Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Mastercard disclosed 32 risk factors in its most recent earnings report. Mastercard reported the most risks in the “Legal & Regulatory” category.

Risk Overview Q3, 2024

Risk Distribution

41% Legal & Regulatory

34% Ability to Sell

9% Finance & Corporate

6% Tech & Innovation

6% Macro & Political

3% Production

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2020

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Mastercard Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2024

Main Risk Category

Legal & Regulatory

With 13 Risks

Legal & Regulatory

With 13 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

Number of Risk Changed

No changes from last report

S&P 500 Average: 3

No changes from last report

S&P 500 Average: 3

See the risk highlights of Mastercard in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 32

Legal & Regulatory

Total Risks: 13/32 (41%)Above Sector Average

Regulation7 | 21.9%

Regulation - Risk 1

Regulations that directly or indirectly apply to Mastercard as a result of our participation in the global payments industry may materially and adversely affect our overall business and results of operations.

We are subject to regulations that affect the payments industry in the many jurisdictions in which our products and services are used. Many of our customers are also subject to regulations applicable to banks and other financial institutions that, at times, consequently affect us. Such regulation has increased significantly in the last several years (as described in "Business - Government Regulation" in Part I, Item 1). Examples include: - Anti-Money Laundering, Countering the Financing of Terrorism, Economic Sanctions and Anti-Corruption - We are subject to AML and CFT laws and regulations globally. Economic sanctions programs administered by OFAC restrict financial transactions and other dealings with certain countries and geographies, and persons and entities. We are also subject to anti-corruption laws and regulations globally, which, among other things, generally prohibit giving or offering payments or anything of value for the purpose of improperly influencing a business decision or to gain an unfair business advantage. - Account-based Payments Systems - In the U.K., aspects of our Vocalink business are subject to the U.K. payment system oversight regime and are directly overseen by the Bank of England. - Issuer and Acquirer Practices Legislation and Regulation - Certain regulations (such as PSD2 in the EEA) may impact various aspects of our business. For example, PSD2's strong authentication requirement could increase the number of transactions that consumers abandon if we are unable to secure a frictionless authentication experience under these standards. An increase in the rate of abandoned transactions could adversely impact our volumes or other operational metrics. Increased regulatory focus on us has resulted and may continue to result in significant compliance and governance burdens or otherwise increase our costs. Similarly, increased regulatory focus on our customers may cause such customers to reduce the volume of transactions processed through our systems, or may otherwise impact the competitiveness of our products. Actions by regulators could influence other organizations around the world to enact or consider adopting similar measures, amplifying any potential compliance burden. Additionally, our compliance with new economic sanctions and related laws with respect to particular jurisdictions or customers could result in a loss of business, which could be significant. Moreover, while our risk-based compliance program obligates issuers and acquirers to comply with U.S., EU and local sanctions programs (among other obligations), the failure of those issuers and acquirers to identify potential non-compliance issues either during or after their customer onboarding processes could ultimately impact our compliance with economic sanctions and related laws. Finally, failure to comply with the laws and regulations discussed above to which we are subject could result in fines, sanctions or other penalties. In particular, a violation and subsequent judgment or settlement against us, or those with whom we may be associated, under economic sanctions and AML, CFT, and anti-corruption laws could subject us to substantial monetary penalties, damages, and/or have a significant reputational impact. Each instance may individually or collectively materially and adversely affect our financial performance and/or our overall business and results of operations, as well as have an impact on our reputation.

Regulation - Risk 2

Preferential and protective government actions related to domestic payment services could adversely affect our ability to maintain or increase our revenues.

Governments in some countries have acted, or in the future may act, to provide resources, preferential treatment or other protection to selected national payment and switching providers, or have created, or may in the future create, their own national provider. This action may displace us from, prevent us from entering into, or substantially restrict us from participating in, particular geographies, and may prevent us from competing effectively against those providers. For example: - Governments in some countries have implemented, or may implement, regulatory requirements that mandate switching of domestic payments either entirely in that country or by only domestic companies. - Some jurisdictions have implemented, or are considering, requirements to collect, store and/or process data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications as well as increased compliance burdens and other costs. - Geopolitical events (such as Russia's invasion of Ukraine) and resulting OFAC sanctions, adverse trade policies, enforcement of U.S. laws related to countering the financing of terrorism, economic sanctions and anti-corruption, or other types of government actions could lead affected or other jurisdictions to take actions in response that could adversely affect our business. Moreover, given our decision to suspend business operations in Russia, other separate jurisdictions may decide to begin to or increase their focus on growing local payment networks and other solutions. - Regional groups of countries are considering, or may consider, efforts to restrict our switching of regional transactions. - Governments have been increasingly creating and expanding local payments structures (such as the Brazilian Instant Payment System-PIX, FedNow in the U.S. and UPI in India), which are increasingly being considered as alternatives to traditional domestic payment solutions and schemes such as ours. Such developments prevent us from utilizing our global switching capabilities for domestic or regional customers. In addition, to the extent a jurisdiction determines us not to be in compliance with regulatory requirements (including those related to data localization), we have been, and may again in the future be, subject to resource and time pressures in order to come back into compliance. Our inability to effect change in, or work with, these jurisdictions could adversely affect our ability to maintain or increase our revenues and extend our global brand. Additionally, some jurisdictions have implemented, or may implement, foreign ownership restrictions, which could potentially have the effect of forcing or inducing the transfer of our technology and proprietary information as a condition of access to their markets. Such restrictions could adversely impact our ability to compete in these markets.

Regulation - Risk 3

Limitations on our ability to restrict merchant surcharging could materially and adversely impact our results of operations.

We have historically implemented policies, referred to as no-surcharge rules, in certain jurisdictions, including the U.S. and Canada, that prohibit merchants from charging higher prices to consumers who pay using our products instead of other means. Authorities in several jurisdictions have acted to end or limit the application of these no-surcharge rules (or indicated interest in doing so). Additionally, our no-surcharge rules now permit U.S. and Canadian merchants to surcharge credit cards (subject to certain limitations), which over time could lead merchants in some or all merchant categories in these jurisdictions to choose to surcharge as permitted. This could result in consumers viewing our products less favorably and/or using alternative means of payment instead of electronic products, which could result in a decrease in our overall transaction volumes, and which in turn could materially and adversely impact our results of operations.

Regulation - Risk 4

Increased regulatory, legislative and litigation activity with respect to interchange rates could have an adverse impact on our business.

