Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - FISV

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors

You should carefully consider each of the risks described below, together with all of the other information contained in this Annual Report on Form 10-K, before making an investment decision with respect to our securities. If any of the following risks develop into actual events, our business, results of operations or financial condition could be materially and adversely affected, and you may lose all or part of your investment.

Competitive and Business Risks

We operate in a competitive business environment and may not be able to compete effectively.

The markets for our products and services are highly competitive from new and existing competitors. Our principal competitors include other vendors and providers of financial services technology and payment systems, data processing affiliates of large companies, processing centers owned or operated as user cooperatives, financial institutions, independent sales organizations (“ISOs”), independent software vendors, payments companies and payment network operators. Our competitors vary in size and in the scope and breadth of the services they offer. Many of our larger existing and potential clients have historically developed their key applications in-house. As a result, we may compete against our existing or potential clients’ in-house capabilities. In addition, we expect that the markets in which we compete will continue to attract new technologies and well-funded competitors, including large technology, telecommunication, media and other companies not historically in the financial services and payments industries, start-ups and international providers of products and services similar to ours. We cannot provide any assurance that we will be able to compete successfully against current or future competitors or that competitive pressures faced by us in the markets in which we operate will not materially and adversely affect our business, results of operations and financial condition.

If we fail to keep pace with technological change, including as a result of artificial intelligence, we could lose clients or have trouble attracting new clients.

The markets for our products and services are characterized by constant and rapid technological change, evolving industry standards, frequent introduction of new products and services, and increasing client expectations. Our ability to respond timely to these changes, including by enhancing our current products and services and developing and introducing new products and services, will significantly affect our future success. In addition, competitors and other third parties may incorporate artificial intelligence into products and offerings more quickly or more successfully than we do, which could impair our ability to compete effectively and adversely affect our results of operations. If we are unsuccessful in developing, marketing and selling products or services that gain market acceptance, or if third parties insufficiently promote or distribute our products and services, it would likely have a material adverse effect on our ability to retain existing clients, to attract new ones and to grow profitably.

We use artificial intelligence in our business, and challenges with properly managing its use could result in legal liability or reputational harm.

We believe that data, and the insights enabled by data, can be used to create or enhance the products and services that we offer to our clients. The use of artificial intelligence technologies carries inherent

Table of Contents

risks, and there can be no assurance that our use of artificial intelligence will enhance our products or services or achieve any improvements in innovation or efficiency. If the content, analyses or recommendations that artificial intelligence applications assist in producing are or are alleged to be inaccurate, deficient or biased, our business, financial condition and results of operations may be adversely affected. Furthermore, our services that integrate third-party artificial intelligence models may rely on certain safeguards implemented by the third-party providers of the underlying artificial intelligence models, including those related to the accuracy, bias and other variables of the data, and these safeguards may be insufficient. Legislation and regulations governing the development or use of artificial intelligence and automated-decision making have been implemented or are under consideration in the U.S. at the state and local level, as well as internationally. Such legislation and regulations may impose obligations related to our development, offering, and use of artificial intelligence, particularly those use cases that are deemed by the law to be “high risk”, and expose us to increased risk of regulatory enforcement and litigation.

The One Fiserv action plan may not generate the benefits that we anticipate.

In 2025, we announced a strategic plan, referred to as the One Fiserv action plan, that focuses on: operating with a client-first mindset to win new enterprise clients and grow average revenue per client; building the pre-eminent small business operating platform through Clover; creating differentiated, innovative platforms in finance and commerce, including embedded finance and stablecoin; delivering operational excellence enabled by artificial intelligence; and employing disciplined capital allocation for the long-term. To successfully execute the plan, we must implement operational, technological and cultural changes across our organization, which may be difficult to do. In addition, although we have planned for a certain level of expense in implementing the plan, there are factors beyond our control that could cause the total amount or the timing of the expenses we may incur to be different than anticipated. As a result, the actual benefits of the plan may be less significant than anticipated. Furthermore, we may not be able to achieve expected benefits of the plan on our anticipated timeline or at all.

If we are unable to renew contracts on favorable terms or if contracts are terminated prematurely, we could lose clients and our results of operations and financial condition may be adversely affected.

Failure to achieve favorable renewals of client contracts could negatively impact our business. At the end of the contract term, clients have the opportunity to renegotiate their contracts with us or to consider whether to engage one or more of our competitors to provide products and services or to perform the services in-house. Some of our competitors may offer more attractive prices, features or other services that we do not offer, and some clients may desire to perform the services themselves. Larger clients may be able to seek lower prices from us when they renew or extend a contract or the client’s business has significant volume changes. In addition, larger clients may reduce the services we provide if they decide to move services in-house. Further, our small merchant business clients may seek reduced fees due to pricing competition, their own financial condition or pressure from their customers.

We also have contracts with U.S. federal, state and local governments. The contracts with these clients may contain terms that are not typical for non-government clients, such as the right to terminate for convenience, the right to unilaterally modify or reduce work to be provided under the contract, significant or unlimited indemnification obligations and being subject to appropriation of funds for the government contract program. In addition, if any of our government contracts were to be terminated for default, we could be suspended or debarred from contracting with that entity in the future, which could also provide other government clients the right to terminate.

These factors could result in lower revenue from a client than we had anticipated based on our agreement with that client. If we are not successful in achieving high contract renewal rates and favorable contract terms, if contracts are terminated, or if we are prevented from performing work for these clients in the future, our results of operations and financial condition may be materially and adversely affected.

Changes in card association and debit network fees or products could increase costs or otherwise limit our operations.

It is possible that competitive and other pressures will result in us absorbing a portion of such increases in the future, or not being able to increase our own fees, which would increase our operating costs, reduce our profit margin, limit our growth, and adversely affect our business, results of operations and financial condition. In addition, the various card associations and networks prescribe certain capital requirements. Any increase in the capital level required would further limit our use of capital for other purposes.

Table of Contents

Our business depends, in part, on our merchant relationships and alliances, and if we are unable to maintain these relationships and alliances, our business may be adversely affected.

Under our alliance program, a bank or other institution forms an alliance with us, generally on an exclusive basis, either contractually or through a separate legal entity. The banks and other institutions generally provide card association sponsorship, clearing and settlement services and typically act as a merchant referral source when the institution has an existing banking or other relationship with such merchant. We provide transaction processing and related functions to the alliance. Both we and our alliance partners may also provide management, sales, marketing and other administrative services. The alliance structure allows us to be the processor for multiple financial institutions, any one of which may be selected by the merchant as its bank partner. Our merchant acquiring business depends, in part, on our merchant relationships, alliances and other distribution channels. There can be no guarantee that we will achieve growth in our merchant relationships, alliances or other distribution channels. In addition, our contractual arrangements with merchants and merchant alliance partners are for fixed terms and may allow for early termination upon the occurrence of certain events. There can be no assurance that we will be able to renew our contractual arrangements with these merchants or merchant alliance partners on similar terms or at all. The loss of merchant relationships or alliance partners could negatively impact our business and have a material adverse effect on our results of operations and financial condition.

Consolidations in the banking and financial services industry could adversely affect our revenue by eliminating existing or potential clients and making us more dependent on fewer clients.

Mergers, consolidations and failures of financial institutions reduce the number of our clients and potential clients, which could adversely affect our revenue. If our clients merge with or are acquired by other entities that are not our clients, or that use fewer of our services, they may discontinue or reduce their use of our services. Our alliance strategy could also be negatively affected by consolidations, especially where the financial institutions involved are committed to their internal merchant processing businesses that compete with us. It is also possible that the larger financial institutions that result from mergers or consolidations could have an increased ability to negotiate terms with us or could decide to perform in-house some or all of the services which we currently provide or could provide. Any of these developments could have a material adverse effect on our business, results of operations and financial condition.

We make significant investments in emerging, innovative areas of financial services and technology that may not achieve expected returns.

We expect to continue to make significant investments in research, development, and marketing for new and existing products, services, and technologies, including embedded finance, stablecoin and artificial intelligence based products and services. We may not achieve significant revenue from our investment in innovative platforms and product offerings for several years, if at all, due to regulatory uncertainty, competitors’ success with similar offerings, lack of demand from our customer base for these offerings, our inability to successfully integrate these offerings into our established platforms, or other factors. New products and services may not be profitable or may not achieve operating margins as high as we have experienced historically.

The costs associated with developing, integrating and deploying these product offerings may be higher than anticipated, and these product offerings may require significant additional investment. Competitors may identify and develop applications for these technologies that reduce our ability achieve our desired financial returns. Our customers’ rate of adoption of novel product offerings may be slower than we anticipate and impact the feasibility of these product offerings going forward. Perceptions of mismanagement, driven by regulatory activity or negative public reaction to our practices or product experiences, could negatively impact product and feature adoption. Developing new technologies is complex. It can require long development and testing periods. We could experience significant delays in new releases or significant problems in creating new products or services. These factors could adversely affect our business, financial condition, and results of operations.

Among the new services we intend to offer is custody for stablecoin reserves held under the GENIUS Act and other stablecoin regulations to help financial institutions retain funds associated with FIUSD stablecoin issuance. Our stablecoin offering has only recently been enabled by regulation. We have made certain assumptions about future stablecoin regulation, but there is no certainty about the favorability of the final regulatory environment. Additionally, given the relative recency of the GENIUS Act, it is not clear what the market demand will be for our stablecoin offering from our financial institution customers.

Our embedded finance business is an emerging product area that could expose us to liability.

Our embedded finance business involves providing financial services to a merchant’s customers. These financial services may be branded in the name of a merchant. In addition, these financial services may be incorporated into the merchant’s products or services or may be used to facilitate financial transactions that permit the merchant to sell more products or services. In some cases, we resell the services of third parties, including financial institutions, technology providers, or program managers. Those

Table of Contents

third-party services may be integrated with our own technology or services. We are exposed to financial and performance risks related to the third parties whose services we resell. In addition, we may be contractually entitled to a percentage of the revenue earned by the financial institution or other third party, and accordingly, we may assume risks, either contractually or as a matter of law, that would ordinarily be risks assumed by a financial institution and not by a technology provider. These risks include credit risk, consumer fraud risk, operational risk, and compliance risk. It is possible that state or federal regulators may determine that we are directly subject to regulations that have not previously applied directly to us.

Operational and Security Risks

Security incidents or other technological risks involving our systems and data, or those of our clients, partners or vendors, could expose us to liability or damage our reputation.

Our operations depend on receiving, storing, processing and transmitting sensitive information pertaining to our business, our employees, our clients and their customers. Preserving the confidentiality of sensitive business and personal information is critical to our business. Any unauthorized access, intrusion, infiltration, network disruption, ransom, denial of service or similar incident could disrupt the integrity, continuity, security and trust of our systems or data, or the systems or data of our clients, partners, vendors or service providers. These incidents are often difficult to detect and are constantly evolving. State-sponsored cybersecurity attacks on financial service providers and financial systems could also adversely affect our business. These events could create costly litigation, significant financial liability, increased regulatory scrutiny, financial sanctions and a loss of confidence in our ability to serve clients and cause current or potential clients to choose another service provider, all of which could have a material adverse impact on our business. In addition, we have invested and expect to continue to invest significant resources to maintain and enhance our information security and controls or to investigate and mitigate security vulnerabilities. Although we believe that we maintain a robust program of information security and controls and that none of the events that we have encountered to date have materially affected us, we cannot be certain that the security measures and procedures we have in place to detect security incidents and protect sensitive data, will be successful or sufficient to counter all current and emerging risks and threats. While we maintain cybersecurity insurance, our insurance may be insufficient or may not cover all liabilities incurred by such attacks.

