve desired results of operations of these transactions.
Furthermore, we face risks in successfully integrating any businesses we might acquire or create through a joint venture. Ongoing business may be disrupted, and our management’s attention may be diverted by acquisition, investment, transition or integration activities. In addition, we might need to dedicate additional management and other resources, and our organizational structure could make it difficult for us to efficiently integrate acquired businesses into our ongoing operations and assimilate and retain employees of those businesses into our culture and operations. The potential loss of key executives, employees, customers, suppliers, and other business partners of businesses we acquire may adversely impact the value of the assets, operations or businesses. Moreover, acquisitions or joint ventures may result in significant costs and expenses, including those related to retention payments, equity compensation, severance pay, early retirement costs, intangible asset amortization and asset impairment charges, assumed litigation and other liabilities, and legal, accounting and financial advisory fees, which could negatively affect our profitability. We may have difficulties as a result of entering into new markets where we have limited or no direct prior experience or where competitors may have stronger market positions.
We might fail to realize the expected benefits or strategic objectives of any acquisition, investment or joint venture we undertake. We might not achieve our expected return on investment or may lose money. We may be adversely impacted by liabilities that we assume from a company we acquire or in which we invest, including from that company’s known and unknown obligations, intellectual property or other assets, terminated employees, current or former clients or other third parties. In addition, we may fail to identify or adequately assess the magnitude of certain liabilities, shortcomings or other circumstances prior to acquiring, investing in or partnering with a company, including potential exposure to regulatory sanctions or liabilities resulting from an acquisition target’s previous activities,
8
internal controls and security environment. If any of these circumstances occurs, they could result in unexpected legal or regulatory exposure, unfavorable accounting treatment, unexpected increases in taxes or other adverse effects on our business. Litigation, indemnification claims and other unforeseen claims and liabilities may arise from the acquisition or operation of acquired businesses. If we are unable to complete the number and kind of investments for which we plan, or if we are inefficient or unsuccessful at finding a suitable target or at integrating any acquired businesses into our operations, we may not be able to achieve our planned rates of growth or improve our market share, profitability or competitive position in specific markets or services.
We periodically evaluate, and have engaged in, the disposition of assets and businesses. Divestitures could involve difficulties in the separation of operations, services, products and personnel, the diversion of management’s attention, the disruption of our business and the potential loss of key employees. After reaching an agreement with a buyer for the disposition of a business, the transaction may be subject to the satisfaction of pre-closing conditions, including obtaining necessary regulatory and government approvals, which, if not satisfied or obtained, may prevent us from completing the transaction. Divestitures may also involve continued financial involvement in or liability with respect to the divested assets and businesses, such as indemnities or other financial obligations, in which the performance of the divested assets or businesses could impact our results of operations. Any divestiture we undertake could adversely affect our results of operations.
Our success depends on our relationships with banks, payment card networks, issuers and financial institutions.
The nature of our business requires us to enter into numerous commercial and contractual relationships with banks, card networks, issuers and financial institutions. We depend on these relationships to operate on a day-to-day basis. If we are unsuccessful in establishing, renegotiating or maintaining mutually beneficial relationships with these parties, our business may be harmed. In addition, these relationships are subject to a number of risks, including the following:
9
If, for any reason, any banks, payment card schemes, issuers or financial institutions cease to supply us with the services we require to conduct our business, or the terms on which such services are provided were to become less favorable or be canceled, or a contractual claim made against us, it could impact our ability to provide our payment services, or the basis on which we are able to provide such services. This, and any of the factors set forth above, could result in a loss for us, which could have a material adverse effect on our results of operations, financial condition and future prospects.
Our revenues from the sale of services to merchants that accept Visa cards and Mastercard cards are dependent on our continued financial institution sponsorship.
Because we are not a bank, our business is not eligible for membership in card payment networks, and we are, therefore, unable to directly access these card payment networks, which are required to process transactions. These networks’ operating regulations require us to be sponsored by a member bank in order to process electronic payment transactions. Our various payment processing businesses are registered with the card networks through seven separate sponsor banks (who settle the transactions with our merchants).
Our sponsor banks may terminate their agreements with us if we materially breach the agreements and do not cure the breach within an established cure period, if we enter bankruptcy or file for bankruptcy, or if applicable laws or regulations, including Visa and/or Mastercard regulations, change to prevent either the applicable bank or us from performing services under the agreement. If these sponsorships are terminated and we are unable to secure a replacement sponsor bank within the applicable wind down period, we will not be able to process electronic payment transactions.
Furthermore, our agreements with our sponsor banks provide the sponsor banks with substantial discretion in approving certain elements of our business practices, including our solicitation, application and underwriting procedures for merchants. We cannot guarantee that our sponsor banks’ actions under these agreements will not be detrimental to us, nor can we provide assurance that any of our sponsor banks will not terminate their sponsorship of us in the future. Our sponsor banks have broad discretion to impose new business or operational requirements on us for purposes of compliance with payment network rules, which may materially adversely affect our
10
business. If our sponsorship agreements are terminated and we are unable to secure another sponsor bank, we will not be able to offer Visa, Mastercard or other card scheme transactions or settle transactions which would likely cause us to terminate our operations.
Our sponsor banks also provide or supplement authorization, funding and settlement services in connection with our bankcard processing services. If our sponsorship agreements are terminated and we are unable to secure another sponsor bank, we will not be able to process Visa, Mastercard or other card scheme transactions, which would have a material adverse effect on results of operations, financial conditions and future prospects. A change in underwriting, credit policies, credit risk or reputational risk appetite of our sponsor banks may impact appetite for volume and/or merchant categories. Further, there is a long lead time to secure new sponsor banks, as described above under “—Our success depends on our relationships with banks, payment card networks, issuers and financial institutions—new banking relationships.”
In many countries in which we operate, we are legally or contractually required to comply with the anti-money laundering laws and regulations, such as, in the United States, the Bank Secrecy Act, as amended by the USA PATRIOT Act (collectively, the “BSA”), and similar laws of other countries, which, among other things, require that customer identifying information be obtained and verified. As described in “—Regulatory, Legal and Tax Risks—We must comply with money laundering regulations in the UK, Ireland, Switzerland, the United States, Canada and elsewhere, and any failure to do so could result in severe financial and legal penalties,” we are directly subject to certain of these requirements, including, in the United States, BSA requirements applicable to Skrill USA Inc. (“Skrill USA”). In other instances, we also have contractually agreed to assist our sponsor banks with their obligation to comply with anti-money laundering requirements that apply to them, including, in the United States, BSA requirements applicable to such sponsor banks. In addition, we and our sponsor banks are subject to laws and regulations that prohibit persons in certain jurisdictions from engaging in transactions with certain prohibited persons or entities, such as those enforced by the Office of Foreign Assets Control in the United States (“OFAC”). Similar requirements apply in other countries. It could be costly for us to comply with these legal and contractual requirements and our failure to comply with any of these contractual requirements or laws could adversely affect our results of operations, financial conditions and future prospects, and could result in termination of the contracts.
We have obtained “principal membership” with both Mastercard Europe and Visa Europe payment networks to offer merchant acquiring services to merchants in the European Union and the UK. This means that we are solely responsible for the adherence to the rules and standards of the payment networks and it enables us to route transactions under our own payment network license to authorize and clear transactions. Under our payment network licenses, we are allowed to perform funds settlement directly to merchants. A loss of membership or significant change to the commercial terms of our European Mastercard and Visa payment network membership would have an adverse effect on the results of these businesses’ operations.
We rely on third parties in many aspects of our business, which creates additional operational risk.
We rely on third parties in many aspects of our business, including the following:
This reliance exposes us to increased operational risk. These third parties may be subject to financial, legal, regulatory and labor issues, cybersecurity incidents, privacy breaches, service terminations, disruptions or interruptions, or other problems, including reputational problems, which may impose additional costs or requirements on us or prevent these third parties from providing services to us or our customers on our behalf, or result in loss of funds to us or our customers, which could have a material adverse effect on our results of operations, financial condition and future prospects.
11
The EU and the UK have requirements in relation to outsourcing arrangements that are applicable to certain aspects of our businesses. These requirements set out strict standards to follow when outsourcing critical or important functions that have a strong impact on a financial institution’s risk profile or on its internal control framework. Such outsourcing arrangements require the prior approval of the relevant regulatory bodies. Furthermore, any changes to our existing critical and important outsourced functions may be subject to regulatory approvals which, if not satisfied or obtained, may prevent us from initiating the change. Although we have implemented processes to ensure compliance with the required standards, a failure to meet these requirements could lead to regulatory challenge and require remediation and/or fines or penalties if we are found to be in noncompliance with the relevant regulation.
In addition, these third parties may breach their agreements with us, disagree with our interpretation of contract terms or applicable laws and regulations, refuse to continue or renew these agreements on commercially reasonable terms or at all, fail or refuse to process transactions or provide other services adequately, take actions that degrade the functionality of our services, impose additional costs or requirements on us or our customers, or give preferential treatment to competitive services. Some of these third party service providers are, or may become, owned by our competitors. There can be no assurance that third parties who provide services directly to us or our customers on our behalf will continue to do so on acceptable terms, or at all. If any third parties do not adequately or appropriately provide their services or perform their responsibilities to us or our customers on our behalf, we may be unable to procure alternatives from other third parties in a timely and efficient manner and on acceptable terms, or at all, and we may be subject to business disruptions, losses or costs to remediate any of the deficiencies, customer dissatisfaction, reputational damage, legal or regulatory proceedings, or other adverse consequences, any of which could have a material adverse effect on our results of operations, financial condition and future prospects.
Our business depends on a strong and trusted brand, and any failure to maintain, protect and enhance our brand could materially harm our business.
We believe that maintaining, protecting and enhancing our strong and trusted brand is critical to achieving widespread acceptance of our products and services and expanding our base of customers. Maintaining and promoting our brand will depend largely on our ability to continue to provide useful, reliable, secure, and innovative products and services, as well as our ability to maintain trust and be a technology leader. We may introduce, or make changes to, features, products, services, privacy practices, or terms of service that customers do not like, which may materially and adversely affect our brand. Our brand promotion activities may not generate customer awareness or increase revenue, and even if they do, any increase in revenue may not offset the expenses we incur in building our brand. The introduction and promotion of new products and services, as well as the promotion of existing products and services, may be partly dependent on our visibility on third-party advertising platforms, such as Google, Twitter, or Facebook. Changes in the way these platforms operate or changes in their advertising prices, data use practices or other terms could make the maintenance and promotion of our products and services and our brand more expensive or more difficult. If we fail to successfully promote and maintain our brand or if we incur excessive expenses in this effort, our business could be materially and adversely affected.
Harm to our brand can arise from many sources, including failure by us or our partners and service providers to satisfy expectations of service and quality, inadequate protection or misuse of sensitive information, failure to meet applicable legal and regulatory requirements, including compliance failures and allegations, litigation and other claims, employee misconduct, fraud, fictitious transactions, bad transactions, negative customer experiences, and misconduct by our partners, service providers, or other counterparties. We have also been in the past, and may in the future be, the target of incomplete, inaccurate, and misleading or false statements about our Company, our business, and our products and services that could damage our brand and deter consumers and merchants from adopting our products and services. From time to time, the industry verticals we serve (and we, by association) are the subject of negative publicity, which can harm our brand and deter consumers and merchants from adopting our products and services. See “—Our focus on the global entertainment verticals can increase our risks relative to other companies in our industry.” Any negative publicity about our industry or our company, the quality and reliability of our products and services, our risk management processes, changes to our products and services, our ability to effectively manage and resolve customer complaints, our privacy, data protection, and information security practices, litigation, regulatory activity, policy positions, and the experience of our customers with our products or services could adversely affect our reputation and the confidence in and use of our products and services. If we do not successfully maintain a strong and trusted brand, our business could be materially and adversely affected.
In addition, the registered or unregistered trademarks or trade names that we own may be challenged, infringed, declared generic, or determined to be infringing on or dilutive of other marks. We may not be able to protect our rights in these trademarks and trade names, which we need in order to build name recognition with potential customers. Moreover, third parties may use, or file for registration of trademarks similar or identical to our trademarks; if they succeed in registering or otherwise developing common law rights in such trademarks, and if we are not successful in challenging such third-party’s use of such trademarks, our own trademarks may no longer be useful to develop brand recognition of our technologies, products or services. Furthermore, there could be potential trade name or trademark infringement claims brought by owners of other trademarks, including trademarks that incorporate variations of our registered or unregistered trademarks or trade names. If we are unable to establish name recognition based on our trademarks and trade names, we
12
may not be able to compete effectively, which could have a material adverse effect on our competitive position, business, financial condition, results of operations, and prospects.
The occurrence of regional epidemics or a global pandemic and other geopolitical conditions, including any resulting global economic uncertainty and measures taken in response, could materially impact our business and future results of operations and financial condition.
The occurrence of regional epidemics or a global pandemic, such as COVID-19, may adversely affect our operations, financial condition, and results of operations. The extent to which global pandemics impact our business going forward will depend on factors such as the duration and scope of the pandemic; governmental, business, and individuals' actions in response to the pandemic; and the impact on economic activity, including the possibility of recession or financial market instability.
For example, the COVID-19 pandemic disrupted the economy and put unprecedented strains on governments, health care systems, businesses and individuals around the world. Our merchants, particularly in industries most impacted by the COVID-19 pandemic, including the retail, restaurant, hotel, hospitality, consumer discretionary and travel industries and companies whose customers operate in impacted industries, may reduce or delay their technology-driven transformation initiatives due to a pandemic, which could materially and adversely impact our business. Further, as a result of the COVID-19 pandemic, we experienced slowed growth or decline in new demand for our products and services and lower demand from our existing merchants for expansion within our products and services, as well as existing and potential merchants reducing or delaying purchasing decisions. As a result of the COVID-19 pandemic, we experienced an increase in prospective merchants seeking lower prices or other more favorable contract terms and current merchants attempting to obtain concessions on the terms of existing contracts, including requests for early termination or waiver or delay of payment obligations. A similar pandemic event could adversely affect and materially adversely impact our business, results of operations and overall financial condition in future periods.
Pandemics could cause our third-party service providers such as data center hosting facilities and cloud computing platform providers, which are critical to our infrastructure, to shut down their business, experience security incidents that impact our business, delay or disrupt performance or delivery of services or experience interference with the supply chain of hardware required by their systems and services, any of which could materially adversely affect our business. In addition, our technology platforms and the other systems or networks used in our business may experience an increase in attempted cyber-attacks, targeted intrusions, ransomware and phishing campaigns seeking to take advantage of shifts to employees working remotely using their household or personal internet networks as a result of a pandemic. The success of any of these unauthorized attempts could substantially impact our technology platforms, the proprietary and other confidential data contained therein or otherwise stored or processed in our operations, and ultimately our business. Any actual or perceived security incident also may cause us to incur increased expenses to improve our security controls and to remediate security vulnerabilities. Additionally, we may experience an increased volume of unanticipated customer requests for support (resulting in increased volume to our customer support and operations centers) and regulatory requests for information and support or additional regulatory requirements, which could require additional resources and costs to address.
To the extent that any pandemic, including the COVID-19 pandemic, or other geopolitical conditions adversely affects our business and financial results, it may also have the effect of heightening many of the other risks described in this “Risk Factors” section.
We may fail to hold, safeguard or account accurately for merchant or customer funds.
Our success requires significant public confidence in our ability to properly manage our customers’ balances and handle large and growing transaction volumes and amounts of customer funds. The amounts necessary to meet the claims of customers must either be held in secure, liquid low-risk assets or placed in a segregated account of an authorized credit institution or we may hold an insurance policy or bank guarantee. We employ internal controls and compliance procedures designed to hold, safeguard and account accurately for customer and merchant liabilities. Our ability to manage and account accurately for the assets underlying our customer funds and comply with applicable liquidity requirements requires a high level of internal controls. As our business continues to grow and we expand our product offerings, we must continue to strengthen our associated internal controls. Any failure to account accurately for customer and merchant funds or to fail to comply with applicable regulatory requirements could result in reputational harm, lead customers to discontinue or reduce their use of our products and result in significant penalties and fines, which could materially harm our business. Our Safeguarding controls undergo annual and event triggered examination and review by independent internal and external auditors, as well as continuous first line self-assessment. Any self-identified issue or audit observation or finding is immediately addressed through remediation action. For more information regarding our assessment of the consequences of breaches of our e-money issuer, payment initiation services provider or money transmitter licenses, see “—Regulatory, Legal and Tax Risk—We are subject to financial services regulatory risks.”
13
Our business and products are dependent on the availability, integrity and security of internal and external IT transaction processing systems and services.
Our business requires the ongoing availability and uninterrupted operation of internal and external transaction processing systems and services. We rely on controls and systems designed to ensure data integrity of critical business information and proper operation of our systems and networks, and we review the processes of our third party providers of transaction processing and IT-related functions. Such third parties are, however, ultimately responsible for maintaining their own network security, disaster recovery and system management procedures. All operational systems are vulnerable to damage or interruption from targeted denial of service attacks, viruses, unauthorized access (internally or by third parties), natural or man-made disasters and human or technological failures under a variety of scenarios. A system outage or data loss, whether connected to our IT transaction processing systems and services or those of our third party providers, could have a material adverse effect on our business, financial condition and results of operations. In addition, as a provider of payments solutions, we are subject to scrutiny by regulators and laws and regulations in relation to operational resilience that require specific risk management and mitigation, business continuity and disaster recovery plans and rigorous testing of such plans. This scrutiny and the related requirements may be costly and time-consuming and may divert our resources from other business priorities, and frequent or persistent site interruptions could lead to fines and penalties, and mandatory and costly changes to our business practices, and ultimately could cause us to lose existing licenses that we need to operate or prevent or delay us from obtaining additional licenses that may be required for our business. Events that could cause system interruptions or impact the ability of staff or third parties to supply necessary skills or services include pandemics, fire, earthquake, flood, terrorist attacks, natural disasters, attacks from malicious third parties, employee malfeasance or negligence, computer viruses, unauthorized entry, telecommunications failure, power loss, data loss, cyberattacks, acts of war or any similar events.
We may modify, enhance, upgrade and implement new systems, procedures and controls to reflect changes in our business, technological advancements and changing industry trends. These upgrades may create risks associated with implementing new systems and integrating them with existing ones. As a result, our IT and information management systems may fail to operate properly (for example, by capturing customer data erroneously) or become disabled as a result of events that are beyond our control, such as an usually high increase in transaction volume. We may also incur additional costs in relation to any new or upgraded systems, procedures and controls and additional management attention could be required in order to ensure an efficient integration, placing burdens on our internal resources.
Despite the network security, disaster recovery and systems management measures that we have in place, we cannot ensure that we would be able to carry on our business in the ordinary course if our systems or those of our third party service providers fail or are disrupted. Indeed, while much of our processing infrastructure is located in multiple redundant data centers or hosted on resilient cloud platforms, we have a limited number of core business systems that are located in only one facility and do not have redundancy. Any such failure of IT and information management systems could adversely affect our reputation, our ability to effect transactions and service customers and merchants, disrupt our business or result in the misuse of customer data, financial loss or liability to our customers or regulators, the loss of suppliers, regulatory intervention or reputational damage.
Additionally, as our customers may use our products for critical transactions, any errors, defects or other infrastructure problems could result in damage to such customers’ businesses. These customers could seek compensation from us for their losses and our insurance policies may be insufficient to cover such claims. Even if unsuccessful, this type of claim may be time consuming and costly for us. Any of the foregoing could have a material adverse effect on our results of operations and financial condition.
We are vulnerable to the effects of chargebacks, merchant insolvency and consumer deposit settlement risk.
We are exposed to the effect of chargebacks and merchant insolvency in our business. We are liable to various banks for chargebacks incurred by our merchants where the merchants are unable to meet liabilities arising as a result of those chargebacks. If the average chargeback rate on any of our merchant portfolios at any acquiring bank exceeds the maximum average chargeback rate permitted by the card agreements, we will be required to take steps to reduce the average chargeback rate so that it falls below the maximum permitted rate or risk losing our relationship with that acquiring bank. Those steps might include processing more transactions for merchants who have lower chargeback rates to produce a lower average chargeback rate for the portfolio as a whole or terminating relationships with merchants who have higher chargeback rates, which could in turn lead to a material loss of revenue for us. Chargebacks may arise as individual claims or as multiple claims relating to the same facts or circumstances. For example, the insolvency or cessation of a merchant doing business could cause numerous individual customers to bring claims at once which, either singly or in aggregate, could have a material adverse effect on our results of operations, financial condition and future prospects. Similarly, chargebacks or fraud related to our customers or merchants in our Digital Wallet business could cause the payment card schemes of which we are a member in Europe to require us to implement additional and potentially costly controls, and ultimately disqualify us from processing transactions if satisfactory controls are not maintained. Further, if any of the services we offer are deemed to have caused or contributed to illegal activity, customers, consumer protection agencies and regulatory firms could band together to initiate chargeback card payments or ACH reversals for transactions associated with the activity in question.
14
In our Digital Wallet division, we offer our merchants a “no chargeback policy.” A chargeback is the return of funds to a customer and in this context relates to a reversal of unauthorized charges to a customer’s credit card, for example, as a result of fraud or identity theft. Under our “no chargeback policy,” we agree to allow merchants who qualify under our vetting policy to retain all monies received from our NETELLER and Skrill digital wallet holders and undertake not to request reimbursement from such merchants in respect of chargebacks incurred. In such cases, the full amount of the disputed transaction is charged back to us and our credit card processor may levy additional fees against us unless we can successfully challenge the chargeback. We believe that our “no chargeback policy” is a key factor in a merchant’s decision to use our Digital Wallet services.
Our eCash Solutions division utilizes distribution partners and as such is exposed to credit risk in the event a distribution partner fails. This is managed through ongoing credit risk assessment with active exposure management including the use of credit limits, guarantees and insurance to limit overall exposure.
Our businesses are also subject to merchant credit risk in respect of non-payment for products provided and services rendered or non-reimbursement of costs incurred. The contracts we enter into may require significant expenditure prior to merchant payments and may expose us to potential credit risk or may require us to use our available bank facilities in order to meet payment obligations.
Additionally, we are exposed to risk associated with the settlement of consumer deposits. Digital Wallet deposits from financial institutions, such as bank accounts, are credited to customer accounts before settlement of funds is received. Thus, there is a risk that the funds may not be settled or may be recalled due to insufficient funds or fraud reasons, exposing us to the risk of negative customer wallet balances and bad debt. Further, Digital Wallet prepaid card deposits or transactions made by consumers may be charged back by consumers resulting in a negative balance and loss on our accounts. If we are unable to effectively manage and monitor these risks, they could have a material adverse effect on our results of operations, financial condition and future prospects.
We may become an unwitting party to fraud or be deemed to be handling proceeds resulting from the criminal activity of our customers.
We are focused on providing trusted services to our customers and merchants and ensuring that data and confidential information is transmitted and stored securely. Combating money laundering and fraud is a significant challenge in the online payment services industry because transactions are conducted between parties who are not physically present, which in turn creates opportunities for misrepresentation and abuse. Criminals are using increasingly sophisticated methods to engage in illegal activities such as identity theft, fraud and paper instrument counterfeiting. As an online payment company, we are especially vulnerable because of the convenience, immediacy and in some cases anonymity of transferring funds from one account to another and subsequently withdrawing them. The highly automated nature of, and liquidity offered by, our payments services make us a target for illegal or improper uses, including fraudulent or illegal sales of goods or services, money laundering and terrorist financing. Allegations of fraud may result in fines, settlements, litigation expenses and reputational damage.
While we employ a variety of tools to protect against fraud, these tools mitigate such risks rather than eliminating them entirely. We reserve the right to refuse to accept accounts or transactions from many high-risk countries, internet protocol addresses, e-mail domains and devices and continually update our screening filters. Our transaction monitoring systems are designed to identify various criteria, including the country of origination, in order to detect and monitor fraud and to reject any purported transactions if they appear to be fraudulent. Nevertheless, our transaction monitoring systems may not operate as intended or may otherwise fail to effectively detect fraudulent transactions or locate where a transaction is being made. We face significant risks of loss due to money laundering, fraud and disputes between senders and recipients, and if we are unable to deal effectively with losses from fraudulent transactions our business could be materially harmed.
The ability for customers to withdraw and deposit funds within various accounts and the potential for customer fraud in connection with certain gambling activities heightens the risks of money laundering and the unwitting receipt by us of criminal proceeds. Our industry is under increasing scrutiny from governmental authorities—in Europe, the United States and many other jurisdictions in which we operate—in connection with the potential for consumer fraud. Regulators in Ireland and the UK have recently stated their expectations for payment service providers to increase their efforts to detect, protect, reimburse or assist in loss recovery by customers exposed to authorized push payment fraud, and to increase surveillance for new and emerging fraud typologies, particularly in the context of crypto related transactions. The laws of some jurisdictions define or interpret what constitutes the underlying criminal activity that gives rise to criminal proceeds relatively narrowly (for example, terrorist financing). Conversely, other jurisdictions have adopted laws providing for relatively broad definitions or interpretations of underlying criminal activity (for example, in the UK criminal proceeds may arise from the conviction of any criminal offence where it is found that the defendant has benefited from the criminal conduct). Further, the extent to which payment processors may be held civilly or criminally liable for the criminal activities of its merchant customers also varies widely across the jurisdictions in which we operate.
15
If consumer fraud levels involving our services were to rise, it could lead to regulatory intervention and reputational and financial damage. This, in turn, could lead to additional government enforcement actions and investigations and concerns raised by merchants and our banking and payment partners, which in turn could reduce the use and acceptance of our services or increase our compliance costs and thereby have a material adverse impact on our business, financial condition and results of operations. By processing payments for merchants and customers in certain industry verticals, such as those engaged in the online gambling sector, we may be deemed to be handling proceeds of crime in the jurisdiction where our merchants and customers are located. We are subject to anti-money laundering laws and regulations, including, in the United States, the BSA which requires money services businesses such as us to develop and implement risk-based anti-money laundering programs, report large cash transactions and suspicious activity and maintain transaction records. We have adopted a program to comply with these and other anti-money laundering regulations, but any errors or failure to implement the program properly could lead to lawsuits, administrative action and government fines and/or prosecution. In addition, even if we comply with such reporting and record-keeping requirements, law enforcement agencies in the relevant country could seize merchants’ or customers’ funds that are the proceeds of unlawful activity. Any such action could result in adverse publicity for our business and could have a material adverse effect on our results of operations, financial condition and future prospects.
Our risk management policies and procedures may not be fully effective in mitigating our risk exposure in all market environments or against all types of risks, which could expose us to losses and liability and otherwise harm our business.
We operate in a rapidly changing industry and we have experienced significant change in recent years, including in connection with certain acquisitions and arising from the provision of payment services in connection with crypto related transactions. Accordingly, our risk management policies and procedures may not be fully effective at identifying, monitoring and managing our risks at pace with these changes. Some of our risk evaluation methods depend upon information provided by third parties regarding markets, clients or other matters that are otherwise inaccessible to us. In some cases, however, that information may not be accurate, complete or up-to-date. Our risk management policies, procedures, techniques and processes may not be effective at identifying all of the risks to which we are exposed or enabling us to mitigate the risks we have identified. In addition, when we introduce new services, focus on new business types or begin to operate in markets in which we have a limited history of fraud loss, we may be less able to forecast and reserve accurately for new risks. Some risk mitigation may be deemed ineffectual, for example, if our insurance coverage is not adequate. We may need to initiate legal proceedings at a high cost if we are unable to come to a settlement with adversarial parties. If our risk management policies and processes are ineffective, we may suffer large financial losses, we may be subject to civil and criminal liability and our business, financial condition and results of operations may be materially and adversely affected. Moreover, the nature of financial crime and the attack methods used are constantly changing and adapting to our controls framework, which may results in imperfect risk mitigation while we also adapt to new patterns and trends of suspicious behavior.
We are required to comply with payment card network operating rules.
Payment networks, such as Visa, Mastercard and American Express, establish their own rules and standards that allocate liabilities and responsibilities among the payment networks and their participants. These rules and standards, including the Payment Card Industry Data Security Standards, govern a variety of areas, including how consumers and clients may use their cards, the security features of cards, security standards for processing, data security and allocation of liability for certain acts or omissions, including liability in the event of a data breach. The payment networks may change these rules and standards from time to time as they may determine in their sole discretion and with or without advance notice to their participants. These changes may be made for any number of reasons, including as a result of changes in the regulatory environment, to maintain or attract new participants, or to serve the strategic initiatives of the payment networks, and may impose additional costs and expenses on or be disadvantageous to certain participants. Participants are subject to audit by the payment networks to ensure compliance with applicable rules and standards. The networks may fine, penalize or suspend the registration of participants for certain acts or omissions or the failure of the participants to comply with applicable rules and standards. Furthermore, the networks may levy fines on our sponsor banks in the event that our processing behavior causes our sponsor banks to breach their obligations to scheme rules including breaching, for example, applicable thresholds, such as chargeback or fraud thresholds. This occurrence can lead to an adverse impact on our sponsor bank relationships and any required remedies can create additional costs. Our removal from a given network’s list of Payment Card Industry Data Security Standard compliant service providers could mean that existing merchants, customers, sales partners or other third parties may cease using or referring our services. Also, prospective merchants, customers, sales partners or other third parties may choose to terminate negotiations with us, or delay or choose not to consider us for their processing needs. In addition, the card networks could refuse to allow us to process through their networks. Any of the foregoing could materially adversely impact our business, financial condition or results of operations.
Changes to these network rules or how they are interpreted could have a significant impact on our business and financial results. For example, changes in the payment card network rules regarding chargebacks may affect our ability to dispute chargebacks and the amount of losses we incur from chargebacks. Changes to and interpretations of the network rules that were inconsistent with the way we operated has, in the past, required us to make changes to our business, and any future changes to or interpretations of the network rules that are inconsistent with the way we currently operate may require us to make changes to our business that could be costly or difficult to implement. If we fail to make such changes or otherwise resolve the issue with the payment card networks, the networks could pass on
16
fines and assessments in respect of fraud or chargebacks related to our merchants or disqualify us from processing transactions if satisfactory controls are not maintained, which could have a material adverse effect on our business, financial condition and results of operations.
In addition, we are required to comply with additional clearing scheme rules not particular to card companies, such as Bacs Payment Schemes Limited (formerly known as the Bankers Automated Clearing System), and the Single Euro Payments Area (also known as the SEPA, EBA Step2) scheme, which govern the clearing and settlement of certain UK and European electronic payment methods. Changes in the classification of our business by Visa and/or Mastercard could result in restrictions on our service offerings. For example, the classification of our Digital Wallet as a “Staged Digital Wallet,” a “Pass-Through Digital Wallet,” or a “Stored Value Digital Wallet” impacts which merchants in various jurisdictions can accept our funds.
Our efforts to expand our product portfolio and market reach may not succeed, and if we fail to manage our growth effectively, our business could be materially harmed.
While we intend to continue to broaden the scope of products and services we offer, we may not be successful in deriving any significant revenue from these products and services. Failure to broaden the scope of products and services that are attractive may inhibit our growth and harm our business. Furthermore, we may have limited or no experience in our newer markets and we cannot assure you that any of our products or services in our newer markets will be widely accepted or that they will generate revenue. Our offerings may present new and difficult technological, operational, regulatory and other challenges, and if we experience service disruptions, failures, or other issues, our business may be materially and adversely affected. Our newer activities may not recoup our investments in a timely manner or at all. If any of this were to occur, it could damage our reputation, limit our growth, and materially and adversely affect our results of operations and financial condition.
Further, in order to manage our growth effectively, we must continue to strengthen our existing infrastructure, develop and improve our processes and internal controls, create and improve our reporting systems, and timely address issues as they arise. As we continue to strengthen our existing infrastructure and systems, we will also be required to hire additional personnel. These efforts may require substantial financial expenditures, commitments of resources, developments of our processes, and other investments and innovations. Furthermore, we encourage employees to quickly develop and launch new features for our products and services. As we grow, we may not be able to execute as quickly as smaller, more agile organizations. In addition, as we grow, we may not be able to maintain our entrepreneurial company culture, which fosters innovation and talent. If we do not successfully manage our growth, our business may be adversely affected.
We depend on key management, as well as our experienced and capable employees, and any failure to attract, motivate, and retain our employees could harm our ability to maintain and grow our business.
We depend upon the continued services and performance of our directors and key senior management. Our directors and key senior management play a key role in maintaining our culture and in setting our strategic direction. The unexpected departure or loss of one or more of our directors or key senior management team members could harm our ability to maintain and grow our business, and there can be no assurance we will be able to attract or retain suitable replacements for such directors and/or key management in a timely manner, or at all. We also may incur significant additional costs in recruiting and retaining suitable replacements and avoiding disruption in integrating them into our business.
In addition, our operations and the execution of our business plan depend on our ability to attract, train and retain suitably skilled or qualified personnel with relevant industry and operational experience and to ensure that we have a robust succession planning system in place. In order for us to expand our operations in the future we will need to recruit and retain further personnel with suitable experience, qualifications and skill sets capable of advancing our business. Additionally, we are in the process of incorporating more automation and re-engineering processes in our business, and uncertainty related to this transformation may affect our ability to retain our employees. Depending on the geographical area, there can be substantial competition for suitably skilled or qualified personnel with relevant industry and operational experience and there can be no assurance that we will be able to attract or retain our personnel on similar terms to those on which we currently engage our employees, or at all. We see this risk in particular in our Digital Wallet operations center in Sofia, Bulgaria, where we have found it can be more difficult to identify qualified local talent from which to staff our operations. If we are unable to attract or retain suitably skilled or qualified personnel then this could have a material adverse effect on our results of operations, financial condition and future prospects.
17
If we cannot keep pace with rapid technological developments to provide new and innovative products and services, the use of our products and services and, consequently, our revenues could decline.
Rapid, significant, and disruptive technological changes, such as machine learning, container technology, artificial intelligence, biometrics (for authorization and authentication) as well as quantum computing, impact the industries in which we operate, including developments in payment card tokenization, mobile, social commerce (i.e., eCommerce through social networks), authentication, cryptocurrencies (including distributed ledger and blockchain technologies), and near-field communication, and other proximity payment technologies, such as contactless payments. As a result, we expect new services and technologies to continue to emerge and evolve, and we cannot predict the effects of technological changes on our business. In addition to our own initiatives and innovations, we rely in part on third parties, including some of our competitors, for the development of and access to new or evolving technologies. These third parties may restrict or prevent our access to, or utilization of, those technologies, as well as their platforms or products. In addition, we may not be able to accurately predict which technological developments or innovations will become widely adopted and how those technologies may be regulated. We expect that new services and technologies applicable to the industries in which we operate will continue to emerge and may be superior to, or render obsolete, the technologies we currently use in our products and services. Developing and incorporating new technologies into our products and services may require substantial expenditures, take considerable time, and ultimately may not be successful.
In addition, our ability to adopt new products and services and to develop new technologies may be inhibited by industry-wide standards, payments networks, changes to laws and regulations, resistance to change from consumers or merchants, third-party intellectual property rights, or other factors. For example, consumers can use their Skrill and NETELLER wallets to trade in cryptocurrencies. Our success in providing cryptocurrency services, and with other rapid technological innovations, will depend on our ability to develop and incorporate new technologies and adapt to technological changes and evolving industry standards; if we are unable to do so in a timely or cost-effective manner, our business could be harmed.
We are currently building a single core platform for our businesses to increase resilience, speed and security and provide firm foundations for future releases and enhancements. Related to this are various initiatives, which include increasing our risk management, fraud management and compliance capabilities and ensuring that our updated architecture can support a constantly evolving KYC, anti-money laundering, credit check and fraud monitoring environment; providing us with better reporting and analytics; providing our merchants with the ability to accept any payment method they wish; and allowing for increased customer customization of their services. However, there is no assurance that this platform will operate effectively or that we will achieve these intended benefits. A failure to deliver the solutions identified by our businesses as important for their future success in a timely or cost-effective manner could have an impact on our future success.
We face substantial and increasingly intense competition worldwide in the global payments industry.
The global payments industry is highly competitive, rapidly changing, very innovative, and increasingly subject to regulatory scrutiny. We compete against a wide range of businesses, including businesses that are larger than we are with substantially greater financial and other resources than we have, have a more dominant and secure position, or offer other products and services to consumers and merchants that we do not offer, as well as smaller companies that may be able to respond more quickly to regulatory and technological changes. These competitors may act on business opportunities within our specialized industry verticals, which may reduce our ability to maintain or increase our market share. In addition, the services of our various competitors are differentiated by features and functionalities such as brand recognition, customer service, trust and reliability, distribution network and channel options, convenience, price, speed, variety of payment methods, service offerings and innovation.
In addition, our competitors may be able to offer more attractive economic terms to our current and prospective clients. If competition requires us to offer more attractive economics by reducing our fees or otherwise modifying our terms in order to maintain market share and continue growing our client base, we will need to aggressively control our costs in order to maintain our profit margins and our revenues may be adversely affected, and our ability to control our costs is limited because we are subject to fixed transaction costs related to payment networks. Competition could also result in a loss of existing clients and greater difficulty in attracting new clients. One or more of these factors could have a material adverse effect on our business, financial condition and results of operations.
Furthermore, many of the areas in which we compete evolve rapidly with changing and disruptive technologies, shifting user needs, and frequent introductions of new products and services. Competition may also intensify as businesses enter into business combinations and alliances, and established companies in other segments expand to become competitive with different aspects of our business. If we cannot compete effectively, the demand for our products and services may decline, which would adversely impact our competitive position, business and financial performance.
18
Our operating results and operating metrics are subject to seasonality and volatility, which could result in fluctuations in our quarterly revenues and operating results or in perceptions of our business prospects.
We have experienced in the past, and expect to continue to experience, seasonal fluctuations in our business. For instance, our eCash Solutions division historically experiences increased activity during the traditional holiday period and around other nationally recognized holidays, when certain games operators may run promotions, consumers enjoy more leisure time and younger consumers may receive our products as gifts. Our Digital Wallet segment experiences increased activity based on the occurrence and timing of sporting events. Volatility in our revenue, key operating metrics or their rates of growth could result in fluctuations in our financial condition or results of operations and may lead to adverse inferences about our prospects, which could result in declines in our share price.
Regulatory, Legal and Tax Risks
Our operations can be constrained in countries with less predictable legal and regulatory frameworks.
If the legal and regulatory system in a particular country is less predictable, this can create a more difficult environment in which to conduct business. For example, any of the following could hamper our operations and reduce our earnings in these types of countries:
Conducting business in countries with less predictable legal and regulatory regimes could require us to devote significant additional resources to understanding, and monitoring changes in, local laws and regulations, as well as structuring our operations to comply with local laws and regulations and implementing and administering related internal policies and procedures.
Given the above mentioned challenges and the ever changing landscape, we may fail to conduct our business in compliance with the laws and regulations of the jurisdictions in which we operate and/or those jurisdictions in which we provide services, and the risk of noncompliance can be greater in countries that have less predictable legal and regulatory systems.
Our business is subject to extensive regulation and oversight in a variety of areas, all of which are subject to change and uncertain interpretation, including in such ways as could criminalize certain of our activities.
We are subject to a wide variety of laws, regulations, licensing schemes and industry standards in the countries and localities in which we operate. These laws, regulations, and standards govern numerous areas that are important to our business, including, but not limited to, online gambling, consumer protection, governance, information security, anti-money laundering, fraud, safeguarding of client funds, strong customer authentication, operational resilience, outsourcing, regulatory reporting, ESG, securities, labor and employment, unclaimed property laws, competition, privacy and data protection, biometric data processing and marketing and communications practices. Such laws, regulations, and standards are subject to changes and evolving interpretations and application, including by means of legislative changes, new guidance, administrative changes and/or executive orders, and it can be difficult to predict how they may be applied to our business and the way we conduct our operations, particularly as we introduce new products and services and expand into new jurisdictions. For example, in 2022, the Bank of Italy formed the view that the distribution of my paysafecard codes through the local network of points of sale resulted in Italian anti-money laundering law becoming directly applicable to the sale of those vouchers. After engagement with the Bank of Italy, a local Central Contact Point was established in Italy and changes to the process for the purchase of codes including the collection of ‘code fiscale’ were implemented. Several upcoming changes in local gambling laws such as new gambling requirements in Peru and Brazil, will require us to assess the way we will be able to offer our products under the new regulations. Many countries, including Ireland, UK and Brazil, are introducing new laws and regulations related to crypto services. We are subject to the Accessibility Directive in the EU, which requires that products and services can be used by customers with different needs. Any perceived or actual breach of laws, regulations, and standards could result in investigations, regulatory inquiries, loss of licensure, litigation, fines, injunctions, negative customer sentiment, impairment of our existing or planned products and services, or otherwise materially and adversely impact our business. In addition, regulatory scrutiny in one jurisdiction can lead to increased scrutiny
19
from regulators and legislators in other jurisdictions that may harm our reputation, brand and third-party relationships and have a material adverse effect on our results of operations, financial performance and future prospects.
