MasterCard 2008 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2008 MasterCard annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 160

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160

In the United States, during the past several years, a number of bills have been considered by Congress and
there have been several congressional hearings to address information safeguarding and data breach issues.
While no legislation was passed in 2008, Congress is likely to continue to consider these issues, which could
result in legislation that would have an adverse impact on us and our customers. In addition, a number of U.S.
states have enacted security breach legislation, requiring varying levels of consumer notification in the event of a
security breach, and several other states are considering similar legislation. In Europe, the European Parliament
and Council passed the European Directive 95/46/EC (the “Directive”) on the protection of individuals with
regard to the processing of personal data and on the free movement of such data, which obligates the controller of
an individual’s personal data to take the necessary technical and organizational measures to protect personal data.
The Directive has been implemented through local laws regulating data protection in European Union member
states to which we and our customers are subject. The Directive establishes general principles with regard to the
processing of personal data, including the legal grounds for processing, the rights of individuals with regard to
their personal data, restrictions on transfers of the personal data outside the European Economic Area, and the
obligation of the controller of that information to take the necessary technical and organizational measures to
protect personal data.
MasterCard and other participants in the payment industry are also subject to the regulatory requirements of
Section 352 of the USA PATRIOT Act, which applies to certain types of financial institutions, including
operators of credit card systems. Section 352 of the USA PATRIOT Act requires MasterCard to maintain a
comprehensive anti-money laundering program and imposes similar requirements on some of our customers. Our
anti-money laundering program must be reasonably designed to prevent our system from being used to facilitate
money laundering and the financing of terrorist activities. The program must, at a minimum, include the
designation of a compliance officer, provide for the training of appropriate personnel regarding anti-money
laundering responsibilities, as well as incorporate policies, procedures, and controls to mitigate money laundering
risks, and be independently audited.
We are also subject to regulations imposed by OFAC. OFAC regulations impose restrictions on financial
transactions with Cuba, Burma/Myanmar, Iran and Sudan and with persons and entities included in the OFAC’s
list of Specially Designated Nationals and Blocked Persons (the “SDN List”). Also Cuba, Iran, Sudan and Syria
have been identified by the U.S. State Department as terrorist-sponsoring states. While MasterCard has no
business operations, subsidiaries or affiliated entities in these countries, a limited number of financial institutions
are licensed by MasterCard to issue cards or acquire merchant transactions in certain of these countries.
MasterCard takes measures to avoid transactions with persons and entities on the SDN List, however, it is
possible that transactions involving persons or entities on the SDN List may be processed through our payment
system. It is possible that our reputation may suffer due to our customer financial institutions’ association with
these countries or the existence of any such transactions, which in turn could have a material adverse effect on
the value of our stock. Further, certain U.S. states have recently enacted legislation regarding investments by
pension funds and other retirement systems in companies that have business activities or contacts with countries
that have been identified as terrorist-sponsoring states and similar legislation may be pending in other states. As a
result, pension funds and other retirement systems may be subject to reporting requirements with respect to
investments in companies such as ours or may be subject to limits or prohibitions with respect to those
investments that may materially and adversely affect our stock price.
In addition, the Federal Trade Commission and the federal banking agencies have issued a number of
regulations implementing the Fair and Accurate Credit Transactions Act, and at least one other regulation under
this law is expected to be issued in 2009. Once fully implemented, these regulations could have a material impact
on our customers’ businesses by increasing costs of issuance and/or decreasing the ability of card issuers to set
the price of credit. The Board of Governors of the Federal Reserve System (the “Federal Reserve”), along with
two other federal banking agencies, have also recently issued a regulation pertaining to unfair or deceptive acts or
practices pertaining to credit card practices (the “UDAP Rule”). The UDAP Rule will make it more difficult for
credit card issuers to price credit acts for future credit risk which will have an effect on the pricing models of
most credit card issuers. The UDAP Rule could reduce credit availability, or increase the cost of credit to
23