Operational failures and resulting interruptions in the availability of our products or services could harm our business and reputation.

Our business depends heavily on the reliability of our systems. An operational failure that results in an interruption in the availability of our products and services could harm our business or cause us to lose clients. Events that could cause operational failures include, but are not limited to, hardware and software defects or malfunctions, ransomware, denial-of-service and other cyberattacks, human error, earthquakes, hurricanes, floods, fires, natural disasters, pandemics, power losses, disruptions in telecommunications services, fraud, military or political conflicts, terrorist attacks, computer viruses or other malware, or other events. Implementation delays, interruptions of service or hardware device defects could damage our relationship with clients and could cause us to incur substantial expenses, including those related to the payment of service credits, product recalls or other liabilities. A prolonged interruption of our services or network could cause us to experience data loss or a reduction in revenue, and significantly impact our clients’ businesses and the customers they serve. In addition, a significant interruption of service or product recall could have a negative impact on our reputation and could cause our current and potential clients to choose another service provider. As a provider of payments solutions and other financial services, clients, regulators and others may require enhanced business continuity and disaster recovery plans including frequent testing of such plans. Meeting these various requirements may require a significant investment of time and money. Any of these developments could have a material adverse impact on our business, results of operations and financial condition.

Table of Contents

Disruptions of operations of other participants in the global financial system could prevent us from delivering our products and services.

The operations and systems of many participants in the global financial system are interconnected. Many of the transactions involving our products and services rely on multiple participants in the global financial system to move funds and communicate information to the next participant in the transaction chain. A disruption for any reason of the operations of a participant in the global financial system could impact our ability to obtain or provide information or cause funds to be moved in a manner to successfully deliver our products and services. Although we work with other participants to avoid any disruptions, there is no assurance that such efforts will be effective. Such a disruption could lead to our inability to deliver products and services, reputational damage, lost clients and revenue, loss of clients’ and their customers’ confidence, as well as additional costs, all of which could have a material adverse effect on our business, results of operations and financial condition.

We rely on third parties to provide products and services and if we are unable to obtain such products or services in the future or if these third parties fail to perform these services adequately, our business may be materially and adversely affected.

We rely on third parties we do not control to provide us with products and services, including payment card networks, acquiring processors, payment card issuers, financial institutions and the Automated Clearing House (“ACH”) network which transmit transaction data, process chargebacks and refunds, and perform clearing services in connection with our settlement activities. If, for example, such third parties stop providing clearing services or limit our volumes, we would need to find other financial institutions to provide those services. In the event these third parties fail to provide these services adequately or in a timely manner, including as a result of errors in their systems or events beyond their control, or refuse to provide these services on terms acceptable to us or at all, and we are not able to find timely suitable alternatives, we may no longer be able to provide certain services to customers, which could expose us and our clients to information security, financial, compliance and reputational risks. We may be negatively impacted by a disruption to our supply chain or third-party delivery service providers, including if the factories that manufacture our point-of-sale devices, payment cards or computer chips for payment cards, or paper stock are temporarily closed or experience workforce shortages; shipping services are interrupted or delayed; there are increased lead times, shortages or higher costs for certain materials and components; or there are workforce shortages at our third-party customer support, software development or technology hosting facilities. If we are unable to renew our existing contracts with key vendors and service providers, we might not be able to replace the related product or service at all or at the same cost. Any of these risks could have a material adverse effect on our business, results of operations and financial condition.

We may experience software defects, development delays or installation difficulties, which would harm our business and reputation and expose us to potential liability.

Our services are based on sophisticated software and computer systems and we may encounter delays when developing new applications and services. Further, the software underlying our services may contain undetected errors or defects when first introduced or when new versions are released. We may also experience difficulties in installing or integrating our technology on systems or with other programs used by our clients. Defects in our software, errors or delays in the processing of electronic transactions or other difficulties could result in interruption of business operations, delay in market acceptance, additional development and remediation costs, diversion of technical and other resources, loss of clients or client data, negative publicity or exposure to liability claims. Although we attempt to limit our potential liability through disclaimers and limitation of liability provisions in our license and client agreements, we cannot be certain that these measures will successfully limit our liability.

Global Market Risks

Our business may be adversely affected by geopolitical and other risks associated with operations outside of the U.S. and, as we continue to expand internationally, we may incur higher than anticipated costs and may become more susceptible to these risks.

We currently offer merchant acquiring, processing and issuing services outside of the U.S. Our facilities outside of the U.S., and those of our suppliers and vendors, including manufacturing, customer support, software development and technology hosting facilities, are subject to risks, including natural disasters, public health crises, political crises, terrorism, war, political or economic instability, regulatory or policy changes and other events outside of our or our suppliers’ control. As we continue to expand internationally and grow our client base outside of the U.S., we may face challenges due to the presence of more established competitors, changes in local market conditions and our relative lack of experience in such non-U.S. markets, and we may incur higher than anticipated costs. If we are unable to successfully manage the risks associated with the international operation and expansion of our business, our results of operations and financial condition could be negatively impacted.

Table of Contents

Our business is impacted by U.S. and global market and economic conditions.

For the foreseeable future, we expect to continue to derive revenue primarily from products and services we provide to the financial services industry and from our merchant acquiring business. Such trends may include, but are not limited to, the following:

•inflation, trade policy and tariffs, embargoes and trade sanctions, taxes, foreign currency fluctuations, interest rates, declining economies, social unrest, natural disasters, public health crises, including the occurrence of a contagious disease or illness, and the pace of economic recovery can change consumer spending behaviors, on which a significant portion of our revenues are dependent;

•low levels of consumer and business confidence typically associated with recessionary environments and those markets experiencing relatively high inflation, taxes, tariffs, interest rates, and/or unemployment, may cause decreased spending by cardholders;

•budgetary concerns in the U.S. and other countries around the world could affect the U.S. and other specific sovereign credit ratings, impact consumer confidence and spending, and increase the risks of operating in those countries;

•emerging market economies tend to be more volatile than the more established markets we serve, and adverse economic trends, including high rates of inflation, may be more pronounced in such emerging markets;

•financial institutions may restrict credit lines to cardholders, increase interest rates or limit the issuance of new cards to mitigate cardholder defaults;

•uncertainty and volatility in the performance of our clients’ businesses may make estimates of our revenues, rebates, incentives, and realization of prepaid assets less predictable;

•our clients may decrease spending for value-added services, or may choose another provider with lower processing fees; and

•government intervention, including the effect of laws, regulations, treaties, trade agreements and/or government investments in our clients, may have potential negative effects on our business, operations and our relationships with our clients or otherwise alter their strategic direction away from our products.

A prolonged poor economic environment, including a potential recession in the U.S. or other economies in which our business operates, could result in significant decreases in demand by current and potential clients for our products and services and in the number or dollar amount of transactions we process or accounts we service, which could have a material adverse effect on our business, results of operations and financial condition.

Potential tariffs or trade wars could increase the cost of our products, which could adversely impact the competitiveness of our products and our financial results.

The U.S. has imposed tariffs, and may impose new or increased tariffs, on certain imports from other countries, which may lead to retaliatory tariffs imposed by other governments. If the U.S. administration or other countries impose new or increased tariffs, trade restrictions or restrictions on the cross-border flow of data, our procurement of hardware devices, supply of materials and access to certain markets, could be impacted. Although it is difficult to predict how current or future tariffs on items imported from or exported to other countries will impact our business, the cost of our products manufactured in other countries and imported into the U.S. or elsewhere, or manufactured in the U.S. and exported elsewhere, could increase, which could adversely affect the demand for these products and have a material adverse effect on our business and results of operations.

Table of Contents

Regulatory and Compliance Risks

We have claims and lawsuits against us and have received governmental inquiries that may result in adverse outcomes.

We are currently, and may in the future, be subject to claims, lawsuits and governmental inquiries arising from the operation of our business, including those related to new product releases, significant business transactions, employee matters, artificial intelligence activities, and regulation. As described in Note 17. Commitments and Contingencies - Litigation and Investigation Matters to our consolidated financial statements, we are also currently subject to federal securities law complaints, derivative complaints and governmental investigations. As we continue to expand our business and offerings, we may be subject to additional types of legal claims. Any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation. Litigation could be costly, time-consuming and divert attention of our management and employees from daily operational needs. There is no guarantee that we will be successful in defending ourselves in pending or future litigation or similar matters under various laws. Adverse outcomes in some or all of these claims may result in significant monetary damages or injunctive relief that could adversely affect our ability to conduct our business. Litigation and other claims are subject to inherent uncertainties and management’s view of these matters may change in the future. An adverse impact to our financial condition and results of operations could occur for the period in which the effect of an unfavorable outcome becomes probable and reasonably estimable.

Our clients are also subject to numerous laws and regulations applicable to banks, financial institutions and card issuers in the U.S. and abroad, and, consequently, we are at times affected by these federal, state, local and foreign laws and regulations. These laws and regulations are subject to change, and new laws, regulations and interpretations are regularly adopted.

The volume and complexity of the regulations that impact our business, directly or indirectly, will continue to increase our cost of doing business. If we or third parties with whom we partner or contract fail to comply with applicable laws and regulations, we could be exposed to litigation or regulatory proceedings, our client relationships and reputation could be harmed, our ability to obtain new clients could be inhibited, we could be required to change the manner in which we conduct our business or suspend or terminate certain services, and we could incur significant fines, penalties, or losses, all of which could have a material adverse impact on our business, results of operations and financial condition.

If we fail to comply with the applicable requirements of the payment card networks and Nacha, they could seek to fine us, suspend us or terminate our registrations, which could adversely affect our business.

In order to provide our transaction processing services, several of our subsidiaries are registered with Visa and Mastercard and other networks as members or service providers for member institutions. A number of our subsidiaries outside the U.S. are direct members or associate members of Visa and Mastercard for purposes of conducting merchant acquiring, and various subsidiaries are also processor level members of numerous debit and electronic benefits transaction networks. As such, we are subject to card association and network rules that could subject us or our clients to a variety of fines or penalties that may be levied by the card associations or networks for certain acts or omissions by us, acquiring clients, processing clients or merchants. In addition, we are subject to Nacha rules relating to payment transactions processed by us using the ACH network and to various federal and state laws regarding such operations, including laws pertaining to electronic fund transfer and electronic benefits transactions, as well as the Payment Card Industry Data Security Standard enforced by the major card brands. The rules of Nacha and the card networks are set by their respective boards, some of which are our competitors, and the card network rules may be influenced by card issuers, some of which offer competing transaction processing services.

If we fail to comply with these rules, we could be fined and our member registrations or certifications could be suspended or terminated. The suspension or termination of our member registrations or certifications, or any changes to the association and network rules, that we do not successfully address, or any other action by the card networks to restrict our ability to process transactions over such networks, could limit our ability to provide transaction processing services to clients and result in a reduction of revenue or increased costs of operation, which, in either case, could have a material adverse effect on our business and results of operations.

Table of Contents

A heightened regulatory environment in the financial services industry may have an adverse impact on our clients and our business.

Since the enactment of the Dodd-Frank Wall Street Reform and Consumer Protection Act, a number of substantial regulations affecting the supervision and operation of the financial services industry within the U.S. have been adopted, including those that establish the Consumer Financial Protection Bureau (“CFPB”). The CFPB has issued regulations and guidance under U.S. consumer financial protection laws that apply to, and conducts direct examinations of, “supervised banks and nonbanks” as well as “supervised service providers” like us. CFPB rules, examinations and enforcement actions may require us to adjust our activities and may increase our compliance costs. Changes to applicable financial services laws or regulations could adversely impact our debit network business and other businesses. In addition, certain of our alliance partners are subject to regulation by federal and state authorities and, as a result, could pass through some of those compliance obligations to us.

Additional regulation, examination or oversight of our business could require us to modify the manner in which we contract with or provide products and services to our clients; directly or indirectly limit how much we can charge for our services; require us to invest additional time and resources to comply with such oversight and regulations, including in respect of audits, investigations or enforcement actions related to us or third parties; or limit our ability to update our existing products and services, or require us to develop new ones. If this oversight or regulation negatively impacts the business, operations or financial condition of our clients, our business and results of operations could be materially and adversely affected because, among other matters, our clients could have less capacity to purchase products and services from us, could decide to avoid or abandon certain lines of business, or could seek to pass on increased costs to us by negotiating price reductions. Any of these events, if realized, could have a material adverse effect on our business, results of operations and financial condition.

Legislative or regulatory initiatives on cybersecurity and data privacy could adversely impact our business and financial results.

Cybersecurity and data privacy risks have received heightened legislative and regulatory attention. In Europe and the U.K., their respective General Data Protection Regulations (collectively, “GDPR”) extends the scope of their data protection laws to companies processing data of individuals within the E.U. and the U.K., regardless of the company’s location, subject to certain limitations. The law requires companies to meet stringent requirements regarding the handling of personal data. E.U. and U.K. data protection law continuously develops and requires significant changes to our policies and procedures. GDPR imposes strict rules on the transfer of personal data out of the E.U. or U.K. to a “third country,” including the United States, unless particular transfer mechanisms are implemented. The mechanisms that we and many other companies rely upon for such data transfers are the subject of legal challenges, regulatory interpretations, and judicial decisions. In the E.U., U.K. and other markets, potential new rules and restrictions on the flow of data across borders could increase the cost and complexity of doing business in those regions. Additionally, we are subject to the E.U. Regulation known as the Digital Operational Resilience Act (“DORA”). DORA is intended to strengthen the information technology systems of covered financial entities to mitigate risks associated with operational disruptions. Our efforts to comply with E.U., U.K. There is also increased focus on data localization requirements around the world in countries such as the United Arab Emirates, China and India which could impact our business model with respect to our storage and transfer of personal data.

In addition, U.S. regulators, including the U.S. Federal Banking Agencies and the U.S. Federal Trade Commission (“FTC”) have adopted or proposed enhanced cyber and privacy security standards that apply to us and our financial institution clients and address privacy requirements for processing data of individuals, cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. The FTC and many state attorneys general are also interpreting federal and state consumer protection laws as imposing standards for the collection, use, dissemination, and security of data. Additionally, over a third of U.S. states have proposed or enacted comprehensive consumer privacy laws (such as the California Consumer Privacy Act) that have taken effect or will take effect in coming years. We cannot fully predict the impact of recently proposed or enacted laws or regulations on our business or operations, but compliance may require us to modify our data processing practices and policies incurring costs and expense. Legislation and regulations on cybersecurity, data privacy and data localization may compel us to enhance or modify our systems, invest in new systems or alter our business practices or our policies on how we process personal information, data governance and privacy. If any of these outcomes were to occur, our operational costs could increase significantly. Failure to comply with applicable laws in this area could also result in significant fines, penalties and reputational damage.

Failure to comply with state and federal antitrust requirements could adversely affect our business.

In order to satisfy state and federal antitrust

Table of Contents

requirements, we actively maintain an antitrust compliance program. Notwithstanding our compliance program, it is possible that perceived or actual violations of state or federal antitrust requirements could give rise to regulatory enforcement investigations or actions. Regulatory scrutiny of, or regulatory enforcement action in connection with, compliance with state and federal antitrust requirements could have a material adverse effect on our reputation and business.

We may be sued for infringing the intellectual property rights of others.

Third parties may claim that we are infringing their intellectual property rights. We expose ourselves to additional liability when we agree to defend or indemnify our clients against third-party infringement claims. If the owner of intellectual property establishes that we are, or a client which we are obligated to indemnify is, infringing its intellectual property rights, we may be forced to change our products or services, and such changes may be expensive or impractical, or we may need to seek royalty or license agreements from the owner of such rights. If we are unable to agree on acceptable terms, we may be required to discontinue the sale of key products or halt other aspects of our operations. We may also be liable for financial damages for a violation of intellectual property rights, and we may incur expenses in connection with indemnifying our clients against losses suffered by them. Any adverse result related to violation of third-party intellectual property rights could materially and adversely harm our business, results of operations and financial condition. Even if intellectual property claims brought against us are without merit, they may result in costly and time-consuming litigation and may require significant attention from our management and key personnel.

Our ability to compete depends upon proprietary systems and technology. We actively seek to protect our intellectual property and proprietary rights. Nevertheless, unauthorized parties may attempt to copy aspects of our services or to obtain and use information that we regard as proprietary. The steps we have taken may not prevent misappropriation of technology. Agreements entered into for that purpose may not be enforceable or provide us with an adequate remedy. It is also possible that others will independently develop the same or similar technology. Further, we use open source software in connection with our solutions. Companies that incorporate open source software into their solutions have, from time to time, faced claims challenging the ownership of solutions developed using open source software. As a result, we could be subject to suits by parties claiming ownership of what we believe to be open source software. Some of our solutions integrate licensed software, including open source software, and any failure to comply with the terms of one or more of the licenses could adversely affect our business. Effective patent, trademark, service mark, copyright and trade secret protection may not be available in every country in which our applications and services are made available. The laws of certain non-U.S. countries where we do business or contemplate doing business in the future may not recognize intellectual property rights or protect them to the same extent as do the laws of the U.S. Misappropriation of our intellectual property or potential litigation concerning such matters could have a material adverse effect on our business, the results of which could affect our operations and financial condition.

Changes in tax laws and regulations could adversely affect our results of operations and cash flows from operations.

Our operations are subject to tax by federal, state, local, and international taxing jurisdictions. Additionally, future tax laws, regulations or guidance from the Internal Revenue Service, the Securities and Exchange Commission or the Financial Accounting Standards Board could cause us to adjust current estimates in future periods, which could impact our earnings and have an adverse effect on our results of operations and cash flow.

The U.S. Congress, the Organization for Economic Co-operation and Development (the “OECD”) and other government agencies in jurisdictions in which we do business remain focused on the taxation of multinational corporations. The OECD, which represents a coalition of member countries, including the U.S., is contemplating changes to numerous longstanding tax principles, including ensuring all companies pay a global minimum tax and expanding taxing rights of market countries. Because the timing of implementation and the specific measures adopted will vary among participating countries, significant uncertainty remains regarding the impact of these initiatives and their implementation could adversely affect our business or financial results.

Furthermore, our implementation of new practices and processes designed to comply with changing tax laws and regulations could require us to make substantial changes to our business practices, allocate additional resources, and increase our costs, which could negatively affect our business, results of operations and financial condition.

Table of Contents

Unfavorable resolution of tax contingencies could adversely affect our results of operations and cash flows from operations.

Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby negatively impacting our results of operations as well as our cash flows from operations. We have established contingency reserves for known tax exposures relating to deductions, transactions and other matters involving some uncertainty as to the proper tax treatment of the item. These reserves reflect what we believe to be reasonable assumptions as to the likely final resolution of each issue if raised by a taxing authority. While we believe that the reserves are adequate to cover reasonably expected tax risks, there is no assurance that, in all instances, an issue raised by a tax authority will be finally resolved at a financial cost not in excess of any related reserve. An unfavorable resolution, therefore, could negatively impact our effective tax rate, financial position, results of operations, and cash flows in the current and/or future periods.

Organizational and Financial Risks

The failure to attract and retain key personnel could have a material adverse effect on our business.

We depend on the experience, skill and contributions of our senior management and other key employees. If we fail to attract, motivate and retain highly qualified management, technical, compliance and sales personnel, our future success could be harmed. Our senior management provides strategic direction for our company, and if we lose members of our leadership team, our management resources may have to be diverted from other priorities to address this loss. If we are unable to hire or retain the necessary skilled personnel, we may be unable to develop new products, product implementations could be delayed, and our ability to meet the requirements of our customers could be negatively impacted.

Losses due to chargebacks, refunds or returns could have a material adverse effect on our business, results of operations and financial condition.

We may be liable if our merchants or other parties that have obligations to deliver goods or services to cardholders fail to satisfy their obligations. For example, we and our merchant acquiring alliances may be subject to contingent liability for transactions originally acquired by us that are disputed by the cardholder and charged back to the merchants or other parties. These disputes could arise from fraud, misuse, unintentional use, settlement delay or failure, insufficiency of funds, returns, a failure to perform a service, or other reasons. If we or the alliance is unable to collect this amount from the merchant or other party because of the merchant’s or other party’s insolvency or other reasons, we or the alliance will bear the loss for the amount of the refund paid to the cardholder. Although we have an active program to manage our credit risk, and often mitigate our risk by obtaining collateral, a default on such obligations by one or more of our merchants or others could have a material adverse effect on our business, and results of operations and financial condition.

Additionally, we may be subject to potential liability for fraudulent transactions, including electronic payment and card transactions or credits initiated by merchants or others. Examples of merchant fraud include when a merchant or other party knowingly uses a stolen or counterfeit credit, debit or prepaid card, card number or other credentials to record a false sales transaction, processes an invalid card or intentionally fails to deliver the merchandise or services sold in an otherwise valid transaction. Criminals are using increasingly sophisticated methods to engage in illegal activities such as counterfeiting and fraud. We also rely on ISOs to sell our merchant processing services, which they may do by contracting with their own sub-ISOs. We rely on these ISOs and sub-ISOs to exercise appropriate controls to avoid fraudulent transactions. It is possible that incidents of fraud could increase in the future. Failure to effectively manage risk and prevent fraud, or otherwise effectively administer our chargeback responsibilities, would increase our chargeback liability and expose us to fines or other liabilities. Increases in chargebacks, fines or other liabilities could have a material adverse effect on our business, results of operations and financial condition.

Acquisitions subject us to risks, including assumption of unforeseen liabilities and difficulties in integrating operations.

A major contributor to our growth in revenue and earnings since our inception has been our ability to identify, acquire and integrate complementary businesses. We anticipate that we will continue to seek to acquire complementary businesses, products and services. We may not be able to identify suitable acquisition candidates or complete acquisitions in the future, which could adversely affect our future growth; or businesses that we acquire may not perform as well as expected or may be more difficult or expensive to integrate and manage than expected, which could adversely affect our business and results of operations. We may not be able to integrate all aspects of acquired businesses successfully or realize the potential benefits of bringing them together. In addition, the process of integrating these acquisitions may disrupt our business and divert our resources.

Table of Contents

In addition, acquisitions outside of the U.S. often involve additional or increased risks including, for example:

•managing geographically separated organizations, systems and facilities;

•integrating personnel with diverse business backgrounds and organizational cultures;

•complying with non-U.S. regulatory requirements;

•fluctuations in currency exchange rates;

•enforcement of intellectual property rights in some non-U.S. countries;

•difficulty entering new non-U.S. markets due to, among other things, consumer acceptance and business knowledge of these new markets; and

•general economic and political conditions.

These risks may arise for a number of reasons: we may not be able to find suitable businesses to acquire at affordable valuations or on other acceptable terms; we may face competition for acquisitions from other potential acquirers; we may need to borrow money or sell equity or debt securities to the public to finance acquisitions and the terms of these financings may be adverse to us; changes in accounting, tax, securities or other regulations could increase the difficulty or cost for us to complete acquisitions; we may discover liabilities, deficiencies, or other claims associated with the companies or assets we acquire that were not identified in advance, which may result in significant unanticipated costs; the effectiveness of our due diligence review and our ability to evaluate the results of such due diligence are dependent upon the accuracy and completeness of statements and disclosures made or actions taken by the companies we acquire or their representatives, as well as the limited amount of time in which acquisitions are executed. In addition, we may fail to accurately forecast the financial impact of an acquisition or other strategic transaction, including tax and accounting charges; we may incur unforeseen obligations or liabilities in connection with acquisitions; we may need to devote unanticipated financial and management resources to an acquired business; we may not realize expected operating efficiencies or product integration benefits from an acquisition; we could enter markets where we have minimal prior experience; and we may experience decreases in earnings as a result of non-cash impairment charges.

We may be obligated to indemnify the purchasers of businesses pursuant to the terms of the relevant purchase and sale agreements.

We have in the past and may in the future sell businesses. In connection with sales of businesses, we may make representations and warranties about the businesses and their financial affairs and agree to retain certain liabilities associated with our operation of the businesses prior to their sale. Our obligation to indemnify the purchasers and agreement to retain liabilities could have a material adverse effect on our business, results of operations and financial condition.

Our balance sheet includes significant amounts of goodwill and intangible assets. The impairment of a significant portion of these assets could negatively affect our results of operations.

We evaluate goodwill for impairment on an annual basis, or more frequently if circumstances indicate possible impairment. In addition, we review intangible assets for impairment whenever events or changes in circumstances indicate the carrying amount of the asset may not be recoverable. If the carrying value of the asset is determined to be impaired, then it is written down to fair value by a non-cash charge to operating earnings. An impairment of a significant portion of goodwill or intangible assets could have a material negative effect on our results of operations.

Existing or future leverage may harm our financial condition and results of operations.

At December 31, 2025, we had approximately $29 billion of debt. We and our subsidiaries may incur additional indebtedness in the future. Our ability to make payments of principal and interest on our indebtedness depends upon our future performance, which will be subject to general economic conditions and financial, business and other factors affecting our consolidated operations, many of which are beyond our control. In addition, if certain of our outstanding senior notes or commercial paper notes are downgraded to below investment grade, we may incur additional interest expense or

Table of Contents

suffer reputational harm. Such measures might not be sufficient to enable us to service our debt and meet our other cash requirements. In addition, any such financing, refinancing or sale of assets might not be available at all or on economically favorable terms.

An increase in interest rates may negatively impact our operating results and financial condition.

At December 31, 2025, we had approximately $2.1 billion in variable rate debt, which includes an aggregate $950 million drawn on our revolving credit facility and foreign lines of credit, and an aggregate amount of $1.2 billion outstanding under our U.S. dollar and Euro commercial paper programs. Based on outstanding debt balances and interest rates at December 31, 2025, a 1% increase in variable interest rates would result in an increase to annual interest expense of approximately $21 million.

Our results of operations may be adversely affected by changes in foreign currency exchange rates.

We are subject to risks related to changes in currency rates as a result of our investments in foreign operations and from revenues generated in currencies other than the U.S. dollar. Revenues and profit generated by such international operations will increase or decrease compared to prior periods as a result of changes in foreign currency exchange rates. These hedging strategies may not, however, eliminate all of the risks related to foreign currency translation, and we may forgo the benefits we would otherwise experience if currency exchange rates were to change in our favor. In addition, we may incur material foreign currency exchange losses due to the remeasurement of monetary assets and liabilities in highly inflationary economies. We have also issued foreign currency-denominated senior notes and commercial paper notes for which payments of interest and principal are to be made in foreign currency, and fluctuations in foreign currency exchange rates could cause the expense associated with such payments to increase. In addition, we may become subject to exchange control regulations that restrict or prohibit the conversion of our foreign revenue currencies into U.S. dollars. Any of these factors could decrease the value of revenues and earnings we derive from our international operations and have a material adverse effect on our business.

Item 1B. Unresolved Staff Comments

None.

Item 1C. Cybersecurity

Enterprise Risk Management

At the core of our business, we host, collect, process, use and retain significant amounts of financial, personal and other sensitive data across our own technology environment and the third-party information systems of our vendors, service providers and partners. In order to keep this data secure, we maintain an enterprise risk management (“ERM”) program designed to systematically identify and manage risk including risk from cybersecurity threats. The risk committee of the board of directors oversees our ERM program and it is reviewed annually by both the risk and audit committees of the board of directors. The risk committee also monitors and reports to the board regarding issues arising with respect to the risk governance structure and performance of the risk management function. The board, as a whole and through its committees, regularly engages with the Chief Risk Officer, management and outside advisors to identify, assess and manage risks of the company and to ensure the risk management function has the appropriate resources and authority to fulfill its responsibilities. An executive risk committee, comprised of senior leaders of our lines of business and corporate functions, provides executive level accountability for the ERM program.

On an ongoing basis, we identify, categorize, assess, monitor and respond to business risks. We consider the various ways in which risks may affect our business by measuring the impact of those risks against a consistent set of criteria, which include the potential impact to our operations, financial performance, clients, technology, reputation, business strategy and regulatory environment. The risk committee of the board of directors reviews and approves a list of top enterprise risks and the risk appetite relating to such risks. Among the top risks included in our ERM program is cybersecurity risk. Response plans are developed, tracked and implemented for residual risks that are above the acceptable tolerance level.

Table of Contents

Cybersecurity Risk

Management’s Role in Cybersecurity

Our global cybersecurity services team is responsible for assessing our technology environment, identifying emerging cybersecurity threats and evolving cybersecurity threat capabilities, and implementing business processes and technical defenses to safeguard our technology environment and services. Our management has established a cybersecurity and technology risk committee focused on managing cybersecurity and technology risk and implementing cybersecurity and technology plans, strategies and objectives. Our cybersecurity program is designed to enable us to detect and respond to cybersecurity incidents, continually improve the effectiveness of our cybersecurity controls, and dynamically respond to the evolving threat landscape.

We operate a cybersecurity operations center that continuously monitors our environment for cyber events, suspicious activity or unusual behaviors, and responds to minimize operational impact. We use layered security technologies, controls and modern analytics to detect, prevent and respond to threats.

We maintain a global cybersecurity policy and supporting standards which incorporate recognized industry standards and best practices from the National Institute of Standards and Technology as well as various industry security requirements.

Our employees play a vital role in protecting our and our clients’ data. We also maintain a third-party risk management program to identify, assess, mitigate and monitor risks associated with third parties’ software and services that we utilize.

Our CISO has served in various senior roles in information technology and information security, in both the public and private sector, for over three decades.

Board Oversight

The board of directors maintains primary oversight of the company’s strategic, operational and financial risks, including cybersecurity risks. The risk committee of the board of directors assists the board in its oversight of such risks and is primarily responsible for oversight of cybersecurity risks. The risk committee regularly reviews and discusses with management the current cybersecurity threat landscape, emerging trends and developments, and the company’s guidelines, policies and processes for monitoring, managing, and mitigating cybersecurity risks.

The board and the risk committee receive regular presentations and reports from management as well as outside experts on cybersecurity risks, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technology trends and information security considerations arising with respect to our peers and third parties. On an annual basis, the board and the risk committee discuss our approach to cybersecurity risk management with our Chief Risk Officer, Chief Compliance Officer and Chief Information Security Officer, among others. At each regular board meeting, the risk committee reviews and reports to the board on key cybersecurity risks. The board and the risk committee receive prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.

Impact of Cybersecurity Threats

Our results of operations and financial condition have not been materially affected by cybersecurity threats or incidents to date. As a result, cybersecurity threats and other technological risks involving our systems have materially affected our business strategy and processes. Although we believe that we maintain a robust program of information security and controls and that none of the cybersecurity incidents that we have encountered to date have materially affected us, we

Table of Contents

cannot be certain that the security measures and procedures we have in place to detect security incidents and protect sensitive data will be successful or sufficient to counter all current and emerging risks and threats. The impact of a material cybersecurity incident involving our systems and data, or those of our clients, partners or vendors, could have a material adverse effect on our business strategy, results of operations and financial condition.

Additional information on the impact of cybersecurity threats applicable to our business can be found in the Risk Factors section of this report under the heading “Operational and Security Risks”.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
IRTC	30 minutes ago
GCMG	33 minutes ago
ED	37 minutes ago
IAUX	38 minutes ago
LNC	39 minutes ago
TSCO	42 minutes ago
MSTR	42 minutes ago
GH	46 minutes ago
MIR	55 minutes ago
CSGS	an hour ago
LKQ	an hour ago
DTM	an hour ago
BG	an hour ago
THRM	an hour ago
SEM	an hour ago
TVTX	an hour ago
KALU	an hour ago
LYV	an hour ago
FTI	an hour ago
MS	an hour ago
ICUI	an hour ago
ET	an hour ago
BNL	an hour ago
OWL	an hour ago
BTU	an hour ago
EFX	an hour ago
PTCT	an hour ago
RPD	an hour ago
MET	an hour ago
IEX	an hour ago
CNDT	an hour ago
SPSC	an hour ago
CYH	an hour ago
SLM	an hour ago
STT	an hour ago
WSC	an hour ago
NPO	an hour ago
FFBC	an hour ago
SUNC	an hour ago
FDP	an hour ago
SUN	an hour ago
UDMY	an hour ago
OPEN	an hour ago
MSEX	an hour ago
ULS	an hour ago
GATX	an hour ago
RMAX	an hour ago
CTO	an hour ago
GLPI	an hour ago
AIZ	an hour ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - FISV

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - FISV

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing