efforts to comply with the applicable data protection laws may have been or may prove to be insufficient or incorrect. If our privacy or data security measures or practices fail to comply with current or future laws and regulations, we may be subject to claims, legal proceedings or other actions by individuals or governmental authorities based on privacy or data protection regulations and our commitments to customers and users, as well as negative publicity and a potential loss of business. Moreover, if future laws and regulations limit our customers and users’ ability to use and share personal information or our ability to store, process and share personal information, demand for our solutions could decrease, our costs could increase, and our business, results of operations and financial condition could be harmed.
Through our relationships with third parties, including payment processors such as Worldpay, we must comply with certain payments and other financial services-related regulations, as well as binding industry standards, including the card network rules. Our failure to comply could materially harm our business.
The local, state, and federal laws, rules, regulations, licensing schemes, and industry standards that govern our business include, or may in the future include, those relating to underwriting, foreign exchange, payments services (such as money transmission, payment processing, and settlement services), anti-money laundering, combating terrorist financing, escheatment, international sanctions regimes, and compliance with the card network rules, PCI DSS and the NACHA Operating Rules. Each of the card networks (e.g., Visa, Mastercard, Discover and American Express) have specific rules applicable to the use of their network. We are subject to these rules pursuant to our agreements with payment processors and sponsor banks. The card network rules impose certain requirements on us, including notice and disclosure requirements, transaction monitoring. The PCI DSS, which contain compliance guidelines and standards with regard to our security surrounding the physical and electronic storage, processing and transmission of an individual’s cardholder data, is applicable to operations of the Company. Failure to obtain or maintain PCI DSS compliance could result in the Company’s inability to accept or process credit card payments on its own behalf, a merchant’s inability to utilize the Company’s software to process credit card payments and remain PCI Compliant, or subject the Company to penalties and fines. Further, if the Company’s internal systems are breached or compromised, the Company may be liable significant forensic investigation costs, consumer notification-related costs, for card re-issuance costs and subject to higher fines and transaction fees. The NACHA Operating Rules, which contain compliance guidelines and standards, including with respect to our security surrounding the physical and electronic storage, processing and transmission of an individual’s bank account data, are applicable to operations of the Company pursuant to our agreement with a third party to offer our customers ACH payment capabilities. Failure to maintain compliance with the NACHA Operating Rules could result in the Company’s inability to offer ACH transaction options to our customers or subject the Company to penalties and fines. Further, if the Company’s internal systems are breached or compromised, the Company may be liable for significant forensic investigation costs and consumer notification-related costs, and subject to higher fines and transaction fees. Any or all of these results could have a material negative effect on the Company’s operations. Changes in these security standards may cause us to incur significant unanticipated expenses to meet new requirements.
As we expand into new jurisdictions, the number of foreign laws, rules, regulations, licensing schemes, and standards governing our business will expand as well. In addition, as our business and solutions continue to develop and expand, we may become subject to additional laws, rules, regulations, licensing schemes, and standards. We may not always be able to accurately predict the scope or applicability of certain laws, rules, regulations, licensing schemes, or standards to our business, particularly as we expand into new areas of operations, which could have a significant negative effect on our existing business and our ability to pursue future plans.
Evaluation of our compliance efforts, as well as the questions of whether and to what extent our solutions and services could be considered money transmission, are matters of regulatory interpretation and could change over time. We have taken the position that in all cases where we do not participate in the authorization of transactions or settlement of funds, that a solution or service does not meet the definition of “engaging in financial activities” under the Gramm-Leach-Bliley Act, or GLBA, and therefore we are not subject to the requirements set forth in GLBA and its implementing Regulation P. In the future, if regulators disagree with our position with respect to GLBA or other potentially applicable laws, including those related to money transmission, or if new guidance or interpretations thereof are issued, we could be subject to investigations and resulting liability, including governmental fines, restrictions on our business, or other sanctions, and we could be forced to cease conducting certain aspects of our business with residents of certain jurisdictions, be forced to change our business practices in certain jurisdictions, or be required to obtain licenses or regulatory approvals,