EFTA01377655.pdf

S- I /A consuming, or otherwise burdensome compliance measures from us. In particular, as we seek to build a trusted and secure platform for commerce, and as we expand our network of sellers and buyers and facilitate their transactions and interactions with one another, we will increasingly be subject to laws and regulations relating to the collection, use, retention, security, and transfer of information, including the personally identifiable information of our employees and sellers and their customers. As with the other laws and regulations noted above, these laws and regulations may be interpreted and applied differently over time and from jurisdiction to jurisdiction, and it is possible they will be interpreted and applied in ways that will materially and adversely affect our business. We post on our website our privacy policies and practices concerning the collection, use, and disclosure of information. Any failure, real or perceived, by us to comply with our posted privacy policies or with any regulatory requirements or orders or other local, state, federal, or international privacy or consumer protection- related laws and regulations could cause sellers or their customers to reduce their use of our products and services and could materially and adversely affect our business. Our business is subject to complex and evolving regulations and oversight related to our provision of payments services and other financial services. The laws, rules, and regulations that govern our business include or may in the future include those relating to banking. deposit-taking, cross-border and domestic money transmission, foreign exchange, payments services (such as payment processing and settlement services), consumer financial protection, anti-money laundering, escheatment, and compliance with the Payment Card Industry Data Security Standard, a set of requirements designed to ensure that all companies that process, store, or transmit payment card information maintain a secure environment to protect cardholder data. These laws, rules, and regulations are enforced by multiple authorities and governing bodies in the United States, including the Department of the Treasury, the Consumer Financial Protection Bureau, the Federal Deposit Insurance Corporation, and numerous state and local agencies. Outside of the United States, we are subject to additional laws, rules, and regulations related to the provision of payments and financial services, including those enforced by the Ministry of Economy, Trade, and Industry in Japan and those enforced by the Financial Transactions and Reports Analysis Centre in Canada, and as we expand into new jurisdictions, the number of foreign regulations and regulators governing our business will expand as well. In addition, as our business continues to develop and expand, we may become subject to additional rules and regulations. For example, if our Square Capital program shifts from an MCA model to a loan model, state and federal rules concerning lending could become applicable. Similarly, if we choose to offer Square Payroll in more jurisdictions, additional regulations, including tax rules, will apply. Although we have a compliance program focused on applicable laws, rules, and regulations and are continually investing more in this program, we may still be subject to fines or other penalties in one or more jurisdictions levied by federal or state or local regulators, including state Attomeys General, as well as those levied by foreign regulators. In addition to fines, penalties for failing to comply with applicable rules and regulations could include significant criminal and civil lawsuits, forfeiture of significant assets, or other enforcement actions. We could also be required to make changes to our business practices or compliance programs as a result of regulatory scrutiny. In addition, any perceived or actual breach of compliance by us with respect to applicable laws, rules, and regulations could have a significant impact on our 38 Table of Contents reputation as a trusted brand and could cause us to lose existing customers, prevent us from obtaining new customers, require us to expend significant funds to remedy problems caused by breaches and to avert further breaches, and expose us to legal risk and potential liability. We have obtained licenses to operate as a money transmitter (or its equivalent) in the United States and in the states where this is required. As a licensed money transmitter, we are subject to obligations and restrictions with respect to the investment of customer funds, reporting requirements, bonding requirements, and inspection by state regulatory agencies concerning those aspects of our business considered money transmission. Evaluation of our compliance efforts, as well as the questions of whether and to what extent our products and services are considered money transmission, are matters of regulatory interpretation and could change over time. In the past, we have been required to pay fines to Florida regulatory authorities and once received a Cease and Desist Order from Illinois regulatory authorities due to their interpretations and applications to our business of their respective state money transmission laws. In the future, as a result of the regulations applicable to our business, we could be subject to additional liability, including governmental fines, restrictions on our business, or other sanctions, and we could be forced to cease conducting certain aspects of our business with residents of certain jurisdictions, be forced to otherwise change our business practices in certain jurisdictions, or be required to obtain additional licenses or regulatory approvals. There can be no assurance that we will be able to obtain any such licenses, and, even if we were able to do so, there could be substantial costs and potential product http://www.see.gov/Archivestedgaildata/I512673ANS)119312515369092/d937622dsla.hunl 1 I /6/20I 5 7:37:12 AM] CONFIDENTIAL - PURSUANT TO FED. R. GRIM. P. 6(e) DB-SDNY-0074806 CONFIDENTIAL SDNY_GM_00220990 EFTA01377655