Interchange rates are a significant component of the costs that merchants pay in connection with the acceptance of products associated with our core payment network. Although we do not earn revenues from interchange, interchange rates can impact the volume of transactions we see on our payment products. If interchange rates are too high, merchants may stop accepting our products or route transactions away from our network. If interchange rates are too low, issuers may stop promoting our products and services, eliminate or reduce loyalty rewards programs or other account holder benefits (e.g., free checking or low interest rates on balances), or charge fees to account holders (e.g., annual fees or late payment fees). Governments and merchant groups in a number of countries have implemented or are seeking interchange rate reductions through legislation, regulation and litigation. See "Business - Government Regulation" in Part I, Item 1 and Note 21 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8 for more details. If issuers cannot collect or we are required to reduce interchange rates, issuers may be less willing to participate in our four-party payments system. Alternatively, they may reduce the benefits associated with our products, choose to charge higher fees to consumers to attempt to recoup a portion of the costs incurred for their services, or seek a fee reduction from us to decrease the expense of their payment programs (particularly if regulation has a disproportionate impact on us as compared to our competitors in terms of the fees we can charge). These and other impacts could make our products less desirable to consumers, limit our ability to innovate or offer differentiated products, and/or make proprietary three-party networks or other forms of payment more attractive, ultimately reducing the volume of transactions over our network and our profitability. We are devoting substantial resources to defending our right to establish interchange rates in regulatory proceedings, litigation and legislative activity. The potential outcome of any of these activities could have a more positive or negative impact on us relative to our competitors. If we are ultimately unsuccessful in defending our ability to establish interchange rates, any resulting legislation, regulation and/or litigation may have a material adverse impact on our overall business and results of operations. In addition, regulatory proceedings and litigation could result (and in some cases has resulted) in us being fined and/or having to pay civil damages, the amount of which could be material.

Regulation - Risk 5

Global regulatory and legislative activity related to the payments industry may have a material adverse impact on our overall business and results of operations.

Central banks and similar regulatory bodies have increasingly established or further expanded their authority over certain aspects of payments systems such as ours, including obligations or restrictions with respect to the types of products and services that we may offer, the countries in which our products and services may be used, the way we structure and operate our business and the types of consumers and merchants who can obtain or accept our products or services. Similarly, jurisdictions that regulate a particular product may consider extending their jurisdiction to other products. For example, debit regulations could lead to regulation of credit products. Moreover, several jurisdictions are demonstrating increased interest about the network fees we charge to our customers (in some cases as part of broader market reviews of retail payments), which could in the future lead to regulation of our network fees. In several jurisdictions, we have been designated as a "systemically important payment system", with other regulators considering similar designations. This type of regulation and oversight is related to switching activities (authorization, clearing and settlement), and includes policies, procedures and requirements related to risk management, collateral, participant default, timely switching of financial transactions, and capital and financial resources. Parts of our business have also been deemed as a "specified service provider" or considered "critical infrastructure". The impact to our business created by any new law, regulation or designation is magnified by the potential it has to be replicated in, or conflict with, other jurisdictions, or involve other products within any particular jurisdiction. The expansion of our products and services as part of our multi-rail strategy has also created the need for us to obtain new types and increasing numbers of regulatory licenses, resulting in increased supervision and additional compliance burdens distinct from those imposed on our core payment network activities. For example, certain of our subsidiaries maintain money transfer licenses to support certain activities. These licenses typically impose supervisory and examination requirements, as well as capital, safeguarding, risk management and other business obligations. Increased regulation and oversight of payments systems, as well as increased exposure to regulation resulting from changes to our products and services, have resulted and may continue to result in significant compliance and governance burdens or otherwise increase our costs. As a result, customers could be less willing to participate in our payments system and/or use our other products or services, reduce the benefits offered in connection with the use of our products (making our products less desirable to consumers), reduce the volume of domestic and cross-border transactions or other operational metrics, disintermediate us, impact our profitability and/or limit our ability to innovate or offer differentiated products and services, all of which could materially and adversely impact our financial performance. In addition, any regulation that is enacted related to the type and level of network fees we charge our customers could also materially and adversely impact our results of operations. Regulators could also require us to obtain prior approval for changes to our system rules, procedures or operations, or could require customization with regard to such changes, which could negatively impact us. Moreover, failure to comply with the laws and regulations to which we are subject could result in fines, sanctions, civil damages or other penalties, which could materially and adversely affect our overall business and results of operations, as well as have an impact on our brand and reputation.

Regulation - Risk 6

Our work with governments exposes us to unique risks that could have a material impact on our business and results of operations.

As we increase our work with national, state and local governments, both indirectly through financial institutions and with them directly as our customers, we may face various risks inherent in associating or contracting directly with governments. These risks include, but are not limited to, the following: - Governmental entities typically fund projects through appropriated monies. Changes in governmental priorities or other political developments, including disruptions in governmental operations, could impact approved funding and result in changes in the scope, or lead to the termination, of the arrangements or contracts we or financial institutions enter into with respect to our payment products and services. - Our work with governments is heavily regulated, subjecting us to additional potential exposure under U.S. and international anti-corruption laws (including the U.S. Foreign Corrupt Practices Act and the U.K. Bribery Act), as well as compliance with various procurement and other laws, regulations, standards and contract terms. Any violation and subsequent judgment or settlement related to the above could subject us to substantial monetary penalties and damages and have a significant reputational impact. Moreover, as a government contractor, we are subject to a government's right to conduct audits and investigations into both our contract performance and our compliance with applicable laws, regulations and contract terms. Any adverse finding could subject us to civil or criminal penalties, sanctions, or suspension or disbarment. - Working or contracting with governments, either directly or via our financial institution customers, can subject us to heightened reputational risks, including extensive scrutiny and publicity, as well as a potential association with the policies of a government as a result of a business arrangement with that government. Any negative publicity or negative association with a government entity, regardless of its accuracy, may adversely affect our reputation.

Regulation - Risk 7

Our efforts to enter into acquisitions, strategic investments or new businesses could be impacted or prevented by regulatory scrutiny and could otherwise result in issues that could disrupt our business and harm our results of operations or reputation.

We continue to evaluate our strategic acquisitions of, and investments in, complementary businesses, products or technologies. As we do so, we face increasing regulatory scrutiny with respect to antitrust, national security and other considerations that could impact these efforts. We also face competition for acquisition targets due to the nature of the market for technology companies. As a result, we could be prevented from successfully completing such acquisitions in the future. If we are not successful in these efforts, we could lose strategic opportunities that are dependent, in part, on inorganic growth. To the extent we do make these acquisitions, we may not be able to successfully partner with or integrate them, despite original intentions and focused efforts. Such an integration also may divert management's time and resources from our core business and disrupt our operations. Moreover, we have spent, and may continue to spend, time and money on acquisitions or projects that do not sufficiently meet our expectations (either strategically or financially), which has resulted (and may in the future result) in divesting from or otherwise exiting these investments or businesses. Additionally, to the extent we pay the purchase price of any acquisition in cash, it would reduce our cash reserves available to us for other uses, and to the extent the purchase price is paid with our stock, it could be dilutive to our stockholders. Furthermore, we have inherited and may in the future inherit litigation risk which has or may increase our post-acquisition costs of operations and/or impact our ability to successfully finance that business. Any acquisition, investment or entry into a new business could subject us to new regulations, both directly as a result of the new business as well as in the other existing parts of our business, with which we would need to comply. This compliance could increase our costs, and we could be subject to liability or reputational harm to the extent we cannot meet any such compliance requirements. Additionally, targets that we acquire have had, and may in the future have, data practices that do not initially conform to our privacy, data protection and information security standards and data governance model, which could lead to regulatory scrutiny and reputational harm. These targets also have resulted in, and may in the future lead to, information security vulnerabilities for us.

Litigation & Legal Liabilities3 | 9.4%

Litigation & Legal Liabilities - Risk 1

Our role as guarantor, as well as other contractual obligations and discretionary actions, expose us to risk of loss or illiquidity.

We are a guarantor of certain third-party obligations, including those of certain of our customers and service providers. In this capacity, we are exposed to credit and liquidity risk. We may incur significant losses in connection with transaction settlements if a customer fails to fund its daily settlement obligations due to technical problems, liquidity shortfalls, insolvency or other reasons. The recent increased speed of bank failures as recently seen in the U.S. could increase the potential for such losses. Concurrent settlement failures of more than one of our larger customers or of several smaller customers either on a given day or over a condensed period of time may exceed our available resources. Additionally, certain non-guaranteed transactions as well as chargebacks to acquirers in the event of acquirer default could result in elevated brand risk and the potential for financial loss. These impacts could materially and adversely affect our results of operations. We have significant contractual indemnification obligations with certain customers. Should an event occur that triggers these obligations, such an event could materially and adversely affect our overall business and results of operations. Class A Common Stock and Governance Structure

Litigation & Legal Liabilities - Risk 2

Merchants' continued focus on acceptance costs may lead to additional litigation and regulatory proceedings and increase our incentive program costs, which could materially and adversely affect our profitability.

Merchants are important constituents in our payments system. We rely on both our relationships with them, as well as their relationships with our issuer and acquirer customers, to continue to expand the acceptance of our products and services. We also work with merchants to help them enable new sales channels, create better purchase experiences, improve efficiencies, increase revenues and fight fraud. In the retail industry, we believe a set of larger merchants with increasingly global scope and influence are having a significant impact on all participants in the global payments industry, including Mastercard. Some large merchants have supported the legal, regulatory and legislative challenges to interchange fees that Mastercard has been defending, including the U.S. merchant litigations. Some merchants are increasingly asking regulators to review and potentially regulate our own network fees, in addition to interchange. See "Risk Factors – Payments Industry Regulation" in this Part I, Item 1A. The continued focus of merchants on the costs of accepting various forms of payment (including digital) may lead to additional litigation and regulatory proceedings. Certain larger merchants are also able to negotiate incentives from us and pricing concessions from our issuer and acquirer customers as a condition to accepting our products. We also make payments to certain merchants to incentivize them to create co-branded payment programs with us. As merchants consolidate and become even larger, we may have to increase the amount of incentives that we provide to certain merchants, which could materially and adversely affect our results of operations. Competitive and regulatory pressures on pricing could make it difficult to offset the costs of these incentives. Additionally, if the rate of merchant acceptance growth slows, our business could suffer.

Litigation & Legal Liabilities - Risk 3

Liabilities we may incur or limitations on our business related to any litigation or litigation settlements could materially and adversely affect our results of operations.

We are a defendant in a number of civil litigations and regulatory proceedings and investigations, including among others, those alleging violations of competition and antitrust law and those involving intellectual property claims (as described in Note 21 (Legal and Regulatory Proceedings) to the consolidated financial statements included in Part II, Item 8). In the event we are found liable in any material litigations or proceedings (particularly in a large class-action lawsuit or on the basis of an antitrust claim entitling the plaintiff to treble damages or under which we were jointly and severally liable), we could be subject to significant damages, which could have a material adverse impact on our overall business and results of operations. Certain limitations have been placed on our business in recent years because of litigation and litigation settlements, such as changes to our no-surcharge rule in the U.S. and Canada. Any future limitations on our business resulting from the outcomes of any litigation or regulatory proceeding, including any changes to our rules or business practices, could impact our relationships with our customers, including reducing the volume of business that we do with them, which may materially and adversely affect our overall business and results of operations. Business and Operations

Taxation & Government Incentives1 | 3.1%

Taxation & Government Incentives - Risk 1

We could be subject to adverse changes in tax laws, regulations and interpretations or challenges to our tax positions.

We are subject to tax laws and regulations of the U.S. federal, state and local governments as well as various non-U.S. jurisdictions. Current and potential future changes in existing tax laws, including regulatory guidance, are continuously being considered and have been or may be enacted (such as guidelines issued by the Organization for Economic Co-operation and Development (OECD) which impact how multinational enterprises are taxed on their global profits). These changes have and in the future may continue to have an impact on our effective income tax rate and tax payments. Similarly, changes in tax laws and regulations that impact our customers and counterparties, or the economy generally, have impacted and may continue to impact us as well. In addition, tax laws and regulations are complex and subject to varying interpretations, and any significant failure to comply with applicable tax laws and regulations in all relevant jurisdictions could give rise to substantial penalties and liabilities. Jurisdictions around the globe have also increased tax-related audits, which require time and resources to resolve. Any changes in enacted tax laws, rules, regulatory or judicial interpretations or guidance; any adverse outcome in connection with tax audits in any jurisdiction; or any changes in the pronouncements relating to accounting for income taxes could materially and adversely impact our effective income tax rate, tax payments, financial condition and results of operations.

Environmental / Social2 | 6.3%

Environmental / Social - Risk 1

Regulation and enforcement of privacy, data, AI, information security and the digital economy could increase our costs and lead to legal claims and fines, as well as negatively impact our growth and reputation.

We are subject to increasingly complex, fragmented and divergent laws and regulations related to privacy and data protection, data use and governance, AI and information security in the jurisdictions in which we do business. While policymakers around the globe look to the EU and the GDPR when adopting new or updated privacy and data protection laws, divergences have occurred and continue to occur. As a result, new or updated privacy and data protection and information security laws and regulations have led, and may continue to lead, to similar, stricter or at times conflicting requirements, creating an uncertain regulatory environment. For example, some jurisdictions have implemented or are otherwise considering requirements to collect, store and/or process data within their borders, as well as prohibitions on the transfer of data abroad, leading to technological and operational implications. Other jurisdictions have adopted or are otherwise considering adopting sector-specific regulations for the payments industry and other industries in which we participate, including forced data sharing requirements or additional verification requirements. In addition, laws and regulations on AI, data governance and credit decisioning may overlap or conflict with, or diverge from, general privacy rules. Overall, these myriad laws and regulations may require us to modify our data processing practices and policies, incur substantial compliance-related costs and expenses, and otherwise suffer adverse impacts on our business. Failure to comply with any of these laws, regulations and requirements could result in fines, sanctions or other enforcement actions or penalties, which could materially and adversely affect our results of operations and overall business, as well as have an impact on our reputation. As a user and deployer of AI technology, we are also subject to increasing and evolving laws and regulations related to AI governance and new applications of existing laws and regulations to AI. How our use and deployment of AI will be regulated remains uncertain given the uncertainty that exists as to how AI technology will develop. In addition, the use of AI creates or amplifies risks that are challenging to fully prevent or mitigate. In particular, AI algorithms may generate inaccurate, unintended, unfair or discriminatory outcomes, which may not be easily detectable or explainable, and may inadvertently breach intellectual property, privacy or other rights, as well as confidential information. Our implementation of robust AI governance and risk management frameworks aimed at complying with emerging laws and regulations may not be sufficient protection against these emerging risks. Further, as we acquire new companies and develop integrated and personalized products and services to meet the needs of a changing marketplace, we have expanded our data profile through additional data types and sources, across multiple channels, and involving new partners. This expansion has amplified the impact of these various laws and regulations on our business. As a result, we are required to constantly monitor our data practices and potentially change them when necessary or appropriate. We also need to provide increased care in our data management, governance and quality practices, particularly as it relates to the use of data in products leveraging AI. New requirements or changing interpretations of existing requirements in these areas, or the development of new regulatory schemes related to the digital economy in general, may also increase our costs and/or restrict our ability to leverage data or use AI for innovation. This could impact the products and services we offer and other aspects of our business, such as fraud monitoring, the need for improved data management, governance and quality practices, the development of information-based products and solutions, and technology operations. In addition, these requirements may increase the costs to our customers of issuing payment products or using information products, which may, in turn, decrease the number of our products that they offer. While we intend to comply with all regulatory requirements, innovate responsibly and deploy Privacy by Design, Data by Design and AI Governance approaches to all of our product development, the speed and pace of changes in laws (as well as stakeholder interests) may not allow us to meet rapidly evolving regulatory and stakeholder expectations. Any of these developments could materially and adversely affect our overall business and results of operations.

Environmental / Social - Risk 2

Information security incidents or account data compromise events could disrupt our business, damage our reputation, increase our costs and cause losses.

Information security risks for payments and technology companies such as ours have significantly increased in recent years in part because of the proliferation of new technologies, the use of the Internet and telecommunications technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, "hacktivists", terrorists, nation-states, state-sponsored actors and other external parties. These threats may derive from fraud or malice on the part of our employees or third parties, or may result from human error, software bugs, server malfunctions, software or hardware failure or other technological failure. These threats include cyber-attacks such as computer viruses, denial-of-service attacks, malicious code (including ransomware), social-engineering attacks (including phishing attacks) or information security breaches and could lead to the misappropriation or loss of consumer account and other information and identity theft. These types of threats have risen significantly due to a significant portion of our workforce working in a hybrid environment. These threats also may be further enhanced in frequency or effectiveness through threat actors' use of AI. Our operations rely on the secure transmission, storage and other processing of confidential, proprietary, sensitive and personal information and technology in our computer systems and networks, as well as the systems of our third-party providers. Our customers and other parties in the payments value chain, as well as account holders, rely on our digital technologies, computer systems, software and networks to conduct their operations. In addition, to access our products and services, our customers and account holders increasingly use personal smartphones, tablet PCs and other mobile devices that may be beyond our control. We, like other financial technology organizations, routinely are subject to cyber-threats and our technologies, systems and networks, as well as the systems of our third-party providers, have been subject to attempted cyber-attacks. Because of our position in the payments value chain, we believe that we are likely to continue to be a target of such threats and attacks. Geopolitical events and resulting government activity could also lead to information security threats and attacks by affected or sympathizing jurisdictions or other actors, which could put our information and assets at risk, as well as result in network disruption. To date, we have not experienced any material impact relating to cyber-attacks or other information security breaches. However, future attacks or breaches could lead to security breaches of the networks, systems (including third-party provider systems) or devices that our customers use to access our products and services, which in turn could result in the unauthorized disclosure, release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary, sensitive and personal information (including account data information) or data security compromises. Such attacks or breaches could also cause service interruptions, malfunctions or other failures in the physical infrastructure, networks or operations systems that support our business and customers (such as the lack of availability of our value-added services), as well as the operations of our customers or other third parties. In addition, they could lead to damage to our reputation with our customers, other stakeholders and the broader payments ecosystem, additional costs to us (such as repairing systems, adding new personnel or protection technologies or compliance costs), regulatory penalties, financial losses to both us and our customers and partners and the loss of customers and business opportunities. These consequences could be further pronounced in jurisdictions in which we are deemed critical national infrastructure. If such attacks are not detected immediately, or disclosed as required by law, their effect could be compounded. In addition to information security risks for our systems and networks, we also routinely encounter account data compromise events involving merchants and third-party payment processors that process, store or transmit payment transaction data, which affect millions of Mastercard, Visa, Discover, American Express and other types of account holders. Further events of this type may subject us to reputational damage and/or lawsuits involving payment products carrying our brands. Damage to our reputation or that of our brands resulting from an account data breach of either our systems and networks or the systems and networks of our customers, merchants and other third parties could decrease the use and acceptance of our products and services. Such events could also slow or reverse the trend toward electronic payments. In addition to reputational concerns, the cumulative impact of multiple account data compromise events could increase the impact of the fraud resulting from such events by, among other things, making it more difficult to identify consumers. Moreover, while most of the lawsuits resulting from account data breaches do not involve direct claims against us and while we have releases from many issuers and acquirers, we could still face damage claims, which, if upheld, could materially and adversely affect our results of operations. While we offer cyber and intelligence products that are designed to prevent, detect and respond to fraud and cyber-attacks, there can be no assurance that such security solutions will perform as expected or address all possible security threats. Real or perceived defects, failures, errors or vulnerabilities in our security solutions, such as our cyber and intelligence products, could adversely impact our reputation, customer confidence in our solutions and our business and may subject us to litigation, governmental audits and investigation or other liabilities. Such events could have a material adverse impact on our transaction volumes, results of operations and prospects for future growth, or increase our costs by leading to additional regulatory burdens being imposed on us. In addition, fraudulent activity and increasing cyber-attacks have encouraged legislative and regulatory intervention, and could damage our reputation and reduce the use and acceptance of our products and services or increase our compliance costs. Criminals are using increasingly sophisticated methods to capture consumer personal information to engage in illegal activities such as counterfeiting or other fraud and may see their effectiveness enhanced by the use of AI. As outsourcing and specialization become common in the payments industry, there are more third parties involved in processing transactions using our payment products. While we are continuing to take measures to make card and digital payments more secure, increased fraud levels involving our products and services, or misconduct or negligence by third parties switching or otherwise servicing our products and services, could lead to legislative or regulatory intervention, such as enhanced security requirements and liabilities, as well as damage to our reputation. See "Risk Factors - Privacy, Data Protection, AI and Information Security Compliance" in this Part I, Item 1A for more detail concerning related legal risks and obligations. Despite various mitigation efforts that we undertake, there can be no assurance that we will not suffer material breaches and resulting losses in the future. While we maintain insurance coverage, such coverage may not be adequate to protect us from such losses as well as any liabilities or damages with respect to claims alleging compromises of our confidential, proprietary, sensitive or personal information or our technologies, systems or networks. In addition, we cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or at all, or that our insurers will not deny coverage as to any future claim. Our risk and exposure to these matters remain heightened due to, among other things, the evolving nature of these threats, our prominent role in the global payments ecosystem, our continued implementation of our strategic priorities, our extensive use of third-party vendors and potential vulnerabilities from previous and future acquisitions, strategic investments or related opportunities. As a result, information security and the continued development and enhancement of our controls, processes and practices designed to protect our computer systems, software, data and networks from attack, damage or unauthorized access remain a priority for us. As cyber-threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities. Any of the risks described above could materially adversely affect our overall business and results of operations.

Ability to Sell

Total Risks: 11/32 (34%)Above Sector Average

Competition2 | 6.3%

Competition - Risk 1

Exclusive/near exclusive relationships certain customers have with our competitors may have a material adverse impact on our business.

While we have exclusive, or nearly-exclusive, relationships with certain of our customers to issue payment products, other customers have similar exclusive, or nearly-exclusive, relationships with our competitors. These relationships may make it difficult or cost-prohibitive for us to do significant amounts of business with these customers to increase our revenues. In addition, these customers may be more successful and may grow faster than the customers that primarily issue our payment products, which could put us at a competitive disadvantage. Furthermore, we earn substantial revenue from customers with nearly-exclusive relationships with our competitors. Such relationships could provide advantages to the customers to shift business from us to the competitors with which they are principally aligned. A significant loss of our existing revenue or transaction volumes from these customers could have a material adverse impact on our business.

Competition - Risk 2

Substantial and intense competition worldwide in the global payments industry may materially and adversely affect our overall business and results of operations.

The global payments industry is highly competitive. Our payment programs compete against competitors both within and outside of the global payments industry and compete in all payment categories, including paper-based payments and all forms of electronic payments. We compete against general purpose payments networks, debit and local networks, ACH and real-time account-based payments systems, digital wallets and other fintechs (focused on online activity across various channels and processing payments using in-house capabilities), government-backed networks and digital currencies. We also face competition from companies that provide alternatives to our value-added services and new adjacent network capabilities (including open banking and digital identity). Our traditional competitors may have substantially greater financial and other resources than we have, may offer a wider range of programs, services, and payment capabilities than we offer or may use more effective advertising and marketing strategies to achieve broader brand recognition and merchant acceptance than we have. They may also introduce their own innovative programs, value-added services and capabilities that adversely impact our growth. Certain of our competitors to our core payment network operate three-party payments systems with direct connections to both merchants and consumers, potentially providing competitive advantages. If we continue to attract more regulatory scrutiny than these competitors because we operate a four-party system, or we are regulated because of the system we operate in a way in which our competitors are not, we could lose business to these competitors. See "Business - Competition" in Part I, Item 1. Certain of our competitors have developed alternative payments systems, e-commerce payments systems and payments systems for mobile devices, as well as physical store locations. A number of these competitors rely principally on technology to support their services that provides cost advantages, and as a result may enjoy lower costs than we do. Many of these competitors are also able to use existing payment networks without being subject to many of the associated costs. Moreover, these competitors also occupy various roles in the payments ecosystem that enable them to influence payment choice of other participants. Any of these factors could put us at a competitive disadvantage. Our ability to compete may also be affected by regulatory and legislative initiatives, as well as the outcomes of litigation, competition-related regulatory proceedings and both central bank and legislative activity. If we are not able to differentiate ourselves from our competitors, drive value for our customers and/or effectively align our resources with our goals and objectives, we may not be able to compete effectively against these threats. Our failure to compete effectively against any of the foregoing threats could materially and adversely affect our overall business and results of operations.

Demand3 | 9.4%

Demand - Risk 1

Disintermediation from stakeholders both within and outside of the payments value chain could harm our business.

As the payments industry continues to develop and change, we face disintermediation and related risks, including: - Parties that process our transactions in certain countries may try to eliminate our position as an intermediary in the payment process. For example, merchants could switch (and in some cases are switching) transactions directly with issuers. Additionally, processors could process transactions directly between issuers and acquirers. Large scale consolidation within processors could result in these processors developing bilateral agreements or in some cases switching the entire transaction on their own network, thereby disintermediating us. - Industry participants continue to invest in and develop alternative capabilities, such as account-based payments, which could facilitate P2M transactions that compete with both our core payment network and our additional payment capabilities. - Regulation (such as PSD2 in the EEA) may disintermediate issuers by enabling third-party providers opportunities to route payment transactions away from our network and products and towards other forms of payment by offering account information or payment initiation services directly to those who currently use our products. Such regulation may also provide these processors with the opportunity to commoditize the data that are included in the transactions they are servicing. If our customers are disintermediated in their business, we could face diminished demand for our products and services. - Although we partner with fintechs and technology companies (such as digital players and mobile providers) that leverage our technology, platforms and networks to deliver their products, they could develop platforms or networks that disintermediate us from digital payments and impact our ability to compete in the digital economy. These companies may also develop products or services that compete with our customers within the payments ecosystem and, as a result, could diminish demand for our products and services. When we do partner with fintechs and technology companies, we face a heightened risk when we share data as part of those relationships. While we share this data in a controlled manner subject to applicable anonymization and privacy and data standards, sharing this data without proper oversight could provide partners with a competitive advantage. - Competitors, customers, fintechs, technology companies, governments and other industry participants may develop products that compete with or replace products and services we currently provide to support our switched transaction and payments offerings. These products could either replace, or force us to change our pricing or practices, for these offerings. In addition, governments that develop or encourage the creation of national or international payments platforms may promote their platforms in such a way that could put us at a competitive disadvantage in those markets, or require us to compete differently. - Participants in the payments industry may merge, create joint ventures or form other business combinations that may strengthen their existing business services or create new payment products and services that compete with our products and services. Our failure to compete effectively against any of the foregoing competitive threats could materially and adversely affect our overall business and results of operations.

Demand - Risk 2

Losing a significant portion of business from one or more of our largest customers could lead to significant revenue decreases in the longer term, which could have a material adverse impact on our business and our results of operations.

Many of our customer relationships are not exclusive. Our customers can reassess their future commitments to us subject to the terms of our contracts, and they separately may develop their own services that compete with ours. Our business agreements with these customers may not ultimately reduce the risk inherent in our business that customers may terminate their relationships with us in favor of relationships with our competitors, or for other reasons, or might not meet their contractual obligations to us. In addition, a significant portion of our revenue is concentrated among our five largest customers. Loss of business from any of our large customers could have a material adverse impact on our overall business and results of operations.

Demand - Risk 3

Consolidation amongst our customers could materially and adversely affect our overall business and results of operations.

Our customers' industries have undergone substantial, accelerated consolidation in the past. These consolidations have included customers with a substantial Mastercard portfolio being acquired by institutions with a strong relationship with a competitor. Potential future consolidation could occur as a result of bank failures, similar to those that occurred in the U.S. during 2023. If significant consolidation among customers were to continue, it could result in the substantial loss of business for us, which could have a material adverse impact on our business and prospects. In addition, one or more of our customers could seek to merge with, or acquire, one of our competitors, and any such transaction could also have a material adverse impact on our overall business. Consolidation could also produce a smaller number of large customers, which could increase their bargaining power and lead to lower prices and/or more favorable terms for our customers. These developments could materially and adversely affect our results of operations.

Sales & Marketing4 | 12.5%

Sales & Marketing - Risk 1

Our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and, in many jurisdictions, their ability to effectively manage or help manage our brands.

While we work directly with many stakeholders in the payments system (including merchants, governments, fintechs and large digital companies and other technology companies), we are, and will continue to be, significantly dependent on our relationships with our issuers and acquirers and their respective relationships with account holders and merchants to support our programs and services. Furthermore, we depend on our issuing partners and acquirers to continue to innovate to maintain competitiveness in the market. We do not issue cards or other payment devices, extend credit to account holders or determine the interest rates or other fees charged to account holders. Each issuer determines these and most other competitive payment program features. In addition, we do not establish the discount rate that merchants are charged for acceptance, which is the responsibility of our acquiring customers. As a result, our business significantly depends on the continued success and competitiveness of our issuing and acquiring customers and the strength of our relationships with them. In turn, our customers' success depends on a variety of factors over which we have little or no influence, including economic conditions in global financial markets or their disintermediation by competitors or emerging technologies, as well as regulation. If our customers become financially unstable, we may lose revenue or we may be exposed to settlement risk. See "Risk Factors - Settlement and Third-Party Obligations" in this Part I, Item 1A with respect to how we guarantee certain third-party obligations. With the exception of the U.S. and a select number of other jurisdictions, most in-country (as opposed to cross-border) transactions conducted using cards with our brands are switched by our customers or other processors. Because we do not provide domestic switching services in these countries or have direct relationships with account holders, we depend on our close working relationships with our customers to effectively manage our brands, and the perception of our payments system, among consumers in these countries. We also rely on these customers to help manage our brands and perception among regulators and merchants in these countries, alongside our own relationships with them. From time to time, our customers may take actions that we do not believe to be in the best interests of our payments system overall, which may materially and adversely impact our business.

Sales & Marketing - Risk 2

Service disruptions that cause us to be unable to process transactions or service our customers could reduce our operational resilience and materially affect our overall business and results of operations.

Our transaction switching systems and other offerings have experienced in limited instances and may continue to experience interruptions as a result of technology malfunctions, supply-chain attacks, fire, floods, earthquakes, weather events, power outages, telecommunications disruptions, terrorism, workplace violence, accidents or other catastrophic events (including those related to climate change). Our visibility in the global payments industry may also put us at greater risk of attack by terrorists, activists, or hackers who intend to disrupt our facilities, networks and/or systems. Additionally, we rely on third-party service providers for the timely transmission of information across our global data network. Inadequate infrastructure in lesser-developed markets could also result in service disruptions, which could impact our ability to do business in those markets. If one of our service providers fails to provide the communications capacity or services we require, as a result of natural disaster, operational disruptions, terrorism, hacking or any other reason, the failure could interrupt our services. Although we maintain an enterprise resiliency program to analyze risk, assess potential impacts, and develop effective response strategies, we cannot ensure that our business would be immune to these risks, because of the intrinsic importance of our switching systems to our business, any interruption or degradation could adversely affect the perception of the reliability of products carrying our brands and materially adversely affect our overall business and our results of operations.

Sales & Marketing - Risk 3

Operating a real-time account-based payments network presents risks that could materially affect our business.

U.K. regulators have designated Vocalink, our real-time account-based payments network platform, to be a "specified service provider" and regulators in other countries may in the future expand their regulatory oversight of real-time account-based payments systems in similar ways. In addition, any prolonged service outage on this network could result in quickly escalating impacts, including potential intervention by the Bank of England and significant reputational risk to Vocalink and us. For a discussion of the regulatory risks related to our real-time account-based payments platform and oversight by regulators, see our risk factor in "Risk Factors - Payments Industry Regulation" in this Part I, Item 1A. Furthermore, the complexity of this payment technology requires careful management to address information security vulnerabilities that are different from those faced on our core payment network. Operational difficulties, such as the temporary unavailability of our services or products, or information security breaches on our real-time account-based payments network could cause a loss of business for these products and services, result in potential liability for us and adversely affect our reputation.

Sales & Marketing - Risk 4

Continued intense pricing pressure may materially and adversely affect our overall business and results of operations.

In order to increase transaction volumes, enter new markets and expand our products and services, we seek to enter into business agreements with customers through which we offer incentives, pricing discounts and other support that promote our products. In order to stay competitive, we may have to increase the amount of these incentives and pricing discounts so as to meet customer demand for better pricing arrangements and greater rebates and incentives, which moderates our growth. Our inability to switch additional transaction volumes or to provide additional services to our customers at levels sufficient to compensate for such lower fees or increased costs in the future could materially and adversely affect our overall business and results of operations. In addition, increased pressure on prices increases the importance of cost containment and productivity initiatives in areas other than those relating to customer incentives. In the future, we may not be able to enter into agreements with our customers if they require terms that we are unable or unwilling to offer, and we may be required to modify existing agreements in order to maintain relationships and to compete with others in the industry. Some of our competitors are larger with greater financial resources and accordingly may be able to charge lower prices to our customers. In addition, to the extent that we offer discounts or incentives under such agreements, we will need to further increase transaction volumes or the amount of services provided in order to benefit from such agreements and to increase revenue and profit, and we may not be successful in doing so, particularly in the current regulatory environment. Our customers also may implement cost reduction initiatives that reduce or eliminate payment product marketing or increase requests for greater incentives or greater cost stability. These factors could have a material adverse impact on our overall business and results of operations. Additionally, we face pricing pressure related to real-time account-based payment schemes and cross-border payments (including the increased use of domestic real-time account-based payment schemes offering increasingly lower or subsidized pricing for P2M transactions as well as continued downward pressure on pricing for cross-border payments resulting from competition from real-time account-based payment schemes and from initiatives to lower the cost of cross-border payments to end users (such as the G20 Roadmap for Enhancing Cross-border Payments)). These factors could have a material adverse impact on our overall business and results of operations.

Brand / Reputation2 | 6.3%

Brand / Reputation - Risk 1

Lack of visibility of our brand in our products and services, or in the products and services of our partners who use our technology, may materially and adversely affect our business.

As more players enter the global payments ecosystem, the layers between our brand and consumers and merchants increase. In order to compete with other powerful consumer brands that are also becoming part of the consumer payment experience, we often partner with those brands on payment solutions. These brands include large digital companies and other technology companies who are our customers and use our networks to build their own acceptance brands. In some cases, our brand may not be featured in the payment solution or may be secondary to other brands. Additionally, as part of our relationships with some issuers, our payment brand is only included on the back of the card. As a result, our brand may either be invisible to consumers or may not be the primary brand with which consumers associate the payment experience. This brand invisibility, or any consumer confusion as to our role in the consumer payment experience, could decrease the value of our brand, which could adversely affect our business.

Brand / Reputation - Risk 2

Negative brand perception may materially and adversely affect our overall business.

Our brands and their attributes are key assets of our business. The ability to attract consumers to our branded products and retain them depends upon the external perception of us and our industry: - Our business may be affected by actions taken by our customers, merchants or other organizations that impact the perception of our brands or the payments industry in general. From time to time, our customers may take actions that we do not believe to be in the best interests of our brands, such as creditor practices that may be viewed as "predatory". Moreover, adverse developments with respect to our industry or the industries of our customers or other companies and organizations that use our products and services (including certain legally permissible but high-risk merchant categories, such as adult content, firearms, alcohol and tobacco) may also, by association, impair our reputation, or result in greater public, regulatory or legislative scrutiny,as well as potential litigation. We may also face similar scrutiny to the extent that we are unable to detect and/or prevent illegal activities using our payment products or otherwise occurring over our network. - We have been pursuing the use of social media channels at an increasingly rapid pace. Under some circumstances, our use of social media, or the use of social media by others as a channel for criticism or other purposes, could also cause rapid, widespread reputational harm to our brands by disseminating rapidly and globally actual or perceived damaging information about us, our products or merchants or other end users who utilize our products. - We are headquartered in the U.S. As such, a negative perception of the U.S. could impact the perception of our company, which could adversely affect our business. Any of the above issues could have a material and adverse effect on our overall business.

Finance & Corporate

Total Risks: 3/32 (9%)Below Sector Average

Share Price & Shareholder Rights3 | 9.4%

Share Price & Shareholder Rights - Risk 1

Mastercard Foundation's substantial stock ownership, and restrictions on its sales, may impact corporate actions or acquisition proposals favorable to, or favored by, the other public stockholders.

As of February 8, 2024, Mastercard Foundation owned 97,543,508 shares of Class A common stock, representing approximately 10.5% of our general voting power. Historically, Mastercard Foundation had been restricted from selling or otherwise transferring its shares of Class A common stock prior to May 1, 2027, except to the extent necessary to satisfy its charitable disbursement requirements, for which purpose earlier sales were permitted and had occurred. In July 2023, pursuant to an application in consultation with Mastercard, Mastercard Foundation received court approval to advance that date to January 1, 2024. As a result, Mastercard Foundation is now permitted to sell all or part of its remaining shares, subject to certain conditions. Mastercard Foundation would do so pursuant to an orderly and structured plan to diversify its Mastercard shares over a seven-year period, while remaining a long-term Mastercard stockholder and retaining a significant holding of Mastercard shares in its portfolio. The directors of Mastercard Foundation are required to be independent of us and our customers. The ownership of Class A common stock by Mastercard Foundation, together with the seven-year diversification plan, could discourage or make more difficult acquisition proposals favored by the other holders of the Class A common stock. In addition, because Mastercard Foundation intends to sell its shares over an extended period of time, it may not have the same interest in short or medium-term movements in our stock price as, or incentive to approve a corporate action that may be favorable to, our other stockholders.

Share Price & Shareholder Rights - Risk 2

Provisions in our organizational documents and Delaware law could be considered anti-takeover provisions and have an impact on change-in-control.

Provisions contained in our amended and restated certificate of incorporation and bylaws and Delaware law could be considered anti-takeover provisions, including provisions that could delay or prevent entirely a merger or acquisition that our stockholders consider favorable. These provisions may also discourage acquisition proposals or have the effect of delaying or preventing entirely a change in control, which could harm our stock price. For example, subject to limited exceptions, our amended and restated certificate of incorporation prohibits any person from beneficially owning more than 15% of any of the Class A common stock or any other class or series of our stock with general voting power, or more than 15% of our total voting power. In addition: - our stockholders are not entitled to the right to cumulate votes in the election of directors - our stockholders are not entitled to act by written consent - any representative of a competitor of Mastercard or of Mastercard Foundation is disqualified from service on our board of directors

Share Price & Shareholder Rights - Risk 3

ESG matters and related stakeholder reaction may impact our reputation, expose us to legal requirements and liability and/or have other business impacts, which could adversely affect our overall business and/or results of operations.

Our brand and reputation are associated with our public commitments to various ESG initiatives, including our goals relating to climate (such as our commitment to achieve net-zero emissions by 2040), financial inclusion, and DEI. Consumers, investors, employees and other stakeholders are increasingly focused on ESG practices. To the extent any of our ESG disclosures, public statements and metrics are subsequently viewed as inaccurate, or we are unable to execute on our ESG initiatives, we may be viewed negatively by stakeholders concerned about these matters. Stakeholders (including those in support of or in opposition to ESG principles) may also have a negative view of us to the extent we are perceived to have not responded appropriately to their ESG concerns or take positions that are contrary to their views or expectations. In addition, various jurisdictions are increasingly adopting or considering laws and regulations that have or would impact us pertaining to ESG governance, strategy, risk management and metrics/targets/results. These include required corporate reporting and disclosures on specific topics (such as climate and human rights) as well as broader matters (such as other environmental matters, treatment of employees and diversity of workforce). These requirements have, and are likely to continue to, result in increased compliance costs for our business and supply chain, which may increase our operating costs. Moreover, as governments, investors and other stakeholders face pressure to address climate change and other ESG matters, these stakeholders may express new expectations and focus investments in ways that could cause significant shifts in commerce and consumption behaviors. The impact of and uncertainty that could result from such shifts could ultimately impact our business. Any of the above issues could have a material or adverse impact to our overall business and/or results of operations.

Tech & Innovation

Total Risks: 2/32 (6%)Below Sector Average

Innovation / R&D1 | 3.1%

Innovation / R&D - Risk 1

Working with new customers and end users as we expand our multi-rail solutions and products and services can present operational and onboarding challenges, be costly and result in reputational damage if the new products or services do not perform as intended.

The payments markets in which we compete are characterized by rapid technological change, new product introductions, evolving industry standards and changing customer and consumer needs. In order to remain competitive and meet the needs of the payments markets, we are continually involved in developing and implementing complex multi-rail solutions and diversifying our products and services. These efforts carry the risks associated with any diversification initiative, including cost overruns, delays in delivery and performance problems. These projects also carry risks associated with working with different types of customers (such as corporations that are not financial institutions, non-governmental organizations ("NGOs") and new end users). These differences may present new operational challenges, such as enhanced infrastructure and monitoring for less regulated customers. Our failure to effectively design and deliver these multi-rail solutions and products and services could make our other offerings less desirable to these customers, or put us at a competitive disadvantage. In addition, if there is a delay in the implementation of our products or services (which could include compliance obligations, such as AML and CFT, and licensing requirements for our products and services that operate under regulatory licenses), if our products or services do not perform as anticipated, or we are unable to otherwise adequately anticipate risks related to new types of customers, we could face additional regulatory scrutiny, fines, sanctions or other penalties, which could materially and adversely affect our overall business and results of operations, as well as negatively impact our brand and reputation.

Technology1 | 3.1%

Technology - Risk 1

Rapid and significant technological developments and changes could negatively impact our overall business and results of operations or limit our future growth.

The payments industry is subject to rapid and significant technological changes, which can impact our business in several ways: - Technological changes (including continuing developments of technologies in the areas of smart cards and devices, contactless and mobile payments, e-commerce, cryptocurrency and blockchain, AI, machine learning, privacy enhancement and cybersecurity) could result in new technologies that may be superior to, or render obsolete, the technologies we currently use in our programs and services. Moreover, these changes could result in new and innovative payment methods, products and services that could place us at a competitive disadvantage and that could reduce the use of our products and services. - We rely in part on third parties (including some of our competitors and potential competitors) for the development of and access to new technologies. The inability of these companies to keep pace with technological developments, or the acquisition of these companies by competitors, could negatively impact our offerings. - Our ability to develop and adopt new services and technologies may be inhibited by industry-wide solutions and standards (such as those related to EMV, tokenization or other safety and security technologies), and by resistance from customers or merchants to such changes. - Our ability to develop evolving systems and products may be inhibited by any difficulty we may experience in attracting and retaining employees with technology expertise. - Our ability to adopt these technologies can also be inhibited by intellectual property rights of third parties. We have received, and we may in the future receive, notices or inquiries from patent holders (including operating companies or non-practicing entities) suggesting that we may be infringing patents or that we need to license the use of their patents to avoid infringement. Such notices may, among other things, threaten litigation against us or our customers or demand significant license fees. - Our ability to develop new technologies and reflect technological changes in our payments offerings requires resources, which has resulted in and may further result in additional expenses. - We work with fintechs, technology companies (such as digital players and mobile providers) and traditional customers that use our technology to enhance payment safety and security and to deliver their payment-related products and services quickly and efficiently to consumers. Our inability to keep pace technologically could negatively impact the willingness of these customers to work with us, and could encourage them to use their own technology and compete against us. - Regulatory or government requirements have and could continue to require us to host and deliver certain products and services on-soil in certain markets, requiring us to alter our technology and delivery model, potentially resulting in additional expenses. - Various central banks are experimenting with CBDCs which may be launched with their own networks to transfer money between participants. Policy and design considerations that governments adopt could impact the extent of our role in facilitating CBDC-based payment transactions, potentially impacting the transactions that we may process over our network. We cannot predict the effect of future technological changes on our business, and our future success will depend, in part, on our ability to anticipate, develop or adapt to technological changes and evolving industry standards. Failure to keep pace with these technological developments or otherwise bring to market products that reflect these technologies could lead to a decline in the use of our products, which could have a material adverse impact on our overall business and results of operations.

Macro & Political

Total Risks: 2/32 (6%)Below Sector Average

Economy & Political Environment1 | 3.1%

Economy & Political Environment - Risk 1

Global economic, political, financial and societal events or conditions could result in a material and adverse impact on our overall business and results of operations.

Adverse economic trends. Adverse economic trends in key countries in which we operate may adversely affect our financial performance. Such impact may include, but is not limited to, the following: - Customers mitigating their economic exposure by limiting the issuance of new Mastercard products and requesting greater incentive or greater cost stability from us - Consumers and businesses lowering spending, which could impact domestic and cross-border spend - Debt limit and budgetary discussions in the U.S. has affected, and could further affect, the U.S. credit rating, impacting consumer confidence and spending - Government intervention (including the effect of laws, regulations and/or government investments on or in our financial institution customers), as well as uncertainty due to changing political regimes in executive, legislative and/or judicial branches of government, that may have potential negative effects on our business and our relationships with customers or otherwise alter their strategic direction away from our products - Tightening of credit availability that could impact the ability of participating financial institutions to lend to us under the terms of our credit facility Cross-border transactions. We switch substantially all cross-border transactions using Mastercard, Maestro and Cirrus-branded cards and generate a significant amount of revenue from cross-border volume fees and fees related to switched transactions. Revenue from switching cross-border and currency conversion transactions for our customers fluctuates with the levels and destinations of cross-border travel and our customers' need for transactions to be converted into their base currency. Cross-border activity has, and may continue to be, adversely affected by world geopolitical, economic, health, weather and other conditions. These include or have included: - the global COVID-19 pandemic (and the potential of any post-pandemic global economic impact) and potential separate outbreaks of flu, viruses and other diseases (any of which could result in future epidemics or pandemics)- current and potential future geopolitical conflicts, as well as expansion into regional or global conflicts, and the resulting impacts to our business (this includes Russia's invasion of Ukraine and the actions taken by the U.S., the EU, other governments and Mastercard in response)- the threat of terrorism and major environmental and extreme weather events (including those related to climate change) The impact of and uncertainty that could result from any of these events or factors could ultimately decrease cross-border activity. Additionally, any regulation of interregional interchange fees could also negatively impact our cross-border activity (for example, the targets announced by the G20 Financial Stability Board related to cross-border payments). In each case, decreased cross-border activity could decrease the revenue we receive. Russia's invasion of Ukraine. In addition to the cross-border impacts described above, our compliance with sanctions and our decision to suspend our business operations in Russia has led, and could further lead, to other legal ramifications and operational challenges, including fines, the nationalization of our subsidiary and any resulting impacts, and/or lawsuits. Standards. Our operations as a global payments network rely in part on global interoperable standards to help facilitate safe and simple payments. To the extent geopolitical events result in jurisdictions no longer participating in the creation or adoption of these standards, or the creation of competing standards, the products and services we offer could be negatively impacted. Factors such as those discussed above have adversely impacted our business, results of operations and financial condition, and any of these developments potentially could have a material adverse impact on our overall business and results of operations.

Capital Markets1 | 3.1%

Capital Markets - Risk 1

Adverse currency fluctuations and foreign exchange controls could negatively impact our results of operations.

During 2023, approximately 70% of our revenue was generated from activities outside the U.S. This revenue (and the related expense) could be transacted in a non-functional currency or valued based on a currency other than the functional currency of the entity generating the revenues. Resulting exchange gains and losses are included in our net income. Our risk management activities provide protection with respect to adverse changes in the value of only a limited number of currencies and are based on estimates of exposures to these currencies. In addition, some of the revenue we generate outside the U.S. is subject to unpredictable currency fluctuations including devaluation of currencies where the values of other currencies change relative to the U.S. dollar. If the U.S. dollar strengthens compared to currencies in which we generate revenue, this revenue may be translated at a materially lower amount than expected. Furthermore, we may become subject to exchange control regulations that might restrict or prohibit the conversion into U.S. dollars of our other revenue currencies and financial assets. The occurrence of currency fluctuations or exchange controls could have a material adverse impact on our results of operations.

Production

Total Risks: 1/32 (3%)Below Sector Average

Employment / Personnel1 | 3.1%

Employment / Personnel - Risk 1

We may not be able to attract and retain a highly qualified and diverse workforce, or maintain our corporate culture, which could harm our overall business and results of operations.

Our performance largely depends on the skills, capabilities and motivation of our employees (including our people leaders), as well as the environment we create for them to enable them to perform their jobs effectively. While attrition and pace of hiring has slowed due to economic uncertainty, the market for specialized skill-sets remains highly competitive, particularly in technology and other areas that are important to the growth of our business. To the extent we are unable to differentiate our value proposition in the market, effectively develop leaders and build robust succession pipelines, it could impact our ability to deliver for our customers. To the extent we cannot design our processes and practices to support equitable outcomes, our ability to attract talent may be significantly impacted and we may experience talent attrition. In addition, escalations in global conflict and a rise in mental health needs are also impacting the well-being of our people. To the extent we are unable to communicate effectively on these issues and provide support to our employees, we could experience a significant impact on our business, reputation and culture. Further,changes in and enforcement of immigration and work permit laws and visa regulations have made it difficult for employees to work in, or transfer among, jurisdictions where we operate, potentially impairing our ability to attract and retain talent. Our flexibility policies and programs (in particular, those related to work arrangements) may impact the well-being and productivity of our workforce, which in turn could have a negative impact on the quality of our corporate culture and our ability to innovate. To the extent these policies (including our team-based agreements) do not meet candidate or employee expectations for flexibility, this could also impact our ability to attract and retain talent. Failure to attract, hire, develop, motivate and retain highly qualified and diverse employee talent could leave us vulnerable to not anticipating or identifying emerging customer or market opportunities. We also rely on our people leaders to display integrity and decency. To the extent our leaders behave in a manner that is not consistent with our values, we could experience significant impact to our brand and reputation, as well as to our corporate culture. Any one or more of the above could harm our overall business and results of operations.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing