MasterCard 2012 Annual Report Download - page 29

Download and view the complete annual report

Please find page 29 of the 2012 MasterCard annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 144

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144

Data Protection and Information Security. Aspects of our operations or business are subject to privacy and
data protection regulation in the United States, the European Union and elsewhere. For example, in the United States,
we and our customers are respectively subject to Federal Trade Commission and federal banking agency information
safeguarding requirements under the Gramm-Leach-Bliley Act. The Federal Trade Commission’s information
safeguarding rules require us to develop, implement and maintain a written, comprehensive information security
program containing safeguards that are appropriate for our size and complexity, the nature and scope of our activities,
and the sensitivity of any customer information at issue. Certain of our customers in the United States are subject to
similar requirements under the guidelines issued by the federal banking agencies. As part of their compliance with
the requirements, each of our U.S. customers is expected to have a program in place for responding to unauthorized
access to, or use of, customer information that could result in substantial harm or inconvenience to customers.
Regulatory authorities around the world are considering numerous legislative and regulatory proposals
concerning privacy and data protection. In addition, the interpretation and application of these laws in the United
States, Europe and elsewhere are often uncertain and in a state of flux. In Europe, the European Parliament and
Council is in the process of revising the European Directive 95/46/EC (the “Directive”), which provides for the
protection of individuals with regard to the processing of personal data and on the free movement of such
data. The revised regulation may increase the obligations of controllers (entities that have the data relationship
with an individual) and processors that handle an individual’s personal data requiring additional technical and
operational measures to protect personal data. These and other legislative and regulatory changes, as well as the
manner in which such laws could be interpreted and applied, may be inconsistent with our data practices. If so, in
addition to the possibility of fines, this could result in changes to our data practices and could impact such
aspects of our business as fraud monitoring and the development of information-based products and
solutions. The cost and operational consequences of implementing new and/or additional data protection
measures could be significant. See our risk factor in “Risk Factors—Legal and Regulatory Risks” in Part I,
Item 1A of this Report related to regulation in the areas of consumer privacy, data use and/or security.
Anti-Money Laundering and Anti-Terrorism. MasterCard and other participants in the payments industry
are also subject to the regulatory requirements of Section 352 of the USA PATRIOT Act, which requires us to
maintain a comprehensive anti-money laundering (“AML”) program and imposes similar requirements on our
financial institution customers in the United States. We are subject to the AML laws and regulations of India and
the activities of our internet payments gateway and prepaid card program management services are also subject
to U.S. and other countries’ AML laws and regulations. We have an AML compliance program to address these
legal and regulatory requirements and assist in managing money laundering and terrorist financing risks. The
program is comprised of policies, procedures and internal controls, including the designation of a compliance
officer and providing for the training of appropriate personnel regarding AML responsibilities.
We are subject to regulations imposed by the U.S. Office of Foreign Assets Control (“OFAC”) restricting
financial transactions and other dealings with Cuba, Iran, Syria and Sudan and with persons and entities included
in OFAC’s list of Specially Designated Nationals and Blocked Persons (the “SDN List”). Cuba, Iran, Syria and
Sudan have been identified by the U.S. State Department as terrorist-sponsoring states. We have no offices,
subsidiaries or affiliated entities located in these countries and do not license financial institutions domiciled in
these countries. We have established a risk-based compliance program that includes policies, procedures and
controls that are designed to protect us against having business dealings with prohibited countries, individuals or
entities. We take measures to prevent transactions that do not comply with OFAC sanctions, including obligating
our customers to screen cardholders and merchants against the SDN List; however, it is possible that such
transactions may be processed through our payments system and that our reputation may suffer due to our
customer financial institutions’ association with these countries or the existence of any such transactions.
Financial Industry Regulation. We are or may be subject to regulations related to our role in the financial
industry and our relationship with our financial institution customers. Certain of our operations are periodically
reviewed by the U.S. Federal Financial Institutions Examination Council (“FFIEC”) under its authority to
examine financial institutions’ technology service providers. Examinations by the FFIEC cover areas such as
data integrity and data security.
25