We are also subject to oversight by various governmental agencies and authorities in the countries and localities in which we operate. In light of the current conditions in the global financial markets and economy, lawmakers and regulators have increased their focus on the regulation of the financial services industry. Although we have a compliance program focused on the laws, rules, and regulations that we believe are applicable to our business, we may still be subject to a requirement to change various aspects of our business or the manner in which we carry out our business in certain countries, or to fines, injunctions or other penalties levied by regulators in one or more jurisdictions. In addition to fines, penalties for failing to comply with applicable rules and regulations could include significant criminal and civil lawsuits, forfeiture of significant assets, increased licensure requirements, loss of licensure or other enforcement actions. Any perceived or actual breach of compliance by us with respect to applicable laws, rules and regulations could have a significant impact on our reputation as a trusted brand and could cause us to lose existing customers, prevent us from obtaining new customers, require us to expend significant funds to remedy problems caused by breaches and to avert further breaches and expose us to legal risk and potential liability.
In the future, we may also be required to make changes to our business practices or compliance programs as a result of regulatory scrutiny. For example, we are subject to supervisory inspections on a range of topics which have recently included financial crime and fraud, consumer duty, governance and outsourcing, and must implement any changes required by a regulator if findings are made.
We generate a significant portion of our revenue by processing online payments for merchants and customers engaged in the online gambling and foreign exchange trading sectors.
We generate a significant portion of our revenue from merchants operating in the regulated and unregulated gaming and sports betting and foreign exchange trading sectors. We and our merchants and customers are subject to various laws and regulations in relation to online gambling. Regulations in the gaming and sports betting and foreign exchange trading sectors vary significantly among different countries and localities. In many cases, they may be unclear and may also change, sometimes drastically, and such laws and regulations are constantly evolving and are often subject to conflicting interpretations.
The EU has generally moved towards controlled regulation of online-based gambling operators, rather than absolute prohibition. However, local laws in place in EU member states are sometimes incompatible with EU laws, regulations and directives, which introduces additional uncertainty around licensing and ongoing compliance obligations into the regulatory framework.
Additionally, many jurisdictions, particularly those outside of Europe and the United States, including many Latin American countries, have not updated their laws to address the supply of online gambling, which by its nature is a multijurisdictional activity. Due to the borderless nature of online gaming and sports betting and foreign exchange trading, a merchant properly licensed in its home jurisdiction may still provide services to consumers in other jurisdictions, knowingly or unknowingly, including in jurisdictions whose regulations are ambiguous or where gaming, sports betting and/or foreign exchange trading are prohibited. We currently operate in Latin American countries where there are no licensing requirements and the regulatory environment is changing. If new regulations are imposed, our ability to operate in those counties could become more difficult and more costly.
We have policies and procedures in place that are designed to ensure that we comply with applicable rules regarding card brands, regulated verticals and bank sponsor requirements. However, these policies and procedures may not always be effective. If we provide services, intentionally or unintentionally, to gaming and sports betting and foreign exchange trading companies that do not have proper regulatory authorizations, we could be subject to fines, penalties, reputational harm or other negative consequences. Other jurisdictions have updated legislation to pass laws to regulate online gambling but only to permit license holders to supply services in that jurisdiction. Some of these laws purport to have an extra territorial effect and specifically preclude payment support of any gambling transactions, with powers to request the co-operation of banks and card issuers, or, in some jurisdictions, to criminalize the support they provide. Nevertheless, the legality of online gambling and the provision of services to online gambling merchants and customers is subject to uncertainties arising from differing approaches by legislatures, regulators and enforcement agents, including in relation to determining in which jurisdiction the game or the bet takes place and, therefore, which law applies and where the transaction should be taxed. This uncertainty creates a risk for us that, even in instances where older laws have not been updated to address new technology, courts may interpret older legislation in an unfavorable way and determine our activities to be illegal. This could lead to criminal or civil actions being brought against our customers, merchants, us or any of our directors, or us (or our merchants or customers) being forced to cease doing business in a particular jurisdiction, all or any of which may, individually or collectively, materially and adversely affect our results of operations and financial condition and damage our reputation.
We rely on the continued supply of our services to merchants within the online gambling industry. Digital Wallets (which primarily provides services to the online gambling industry) represents approximately 46% of our revenue for the year ended December 31, 2023. Changes in the regulation of online gambling in the markets where we operate may materially and adversely affect our results of
20
operations and financial condition if such merchants are subject to increased taxes, compliance costs, levies and license fees or are forced to cease operating in a jurisdiction as a result of prohibitive legislation, which may result in reduced demand for our services within the online gambling industry.
While we do not provide gambling services, it is possible that we could be found to be acting unlawfully for processing gambling related payments. If we were found to be acting unlawfully for processing online gambling payments in any jurisdiction, it could have a material adverse effect on our reputation, operations and financial performance. Additional civil, criminal or regulatory proceedings could also be brought against us and/or our directors, executive officers and employees as a result. We could also be joined to proceedings brought against a merchant or other third parties for tracing claims resulting in the seizure of funds. Any such proceedings would potentially have cost, resource and reputational implications, and could have a material adverse effect on our results of operations, financial performance and future prospects and on our ability to retain, renew or expand our portfolio of licenses. Moreover, even if successfully defended, the process may result in us incurring considerable costs and require significant management resource and time.
In addition to gambling related payments, our payment systems may be used for potentially illegal or improper uses, including the fraudulent sales of goods or services, illegal sales of controlled substances or to facilitate other illegal activity. Such usage of our payment systems may subject us to claims, individual and class action lawsuits, government and regulatory investigations, inquiries or requests that could result in liability and reputational harm for us. Changes in law have increased the penalties for intermediaries providing payment services for certain illegal activities, and government authorities may consider additional payments-related proposals from time to time. Owners of intellectual property rights or government authorities may seek to bring legal action against providers of payments solutions that are peripherally involved in the sale of infringing or allegedly infringing items. Any threatened or resulting claims could result in reputational harm, and any resulting liabilities, loss of transaction volume, or increased costs could harm our business.
We are subject to financial services regulatory risks.
Certain of our subsidiaries in the UK are authorized by the FCA under the Electronic Money Regulations 2011 to perform the regulated activity of issuing e-money and the provision of payment services (which has the meaning specified in the Second Electronic Money Directive) as well as to provide account information services and payment initiation services to support our Rapid Transfer service. We have the appropriate licenses and permissions to act as an e-money issuer in the UK and are registered as a Virtual Asset Service Provider for the provision of crypto related services.
Two of our entities in Ireland are authorized by the CBI to act as e-money issuers and to provide payment services (including account information and payment initiation services) and are passporting in other European Economic Area (“EEA”) jurisdictions. One of our Irish subsidiaries is also registered as a Virtual Asset Service Provider for the provision of crypto related services. Both the FCA and the CBI also implement, maintain and enforce a range of rules covering (among other things) the safeguarding of users’ funds and the fair treatment of consumers and other vulnerable customers. These rules are contained in various sources in Ireland including the Consumer Protection Code and the European Union (Payment Services) Regulations 2018 and apply to the regulated activities we carry out from Ireland across the EEA, and in the UK are most recently covered in the Consumer Duty rules. Breach of these rules may result in fines, public censures, customer remediation and redress and ultimately in the revocation of our regulatory licenses in Ireland.
EU laws and regulations are typically subject to different and potentially inconsistent interpretations by the local authorities in EU member states, which can make compliance more costly and operationally difficult to manage. Moreover, countries that are EU members may each have different and potentially inconsistent domestic regulations implementing European Directives, which may further increase compliance costs and operational complexity. For example, the Bank of Portugal required the Company to submit enhanced reporting despite the Company having no legal or regulatory presence in Portugal. EU Member States may interpret the same EU rule in different ways. For example, some local supervisory authorities deem the distribution of products through an independent distribution network as creating an 'establishment' that would render local AML laws applicable including the requirement to appoint a local central contact point. The nature of that appointment can also vary from country to country. Banks and distributors may take the approach that they will only enter into a relationship with entities subject to local laws and supervision.
Additionally, Skrill USA is registered with the U.S. Department of the Treasury Financial Crimes Enforcement Network (“FinCEN”) as a money services business and is regarded as a money transmission business in the United States. Money transmitting businesses are subject to numerous regulations in the United States at the federal and state levels, and we have obtained or applied for money transmitter licenses (or applicable similar licenses) in all U.S. states and territories in which we are required to do so. As a result, we are also subject to inspections, examinations, supervision, and regulation by each state in which we are licensed, and are subject to direct supervision by the Consumer Financial Protection Bureau (the “CFPB”). The CFPB has authority to interpret, enforce and issue regulations implementing enumerated consumer laws, including certain laws that apply to our business. The Dodd-Frank Act also empowers state attorney generals and other state officials to enforce federal consumer protection laws under specified conditions.
21
Although we have the authorizations and licenses referred to above, we issue e-money to customers in over 120 countries and territories and we are not licensed as an e-money issuer in the vast majority of these jurisdictions. We take the view that, in general, we are not conducting regulated activities in these other jurisdictions on the basis that our activities of issuing e-money are not conducted in each jurisdiction in which our relevant customers reside, but rather e-money is issued in jurisdictions in which we are licensed. We acknowledge that local regulators in these jurisdictions may take a different view and, as transaction volumes increase and/or the matter is brought to our attention by local regulators, we will take advice in respect of local requirements on a case-by-case basis.
Due to ongoing developments in e-money regulation, we obtain advice from external counsel as required in order to assess any applicable risk and, where necessary, will limit the extent of our operations in a particular jurisdiction or will consider whether to obtain a license in such jurisdiction. The adoption of new money transmitter or other licensing statutes in the jurisdictions in which we operate, changes in regulators’ interpretation of existing money transmitter or other licensing statutes or regulations, or disagreement by a regulatory authority with our interpretation of such statutes or regulations, could require additional registrations or licenses, limit certain of our business activities until they are appropriately licensed, and expose us to financial penalties.
We are not aware of any circumstances that may result in us being in breach of the terms of our e-money issuer, payment initiation service provider or money transmitter licenses that would be likely to lead to a revocation or termination of such licenses or a material restriction on such licenses, nor are we aware of any current or pending financial, civil or criminal proceedings asserted against us in connection with a failure to hold a license in any relevant jurisdiction. However, if we were found to be in violation of any current or future regulations, or to have previously been in breach of any regulation, in any countries from which we accept merchants or customers, including as a result of any failure by our employees to apply correctly our anti-money laundering procedures, this could result in a requirement for future compliance, fines, other forms of liability and/or force us to change business practices or to cease operations altogether, and we, our directors, executive officers or employees may also be exposed to a financial liability, civil or criminal liability, any of which could have a material adverse effect on our results of operations, financial condition and future prospects.
Catastrophic events or geopolitical conditions, including those related to climate change and increased focus on sustainability issues, may adversely affect our business and financial results and damage our reputation.
War, terrorism, political events, geopolitical instability, trade barriers and restrictions, public health issues, pandemics, natural disasters, or other catastrophic events have caused and could cause damage or disruption to the economy and commerce on a global, regional, or country-specific basis, which could have a material adverse effect on our business, our customers, and companies with which we do business. Such events could decrease demand for our products and services or make it difficult or impossible for us to deliver products and services to our customers. The frequency and severity of some catastrophic events, such as flooding, hurricanes, tornadoes, extended droughts, and wildfires are contributed to by global climate change, which many in the scientific community, in governmental bodies and elsewhere believe will continue for decades to come, potentially resulting in increased disruption to us. Geopolitical trends, including nationalism, protectionism, and restrictive visa requirements could limit the expansion of our business in those regions. Our business operations are subject to interruption by, among others, natural disasters, fire, power shortages, earthquakes, floods, nuclear power plant accidents, and events beyond our control such as other industrial accidents, terrorist attacks and other hostile acts, labor disputes and public health issues. A catastrophic event that results in a disruption or failure of our systems or operations could result in significant losses and require substantial recovery time and significant expenditures in order to resume or maintain operations, which could have a material adverse impact on our business, financial condition, and results of operations.
Additionally, actual or perceived environmental, social, governance and other sustainability (ESG) matters and our response to these matters could harm our business. Increasing governmental and societal attention to ESG matters, including expanding mandatory and voluntary reporting, diligence, and disclosure on topics such as climate change, human capital, labor and risk oversight, could expand the nature, scope, and complexity of matters that we are required to control, assess and report. For example, new reporting requirements are expected in the U.S. and the UK has introduced ESG requirements, with some requirements already in place. These factors may alter the environment in which we do business and may increase the ongoing costs of compliance and adversely impact our results of operations and cash flows. If we are unable to adequately address such ESG matters or we or our borrowers fail to comply with all laws, regulations, policies and related interpretations, it could negatively impact our reputation and our business results.
We are subject to current and proposed regulations addressing both consumer and business privacy and data use, which could adversely affect our business, financial condition and results of operations.
We are subject to a number of laws, rules, directives, and regulations, as well as requirements imposed on us by contracts with clients, relating to the collection, use, retention, storage, destruction, security, processing, transfer, and sharing of personal information about our customers and employees in the countries where we operate. Our business relies on the processing of data in many jurisdictions and the movement of data across national borders. As a result, much of the personal information that we process, especially financial information, is regulated by multiple privacy laws and, in some cases, the privacy laws of multiple jurisdictions. In many cases, these laws apply not only to third-party transactions, but also to transfers of information between or among us, our subsidiaries, and other
22
parties with which we have commercial relationships. These laws and regulations may at times be conflicting, and the requirements to comply with these regulations could result in a negative impact to our business.
Regulatory scrutiny of privacy, data protection, and the collection, use, storage, destruction, security, processing, transfer and sharing of personal information is increasing around the world. There is uncertainty associated with the legal and regulatory environment relating to privacy and data protection laws, which continue to develop in ways we cannot predict, including with respect to evolving technologies such as cloud computing and blockchain technology. Additionally, these laws and regulations may change or be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible they will be interpreted and applied in ways that will materially and adversely affect our business.
For example, we are subject to enhanced compliance and operational requirements under the General Data Protection Regulation (“GDPR”), which became effective in May 2018. Since 2016, we have engaged in a large, transformative program regarding data privacy in connection with GDPR compliance requirements. The GDPR applies to companies processing personal data of EU residents, imposes a strict data protection compliance regime with severe penalties for noncompliance of up to the greater of 4% of worldwide annual turnover or €20 million. The penalties for noncompliance with the GDPR could have a material adverse effect on our business, financial condition, results of operations and cash flows. We have incurred and we expect to continue to incur significant expenses to meet the obligations of the GDPR, which have required us to make significant changes to our business operations.
Although the GDPR applies across the EU without a need for local implementing legislation, each EU member state has the ability to interpret the GDPR opening clauses, which permit country-specific data protection legislation and which have created inconsistencies, on a country-by-country basis. Brexit and ongoing developments in the UK have created uncertainty with regard to data protection regulation in the UK and could result in the application of new data privacy and protection laws and standards to our operations in the UK, our handling of personal data of users located in the UK, and transfers of personal data between the EU and UK. The UK GDPR, effective as of January 1, 2021, and the UK Data Protection Act of 2018 (as amended on January 1, 2021) and which supplements the UK GDPR, now apply to our processing of personal data in the UK and elsewhere, if the processing is of UK residents. While the UK GDPR broadly mirrors the GDPR, the UK Government has indicated an intention to diverge from some areas of European legislation and following Consultation, a new Bill is now underway with respect to changes to the UK’s Data Protection Act 2018. In respect of the transfer of personal data from the EU to the UK under the GDPR, the UK and EU Trade and Cooperation Agreement (“TCA”) permitted data transfers from the EU to the UK to continue without restriction for four months post-Brexit (including a potential extension of two months) while the EU considered the UK’s application for adequacy of its data protection procedures. Such an adequacy decision by the EU was adopted by the European Commission on June 28, 2021 and permits personal data transfers between the EU and UK without further safeguards in place (such as standard contractual clauses). Active changes in law by the UK government to diverge from GDPR, together with an intention not to follow changes being made within the EU, creates an increasing risk of divergence between the two and the potential loss of the UK's adequacy decision. If the UK was to lose its adequacy decision from the EU, we may be required to implement new processes and put new agreements in place, such as standard contractual clauses, to govern any transfers of personal data from the EU to the UK and any such changes could impact our ability to transfer personal data from the UK to the EU and other third countries. The divergence of the UK’s data protection regime from GDPR could therefore lead to the removal of the European Commission adopted adequacy decision for the UK.
Additionally, Brexit and the subsequent implementation of the UK GDPR and any divergences therefrom expose us to parallel and differing data protection regimes, each of which potentially authorizes similar significant fines and other potentially divergent enforcement actions for certain violations.
Meanwhile, the Court of Justice of the European Union (“CJEU”) issued a decision on July 16, 2020 (commonly known as “Schrems II”) invalidating the EU-U.S. Privacy Shield Framework, a previously lawful mechanism of transfer for personal data from the EU to the United States. While the Schrems II decision did not invalidate standard contractual clauses, another lawful mechanism for making cross-border transfers, the decision has called their validity into question under certain circumstances, and had made the legality of transferring personal information from the EU to the United States more uncertain, and it may require government cooperation to resolve this issue. The issues and risks arising from the Schrems II decision are applied equally to transfers of personal information from the EU to any country which has not received an adequacy finding by the European Commission. Other jurisdictions could require us to make additional changes to the way we conduct our business and transmit data between the United States, the UK, the EU and the rest of the world. We had seen regulatory enforcement action arising from Schrems II, in particular the decisions of some European member state data protection authorities in prohibiting the transfer of Google Analytics data to the United States, the findings of which could apply to other / all transfers of personal data. The above data transfer risks have currently subsided following implementation of the EU / USA Data Transfer Framework ("DPF"), whereby the European Commission adopted its Adequacy decision for the DPF on the 10th July, 2023. This is a modification of the prior EU / US Privacy Shield and means that personal data can be transferred from the EU to companies which self-certify under the DPF without any other data transfer mechanisms (such as Standard Contractual Clauses or Binding Corporate Rules).
23
Any failure, or perceived failure, by us to comply with our privacy policies, with applicable industry data protection or security standards, with any applicable regulatory requirements or orders, or with privacy, data protection, information security, or consumer protection-related laws and regulations in one or more jurisdictions could result in proceedings or actions against us by data protection authorities, governmental entities or others, including class action privacy litigation in certain jurisdictions, which could subject us to significant awards, fines, sanctions (including prohibitions on the processing of personal information), penalties, judgments, and negative publicity arising from any financial or non-financial damages suffered by any individuals. This could, individually or in the aggregate, materially harm our business. For example, GDPR (and other laws) requires us to delete data when we no longer have an overriding business need to retain such data and to also accept data deletion rights requests. Our systems do not always allow for such data to be deleted and/or to allow the exercise of such rights at all or within the required timeframe. Any failure, or perceived failure, by us to comply with privacy laws could result in proceedings or actions against us by data protection authorities, governmental entities or others, which could subject us to significant awards, fines, sanctions (including prohibitions on the processing of personal information), penalties, judgments, and negative publicity arising from any financial or non-financial damages suffered by any individuals.
Policymakers around the globe are using these GDPR requirements as a reference to adopt new or updated privacy laws that could result in similar or stricter requirements in other jurisdictions. In the United States, the Gramm-Leach-Bliley Act of 1999 (along with its implementing regulations) restricts certain collection, processing, storage, use and disclosure of personal financial information, requires notice to individuals of privacy practices and provides individuals with certain rights to prevent the use and disclosure of certain nonpublic or otherwise legally protected information. These rules also impose requirements for the safeguarding and proper destruction of such information through the issuance of data security standards or guidelines. In addition, there are new state laws in the United States governing the collection and processing of personal information. Since the implementation of the California Consumer Privacy Act of 2018 (the “CCPA”), this has further been amended as below and there are now multiple states with privacy laws enacted including: California, Virginia, Colorado, Utah, and Connecticut. Further, the following states are in the implementation stage for new privacy legislation: Florida, Oregon, Montana, Iowa, Texas, Delaware, New Jersey, Tennessee, and Indiana. In respect of the CCPA, this imposes stringent data privacy and data protection requirements for the personal data of California residents, and provides for government penalties for noncompliance of up to $7,500 per violation, if willful, and provides for a private right of action in the event of a data breach affecting certain un-redacted or non-encrypted personal information of California residents. Implementing regulations for the CCPA were released in August 2020, and on November 3, 2020, California voters approved a new law, the California Privacy Rights Act, which will come into effect on January 1, 2023, applying to personal data collected on or after January 1, 2022. As a result of these constant changes, it is still not certain how the various provisions of the CCPA and the CPRA will be interpreted and enforced. The CPRA expands the rights of consumers and establishes the California Privacy Protection Agency, providing the agency with investigative, enforcement and rule-making powers. The effects of the CCPA are potentially far-reaching, however, and may require us to continue to modify our data processing practices and policies and to incur substantial costs and expenses in an effort to comply. Certain other state laws impose or are in the process of imposing similar privacy obligations, including the recently passed VCDPA, that may be different from those under the CCPA, and, in addition, all 50 states have laws with varying obligations to provide notification of security breaches of personal information to affected individuals, state officers and/or others. The use or generation of biometric data as an aid to fraud prevention is becoming increasingly regulated through a patchwork of laws in both the EU and across the United States, with a number of state laws now requiring consent to such use. For example, Illinois has passed the Biometric Information Privacy Act (“BIPA”), Texas and Washington have passed similar laws, and other states plan to pass similar laws. The application of privacy laws to new technology, particularly in the area of artificial intelligence and machine learning, is not always clear and can pose additional regulatory risk and material harm to our business operations. Increasingly, we are seeing legal developments in respect of AI and which may not always be compatible with privacy laws.
Some jurisdictions are also considering requirements for businesses that collect, process and/or store data within their borders (“data localization”), as well as prohibitions on the transfer of data abroad, leading to technological and operational implications. Other jurisdictions are considering adopting sector-specific regulations for the payments industry, including forced data sharing requirements or additional verification requirements that overlap or conflict with, or diverge from, general privacy rules. Failure to comply with these laws, regulations and requirements could result in fines, sanctions or other penalties, which could materially and adversely affect our results of operations, financial condition, and reputation. Collective or class-action litigations relating to data privacy violations are permitted under the GDPR and are beginning to arise in the EU, and are no longer unique to the United States. We may also be exposed to similar lawsuits in the UK with respect to Brexit.
Regulation of privacy and data protection and information security often requires monitoring of and changes to our data practices in regard to the collection, use, disclosure, deletion, storage, transfer and/or security of personal information. We have incurred, and may continue to incur, significant expenses to comply with evolving mandatory privacy and security standards and protocols imposed by law, regulation, industry standards, shifting consumer expectations, or contractual obligations. In particular, with laws and regulations, such as the GDPR in the EU, the GDPR in the UK, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) in Canada (including its provincial laws), developments in South America, and the CCPA, CPRA, VCDPA and BIPA in the United States, imposing new and relatively burdensome obligations, and with substantial uncertainty over the interpretation and application of these and other laws and regulations, we may face challenges in addressing their requirements and making necessary changes to our policies
24
and practices, and may incur significant costs and expenses in an effort to do so. New requirements or reinterpretations of existing requirements in these areas, or the development of new regulatory schemes related to the digital economy in general, may also increase our costs and could impact the products and services we offer and other aspects of our business, such as fraud monitoring, the development of information-based products and solutions and technology operations. We may not be able to respond quickly or effectively to regulatory, legislative, and other developments, and these changes may in turn impair our ability to offer our existing or planned features, products, and services and/or increase our cost of doing business. Any of these developments could materially and adversely affect our overall business and results of operations.
In addition, fraudulent activity could encourage regulatory intervention, which could damage our reputation and reduce the use and acceptance of our integrated products and services or increase our compliance costs. Criminals are using increasingly sophisticated methods to capture consumer account information to engage in illegal activities such as counterfeiting or other fraud, including creating fake Paysafe websites or using stolen credentials from the dark web to attack customer accounts, where such customers are using the same credentials across multiple sites or accounts. While we are taking measures we believe will make payments more secure, increased fraud levels involving our products and services, or misconduct or negligence by third parties servicing our products and services, could lead to regulatory intervention, such as enhanced security requirements, as well as damage to our reputation.
We must comply with money laundering regulations in the UK, Ireland, Switzerland, the United States, Canada, and elsewhere, and any failure to do so could result in severe financial and legal penalties.
We are subject to various anti-money laundering and counter-terrorist financing laws and regulations around the world that prohibit, among other things, our involvement in transferring the proceeds resulting from criminal activities. Facilitating financial transactions over the internet creates a risk of fraud and ensuring customer data security, privacy, and ongoing compliance with applicable regulations requires significant capital expenditure. Applicable money laundering regulations require firms to put preventative measures in place and to perform KYC procedures, including conducting customer identification and verification and undertaking ongoing monitoring. In addition, regulations require companies to keep records of identity and to train their staff on the requirements of the relevant money laundering regulations. At present, for instance, in the UK and Ireland, a senior member of staff needs to be appointed and approved by the FCA or by the CBI, respectively, to oversee appropriate policies and procedures. Regulators globally continue to increase their scrutiny of compliance with these obligations, which may require us to further revise or expand our compliance program, including the procedures we use to verify the identity of our customers and to monitor transactions. Regulators regularly re-examine the transaction volume thresholds at which we must obtain and keep applicable records or verify identities of customers and any change in such thresholds could result in greater costs for compliance. In the EU, there is a pending Anti-Money Laundering rule which includes draft provisions limiting the scope of customer due diligence exemptions for electronic money products which has the potential to impact current product offerings and make compliance more costly and operationally difficult to manage, lead to increased friction for customers, and result in a decrease in business. In the United States, the BSA requires among other things, money services businesses (such as money transmitters and providers of prepaid access) to develop and implement risk-based anti-money laundering programs, report large cash transactions and suspicious activity, and maintain transaction records. We are also subject to regulatory oversight and enforcement by FinCEN and have registered Skrill USA with FinCEN as a money services business. Any determination that we have violated the anti-money-laundering laws could have a material adverse effect on our financial condition, results of operations and future prospects. For example, the BSA requires us to report currency transactions in excess of $10,000, including identification of the customer by name and social security number, to the IRS. This regulation also requires us to report certain suspicious activity, including any transaction that exceeds $2,000 that we know, suspect or have reason to believe involves funds derived from illegal activity or is designed to evade federal regulations or reporting requirements and to verify sources of such funds. Substantial penalties can be imposed against us if we fail to comply with this regulation. If we fail to comply with these laws and regulations, the imposition of a substantial penalty could have a material adverse effect on our business, financial condition and results of operations.
Our customers are based in over 120 countries and territories. However, we believe that we do not conduct regulated activities in all of these jurisdictions. Rather, we conduct regulated activity in only a limited number of jurisdictions and our wider customer base accesses our services online. We are subject to anti-money laundering regulations in the UK, Ireland, Switzerland, the United States, Canada and in any other jurisdiction where we are established and performing activities that would require that we apply anti-money laundering regulations. Where a customer resides in a jurisdiction outside of Europe in which we do not consider ourselves to be conducting a regulated activity, we follow the home state laws of the relevant Paysafe regulated subsidiaries and our group policies which seek to apply the highest common standard regardless of the residency of that customer. We believe that these processes are of the requisite standard, although there can be no guarantee that they meet all the requirements of other jurisdictions. However, if we were to violate laws or regulations governing money transmitters or electronic fund transfers, either in the UK, Ireland, Switzerland, the United States, Canada or elsewhere, including as a result of any failure by our employees to correctly apply our KYC procedures, this could result in a requirement for future compliance, fines, other forms of liability and/or force us to change business practices or to cease operations altogether.
25
We are also subject to rules and regulations imposed by, among others, the European Union, HM Treasury and OFAC restricting the transfer of funds to certain specifically designated countries. While we believe that we have in place appropriate systems and procedures to ensure that transfers to merchants or customers in countries on watch lists are not executed, there can be no guarantee that such controls are, or will continue to be, effective and any sanctions imposed by any regulatory body on us for executing a transfer to a country on a watch list could have a material adverse effect on our results of operations, financial condition and future prospects.
Changes in the regulatory environment for digital assets could adversely affect our business.
Consumers can use our digital wallets to trade in digital assets. Digital assets are not considered legal tender or backed by any government and have experienced price volatility, technological glitches and various law enforcement and regulatory interventions. The use of cryptocurrencies has been prohibited or effectively prohibited in some countries. If we (or our partners that we work with to provide the services) fail to comply with applicable requirements and prohibitions, we could face regulatory or other enforcement actions and potential fines and other consequences including licensing restrictions, censure or a significant impact on our revenues derived from such activity and increased future compliance costs. Even in countries where cryptocurrencies are permitted, businesses associated with cryptocurrencies have had and may continue to have their existing accounts with banks and financial institutions closed or services discontinued, and offering cryptocurrency services may cause difficulties in obtaining or maintaining our relationships with sponsor banks and payment card networks. Furthermore, the prices of cryptocurrencies are routinely highly volatile and subject to exchange rate risks as well as the risk that regulatory or other developments may adversely affect their value and their attractiveness to consumers for investment or speculation leading to reduced use of these services and thereby reducing our ability to earn revenue from such activity. Changes in the regulatory environment for cryptocurrency could impact our business and our future business arrangements, thereby damaging our reputation, operations and financial position and lead to increased costs to retain current revenues, any of which could have a material adverse effect on us. For example, the FCA has new Financial Promotion rules which we have implemented. Regulators around the world have expressed concerns about the offering of crypto services and certain crypto providers and so presence in this market vertical has the potential for increased regulatory scrutiny and adverse media coverage.
Limitations imposed by the FCA and CBI on the right to own our securities may result in sanctions being imposed on our regulated subsidiaries and an acquirer of such securities in the event of noncompliance by such acquirer, and may reduce the value of our shares.
Several of the Company’s indirect subsidiaries are subject to regulatory supervision, including the requirement to obtain prior consent from the relevant regulator when a person holds, acquires or increases a qualifying holding in those entities. See “Item 4.B. Business Overview—Licensing and Regulation” of this Report. On the basis of these regulations, no person may hold or acquire, alone or together with others, a direct or indirect stake of 10% or more of our shares, 10% of the voting rights attached to our shares, or exercise, directly or indirectly, significant influence over any of the regulated subsidiaries (or increase an existing holding of 10% or more of our shares or the voting rights attached to our shares crossing a control threshold (20%, 30% or 50%) without first obtaining the prior approval of the FCA and the CBI.
Noncompliance with those requirements constitutes a criminal offense that may lead to criminal prosecution, as well a violation of applicable laws governing the payment services and electronic money industry in the relevant jurisdictions, which may lead to injunctions, penalties and sanctions against the Company’s regulated subsidiaries as well as the person seeking to hold, acquire or increase the qualifying holding (including, but not limited to, substantial fines, public censure and prison sentences), may subject the relevant transactions to cancellation or forced sale, and may result in increased regulatory compliance requirements or other potential regulatory restrictions on our business (including in respect of matters such as corporate governance, restructurings, mergers and acquisitions, financings and distributions), enforced suspension of operations, cancellation of corporate resolutions made on the basis of such qualifying holding, restitution to customers, removal of board members, suspension of voting rights and variation, cancellation or withdrawal of licenses and authorizations. If any of this were to occur, it could damage our reputation, limit our growth and materially and adversely affect our business, financial condition and results of operations.
In addition, uncertainty and inconvenience created by those regulatory requirements may discourage potential investors from acquiring 10% or more of our shares, which may in turn reduce the value of the shares.
We may not be able to adequately protect or enforce our intellectual property rights, or third parties may allege that we are infringing their intellectual property rights.
Our success and ability to compete in various markets around the world depends, in part, upon our proprietary technology. We seek to protect our intellectual property rights by relying on applicable laws and regulations in the United States and internationally, as well as a variety of administrative procedures and contractual measures. We rely on copyright, trade secret and trademark laws to protect our technology, including the source code for proprietary software, and other proprietary information. We also rely on contractual
26
restrictions to protect our proprietary rights when offering or procuring products and services, including confidentiality and invention assignment agreements entered into with our employees and contractors and confidentiality agreements with parties with whom we conduct business. We have not applied for any patents in respect of our electronic payment processing systems and cannot give assurances that any patent applications will be made by us in the future or that, if they are made, will be granted.
We may, over time, increase our investment in protecting our intellectual property through additional trademark, patent and other intellectual property filings, which could be expensive and time-consuming. We may not be able to obtain protection for our technology and even if we are successful in obtaining effective patent, trademark, trade secret and copyright protection, it is expensive to maintain these rights and the costs of defending our rights could be substantial. Moreover, our failure to develop and properly manage new intellectual property could hurt our market position and business opportunities.
Although we have generally taken measures to protect our intellectual property rights, there can be no assurance that we will be successful in protecting or enforcing our rights in every jurisdiction, or that contractual arrangements and other steps that we have taken to protect our intellectual property will prevent third parties from infringing or misappropriating our intellectual property or deter independent development of equivalent or superior intellectual property rights by others. If we are unable to prevent third parties from adopting, registering, or using trademarks and trade dress that infringe, dilute, or otherwise violate our trademark rights, the value of our brands could be diminished and our business could be adversely affected. Also, we may not be able to discover or determine the extent of any unauthorized use of our proprietary rights. Our intellectual property rights may be infringed, misappropriated, or challenged, which could result in them being narrowed in scope or declared invalid or unenforceable. Any failure to adequately protect or enforce our intellectual property rights, or the significant costs incurred in doing so, could diminish the value of our intangible assets and materially harm our business.
Similarly, our reliance on unpatented proprietary information and technology, such as trade secrets and confidential information, depends in part on agreements we have in place with employees and third parties that place restrictions on the use and disclosure of this intellectual property. These agreements may be insufficient or may be breached, in either case potentially resulting in the unauthorized use or disclosure of our trade secrets and other intellectual property, including to our competitors, which could cause us to lose any competitive advantage resulting from this intellectual property. Individuals not subject to invention assignment agreements may make adverse ownership claims to our current and future intellectual property. Unauthorized parties may attempt to copy aspects of our intellectual property or obtain and use information that we regard as proprietary and, if successful, may potentially cause us to lose market share or otherwise harm our business and ability to compete. There can be no assurance that the intellectual property we own or license will provide competitive advantages or will not be challenged or circumvented by our competitors.
We are, from time to time, subject to litigation related to alleged infringement of other parties’ patents. As the number of products in the technology and payments industries increases and the functionality of these products further overlaps, and as we acquire technology through acquisitions or licenses, we may become increasingly subject to intellectual property infringement and other claims. These risks have been amplified by the increase in so-called non-practicing entities, third parties whose sole or primary business is to assert such claims. Even if we believe that any of these intellectual property related claims are without merit, litigation may be necessary to determine the validity and scope of the patent or other intellectual property rights of others. The ultimate outcome of any alleged infringement claim is often uncertain and, regardless of the outcome, any such claim, with or without merit, may be time-consuming, result in costly litigation, divert management’s time and attention from our business, and require us to, among other things, redesign or stop providing our products or services, pay substantial amounts to satisfy judgments or settle claims or lawsuits, pay substantial royalty or licensing fees, or satisfy indemnification obligations that we have with certain parties with whom we have commercial relationships. Alternatively, we may, from time to time, determine to incur the costs required to obtain a third party patent license so as to avoid the uncertainty, significant costs and potentially negative publicity associated with patent litigation. We may not be able to obtain licenses to relevant intellectual property on commercially reasonable terms or at all, and such inability could materially harm or restrict our business. Even if we were able to obtain such a license, it could be non-exclusive, thereby giving our competitors and other third parties access to the same technologies licensed to us. In addition, we could be found liable for significant monetary damages, including treble damages and attorneys’ fees, if we are found to have willfully infringed a patent or other intellectual property right. Claims that we have misappropriated the confidential information or trade secrets of third parties could similarly harm our business.
Our use of open source software could compromise our ability to offer our products or services and subject us to possible litigation.
We use open source software in connection with our products and services. Companies that incorporate open source software into their products have, from time to time, faced claims challenging the use of open source software and compliance with open source license terms. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open source software or claiming noncompliance with open source licensing terms. While the use of open source software may reduce development costs and speed up the development process, it may also present certain risks that may be greater than those associated with the use of third-party commercial software. For example, open source software is generally provided without any warranties or other contractual protections regarding infringement or the quality of the code, including the existence of security vulnerabilities. Despite our efforts to monitor our
27
use of open source software and compliance with applicable license terms (through using monitoring software to assess vulnerability and licensing implication), we cannot guarantee we comply with all terms of open source licenses applicable to us, and we could be required by the terms of applicable open source software licenses to publicly disclose all or part of the proprietary source code to our software and/or make available any derivative works of the open source code on unfavorable terms or at no cost. The terms of some open source licenses are ambiguous, and third parties may claim that we have violated terms of open source licenses even if we believe we comply. There is little legal precedent in this area and any actual or claimed requirement to disclose our proprietary source code or pay damages for breach of contract could harm our business and could help third parties, including our competitors, develop products and services that are similar to or better than ours. Any of the foregoing could be harmful to our business, financial condition and results of operations.
If we fail to comply with our obligations under license or technology agreements with third parties, we may be required to pay damages and we could lose license rights that are critical to our business.
We license certain intellectual property that is important to our business, including technologies, data and software from third parties, and in the future we may enter into additional agreements that provide us with licenses to valuable intellectual property, technology, or data. Certain of our agreements may provide that intellectual property arising under these agreements, such as data valuable to our business, will be owned by the counterparty, in which case, we may not have adequate rights to use such data or may not have exclusivity with respect to the use of such data, which could result in third parties, including our competitors, being able to use such data to compete with us. If we fail to comply with any of the obligations under our license agreements, we may be required to pay damages and the licensor may have the right to terminate the license. Termination by the licensor could cause us to lose valuable rights, and could prevent us from selling our products and services, or inhibit our ability to commercialize future products and services. Our business could suffer if any current or future licenses expire or are terminated, if the licensors fail to abide by the terms of the license, if the licensors fail to enforce licensed intellectual property against infringing third parties, if the licensed intellectual property rights are found to be invalid or unenforceable, or if we are unable to enter into necessary licenses on acceptable terms, or at all. Any of the foregoing could have a material adverse effect on our competitive position, business, financial condition, results of operations, and prospects.
Changes in tax law, changes in our effective tax rate or exposure to additional tax liabilities could affect our profitability and financial condition.
We carry out our business operations through entities in multiple foreign jurisdictions. As such, we are required to file corporate income tax returns that are subject to foreign tax laws. The foreign tax liabilities are determined, in part, by the amount of operating profit generated in these different taxing jurisdictions. Our effective tax rate, earnings and operating cash flows could be adversely affected by changes in the mix of operating profits generated in countries with higher statutory tax rates as well as by the positioning of our cash balances globally. If statutory tax rates or tax bases were to increase or if changes in tax laws, regulations or interpretations were made that impact us directly, our effective tax rate, earnings and operating cash flows could be adversely impacted.
Any such adverse changes in the applicability of tax to us could increase the levels of taxation payable by us which would have an adverse effect on our business, financial condition, results of operations and prospects. In addition to the possibility of a substantial tax burden being imposed on us, the risk that we may become subject to an increased level of taxation may result in us needing to change our corporate or operational structure, which could have a material adverse effect on our business, financial condition, results of operations and prospects. Additionally, the tax authorities of the jurisdictions in which we operate may challenge our methodologies for valuing developed technology or intercompany arrangements.
For example, work is currently being undertaken by the OECD on potential future recommendations related to the challenges arising from the digitalization of the global economy, specifically relating to reform of the international allocation of taxing rights (“Pillar One”) and a system ensuring a minimum level of tax for multinational enterprises (“Pillar Two”).
On December 12, 2022, the European Union (EU) Member States agreed in principle on the introduction of a global minimum tax rate of 15%. On December 15, 2022, the written procedure for formal adoption of a directive was signed, meaning the directive will have to be transposed into the national law of EU Member States by the end of 2023 with effectiveness beginning January 1, 2024.
Separately, on July 11, 2023, the UK enacted into domestic law measures to apply a top-up tax on subsidiary profits taxed at an effective rate of less than 15% for accounting periods beginning on or after December 31, 2023. The UK tax authority has confirmed that the commencement date will not be earlier than accounting periods beginning on or after December 31, 2024.
Furthermore, in response to members who are adopting OECD’s Pillar Two initiatives on global minimum tax, some countries considered to be tax-friendly are considering the introduction of corporate income tax. For example, on August 8, 2023, the Government of Bermuda released an outline on its proposal to introduce a 15% corporate tax regime. The legislation was enacted on December 27,
28
2023, with an effective date for accounting periods beginning on or after January 1, 2025. We believe the Company will not be impacted by the new Bermuda income tax as we are tax resident in the United Kingdom.
Our global effective tax rate could be impacted by these legislations, or any resulting local country legislation enacted in response to any potential global minimum tax rates.
Additionally, tax authorities at the international, federal, state, and local levels are currently reviewing the appropriate tax treatment of companies engaged in internet commerce and financial technology. These developing changes could affect our financial position and results of operations. In particular, due to the global nature of the internet, it is possible that tax authorities at the international, federal, state, and local levels may attempt to regulate our transactions or levy new or revised sales & use taxes, VAT, digital services taxes, income taxes, or other taxes relating to our activities in the internet commerce and financial technology space. New or revised taxes, in particular, sales & use taxes, VAT, and similar taxes, including digital service taxes, would likely increase the cost of doing business. New taxes could also create significant increases in internal costs necessary to capture data and collect and remit taxes. Any of these events could have an adverse effect on our business and the results of operations.
Furthermore, any changes in other jurisdictions to the political and social perception of running a business out of a tax-friendly jurisdiction or any action by HMRC or any other tax authority to investigate our tax arrangements could result in adverse publicity and reputational damage for us, which could have an adverse effect on our business, financial condition, results of operations and prospects. For example, in January 2019, HMRC introduced its Profit Diversion Compliance Facility (“PDCF”), the focus of which is to target, and subsequently bring into the charge to tax, transactions which are considered to result in a diversion of profits from the UK corporation tax net. We engaged in submissions, correspondence and finally closure with HMRC in connection with the PDFC, which primarily related to legacy transfer pricing policies. Transfer pricing is an inherently contentious area as it requires the application of arm’s length pricing to specific transactions and arrangements for which it may be difficult to find market comparators. If tax authorities are successful in challenging our tax arrangements, we may be liable for additional tax and penalties and interest related thereto, which may have a significant impact on our business, financial condition, results of operations and prospects.
We may be affected by Sections 1471-74 of the Code (“FATCA”) and other cross border automatic exchange of information provisions.
In light of FATCA, certain non-U.S. financial institutions (“foreign financial institutions” or “FFIs”) are required to register with the U.S. Internal Revenue Service (“IRS”) to obtain a Global Intermediary Identification Number (“GIIN”) and comply with the terms of FATCA, including any applicable intergovernmental agreement (“IGA”) and any local laws implementing such agreement or FATCA. Based on our current operations and business activities, including our Digital Wallet business, we have registered certain of our subsidiaries, and may be required to register additional subsidiaries, as FFIs and will therefore be required to register with the IRS to obtain a GIIN, and required to comply with the terms of any applicable IGA. Failure to comply with FATCA (including as the same may be implemented under the terms of any applicable IGA) could subject certain payments of U.S. source fixed, determinable, annual, or periodical income made to us to 30% FATCA withholding tax. Further, our FFI subsidiaries would need to perform diligence on their existing and new customers, provided that their account balances reached certain thresholds, including obtaining self-certifications regarding the account holder’s citizenship or tax residence in the United States. They would then be required to report certain information about their U.S. account holders to either the IRS or their local tax authorities (which will in turn provide such information to the IRS). This reporting requirement could potentially dissuade customers from doing business with us.
We are regularly subject to litigation, regulatory actions and government inquiries.
We may be and in some cases have been subject to claims, lawsuits (including class action lawsuits), government or regulatory investigations, subpoenas, inquiries or audits, and other adverse legal proceedings involving areas such as intellectual property, consumer protection, privacy, data protection, biometric data processing, gambling, labor and employment, immigration, competition, accessibility, securities, tax, marketing and communications practices, commercial disputes, anti-money laundering, anti-corruption, counter-terrorist financing, sanctions and other matters. See “Item 4.B. Business Overview—Legal Proceedings.” For example, on December 10, 2021, a class action complaint, Lisa Wiley v Paysafe Limited f/ka/Foley Trasimene Acquisition Corp. II, Richard N Massey, Bryan D. Coy, Philip McHugh and Ismail (Izzy) Dawood, was filed, naming among others the Company, our former Chief Executive Officer and our former Chief Financial Officer, as defendants. The complaint asserts claims, purportedly brought on behalf of a class of shareholders, under Sections 10(b) of the Exchange Act, and Rule 10b-5 promulgated thereunder, and alleges that the Company and individual defendants made false and misleading statements to the market regarding the Company’s financial outlook in light of gambling regulations in key European markets, performance challenges in the company’s Digital Wallets segment and the modified scope and timing of new eCommerce customer agreements. In addition, the complaint asserts claims against the individual defendants, under Sections 20(a) of the Exchange Act, alleging that the individual defendants filed false financial statements, misled the public and induced the public to buy shares. On January 21, 2022, a related complaint was brought by John Paul O’Brien also in the Southern District of New York, which additionally named William P. Foley II as a defendant. On May 5, 2022, the Southern District of
29
New York consolidated the Wiley case and the O’Brien case and recaptioned the new case In re: Paysafe Ltd. f/k/a Foley Trasimene Acquisition Corp. II Securities Litigation. The complaints seek unspecified damages and an award of costs and expenses, including reasonable attorneys’ fees, on behalf of a purported class of purchasers of our ordinary shares between December 7, 2020 and November 10, 2021.
The number and significance of disputes and inquiries may increase as our business expands in scale, scope and geographic reach, and our products and services increase in scale and complexity. In addition, the laws, rules and regulations affecting our business, including those pertaining to internet and mobile commerce, data protection, payments services, and credit, are subject to evolving interpretation by the courts and governmental authorities, and the resulting uncertainty in the scope and application of these laws, rules, and regulations increases the risk that we will be subject to private claims and governmental actions alleging liability on our part. Further, our focus on specialized industry verticals exposes us to a higher risk of losses resulting from investigations, regulatory actions and litigation. See “—Risks Related to Paysafe’s Business and Industry—Our focus on specialized industry verticals can increase our risks relative to other companies in our industry.”
The scope, outcome, and impact of any claims, lawsuits, government investigations, disputes, and other legal proceedings to which we are subject cannot be predicted with certainty. Regardless of the outcome, such matters can have an adverse impact, which may be material, on our business, financial condition and results of operations because of legal costs, diversion of management resources, reputational damage, and other factors. Determining reserves for our pending litigation and regulatory proceedings is a complex, fact-intensive process that involves a high degree of discretionary judgment. Resolving one or more of such legal and regulatory proceedings or other matters could potentially require us to make substantial payments to satisfy judgments, fines, or penalties or to settle claims or proceedings, any of which could materially and adversely affect our business, financial condition and results of operations. These proceedings could also result in reputational harm, criminal sanctions, consent decrees, or orders that prevent us from offering certain products or services, cause us to withdraw from certain markets or terminate certain relationships, require us to change our business practices in costly ways, or develop non-infringing or otherwise altered products or technologies. Any of these consequences could materially and adversely affect our business, financial condition, results of operations and future prospects.
Risks Related to Paysafe’s Indebtedness
Our substantial leverage could adversely affect our financial condition, our ability to raise additional capital to fund our operations, our ability to operate our business, our ability to engage in acquisitions, our ability to react to changes in the economy or our industry or our ability to pay our debts, and could divert our cash flow from operations to debt payments.
We are highly leveraged. As of December 31, 2023, the total principal amount of our debt was approximately $2.5 billion. Subject to the limits contained in the credit agreements that govern our credit facilities, we may be able to incur substantial additional debt from time to time to finance working capital, capital expenditures, investments or acquisitions, or for other purposes. If we do so, the risks related to our high level of debt could increase. Specifically, our high level of debt could have important consequences, including the following:
We are a holding company, and our consolidated assets are owned by, and our business is conducted through, our subsidiaries. Revenue from these subsidiaries is our primary source of funds for debt payments and operating expenses. Our credit agreements contain covenants that restrict our subsidiaries from making distributions, subject to certain baskets and exceptions, which may impair our ability to meet our debt service obligations or otherwise fund our operations. Moreover, there may be restrictions on payments by subsidiaries to their parent companies under applicable laws, including laws that require companies to maintain minimum amounts of capital and to
30
make payments to shareholders only from profits. As a result, although a subsidiary of ours may have cash, we may not be able to obtain that cash to satisfy our obligation to service our outstanding debt or fund our operations.
Despite our current level of indebtedness, we may be able to incur substantially more debt and enter into other transactions which could further exacerbate the risks to our financial condition described above.
We may be able to incur significant additional indebtedness in the future. Although certain of the agreements governing our existing indebtedness contain restrictions on the incurrence of additional indebtedness and entering into certain types of other transactions, these restrictions are subject to a number of qualifications and exceptions. Additional indebtedness incurred in compliance with these restrictions could be substantial. These restrictions also do not prevent us from incurring obligations, such as trade payables, that do not constitute indebtedness as defined under our debt instruments. To the extent new debt is added to our current debt levels, the substantial leverage risks described in the immediately preceding risk factor would increase. See “Description of Certain Indebtedness”.
Our variable rate indebtedness subjects us to interest rate risk, which could cause our indebtedness service obligations to increase significantly.
Interest rates may increase in the future. As a result, interest rates on our variable rate credit facilities could be higher or lower than current levels. As of December 31, 2023, the Company held approximately $1.6 billion of outstanding debt at variable interest rates. However, if interest rates were to increase, our debt service obligations on the variable rate indebtedness would increase even where the amount borrowed remained the same, and our net income and cash flows, including cash available for servicing our indebtedness, would correspondingly decrease.
Our debt agreements impose significant operating and financial restrictions on us and our subsidiaries, which could prevent us from capitalizing on business opportunities.
The agreements that govern our credit facilities impose significant operating and financial restrictions on us. These restrictions limit the ability of certain of our subsidiaries to, among other things:
In addition, with respect to the First Lien Revolving Credit Facility, certain of our subsidiaries are required to maintain a maximum consolidated first lien net leverage ratio not to exceed 7.50:1.00, tested at the end of each quarter in which the principal amount of the First Lien Revolving Credit Facility outstanding exceeds 40% of the total commitments under such facility at such time. Furthermore, the Paysafe Payment Credit Agreement requires Paysafe Payment to maintain, as of the last day of each four fiscal quarter period, (i) a minimum fixed charge coverage ratio, (ii) a maximum leverage ratio and (iii) a minimum liquidity amount.
As a result of these restrictions, we are limited as to how we conduct our business and we may be unable to raise additional debt or equity financing to compete effectively or to take advantage of new business opportunities. The terms of any future indebtedness we may incur could include similar or more restrictive covenants. We cannot assure you that we will be able to maintain compliance with these covenants in the future and, if we fail to do so, that we will be able to obtain waivers from the lenders or amend the covenants.
Our failure to comply with the restrictive covenants described above as well as other terms of our other indebtedness or the terms of any future indebtedness from time to time could result in an event of default, which, if not cured or waived, could result in our being required
31
to repay these borrowings before their due date. If we are forced to refinance these borrowings on less favorable terms or are unable to refinance these borrowings, our results of operations and financial condition could be adversely affected.
Our business may be adversely impacted by changes in currency exchange rates.
As we operate across multiple jurisdictions and currencies, changes in currency exchange rates could lead to adverse impacts on our financial assets and liability, and in particular on our external debt and intercompany transactions. A deterioration in reported earnings as a result of currency exchange rate fluctuations could lead to a covenant breach and result in an event of default in our agreements relating to our outstanding indebtedness which, if not cured or waived, could result in our being required to repay these borrowings before their due date. If we are forced to refinance these borrowings on less favorable terms or are unable to refinance these borrowings, our results of operations and financial condition could be adversely affected.
Our failure to comply with the agreements relating to our outstanding indebtedness, including as a result of events beyond our control, could result in an event of default that could materially and adversely affect our results of operations and our financial condition.
If there were an event of default under any of the agreements relating to our outstanding indebtedness, the holders of the defaulted debt could cause all amounts outstanding with respect to that debt to be due and payable immediately. We cannot assure you that our assets or cash flows would be sufficient to fully repay borrowings under our outstanding debt instruments if accelerated upon an event of default. Further, if we are unable to repay, refinance or restructure our indebtedness under our secured debt, the holders of such debt could proceed against the collateral securing that indebtedness. In addition, any event of default or declaration of acceleration under one debt instrument could also result in an event of default under one or more of our other debt instruments.
Upon a change of control, all of our outstanding debt under our credit facilities would become immediately due and payable.
Upon a change of control, as defined under our 2021 Senior Facilities Agreement, all of our outstanding debt under the Senior Facilities Agreement would be immediately due and payable. A person or group of persons acting in concert (other than with the CVC Investors and the Blackstone Investors and any person directly or indirectly controlled by any of them) acquiring (directly or indirectly) more than 50% of the Company Common Shares would constitute a change of control under our credit agreements. In order to obtain sufficient funds to repay our debt if a change of control occurs, we expect that we would have to refinance our debt. We cannot assure you that we would be able to refinance our debt on reasonable terms, if at all. Our failure to repay all outstanding debt which becomes due and payable due to a change of control would trigger an event of default under the applicable credit agreement and may be an event of default under one or more of our other agreements. Moreover, such an event of default under one credit facility may cause the acceleration of our other debt under our other credit facilities. Our future debt also may contain restrictions on repayment requirements with respect to specified events or transactions that constitute a change of control under our debt agreements. Such restrictions could discourage, delay or prevent a transaction involving a change in control of the Company, including actions that our shareholders may deem advantageous, or negatively affect the trading price of the Company Common Shares.
Repayment of our debt is dependent on cash flow generated by our subsidiaries, which may be subject to limitations beyond our control.
Our subsidiaries own all of our assets and conduct all of our operations. Accordingly, repayment of our indebtedness is dependent on the generation of cash flow by our subsidiaries and their ability to make such cash available by dividend, debt repayment or otherwise.
Unless they are obligors of our indebtedness, our subsidiaries do not have any obligation to pay amounts due on such indebtedness or to make funds available to the notes issuers for that purpose. Our non-guarantor subsidiaries may not be able to, or may not be permitted to, make distributions to enable us to make payments in respect of our indebtedness. Each non-guarantor subsidiary is a distinct legal entity and, under certain circumstances, legal and contractual restrictions may limit our ability to obtain cash from our non-guarantor subsidiaries. While limitations on our subsidiaries restrict their ability to pay dividends or make other intercompany payments, these limitations are subject to certain qualifications and exceptions.
In the event that we are unable to receive distributions from our subsidiaries or make other intercompany payments, we may be unable to make required principal and interest payments on our indebtedness.
Our inability to generate sufficient cash flow could affect our ability to execute our strategic plans.
Organic growth opportunities are an important element of our strategy. See “Item 4.B. Business Overview—Our Growth Strategies.” We may not generate sufficient cash flow to finance such growth plans. Consequently, the execution of our growth strategy may require
32
access to external sources of capital, which may not be available to us on acceptable terms, or at all. Limitations on our access to capital, including on our ability to issue additional debt or equity, could result from events or causes beyond our control, and could include decreases in our creditworthiness or profitability, significant increases in interest rates, increases in the risk premium generally required by investors, decreases in the availability of credit or the tightening of terms required by lenders. Any limitations on our ability to secure external capital, continue our existing finance arrangements or refinance existing financing obligations could limit our liquidity, financial flexibility or cash flow and affect our ability to execute our strategic plans, which could have a material adverse effect on our business, results of operations and financial condition.
Our consolidated financial statements include significant intangible assets which could be impaired.
We carry significant intangible assets on our statements of financial position. As of December 31, 2023, we had $1.2 billion of intangible assets and $2.0 billion in goodwill. Pursuant to current accounting rules, we are required to assess goodwill for impairment at least annually or more frequently if impairment indicators are present. Impairment indicators include, but are not limited to, significant under-performance relative to historical or projected future operating results, a significant decline in share price or market capitalization and negative industry or economic trends. If such events were to occur, the carrying amount of our goodwill may no longer be recoverable and we may be required to record an impairment charge.
In 2023, due to a sustained decline in stock price and market capitalization, we concluded that an impairment indicator for goodwill was present in both the Merchant Solutions and Digital Wallets segments as of June 30, 2023. Further, as a result of the current market environment and regulatory restrictions, the legacy Digital Wallets business, we identified an impairment indicator for goodwill in the Digital Wallets segment as of December 31, 2023. We performed a goodwill impairment analysis as of these dates, as well as the annual impairment date of October 1st, using both a market approach and discounted cash flow methodology. Based on the analysis performed for each respective period, no goodwill impairment expense was recognized. In the prior year, similar impairment indicators were identified which resulted in the recognition of goodwill impairment expense of $1.9 billion for the year ended December 31, 2022.
Continued sustained declines in our stock price or reduced forecast would require us to perform goodwill impairment tests in subsequent periods. If there is a continued and sustained decline in our stock price this could result in a material goodwill impairment in future periods. Further, should the impact of macro-economic conditions, or other factors, be more severe or of longer duration than assumed in the forecasted cash flows, the goodwill may be at risk of impairment.
Due to the impairment indicators described above, we also concluded that an impairment indicator for certain intangible assets was present within Digital Wallets. As a result, an impairment analysis was performed and based on an undiscounted cash flow model, it was determined that the assets were recoverable and no impairment charge was recorded. Failure to achieve the expected cash flows may result in a material impairment of intangible assets in future periods. Other intangible asset impairments during 2023 and 2022 were not significant.
Risks Related to the U.S. Federal Income Tax Treatment
The IRS may not agree that Paysafe (i) should be treated as a non-U.S. corporation for U.S. federal income tax purposes and (ii) should not be treated as a “surrogate foreign corporation” for U.S. federal income tax purposes.
Under current U.S. federal income tax law, a corporation generally will be considered to be a U.S. corporation for U.S. federal income tax purposes only if it is created or organized in the United States or under the law of the United States or of any State. Accordingly, under generally applicable U.S. federal income tax rules, Paysafe, which is not created or organized in the United States or under the law of the United States or of any State but is instead a Bermuda incorporated entity, would generally be classified as a non-U.S. corporation. Section 7874 of the Code and the Treasury regulations promulgated thereunder, however, contain specific rules that may cause a non-U.S. corporation to be treated as a U.S. corporation for U.S. federal income tax purposes. If it were determined that Paysafe is treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874 of the Code and the Treasury regulations promulgated thereunder, Paysafe would be liable for U.S. federal income tax on its income just like any other U.S. corporation and certain distributions made by Paysafe to non-U.S. holders of Paysafe’s securities would be subject to U.S. withholding tax. In addition, even if Paysafe is not treated as a U.S. corporation, it may be subject to unfavorable treatment as a “surrogate foreign corporation” in the event that ownership attributable to former FTAC Stockholders exceeds a threshold amount. If it were determined that Paysafe is treated as a surrogate foreign corporation for U.S. federal income tax purposes under Section 7874 of the Code and the Treasury regulations promulgated thereunder, dividends by Paysafe would not qualify for “qualified dividend income” treatment, and U.S. affiliates of Paysafe could be subject to increased taxation under the inversion gain rules and Section 59A of the Code.
We believe we should not be treated as a U.S. corporation for U.S. federal income tax purposes under Section 7874 of the Code or otherwise be subject to unfavorable treatment as a surrogate foreign corporation under Section 7874 of the Code. However, no IRS ruling has been requested or will be obtained in connection with the Transaction. Furthermore, the interpretation of Treasury regulations relating to the required ownership of Paysafe is subject to uncertainty and there is limited guidance regarding their application.
33
Accordingly, there can be no assurance that the IRS will not take a contrary position to those described above or that a court will not agree with a contrary position of the IRS in the event of litigation.
If a United States person is treated as owning at least 10% of Company Common Shares, such person may be subject to adverse U.S. federal income tax consequences.
If a United States person is treated as owning (directly, indirectly or constructively) at least 10% of the value or voting power of Company Common Shares, such person may be treated as a “United States shareholder” with respect to each of Paysafe and its direct and indirect subsidiaries (the “Paysafe Group”) that is a “controlled foreign corporation.” The Paysafe Group includes U.S. subsidiaries, and under recently enacted rules, certain of Paysafe’s non-U.S. subsidiaries could be treated as controlled foreign corporations regardless of whether Paysafe is treated as a controlled foreign corporation (although there is currently a pending legislative proposal to significantly limit the application of these rules).
A United States shareholder of a controlled foreign corporation may be required to report annually and include in its U.S. taxable income its pro rata share of the controlled foreign corporation’s “Subpart F income” and (in computing its “global intangible low-taxed income”) “tested income” and a pro rata share of the amount of U.S. property (including certain stock in U.S. corporations and certain tangible assets located in the United States) held by the controlled foreign corporation regardless of whether such controlled foreign corporation makes any distributions. Failure to comply with these reporting obligations (or related tax payment obligations) may subject such United States shareholder to significant monetary penalties and may prevent the statute of limitations with respect to such United States shareholder’s U.S. federal income tax return for the year for which reporting (or payment of tax) was due from starting. An individual that is a United States shareholder with respect to a controlled foreign corporation generally would not be allowed certain tax deductions or foreign tax credits that would be allowed to a United States shareholder that is a U.S. corporation. Paysafe cannot provide any assurances that it will assist holders in determining whether any of its non-U.S. subsidiaries are treated as a controlled foreign corporation or whether any holder is treated as a United States shareholder with respect to any of such controlled foreign corporations or furnish to any holder information that may be necessary to comply with reporting and tax paying obligations. United States persons should consult with their tax advisor regarding the potential application of these rules.
If Paysafe were a passive foreign investment company for U.S. federal income tax purposes for any taxable year, U.S. holders of Company Common Shares could be subject to adverse U.S. federal income tax consequences.
If Paysafe is or becomes a “passive foreign investment company,” or a PFIC, within the meaning of Section 1297 of the Code for any taxable year during which a U.S. holder (as defined in “Taxation—Material U.S. Federal Income Tax Considerations”) holds Company Common Shares, certain adverse U.S. federal income tax consequences may apply to such U.S. holder. Paysafe does not believe that it was a PFIC for its prior taxable year and does not expect to be a PFIC for U.S. federal income tax purposes for the current taxable year or in the foreseeable future. However, PFIC status depends on the composition of a company’s income and assets and the fair market value of its assets from time to time, as well as on the application of complex statutory and regulatory rules that are subject to potentially varying or changing interpretations. Accordingly, there can be no assurance that Paysafe will not be treated as a PFIC for any taxable year.
If Paysafe were treated as a PFIC, a U.S. holder of Company Common Shares may be subject to adverse U.S. federal income tax consequences, such as taxation at the highest marginal ordinary income tax rates on capital gains and on certain actual or deemed distributions, interest charges on certain taxes treated as deferred, and additional reporting requirements. See “Taxation—Material U.S. Federal Income Tax Considerations—Passive Foreign Investment Company Rules.” U.S. holders of Company Common Shares should consult with their tax advisor regarding the potential application of these rules.
Risks Related to Paysafe’s Common Shares and Corporate Structure
Paysafe will rely on its operating subsidiaries to provide it with funds necessary to meet Paysafe’s financial obligations and Paysafe’s ability to pay dividends may be constrained.
Paysafe operates through a holding structure. Paysafe is a holding company with no material, direct business operations. Paysafe’s only assets are its direct and indirect equity interests in its operating subsidiaries. As a result, Paysafe is dependent on loans, dividends and other payments from these subsidiaries to generate the funds necessary to meet its financial obligations, including the payment of dividends. The ability of Paysafe’s subsidiaries to make such distributions and other payments depends on their earnings and may be subject to contractual or statutory limitations, such as limitations imposed by Paysafe’s financing facilities to which Paysafe’s subsidiaries are borrowers or guarantors or the legal requirement of having distributable profits or distributable reserves. For additional information, see “Item 8.A. Consolidated Statements and Other Financial Information” of this Report. As an equity investor in Paysafe’s subsidiaries, Paysafe’s right to receive assets upon a subsidiary’s liquidation or reorganization will be structurally subordinated to the claims of such subsidiary’s creditors. To the extent that Paysafe is recognized as a creditor of a subsidiary, its claims may still be
34
subordinated to any security interest in or other lien on such subsidiary’s assets and to any of its debt or other obligations that are senior to Paysafe’s claims.
The actual payment of future dividends on the Company Common Shares and the amounts thereof depend on a number of factors, including, inter alia, the amount of distributable profits and reserves, including capital contribution reserves (which can be reduced by losses in a current year or carried forward from previous years), Paysafe’s capital expenditure and investment plans, revenue, profits, financial condition, Paysafe’s level of profitability, leverage ratio (as such term is defined under our credit agreements), applicable restrictions on the payment of dividends under applicable laws, compliance with credit covenants, general economic and market conditions, future prospects and such other factors as the Paysafe board of directors may deem relevant from time to time. There can be no assurance that the above mentioned factors will facilitate or allow adherence to Paysafe’s dividend policy. Paysafe’s ability to pay dividends may be impaired if any of the risks described in this section “Risk Factors” were to occur. As a result, Paysafe’s ability to pay dividends in the future may be limited and Paysafe’s dividend policy may change. Paysafe’s board of directors will revisit Paysafe’s dividend policy from time to time.
Our Principal Shareholders control 47% of our Company and their interests may conflict with ours or yours in the future.
Our Principal Shareholders beneficially own approximately 47% of our Company Common Shares. Moreover, under the Company Bye-laws and the Shareholders Agreement with our Principal Shareholders, for so long as our Principal Shareholders retain significant ownership of us, we will agree to nominate to our board individuals designated by such shareholders. Even if our Principal Shareholders do not own common shares representing a majority of the total voting power of our issued and outstanding shares carrying the right to vote at general meetings at the relevant time, for so long as each such shareholder continues to own a significant percentage of our Company Common Shares, such shareholder will still be able to significantly influence the composition of our board of directors and the approval of actions requiring shareholder approval through their voting power. Accordingly, for such period of time, our Principal Shareholders will have significant influence with respect to our management, business plans and policies, including the appointment and removal of our officers. In particular, for so long as our Principal Shareholders continue to own a significant percentage of our Company Common Shares, such shareholder will be able to cause or prevent a change of control of our company or a change in the composition of our board of directors and could preclude any unsolicited acquisition of our company. The concentration of ownership could deprive you of an opportunity to receive a premium for your Company Common Shares as part of a sale of our company and ultimately might affect the market price of our Company Common Shares.
If we are unable to maintain effective internal controls over financial reporting, we may not be able to produce timely and accurate financial statements or comply with applicable laws and regulations, which could have a material adverse effect on our business.
Our current controls and any new controls that we develop may become inadequate because of changes in conditions in our business. Further, weaknesses in our disclosure controls and internal control over financial reporting may be discovered in the future. Any failure to develop or maintain effective controls or any difficulties encountered in their implementation or improvement may prevent us from detecting errors on a timely basis, could harm our operating results or cause us to fail to meet our reporting obligations and may result in a restatement of our financial statements for prior periods. Effective internal control is necessary for us to produce reliable financial reports and is important to prevent fraud.
Beginning with the fiscal year ended December 31, 2022, our independent registered public accounting firm was required to attest to the effectiveness of our internal control over financial reporting on an annual basis. Matters impacting our internal controls may cause us to be unable to report our financial information on a timely basis and thereby subject us to adverse regulatory consequences, including sanctions by the SEC or violations of applicable stock exchange listing rules, which may result in a breach of the covenants under our financing arrangements. There also could be a negative reaction in the financial markets due to a loss of investor confidence in us and the reliability of our financial statements. Confidence in the reliability of our financial statements also could suffer if we or our independent registered public accounting firm were to report a material weakness in our internal controls over financial reporting. This could materially adversely affect us and lead to a decline in the price of our Company Common Shares.
As a foreign private issuer we are exempt from a number of rules under the U.S. securities laws and are permitted to file less information with the SEC than a U.S. company. This may limit the information available to holders of the Company Common Shares.
We were founded in the UK in 1996 and were previously listed on the London Stock Exchange. Additionally, U.S. residents do not comprise a majority of our executive officers or directors, and most of our assets are located, and our business is principally administered, outside of the United States. As a result, we report under the Exchange Act as a non-U.S. company with foreign private issuer status. Under Rule 405 of the Securities Act, the determination of foreign private issuer status is made annually on the last business day of an
35
issuer’s most recently completed second fiscal quarter and, accordingly, the next determination will be made with respect to us on June 30, 2024.
As a foreign private issuer, we are not subject to all of the disclosure requirements applicable to public companies organized within the United States. For example, we are exempt from certain rules under the Exchange Act that regulate disclosure obligations and procedural requirements related to the solicitation of proxies, consents or authorizations applicable to a security registered under the Exchange Act, including the U.S. proxy rules under Section 14 of the Exchange Act. In addition, our officers and directors are exempt from the reporting and “short-swing” profit recovery provisions of Section 16 of the Exchange Act and related rules with respect to their purchases and sales of our securities. Moreover, while we expect to submit quarterly interim consolidated financial data to the SEC under cover of the SEC’s Form 6-K, we will not be required to file periodic reports and financial statements with the SEC as frequently or as promptly as U.S. public companies and will not be required to file quarterly reports on Form 10-Q or current reports on Form 8-K under the Exchange Act. Accordingly, there may be less publicly available information concerning our business than there would be if we were a U.S. public company. Additionally, certain accommodations in the NYSE corporate governance standards allow foreign private issuers, such as us, to follow “home country” corporate governance practices in lieu of the otherwise applicable corporate governance standards. The Company Bye-laws do not require shareholder approval for the issuance of authorized but unissued shares, including (i) in connection with the acquisition of shares, stock or assets of another company; (ii) when it would result in a change of control; (iii) when a share option or purchase plan is to be established or materially amended or other equity compensation arrangement made or materially amended, pursuant to which shares may be acquired by officers, directors, employees, or consultants; or (iv) in connection with certain private placements. We are also not required to have a majority of independent directors. To this extent, our practice varies from the requirements of the corporate governance standards of NYSE, which generally requires an issuer to obtain shareholder approval for the issuance of securities in connection with such events and requires a majority of the board to be independent. While we do not currently intend to rely on any other home country accommodations, for so long as we qualify as a foreign private issuer, we may take advantage of them.
There can be no assurance we will be able to comply with the continued listing standards of the NYSE for our securities.
If we fail to continue to meet the listing requirements of the NYSE, the Company Common Shares and Company Warrants may be delisted, and Paysafe and its shareholders could face significant material adverse consequences, including:
We may lose our foreign private issuer status which would then require us to comply with the Exchange Act’s domestic reporting regime and cause us to incur significant legal, accounting and other expenses.
For so long as we qualify as a foreign private issuer, we are not required to comply with all of the periodic disclosure and current reporting requirements of the Exchange Act applicable to U.S. domestic issuers. We may no longer be a foreign private issuer as early as June 30, 2024 (the last business day of the second fiscal quarter of 2024), which would require us to comply with all of the periodic disclosure and current reporting requirements of the Exchange Act applicable to U.S. domestic issuers as of January 1, 2025. In order to maintain our current status as a foreign private issuer, either (a) a majority of our securities must be either directly or indirectly owned of record by non-residents of the United States or (b)(i) a majority of our executive officers or directors cannot be U.S. citizens or residents, (ii) more than 50% of our assets must be located outside the United States and (iii) our business must be administered principally outside the United States. If we lose our status as a foreign private issuer, we would be required to comply with the Exchange Act reporting and other requirements applicable to U.S. domestic issuers, which are more detailed and extensive than the requirements for foreign private issuers. We may also be required to make changes in our corporate governance practices in accordance with various SEC and NYSE rules. For example, the annual report on Form 10-K requires domestic issuers to disclose executive compensation information on an individual basis with specific disclosure regarding the domestic compensation philosophy, objectives, annual total compensation (base salary, bonus, and equity compensation) and potential payments in connection with change in control, retirement, death or disability, while the annual report on Form 20-F permits foreign private issuers to disclose compensation information on an aggregate basis. We would also have to comply with U.S. federal proxy requirements, and our officers, directors, and principal shareholders will become subject to the short-swing profit disclosure and recovery provisions of Section 16 of the Exchange Act.
The regulatory and compliance costs to us under U.S. securities laws if we are required to comply with the reporting requirements applicable to a U.S. domestic issuer may be significantly higher than the cost we would incur as a foreign private issuer. As a result, we expect that a loss of foreign private issuer status would increase our legal and financial compliance costs and is likely to make some activities highly time consuming and costly. We also expect that if we were required to comply with the rules and regulations applicable to U.S. domestic issuers, it could make it more difficult and expensive for us to obtain director and officer liability insurance, and we may be required to accept reduced coverage or incur substantially higher costs to obtain coverage.
36
The Company Bye-laws and Shareholders Agreement, as well as Bermuda law, contain provisions that could discourage acquisition bids or merger proposals, which may adversely affect the market price of our Company Common Shares.
The Company Bye-laws and Shareholders Agreement, as well as Bermuda law, contain provisions that may discourage, delay or prevent a merger, amalgamation, acquisition, or other change in control that shareholders may consider favorable, including transactions in which you might otherwise receive a premium for your Company Common Shares. These provisions may also prevent or frustrate attempts by our shareholders to replace or remove our management. Our corporate governance documents include provisions:
The existence of the foregoing provisions and anti-takeover measures could limit the price that investors might be willing to pay in the future for common shares. They could also deter potential acquirers of our Company, thereby reducing the likelihood that you could receive a premium for your Company Common Shares in an acquisition.
You may have difficulty enforcing judgments of U.S. courts against us in Bermuda courts.
We are organized as an exempted company pursuant to the laws of Bermuda. In addition, a number of our directors and executive officers are not residents of the United States, and a substantial portion of our assets and their assets are or may be located in jurisdictions outside the United States. As a result, it may be difficult for you to effect service of process within the United States upon those persons or us or to recover against them or us on judgments of U.S. courts, including judgments predicated upon civil liability provisions of the U.S. federal securities laws.
37
We have been advised that there is no treaty in force between the United States and Bermuda providing for the reciprocal recognition and enforcement of judgments in civil and commercial matters. As a result, whether a U.S. judgment would be enforceable in Bermuda against us or our directors and officers depends on whether the U.S. court that entered the judgment is recognized by the Bermuda court as having jurisdiction over us or our directors and officers, as determined by reference to Bermuda conflict of law rules. A judgment debt from a U.S. court that is final and for a sum certain based on U.S. federal securities laws will not be automatically enforceable in Bermuda unless the judgment debtor had submitted to the jurisdiction of the U.S. court, and the issue of submission and jurisdiction is a matter of Bermuda (not U.S.) law.
In addition, and irrespective of jurisdictional issues, the Bermuda courts will not enforce a U.S. federal securities law that is either penal or contrary to Bermuda public policy. We have been advised that an action brought pursuant to a public or penal law, the purpose of which is the enforcement of a sanction, power or right at the instance of the state in its sovereign capacity, will not be entertained by a Bermuda court. Certain remedies available under the laws of U.S. jurisdictions, including certain remedies under U.S. federal securities laws, would not be available under Bermuda law or enforceable in a Bermuda court, as they would be contrary to Bermuda public policy. Further, no claim may be brought in Bermuda against us or our directors and officers in the first instance for violation of U.S. federal securities laws because these laws have no extraterritorial jurisdiction under Bermuda law and do not have force of law in Bermuda. A Bermuda court may, however, impose civil liability on us or our directors and officers if the facts alleged in a complaint constitute or give rise to a cause of action under Bermuda law.
Our shareholders may have more difficulty protecting their interests than shareholders of a U.S. corporation.
The rights of shareholders under Bermuda law are not as extensive as the rights of shareholders under legislation or judicial precedent in many U.S. jurisdictions. Class actions and derivative actions are generally not available to shareholders under Bermuda law. However, Bermuda courts ordinarily would be expected to follow English case law precedent, which would permit a shareholder to commence an action in the name of a company to remedy a wrong done to a company where the act complained of is alleged to be beyond the corporate power of a company, is illegal, or would result in the violation of that company’s memorandum of association or bye-laws. Furthermore, consideration would be given by a Bermuda court to allow derivative action rights where acts that are alleged to constitute a fraud against the minority shareholders or where an act requires the approval of a greater percentage of our shareholders than actually approved it. The winning party in such an action generally would be able to recover a portion of attorneys’ fees incurred in connection with such action.
We may issue additional Company Common Shares or other securities without shareholder approval, which would dilute existing ownership interests and may depress the market price of Company Common Shares.
Paysafe may issue additional Company Common Shares or other equity securities of equal or senior rank in the future in connection with, among other things, repayment of outstanding indebtedness or Paysafe’s equity incentive plan, without shareholder approval, in a number of circumstances.
Paysafe’s issuance of additional Company Common Shares or other equity securities of equal or senior rank would have the following effects:
Future sales of the Company Common Shares issued to the Existing Paysafe Shareholders and other significant shareholders may cause the market price of Company Common Shares to drop significantly, even if Paysafe’s business is doing well.
Under the Merger Agreement, the Existing Paysafe Shareholders received, among other things, a significant amount of Company Common Shares.
Subject to the Shareholders Agreement, the Existing Paysafe Shareholders and certain other shareholders party to the Shareholders Agreement may sell Company’s securities pursuant to Rule 144 under the Securities Act, if available.
Upon satisfaction of the requirements of Rule 144 under the Securities Act, the Existing Paysafe Shareholders and certain other significant shareholders may sell large amounts of the Company’s securities in the open market or in privately negotiated transactions,
38
which could have the effect of increasing the volatility in Paysafe’s share price or putting significant downward pressure on the price of the Company Common Shares.
Because we have no current plans to pay cash dividends on our Company Common Shares, you may not receive any return on your investment unless you sell your Company Common Shares for a price greater than that which you paid for it.
We have no current plans to pay cash dividends. The declaration, amount and payment of any future dividends on our Company Common Shares will be at the sole discretion of our board of directors. Our board of directors may take into account general and economic conditions, our financial condition and results of operations, our available cash and current and anticipated cash needs, capital requirements, contractual, legal, tax and regulatory restrictions and implications on the payment of dividends by us to our shareholders or by our subsidiaries to us and such other factors as our board of directors may deem relevant. In addition, our ability to pay dividends is limited by our credit facilities and may be limited by covenants of other indebtedness we or our subsidiaries incur in the future. As a result, you may not receive any return on an investment in our Company Common Shares unless you sell your Company Common Shares for a price greater than that which you paid for it.
The market price of our Company Common Shares may be volatile, which could cause the value of your investment to decline.
The market price of our Company Common Shares may be highly volatile and could be subject to wide fluctuations. Securities markets worldwide experience significant price and volume fluctuations. This market volatility, as well as general economic, market or political conditions, could reduce the market price of our Company Common Shares regardless of our operating performance. In addition, our operating results could be below the expectations of public market analysts and investors due to a number of potential factors, including variations in our quarterly operating results or dividends, if any, to shareholders, additions or departures of key management personnel, failure to meet analysts’ earnings estimates, publication of research reports about our industry, litigation and government investigations, changes or proposed changes in laws or regulations or differing interpretations or enforcement thereof affecting our business, adverse market reaction to any indebtedness we may incur or securities we may issue in the future, changes in market valuations of similar companies or speculation in the press or investment community, announcements by our competitors of significant contracts, acquisitions, dispositions, strategic partnerships, joint ventures or capital commitments, adverse publicity about the industries we participate in or individual scandals, and in response the market price of our Company Common Shares could decrease significantly. You may be unable to resell your Company Common Shares at or above the price you paid or the initial public offering price.
In the past few years, stock markets have experienced extreme price and volume fluctuations. In the past, following periods of volatility in the overall market and the market price of a company’s securities, securities class action litigation has often been instituted against these companies. This litigation, if instituted against us, could result in substantial costs and a diversion of our management’s attention and resources.
ITEM 4. INFORMATION ON THE COMPANY
A. History and Development of the Company
Paysafe Limited was incorporated under the laws of Bermuda on November 23, 2020 for the purpose of effectuating the Transaction described herein and became the parent company of the combined business following the consummation of the Transaction, which was consummated on March 30, 2021. See “Explanatory Note” for further details regarding the Transaction. See “Item 5. Operating and Financial Review and Prospects” for a discussion of Paysafe’s principal capital expenditures and divestitures for each of the three years in the period ended December 31, 2023. There are no material capital expenditures or divestitures currently in progress as of the date of this Report.
The mailing address of Paysafe Limited’s registered office is c/o M Q Services Ltd., Victoria Place, 31 Victoria Street, Hamilton HM10, Bermuda. The principal executive office is located at 2 Gresham Street London, United Kingdom EC2V 7AD and its telephone number is +44 (0) 207 608 8460. The Company’s principal website address is www.paysafe.com. We do not incorporate the information contained on, or accessible through, the Company’s websites into this Report, and you should not consider it as a part of this Report. The SEC maintains an Internet site that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC. The SEC’s website is https://www.sec.gov.
B. Business Overview
Overview
39
Paysafe is one of the leaders in digital commerce with over $140 billion in volume processed in 2023 and $130 billion processed in 2022, generating $1.6 billion in revenue in 2023 and $1.5 billion in revenue in 2022. Our integrated payments platform offers the full spectrum of payment solutions ranging from credit and debit card processing to digital wallet, eCash and real-time banking solutions. The combination of this breadth of solutions, our sophisticated risk management and our deep regulatory expertise and deep industry knowledge across target verticals enables us to empower 18 million active users in more than 120 countries and over 250,000 SMBs to conduct secure and friction-less commerce across online, mobile, in-app and in-store channels. We primarily provide solutions in the large entertainment verticals such as iGaming (which encompasses a broad selection of online betting related to sports, e-sports, fantasy sports, poker and other casino games), travel, streaming/video gaming, retail/hospitality and digital assets. We organize our business in two segments, Digital Wallets represented approximately $734 million or 46%, of our revenue and Merchant Solutions represented approximately $867 million, or 54%, of our revenue for the year ended December 31, 2023. We believe that an increasing percentage of digital commerce around the world is becoming too complex for traditional retail payment services, many of which still use legacy business processes and technologies that were developed years ago to address an earlier generation of eCommerce. These legacy platforms lack the specialized functionality, sophisticated risk management and robust regulatory compliance infrastructures that we believe are required to address this large area of the market.
To address this opportunity, we have developed a suite of innovative, proprietary digital commerce solutions for Business to Business (“B2B”) and Business to Consumer (“B2C”) relationships. We believe these solutions help (1) solve the complexities of facilitating digital commerce, (2) remove significant friction and pain points from the customer experience, (3) enable our business and consumer clients to transact in a faster, safer and more convenient manner and (4) help our business customers grow their operations by bringing active users to their platforms. Our solutions extend well beyond the basic card-based payments functionality of traditional payment vendors by providing the advanced capabilities of digital wallets, alternative payment methods (“APMs”) and digital currency transactions. These include:
We combine key elements of our business to create distinct competitive advantages in the market, as illustrated below. These include:
40
We believe this unique combination has enabled us to become a global leader in the global entertainment verticals, but which also have specific service requirements that are difficult for traditional vendors to provide. For example:
Consumers in these and other verticals are also attracted to the differentiated functionality of our digital wallet and digital currency solutions that enable them to load funds onto a stored value account that can be used easily and flexibly online, through a mobile device or an integrated app. Many of our consumer clients come from the younger demographic of millennial and generation Z users, who either do not have a bank account, credit or debit card or who often prefer not to use their bank account, credit or debit cards online, are attracted to the additional security of our solutions and want to control their spending more effectively.
We go to market, serve and support our clients through an omni-channel model that leverages our global reach and our B2B and B2C relationships. This enables us to manage and serve our clients through our network of offices around the world with strong knowledge of local and regional markets, customs and regulatory environments. We sell our solutions through a combination of direct and indirect sales strategies. We have a direct sales force that builds and develops relationships with larger merchants and helps them configure or develop digital and point-of-sale commerce solutions from our suite of technology services. Our enterprise sales organization is structured to match our target verticals and is enables through sales operations, deal operations, pre-sales and demand generation. We sell our solutions online to smaller merchants using targeted marketing campaigns designed to address specific use cases across verticals, geographies and user profiles. We also leverage a network of partners, such as ISVs and independent sales organizations (“ISOs”), who integrate our solutions into their own services or resell our solutions by utilizing their own sales initiatives.
We typically generate revenue across our solutions through transaction fees that are calculated as a percentage of the transaction dollar volume, a fixed per transaction fee or a combination of both. We generate these fees when funds are loaded onto wallets or cards, when funds are used to make transactions or when we process a transaction on behalf of our merchants or partners. In certain cross-border transactions, we may also generate revenue from foreign exchange fees.
For the year ended December 31, 2023, we generated $140 billion of total payment volume and $1.6 billion in revenue. During the same period, we had a net loss of $20 million and generated $459 million of Adjusted EBITDA. For the year ended December 31, 2022, we generated $130 billion of total payment volume and $1.5 billion in revenue. During the same period, we had a net loss of $1.9 billion
41
and generated $410 million of Adjusted EBITDA See “Item 5. Operating and Financial Review and Prospects” of this Report for additional information relating to non-GAAP measures presented in this Report and for a reconciliation of such non-GAAP measures to the most directly comparable measures calculated and presented in accordance with GAAP.
Our Journey & Evolution as a Pioneer in Digital Commerce
Since our foundation in 1996, we have pioneered and continue to innovate around the development of digital payment solutions that help reduce complexity and expand payment alternatives for merchants and consumers. We have evolved since then by strengthening our domain expertise, adding new capabilities and extending our market reach to build on our early mover advantages in digital commerce and establish ourselves as a scaled market leader across all of our business segments. Some of the key milestones in our evolution include:
Our Large & Fast-Growing Market Opportunity
We believe that an increasing percentage of digital commerce around the world is becoming too complex for traditional payment and eCommerce services providers using legacy business models, payment solutions and risk management platforms to support an aging generation of retail eCommerce solutions. These legacy platforms and vendors lack the specialized functionality, sophisticated risk management and robust regulatory compliance infrastructures required to address a large and fast-growing area of the market, which includes digital wallets, APMs and digital currency transactions. Consumers in these markets are attracted to the differentiated functionality of these next-generation solutions, which enable them to load funds or cash onto a virtual stored-value account that can be used easily and flexibly online, through a mobile device, or inside an integrated app. Many of these users come from the demographic of millennials and generation Z users, who either do not have a bank account or often prefer to use alternative payment methods as they are less comfortable sharing their financial details online. Instead they are attracted to the additional functionality and security features of these solutions, which enable them to engage in digital commerce and control their spending more effectively.
Key Market Trends
We are positioned in key market segments:
42
Key Market Challenges
As a result of these market trends, we believe businesses and consumers are facing challenges, which pose risks and opportunities for vendors in our market. These include:
43
Our Competitive Strengths
Over the course of our evolution, we have developed highly differentiated attributes, assets and capabilities that we combine to create powerful competitive advantages. We believe these advantages have enabled us to establish our leadership position in the market and positioned us favorably to continue to innovate, grow and expand the markets we serve. These strengths include:
Global Digital Solutions & Reach
We offer our business and consumer clients a comprehensive suite of advanced, differentiated, commerce-enabling solutions and specialized payment services to help them transact in a faster, safer and more convenient manner around the world. The advantages of our global digital solutions include:
Unique Global Culture & Expertise
Since we were a pioneer in the early days of eCommerce, we developed strong company characteristics over the last 20 years that we believe provide us with material advantages, including:
44
We believe we have curated an attractive workplace environment for employees. We encourage a strong client-centric mentality across all our functions to prioritize solving the friction and pain points that our clients experience when trying to conduct commerce online rather than trying to sell undifferentiated payment services. Together, our entrepreneurial culture and client centric focus form the core spirit of our company, which has enabled us to: (1) pioneer and establish a leadership position empowering digital commerce throughout the world; (2) develop our Paysafe Network and its various advantages and capabilities; and (3) differentiate our solutions, service quality and client relationships from the more traditional legacy payment vendors that sell increasingly commoditized products and services.
Our Growth Strategies
We will leverage the leadership, scale and competitive advantages of our leading digital solutions, global expertise and global platforms to grow our business around the world. Building upon our core foundations, we will continue to grow our business by:
In general, we have organized our growth and expansion initiatives around five key strategies. These are:
45
Our Segments & Solutions
We offer a broad selection of business-to-business and business-to-consumer digital commerce solutions to online businesses, small and medium sized merchants and consumers through our proprietary Paysafe Network. While we manage our business holistically and in an integrated manner, we provide our solutions across two business segments to optimize our management of each.
Our reportable segments are Merchant Solutions and Digital Wallets. Our reportable segments were revised as of December 31, 2022. Accordingly, our segment financial information is presented on this revised basis and financial information for the year ended December 31, 2021 has been revised to reflect this change. Please refer to Note 21, Operating segments, within Item 18, Financial Statements for further details.
46
Overview by Segment
Merchant Solutions
The Merchant Solutions segment is the combination of our historical US Acquiring segment and Integrated & eCommerce Solutions business and services markets primarily in North America, Canada and Europe. For the year ended December 31, 2023, this segment generated $119 billion of total payment volume, $867 million in revenue and $222 million in Adjusted EBITDA . We provide a comprehensive suite of payment acceptance and processing services enabling SMBs to accept payments in over 40 currencies through in store, online, or mobile channels. We sell our solutions directly and indirectly through partners, to a diverse set of merchants and integrated service providers. Our Merchant Services are targeted towards online small and medium sized merchants and software-integrated merchants with integrated payment capabilities for approximately 150 integrated software vendors (“ISV”). We provide a comprehensive, full-featured Online toolkit that allows merchants and ISVs in the United States, Canada and Europe to build and scale their online commerce presence. Our solution, which can easily integrate with merchant websites addresses the full range of online commerce requirements. We also offer merchants and ISVs a global turn-key payments gateway solution, providing critical connectivity between merchant online sites and payment acceptance and transaction processing providers. Through our global feature-rich gateway, we manage and provide all connections to card processing networks, acquiring banks and transaction processors. We continually expand our gateway functionality with emerging payment types to ensure that our merchant customers can serve the largest target market possible. Our solutions offer a highly flexible, feature-rich package, including: gateway connectivity, shopping carts, tokenization and encryption, fraud and risk management and support a broad selection of payment alternative. Additionally, we offer seamless integrations into leading eCommerce platforms and multiple APMs to offer targeted, localized payment methods in key markets. In the United States, we service over 250k SMB merchants and approximately 150 ISV partners. In Europe, where we have our own acquiring license, our target merchants are larger e-commerce clients.
Digital Wallets
The Digital Wallets segment is the combination of our legacy Digital Wallet and eCash solutions and services markets primarily in Europe, UK, North America and Latin America. For the year ended December 31, 2023, this segment generated $22 billion of total payment volume, $734 million in revenue and $319 million in Adjusted EBITDA. Through our single API, we can offer legacy Digital Wallet and eCash solutions to customers through a single integration. Additionally, we believe we can leverage our position as a global leader of digital commerce solutions in the iGaming market to benefit from the very fast growth and large addressable market opportunity in North America iGaming.
Our proprietary digital wallet solutions are marketed under the NETELLER and Skrill brand names, as well as a proprietary pay-by-bank solution marketed in Europe under the Rapid Transfer brand. Skrill and NETELLER remove friction from complex commerce situations and dramatically simplify the complexity of traditional payment mechanisms, such as card-based payments, enabling our active users to send, spend, store and accept funds online more easily. Our Rapid Transfer solution is a pay-by-bank alternative for eCommerce applications that provides a safe, low-cost payment alternative for consumers and merchants.
Our digital wallets are an internet-based account used by merchants and consumers that enables account holders to send and receive funds instantly, conveniently and securely using a wide selection of funding options. Our digital wallets allow consumers to pay for goods and services online without exposing personal financial data, as well as to receive money from merchants, such as winnings from an internet-based gambling website or payments from an auction website. Our digital wallets support a wide selection of funding alternatives including close to 260 alternative payment method integrations, including cryptocurrency and is offered in over 120 countries, over 40 currencies and over 14 languages. The Money transfer feature allows Skrill wallet holder to transfer funds to over 40 countries. NETELLER has a significant presence and strong market share in emerging markets, including in Latin America and Asia. Our Skrill and NET+ Prepaid Mastercards are companion products enabling NETELLER and Skrill digital wallets active users to access and use stored funds anywhere that Mastercard products are accepted.
Our proprietary eCash solutions are marketed under the paysafecard and Paysafecash brands and also the viafintech, SafetyPay and PagoEfectivo brands following our recent acquisitions of these three companies. These solutions provide consumers with a safe and easy way to purchase goods and services online without the need for a bank account or credit card and allow merchants to expand their target market to include consumers who prefer to pay with cash. paysafecard and Paysafecash are available at over one million locations in 50 countries worldwide and can be used to make purchases at online stores and online platforms. They are available in various denominations in each respective country’s local currency. Purchasers receive a secure 16-digit PIN code or bar code. The user receives the PIN or bar code transaction identifier that is displayed in a digital wallet, uploaded to a mobile phone, or is sent via e-mail to be printed out. The transaction is completed when the users makes a cash payment at a designated retail location authorized to accept the bar code or PIN identifier.
47
We also offer a paysafecard prepaid Mastercard that can be linked to a digital paysafecard account and used to make purchases anywhere in the world, online or offline, where Mastercard is accepted. The paysafecard Mastercard, which can be funded with cash through a fully verified digital paysafecard account, or with credits from online gaming merchants, is currently available to our customers in 18 countries.
In Latin America we offer Safetypay, a platform that enables eCommerce transactions in 12 Latin American countries, and PagoEfectivo, the leading alternative payment platform and Brand in Peru which positions us to compete well in this growing market.
Our Distribution & Sales
In 2023, we reached 18 million active users in more than 120 countries and over 250 thousand merchants across North America, Latin America and Europe. In 2023, we generated approximately 56% of our revenue in North America, 32% in Europe, 7% in Latin America and 5% in the rest of the world, based on the region where a transaction was initiated or the merchant location. We go to market and reach our clients through a combination of online and physical channels that we sell into utilizing a range of direct and indirect sales strategies across our two business segments. These sales strategies include:
48
Our Customer Service & Support
We provide customer support services that have been designed to address the specific support issues of each of our two business segments. These include:
Merchant Solutions Support — We provide support through dedicated service centers in the North America and the UK. We support customers across a variety of channels including calls, email, chat and social media.
Digital Wallets Support — Our teams are trained and equipped with a broad range of tools including communication templates and a state-of-the-art knowledge base.
Our Global Risk and Compliance Management Program
Paysafe’s global risk and compliance program includes the development, deployment and management of proprietary models to detect and prevent compliance risk, card scheme risk, fraud risk and credit risk. We leverage the vast amount of data in our ecosystem and the learnings derived from our global and local operating experts to continuously update and improve our compliance and risk management practices. We utilize real-time detection and prevention processes and create alerts, which are then reviewed by our risk and compliance teams to ensure we act quickly to stop any potential fraudulent behavior. The outcomes of our reviews are driven back into our machine learning models for continuous improvement in accuracy. Our risk and compliance teams are geographically aligned with our business footprint around the world and include both global and local expertise in compliance and regulatory requirements across the entire payments landscape. The focus areas of our global risk, regulatory and compliance operations include:
49
Licensing and Regulation
Laws and regulations in jurisdictions around the world apply to many key aspects of our business. Any actual or perceived failure to comply with these requirements may result in, among other things, revocation of required licenses or registrations, loss of approved status, private litigation, regulatory or governmental investigations, administrative enforcement actions, sanctions (including public fines), civil and criminal liability, public censures and constraints on our ability to continue to operate, as well as potentially adverse effects on our brand and position with respect to competitors. It is also possible that current or future laws or regulations could be interpreted or applied in a manner that would prohibit, alter, or impair our existing or planned products and services, or that could require costly, time-consuming, or otherwise burdensome compliance measures from us. This discussion is not exhaustive, and there are numerous other regulatory agencies that have or may assert jurisdiction over our activities. The laws and regulations applicable to the payments industry in any given jurisdiction are subject to interpretation and change.
Various laws and regulations govern the global payments industry. In Europe, certain of our subsidiaries are authorized by the FCA under the Electronic Money Regulations 2011 to perform the regulated activity of issuing e-money and the provision of payment services (which has the meaning specified in the Second Electronic Money Directive) as well as to provide account information services and payment initiation services to support our Rapid Transfer service. Additionally, we are authorized by the CBI under the European Communities (Electronic Money) Regulations 2011 for two of our entities in Ireland to act as e-money issuers and to provide payment services (including account information and payment initiation services to support our Rapid Transfer service) and have completed the necessary passporting notifications to operate in other EEA jurisdictions. E-money means electronically (including magnetically) stored monetary value, as represented by a claim on the electronic money issuer, which (a) is issued on receipt of funds for the purpose of making payment transactions; (b) is accepted by a person other than the electronic money issuer; and (c) is not excluded by regulation. An e-money issuer is someone who issues and redeems electronic money and provides payment services in accordance with the Second Electronic Money Directive.
Both the UK and Ireland prescribe that, with respect to our payment services entities, no person may hold or acquire, alone or together with others, a direct or indirect stake of 10% or more of our shares, 10% of the voting rights attached to our shares, or exercise, directly or indirectly, significant influence over any of the regulated subsidiaries (or increase an existing holding of 10% or more of our shares or the voting rights attached to our shares crossing a control threshold (20%, 30% or 50%)) without first obtaining the prior approval of the FCA and the CBI.
Certain of our subsidiaries are considered Foreign Money Service Businesses (“FMSBs”) under Canadian Proceeds of Crime (Money Laundering) and Terrorist Financing Act and are therefore required to hold FMSB licenses with FINTRAC, the Canadian Regulator. These licensed subsidiaries are subject to record keeping and reporting requirements for all activity involving money transferring and foreign exchange dealing. Some of these subsidiaries are also licensed as money service businesses with Revenu Quebec and are subject to record keeping requirements for all money transfers and foreign exchange transactions involving Quebec residents. Furthermore, with the enactment of the Canadian Retail Payments Activities Act, several subsidiaries will need to apply for registration with the Bank of Canada in November 2024 as payment service providers. There will be no, inter alia, safeguarding requirements, transaction monitoring requirements and recordkeeping requirements, among others.
In the United States, Skrill USA Inc. (“Skrill USA”), is registered with FinCEN as a money services business and regarded as a money transmission business. Money transmitting businesses are subject to numerous regulations in the United States at the federal and state levels, and we have obtained or applied for money transmitter licenses (or applicable similar licenses) in all U.S. states and territories in which we are required to do so, with one license pending. These licenses and registrations subject us, among other things, to record-keeping requirements, reporting requirements, bonding requirements, limitations on the investment of customer funds, and inspection by state and federal regulatory agencies. We are also subject to inspections, examinations, supervision, and regulation by each state in which we are licensed. Furthermore, to the extent that our activities cause us to be deemed to be engaged in other business involving digital currency activities that are regulated in any state in which we operate, we may be required to seek a license or otherwise register with a state regulator and comply with state regulations. If we are required to register in these states and comply with their individual requirements, we can expect to incur significant compliance costs, including increased legal expenses, accounting expenses and internal costs. Without a required money transmitter license, we could not engage in money transmitter activities with such state).
Since the enactment of the Dodd-Frank Act, there have been substantial reforms to the supervision and operation of the financial services industry, including numerous new regulations that have imposed compliance costs on us and our financial institution partners and clients. Among other things, the Dodd-Frank Act established the CFPB, which is empowered to conduct rule-making and supervision related to, and enforcement of, federal consumer financial protection laws. Certain money transmitters engaged in international money transfers such as Skrill USA are required to provide additional consumer information and disclosures, adopt error resolution standards and adjust refund procedures for international transactions originating in the United States, and certain money transmitters that are deemed by
50
regulation to be “larger participants” in the international money transfer market, such as Skrill USA, are subject to direct supervision by the CFPB. In addition, the CFPB may adopt other regulations governing consumer financial services, including regulations defining unfair, deceptive, or abusive acts or practices, and new model disclosures. Skrill USA could be subject to fines or other penalties if it is found to have violated the Dodd-Frank Act’s prohibition against unfair, deceptive or abusive acts or practices or other consumer financial protection laws enforced by the CFPB. The CFPB’s authority to change regulations adopted in the past by other regulators could increase our compliance costs and litigation exposure. The legislation and implementation of regulations associated with the Dodd-Frank Act have increased Skrill USA’s costs of compliance and required changes in the way it and its agents conduct business. In addition, Skrill USA is subject to examination by the CFPB from time to time.
The Dodd-Frank Act also empowers state attorneys general and other state officials to enforce federal consumer protection laws under specified conditions. We, including Skrill USA, have periodically been involved in reviews, investigations, proceedings (both formal and informal), and information-gathering requests, by various government offices and agencies, including various state agencies and state attorneys general (as well as the CFPB and the U.S. Department of Justice). These examinations, inquiries and proceedings could result in, among other things, substantial fines, penalties or changes in business practices that may require us to incur substantial costs.
Although we have the licenses and authorizations referred to above, our Digital Wallets segment issues e-money to customers in over 120 countries and territories, a majority in which we are not licensed as an e-money issuer. We take the view that, in general, we are not conducting regulated activities in these other jurisdictions on the basis that our activities of issuing e-money are not conducted in each jurisdiction in which our relevant customers reside, but rather e-money is issued in jurisdictions in which we are licensed. We acknowledge that local regulators in these jurisdictions may take a different view and, as transaction volumes increase and/or the matter is brought to our attention by local regulators, we will take advice in respect of local requirements on a case-by-case basis. Failure to comply with local regulations in these jurisdictions could also lead to examinations, inquiries and proceedings that could result in, among other things, fines, penalties, prohibitions on operating in jurisdictions or changes in business practices that may require us to incur substantial costs.
Due to ongoing developments in e-money regulation, we obtain advice from outside legal counsel as required in order to assess any applicable risk and, where necessary, will limit the extent of our operations in a particular jurisdiction or will consider whether to obtain a license in such jurisdiction. We believe that the likelihood of any enforcement action by a regulator is low due to factors such as the operation of the services through the internet on a cross-border basis from a country in which the relevant entity holds a license, the limited extent of our activities in the respective jurisdictions, the lack of enforcement action against similar payment processors, the lack of a physical presence in the respective jurisdictions, and the effective management of our relationships with our customers. However, the adoption of new money transmitter statutes in other jurisdictions, changes in regulators’ interpretation of existing state and federal money transmitter or money services business statutes or regulations, or disagreement by a regulatory authority with our interpretation of such statutes or regulations, could require additional registrations or licenses, limit certain of our business activities until they are appropriately licensed and expose us to financial penalties. See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—Regulatory, Legal and Tax Risks—We are subject to financial services regulatory risks.”
Crypto related services
In connection with the Skrill and NETELLER Cryptocurrency Services, we have been registered as a crypto asset business with the FCA in the UK and with the CBI in Ireland and is supervised for anti-money laundering purposes by each Regulator. Both the EU and UK are proposing changes to law that could result in additional licensing requirements and regulatory compliance obligations in respect of the provision of crypto related services which will require additional effort to analyze and comply with.
Payment Network Rules and Standards and Relationships with Partner Banks
Payment networks, such as Visa, Mastercard and American Express, establish their own rules and standards that allocate liabilities and responsibilities among the payment networks and their participants. These rules and standards, including the Payment Card Industry Data Security Standards, govern a variety of areas, including how consumers and clients may use their cards, the security features of cards, security standards for processing, data security and allocation of liability for certain acts or omissions, including liability in the event of a data breach. With respect to the payment networks of which we are a participant, those payment networks rules apply to us directly. In addition, where we partner with a member bank to access payment networks, as described below, those payment networks’ rules may apply to us indirectly, as the rules may impact the nature of our relevant bank partnership. The payment networks may change these rules and standards from time to time as they may determine in their sole discretion and with or without advance notice to their participants. These changes may be made for any number of reasons, including as a result of changes in the regulatory environment, to maintain or attract new participants, or to serve the strategic initiatives of the networks, and may impose additional costs and expenses on or be disadvantageous to certain participants. Participants are subject to audit by the payment networks to ensure compliance with applicable rules and standards. The networks may fine, penalize or suspend the registration of participants for certain acts or omissions or the failure of the participants to comply with applicable rules and standards.
51
In order for our Merchant Solutions business to process and settle transactions for our merchants, we have entered into sponsorship agreements with banks that are members of the payment systems. Because we are not a “member bank” as defined by the major payment networks’ rules and standards, we are not permitted to access those networks directly; instead, we are required to access the payment networks through our sponsor banks. Our bank partners sponsor our adherence to the rules and standards of the payment networks and enable us to route transactions under the sponsor banks’ control and BINs across the payment networks to authorize and clear transactions. Payment network rules restrict us from performing funds settlement directly and require that merchant settlement funds be in the possession of the member bank until the merchant is funded. These restrictions place the settlement assets and liabilities under the control of the member bank.
Our sponsorship agreements with our bank partners also give our sponsor banks substantial discretion in approving certain aspects of our business practices, including our solicitation, application and qualification procedures for clients and the terms of our agreements with clients, and provide them with the right to audit our compliance with the payment network rules and guidelines. We are also subject to network operating rules and guidelines promulgated by the National Automated Clearing House Association (“NACHA”) relating to payment transactions we process using the Automated Clearing House Network. Like the payment networks, NACHA may update its operating rules and guidelines at any time, which could require us to take more costly compliance measures or to develop more complex monitoring systems. Similarly, our ACH sponsor banks have the right to audit our compliance with NACHA’s rules and guidelines, and are given wide discretion to approve certain aspects of our business practices and terms of our agreements with ACH clients.
We have obtained Principal Membership designation from Mastercard Europe and Visa Europe to offer merchant acquiring services to merchants in the European Union. With the Principal Membership of Visa and Mastercard, Paysafe is able to act as the acquiring bank. This means that we are solely responsible for the adherence to the rules and standards of these payment networks, and it enables us to route transactions under our own payment network licenses to authorize and clear transactions. Under our payment network licenses, we are allowed to perform funds settlement directly to merchants. In addition, our European payment processing business has similar relationships with sponsor banks in order to access other European payment networks.
Indirect and Direct Regulatory Requirements
Our sponsor banks and certain of our merchants are financial institutions that are directly subject to various regulations and compliance obligations issued by their regulators and in the countries in which they operate. While these regulatory requirements and compliance obligations do not apply directly to us, many of these requirements materially affect the services we provide to our clients and us overall. For example, many regulators require financial institutions to manage their third-party service providers, including us. In turn, we also have certain direct obligations to oversee our critical suppliers. Among other things, these requirements include performing appropriate due diligence when selecting third-party service providers; evaluating the risk management, information security, and information management systems of third-party service providers; imposing contractual protections in agreements with third-party service providers (such as performance measures, audit and remediation rights, indemnification, compliance requirements, confidentiality and information security obligations, insurance requirements and limits on liability); and conducting ongoing monitoring, diligence and audit of the performance of third-party service providers. Accommodating these requirements applicable to our clients imposes additional costs and risks in connection with our relationships with financial institutions. We expect to expend significant resources on an ongoing basis in an effort to assist our clients in meeting their legal requirements. Similarly, we need to work very closely with our third-party core processors who sit between us and the payments network in the payment cycle.
Unfair, Deceptive or Abusive Acts or Practices (“UDAAP”) and Other Consumer Protection Standards
We and many of our clients are subject to laws and regulations prohibiting unfair or deceptive acts or practices in jurisdictions around the world. In the United States, this includes Section 5 of the Federal Trade Commission Act (“FTCA”) and various state laws in the United States similar in scope and subject matter thereto. In addition, laws prohibiting these activities and other laws, rules and or regulations, including the Telemarketing Sales Rule, which gives effect to the Telemarketing and Consumer Fraud and Abuse Prevention Act, and the Telephone Consumer Protection Act, may directly impact the activities of certain of our clients, and in some cases may subject us, as the client’s payment processor or provider of certain services, to investigations, fees, fines and disgorgement of funds if we are deemed to have aided and abetted or otherwise provided the means and instrumentalities to facilitate the illegal or improper activities of a client through our services. In the UK, the FCA implements, maintains and enforces a range of rules covering (among other things) management and control, market conduct, communications, financial prudence, the fair treatment of customers and the protection of vulnerable customers. These rules are contained in various sources including the FCA handbook of Rules and Guidance and the Payment Services Regulations 2017 and apply to the regulated activities we carry out. In July 2023, the FCA’s new Consumer Duty rules will come into effect which will set a higher standard of protection for consumers and microenterprise merchants that goes beyond, and delivers benefits not currently delivered by, the FCA’s current rules and principles. The Consumer Duty principle will require firms to deliver good outcomes for customers, by acting in good faith towards them, avoiding causing them foreseeable harm and supporting them to pursue their financial objectives. It identifies key outcomes in product and services design, price and value, communications, and consumer support. Breach of these rules may result in fines, public censures, customer remediation and redress
52
and ultimately in the revocation of our regulatory license. In addition, the Consumer Rights Act 2015 sets out a framework of statutory consumer protection measures, and protects consumers in almost all purchases they make, through enforcing that products and services are of satisfactory quality, fit for purpose and are as described before the purchase. In addition, and of particular relevance to our business, the Consumer Rights Act 2015 sets out a framework for the assessment of unfair terms in consumer contracts, including a list of terms which will always be considered to be unfair and those terms which may be considered unfair. These provisions apply to our terms of business, as well as to “consumer notices” which includes items such as marketing material and pre-contractual discussions with customers. Consumers have the right to challenge unfair contract terms, such as disproportionate fees and charges, terms which create a significant imbalance between a customer’s rights and ours, as terms which may exclude any statutory duties we owe. Additionally, the FCA enforces and oversees compliance with the Consumer Rights Act 2015 in relation to regulated firms. Breach of the Consumer Rights Act 2015 may result in contracts or certain terms being unenforceable, damages liability and/or regulatory action.
In Ireland, the CBI also implements, maintains and enforces a range of rules covering (among other things) market conduct, communications with customers, the safeguarding of users’ funds and the fair treatment of consumers and other vulnerable customers. These rules are contained in various sources including the Consumer Protection Code and the European Union (Payment Services) Regulations 2018 and apply to the regulated activities we carry out from Ireland across the EEA. Breach of these rules may result in fines, public censures, customer remediation and redress and ultimately in the revocation of our regulatory licenses in Ireland.
Various regulatory enforcement agencies in jurisdictions around the world, including the Federal Trade Commission and the states attorneys general in the United States, and the FCA in the UK, have authority to take action against payment processors who violate such laws, rules and regulations. To the extent we are processing payments or providing services for a client suspected of violating such laws, rules and regulations, we may face enforcement actions and, as a result, incur losses and liabilities that may adversely affect our business. In the absence of a Federal privacy law, the Federal Trade Commission in particular has prosecuted privacy misdemeanors under Section 5 of FTCA, which are also open to prosecution by the CFPB.
The CFPB has attempted to extend certain provisions of the Dodd-Frank Act that prevent the employment of unfair, deceptive or abusive practices to payment processors. Though there is still litigation and uncertainty involving the meaning of “abusiveness” under the Dodd-Frank Act and whether payment processing companies are subject to these provisions (and the extent of their application), these provisions may apply or be applicable to us in the future. UDAAPs could involve omissions or misrepresentations of important information to consumers or practices that take advantage of vulnerable consumers, such as elderly or low-income consumers. The CFPB has initiated enforcement actions against a variety of bank and non-bank market participants with respect to a number of consumer financial products and services that has resulted in those participants expending significant time, money and resources to adjust to the initiatives being pursued by the CFPB. Such enforcement actions may serve as precedent for how the CFPB interprets and enforces consumer protection laws, including UDAAP, which may result in the imposition of higher standards of compliance with such laws and, as a result, limit, restrict or adversely affect our business of our business. The CFPB has indicated that it is considering whether future rulemaking may clarify the meaning of “abusiveness” under the Dodd-Frank Act UDAAP rule, though the scope and content of any such future rulemaking (and the extent to which any such future rulemaking may affect our business) remains uncertain.
Anti-Money Laundering and Financial Crimes
We are subject to various anti-money laundering and counter-terrorist financing laws and regulations that prohibit, among other things, our involvement in transferring the proceeds of criminal activities. Facilitating financial transactions over the internet creates a risk of fraud. See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—Regulatory, Legal and Tax Risks—We must comply with money laundering regulations in the UK, Ireland, Switzerland, the United States, Canada and elsewhere, and any failure to do so could result in severe financial and legal penalties.” Applicable money laundering regulations require firms to put preventative measures in place and to perform KYC procedures, including conducting customer identification and verification and undertaking ongoing monitoring. In addition, regulations require companies to keep records of identity and to train their staff on the requirements of the relevant money laundering regulations. We are also subject to rules and regulations imposed by, amongst others, HM Treasury and OFAC, regarding watch lists published by such bodies restricting the transfer of funds to certain specifically designated countries. If we are not in compliance with U.S. or other anti-money laundering laws, we may be subject to criminal and civil penalties and other remedial measures, which could have an adverse effect on our business, results of operations, financial condition and cash flows. Any investigation of any potential violations of anti-money laundering laws by U.S. or international authorities could harm our reputation and could have a material adverse effect on our business, prospects, results of operations, financial condition and cash flows.
Our customers are resident in over 120 countries and territories. However, we believe that we do not conduct regulated activities in all of these jurisdictions. Rather, we conduct regulated activity in only a limited number of jurisdictions, and our wider customer base accesses our services online. We are subject to anti-money laundering regulation in the UK, Ireland, Switzerland, Canada, the United States and in any other jurisdiction, including other member states of the EEA, where we are established and performing activities that would require that we apply anti-money laundering regulation. Our merchants are subject to due diligence in accordance with our policies and procedures before acceptance and, subject to the below, we intend for all customers to be subjected to progressive, risk-based KYC procedures with levels of identity verification through a combination of screening, monitoring of activity patterns and
53
transaction volumes surpassing pre-set limits (in accordance with applicable regulations in Europe, the UK and in North America). Our systems are designed to have all consumer transactions be subject to strict, real-time transaction monitoring. Certain of our products and services, such as paysafecard e-vouchers, are exempted from KYC regulations due to the low monetary value of the transactions. We have put into place procedures designed to mitigate money laundering risks in these circumstances, including (i) strict, real-time transaction monitoring on the use of the vouchers, (ii) certain limitations on spending and (iii) limiting the frequency of voucher issuance in respect of a single customer or through certain points of sale or distributors. We conduct additional due diligence and verification when we detect high risk or suspicious activity. As a result, we believe that we have the appropriate processes in place to comply with the anti-money laundering laws and regulations to which we are subject and will become subject.
The UK Regulatory authorities have focused on the impact of fraudulent activity on consumers and are seeking to mitigate the perceived risk to customers through the introduction of changes to law and thematic supervisory inspections. Regulators are particularly focusing on regulated firms’ ability to identify new fraud typologies and risk of the exploitation of financial services for financial crime and to then mitigate that risk. Any perceived inherent susceptibility of a particular financial services to very high risk of financial crime will result in the Regulators forming the view that if the identified risk cannot be mitigated to an acceptable level, it should be discontinued, resulting in lost revenue.
Online Gambling Regulation
We do not provide gambling services and, as a result, in most jurisdictions outside of the United States and Canada, do not require any gambling licenses or associated regulatory permissions. Where any associated regulatory permission is required to supply merchants in this sector we work to ensure that we hold the appropriate permission. However, our digital wallets business offers an online alternative to traditional payment methods and a large proportion of the customers and merchants of those businesses are engaged in the use or provision of online gambling services.
For the year ended December 31, 2023, we derived approximately 30% of our revenue directly or indirectly from processing transactions for merchants and customers in the online gambling sector.
Given the importance of the online gambling sector to our business, we expend significant time and resources to ensure that we have an in-depth understanding of the regulatory environment in the main territories in which our gambling industry merchants operate and customers reside, monitoring closely the developing regulatory regimes in those territories and adapting our business acceptance policies where necessary. Currently, we monitor legal and regulatory developments in all of our material markets closely and generally seek to keep abreast of legal and regulatory developments affecting the gambling industry as a whole. We adapt our regulatory policies and, therefore, the scope of our ongoing monitoring on the basis that an individual market’s materiality to us may change. We have adopted a market presence policy that assesses a number of factors, including the legislative regime applicable to the relevant country, whether we have a presence in such country and the overall environment for online gambling activities in that country; we then consider whether any changes are required to the extent of our business activities in those countries. We also engage external counsel to conduct an assessment of our top 20 online gambling revenue producing countries to assist in our assessments of risk. However, we do not necessarily monitor, on a continuous basis, the laws and regulations in every jurisdiction where we facilitate payments for merchants or customers. See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—Regulatory, Legal and Tax Risks—Our business is subject to extensive regulation and oversight in a variety of areas, all of which are subject to change and uncertain interpretation, including in such ways as could criminalize certain of our activities.”
The global online gambling market is characterized by regulatory inconsistencies across many jurisdictions and frequent changes in the laws and regulations governing online gambling. For instance, due to the borderless nature of online gaming and sports betting and foreign exchange trading, a merchant properly licensed in its home jurisdiction may still provide services to consumers in other jurisdictions, knowingly or unknowingly including in jurisdictions whose regulations are ambiguous or where gaming, sports betting and/or foreign exchange trading are prohibited. For example, the Latvian Financial and Capital Market Commission (the “Commission”) notified us of their belief that we were in breach of Latvian law as a result of processing gambling payments between Latvian customers and gambling operators that do not have a local license. Following engagement with the Commission, we asserted that we were not in breach of Latvian law and currently have not received a response. See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—Regulatory, Legal and Tax Risks—We generate a significant portion of our revenue by processing online payments for merchants and customers engaged in the online gambling and foreign exchange trading sectors.”
Risk Assessment Process
We have designed risk management systems to identify the geographic locations of our customers, identify the regulatory system to which such customers are subject and then determine whether such customers should be permitted to transact payments for online gambling through our system. Where we have made a decision for legal and/or policy reasons not to accept gambling transactions from customers in particular territories, we endeavor to implement those decisions rigorously using our risk management platform.
54
Before we accept business from merchants or customers for gambling activities, we are careful to assess the risk for us of accepting such business. Our determination as to whether or not to permit online gambling customers in a given jurisdiction to access our services is based on a number of factors. These factors include, among others, our understanding of:
When the legal position is unclear, we will consider the above factors and make a decision whether to do business based on a review and weighting of the above factors. We re-evaluate our assessment of individual jurisdictions as required and the categorization applied and may change our view. For example, we consider planned changes to legislation or court judgments which may affect our categorization of any jurisdiction and our willingness to transact gambling payments for customers located there. Such reviews take place as soon as practicable after becoming aware of them and when a review can meaningfully be undertaken. These reviews comprise the solicitation of legal advice (and updated advice) as well as the assessment of market intelligence, which are then assessed and determined by our Market Presence Committee. Other gambling operators, regulators and other payments businesses and financial institutions may, however, take a different view of the legal environment in any particular jurisdiction. In this regard, we have created and used the following categories of classification for the Group:
55
In making the assessment for each relevant country, we will assess the risk in the market, the approach of our competitors and the likelihood of enforcement action being taken. We regularly review our categorization of jurisdictions of existing gambling merchants and customers as the regulatory environment within countries changes over time which may, along with a potential change in our attitude towards risk, result in us reconsidering our approach. It is also possible that, while our assessment of a jurisdiction may not change, enforcement action could still be taken against us and/or our executive officers or directors, depending upon the local laws in the relative jurisdiction. Although we have designed these systems with the intention of effectively assessing risk, our risk assessment processes may not always be effective. See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—We may become an unwitting party to fraud or be deemed to be handling proceeds resulting from the criminal activity of our customers.”
Regulatory Change: Trends and Outlook
Although the general trend in gambling regulation over the last ten years has been to seek to restrict the activities of online-based operators, in the EU this has generally resulted in a move towards controlled regulation, rather than absolute prohibition. For example, the regimes in Italy and France have both moved away from state-run monopoly-based markets to controlled regulation and Germany has moved from prohibition to controlled regulation. Not all regimes license all types of gambling products. Changes in the regulation of online gambling in the markets described above and elsewhere may impact us both positively (where the markets are liberalized or become regulated) and negatively (where markets are restricted or become prohibited). See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—Regulatory, Legal and Tax Risks—Our business is subject to extensive regulation and oversight in a variety of areas, all of which are subject to change and uncertain interpretation, including in such ways as could criminalize certain of our activities.”
Data Protection and Information Security
We process personal data, some of which may be sensitive, as part of our business and are subject to increasingly complex regulations related to privacy, data protection and information security in the jurisdictions in which we do business. Ensuring customer data security, privacy, and ongoing compliance with applicable regulations requires significant capital expenditure. Moreover, these regulations could result in negative impacts to our business. In the EU, we are also subject to enhanced compliance and operational requirements under the GDPR, which became effective in May 2018. The GDPR expands the scope of the EU data protection law to all foreign companies processing personal data of EU residents anywhere in the world imposes a strict data protection compliance regime with severe penalties of up to the greater of 4% of worldwide turnover or €20 million, and includes new rights such as the “portability” of personal data. Although the GDPR applies across the EU without a need for local implementing legislation, each EU member state has the ability to interpret the GDPR opening clauses, which permit country-specific data protection legislation and has created inconsistencies, on a country-by-country basis.
Since 2016, we have engaged in a large, transformative program regarding data privacy in connection with GDPR compliance requirements. However, policymakers around the globe are using these requirements as a reference to adopt new or updated privacy laws that could result in similar or stricter requirements in other jurisdictions. In the United States, the Gramm-Leach-Bliley Act of 1999 (along with its implementing regulations) restricts certain collection, processing, storage, use and disclosure of personal financial information, requires notice to individuals of privacy practices and provides individuals with certain rights to prevent the use and disclosure of certain nonpublic or otherwise legally protected information. These rules also impose requirements for the safeguarding and proper destruction of such information through the issuance of data security standards or guidelines. Within Canada, the Personal Information Protection and Electronic Documents Act (“PIPEDA”) law is under consultation review in order to align more closely to GDPR and ensure continuation of its adequacy status from the European Commission and the provincial Quebec privacy law was amended in 2023 and requires further registration for biometric processing.
In addition, there are state laws in the United States governing the collection of personal information (including, as of January 1, 2020, the California Consumer Privacy Act of 2018 (the “CCPA”) and, as of March 2, 2021, the Virginia Consumer Data Protection Act (“VCDPA”), which will become effective January 1, 2023), including those restricting the ability to collect and use certain types of information such as Social Security and driver’s license numbers. The CCPA imposes stringent data privacy and data protection requirements for the data of California residents, and provides for penalties for noncompliance of up to $7,500 per violation, if willful, and provides for a private right of action in the event of a data breach affecting specified personal information of California residents. Implementing regulations for the CCPA were released in August 2020, and on November 3, 2020, California voters approved a new
56
law, the California Privacy Rights Act (“CPRA”). The CPRA expands the rights of consumers and establishes the California Privacy Protection Agency, providing the agency with investigative, enforcement and rule-making powers. Certain other state laws impose or are in the process of imposing similar privacy obligations, including Virginia, Colorado, Utah and Connecticut. The following states are in the process of active implementation of privacy laws: Florida, Oregon, Montana, Iowa, Texas, Delaware, New Jersey, Tennessee and Indiana. Some US state laws, like GDPR, are extra-territorial in nature and thus apply outside the USA. Certain other state laws impose similar privacy obligations as well and, in addition, all 50 states have laws with varying obligations to provide notification of security breaches of computer databases that contain personal information to affected individuals, state officers and others. Additionally, the use or generation of biometric data as an aid to fraud prevention is becoming increasingly regulated through a patchwork of laws in both the EU and across the United States, with a number of state laws now requiring consent to such use. We have also seen recent privacy law developments within South America. See “Item 3.D. Risk Factors—Risks Related to Our Business and Industry—Regulatory, Legal and Tax Risks—We are subject to current and proposed regulation addressing both consumer and business privacy and data use, which could adversely affect our business, financial condition and results of operations.”
Section 13(r) Disclosure