PayPal Holdings (PYPL) Risk Analysis

39,698 Followers

Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

PayPal Holdings disclosed 30 risk factors in its most recent earnings report. PayPal Holdings reported the most risks in the “Legal & Regulatory” category.

Risk Overview Q2, 2025

Risk Distribution

27% Legal & Regulatory

23% Ability to Sell

17% Tech & Innovation

13% Finance & Corporate

13% Macro & Political

7% Production

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2022

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

PayPal Holdings Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q2, 2025

Main Risk Category

Legal & Regulatory

With 8 Risks

Legal & Regulatory

With 8 Risks

Number of Disclosed Risks

From last report

S&P 500 Average: 31

From last report

S&P 500 Average: 31

Recent Changes

2Risks added

0Risks removed

7Risks changed

Since Jun 2025

2Risks added

0Risks removed

7Risks changed

Since Jun 2025

Number of Risk Changed

No changes from last report

S&P 500 Average: 1

No changes from last report

S&P 500 Average: 1

See the risk highlights of PayPal Holdings in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 30

Legal & Regulatory

Total Risks: 8/30 (27%)Above Sector Average

Regulation3 | 10.0%

Regulation - Risk 1

We are subject to regulatory scrutiny and may be subject to legal proceedings under antitrust and competition laws.

We are subject to scrutiny by various government agencies regarding antitrust and competition laws and regulations in the U.S. and internationally, including in connection with proposed or implemented business combinations, acquisitions, investments, partnerships, commercial agreements and business practices. Some jurisdictions also provide private rights of action for competitors or consumers to assert claims of anticompetitive conduct. Companies and government agencies have in the past alleged, and may in the future allege, that our actions (or actions of companies with which we have commercial agreements) violate the antitrust or competition laws in the U.S. or other jurisdictions in which we operate or otherwise constitute unfair competition, or that our products and services are used so broadly that otherwise uncontroversial business practices could be deemed anticompetitive. Any claims or investigations, even if without merit, may be costly to defend or respond to, involve negative publicity, cause substantial diversion of management's time and effort, and could result in reputational harm, significant judgments, fines and other remedial actions against us, require us to change our business practices, make product or operational changes, or delay or preclude planned transactions, product launches or improvements.

Regulation - Risk 2

Added

Consumer Protection

Violations of consumer protection law in applicable jurisdictions, including both federal and state laws and regulations in the U.S., such as the Electronic Fund Transfer Act ("EFTA") and Regulation E as implemented by the Consumer Financial Protection Bureau ("CFPB"), could result in the assessment of significant actual damages or statutory damages or penalties (including treble damages in some instances) and plaintiffs' attorneys' fees. We are subject to, and have paid amounts in settlement of, lawsuits containing allegations that our business violated the EFTA and Regulation E or otherwise advance claims for relief relating to our business practices (e.g., that we improperly held consumer funds or otherwise improperly limited consumer accounts).

Regulation - Risk 3

Changed

Our business is subject to extensive government regulation and oversight. Our failure to comply with extensive, complex, overlapping, and frequently changing rules, regulations, and legal interpretations could materially harm our business.

Our business is subject to complex and changing laws, rules, regulations, policies, licensing schemes, and legal interpretations in the markets in which we offer services directly or through partners, including, but not limited to, those governing: banking, credit, deposit taking, cross-border and domestic money transmission, prepaid access, foreign currency exchange, privacy, data protection, data governance, cybersecurity, banking secrecy, digital payments, cryptocurrency, payment services (including payment processing and settlement services), lending, fraud detection, consumer protection, antitrust and competition, economic and trade sanctions, anti-money laundering, and counter-terrorist financing. Regulators and legislators globally have been establishing, evolving, and increasing their regulatory authority, oversight, and enforcement, and it can be difficult to predict how these may be applied to our business and the way we conduct our operations. As we introduce new products and services and expand into new markets, including through acquisitions, we expect to become subject to additional regulations, restrictions, and licensing requirements. As we expand and localize our international activities, we expect that our obligations in the markets in which we operate will continue to increase. In addition, because we facilitate sales of goods and provide services to customers worldwide, one or more jurisdictions may claim that we or our customers are required to comply with their laws or other types of regulation, which may impose different, more specific, and/or conflicting obligations on us, as well as broader liability. We may not be able to respond quickly or effectively to regulatory, legislative, and other developments, any failure or perceived failure to comply with existing or new laws, regulations, or orders of any government authority (including changes to or expansion of their interpretation) may result in audits, inquiries, investigations, whistleblower complaints, and adverse media coverage; subject us to significant fines, penalties, monetary damages, injunctive relief, criminal and civil lawsuits, forfeiture of significant assets, and enforcement actions in one or more jurisdictions; result in additional compliance and licensure requirements; cause us to temporarily or permanently lose existing licenses or prevent or delay us from obtaining additional licenses that may be required for our business; increase regulatory scrutiny of our business; divert management's time and attention from our business; restrict our operations; lead to increased friction for customers; force us to make changes to our business practices, products, or operations; require us to engage in remediation activities; or delay planned transactions, product launches, or improvements. Any of the foregoing could, individually or in the aggregate, harm our reputation, damage our brands and business, and adversely affect our results of operations and financial condition. The complexity of U.S. federal and state and international regulatory and enforcement regimes, coupled with the global scope of our operations and the evolving global regulatory environment, could result in a single event prompting a large number of overlapping investigations and legal and regulatory proceedings by multiple government authorities in different jurisdictions. While we have implemented policies and procedures designed to help ensure compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, and agents will not violate such laws and regulations.

Litigation & Legal Liabilities2 | 6.7%

Litigation & Legal Liabilities - Risk 1

Changed

We are regularly subject to general litigation, regulatory scrutiny, and government inquiries.

We are regularly subject to claims, individual and class action lawsuits, arbitration proceedings, government and regulatory investigations, inquiries, actions or requests, and other proceedings alleging violations of laws, rules, and regulations with respect to competition, antitrust, intellectual property, privacy, data protection, information security, anti-money laundering, counter-terrorist financing, sanctions, anti-bribery, anti-corruption, consumer protection (including unfair, deceptive, or abusive acts or practices), the terms of our customer agreements, fraud, accessibility, securities, tax, labor and employment, commercial disputes, services, charitable fundraising, contract disputes, escheatment of unclaimed or abandoned property, product liability, use of our services for illegal purposes, the matters described in "Note 13-Commitments and Contingencies-Litigation and Regulatory Matters-General Matters" to our condensed consolidated financial statements, and other matters. We expect that the number and significance of these disputes and inquiries will continue to increase as our products, services, and business expand in complexity, scale, scope, and geographic reach, including through acquisitions of businesses and technology, and as a result of expanded enforcement of certain existing laws and regulations by federal, state and local agencies. For example, there continues to be enforcement activity in connection with federal and state consumer protection laws, including suits which seek civil penalties. Investigations, changes in, or expanded enforcement of federal, state or local laws and regulations, and legal proceedings are inherently uncertain, expensive and disruptive to our operations, and could result in substantial judgments, fines, penalties or settlements, substantial diversion of management's time and effort, negative publicity, reputational harm, criminal sanctions, or orders that prevent or limit us from offering certain products or services; require us to change our business practices or customer agreement terms in ways that may increase costs or reduce revenues, develop non-infringing or otherwise altered products or technologies, or pay substantial royalty or licensing fees; or delay or preclude planned transactions or product launches or improvements. Determining legal reserves or possible losses from such matters involves significant estimates and judgments and may not reflect the full range of uncertainties and unpredictable outcomes. We may be exposed to losses in excess of the amount recorded, and such amounts could be material. If our estimates and assumptions change or prove to have been incorrect, this could have a material adverse effect on our business, financial position, results of operations, or cash flows.

Litigation & Legal Liabilities - Risk 2

Use of our payments services for illegal activities or improper purposes could harm our business.

We expect that users will continue to attempt to use our payments platform for illegal activities or improper uses, including money laundering, terrorist financing, sanctions evasion, illegal online gambling, fraudulent sales of goods or services, illegal telemarketing activities, illegal sales of prescription medications or controlled substances, piracy of software, movies, music, and other copyrighted, trademarked or digital goods, bank fraud, child pornography, human trafficking, prohibited sales of alcoholic beverages or tobacco products, securities fraud, pyramid or Ponzi schemes, or the facilitation of other illegal or improper activity. Moreover, certain activity that may be legal in one jurisdiction may be illegal in another jurisdiction, and a merchant may be found responsible for intentionally or inadvertently importing or exporting illegal goods, resulting in liability for us. Owners of intellectual property rights or government authorities may seek to bring legal action against providers of payments solutions, including PayPal, that are peripherally involved in the sale of infringing or allegedly infringing items by a user. While we invest in measures intended to prevent and detect illegal activities that may occur on our payments platform, these measures may not be effective in detecting and preventing illegal activity or improper uses, and we may be subject to claims, individual and class action lawsuits, and government and regulatory requests, inquiries, or investigations that could result in liability, restrict our operations, impose additional restrictions or limitations on our business or require us to change our business practices, harm our reputation, increase our costs, and negatively impact our business.

Taxation & Government Incentives1 | 3.3%

Taxation & Government Incentives - Risk 1

Changes in tax laws, exposure to unanticipated additional tax liabilities, or implementation of reporting or record-keeping obligations could have a material adverse effect on our business.

An increasing number of U.S. states, the U.S. federal government, and governments of foreign jurisdictions, such as the EU Commission, as well as international organizations, such as the Organization for Economic Co-operation and Development ("OECD"), are focused on tax reform and other legislative or regulatory action to increase tax revenue. These actions may materially and adversely affect our effective tax rate, net income, and cash flows. Specifically, the OECD has published model rules and is coordinating negotiations among participating countries with the goal of achieving consensus on significant changes to international tax rules, including the implementation of a global minimum tax rate of 15%, commonly referred to as Pillar Two. Each individual jurisdiction will need to enact minimum tax legislation which may result in various interpretations of the OECD model rules and applicable timelines. Certain countries in which we do business have enacted implementing legislation effective January 1, 2024. As additional jurisdictions enact similar legislation, transition rules expire, and other provisions of the minimum tax legislation become effective, our effective tax rate and cash tax payments could increase in future years. The impact will depend on several factors including U.S and foreign tax legislation as well as our overall tax profile. A number of details around the provisions are still uncertain as the OECD and individual jurisdictions continue to issue guidance. The determination of our worldwide provision for income taxes and other tax liabilities requires estimation and significant judgment, and there are many transactions and calculations for which the ultimate tax determination is uncertain. We are currently undergoing a number of investigations, audits, and reviews by tax authorities in multiple U.S. and foreign tax jurisdictions. Any adverse outcome of any such audit or review could result in unforeseen tax-related liabilities that differ from the amounts recorded in our financial statements, which may, individually or in the aggregate, materially affect our financial results in the periods for which such determination is made. While we have established reserves based on assumptions and estimates that we believe are reasonable to cover such eventualities, these reserves may prove to be insufficient. In addition, our future income taxes could be adversely affected by changes in our geographical mix of income and impacts of statutory tax rates; by changes in the valuation of our deferred tax assets and liabilities, including as a result of gains on our foreign exchange risk management program; by changes in tax laws, regulations, or accounting principles; or by certain discrete items. A number of U.S. states, the U.S. federal government, and foreign jurisdictions have implemented and may impose reporting or record-keeping obligations on companies that engage in or facilitate e-commerce to improve tax compliance. A number of jurisdictions are also reviewing whether payment service providers and other intermediaries could be deemed to be the legal agent of merchants for certain tax purposes. We have modified our systems to meet applicable requirements and expect that further modifications will be required to comply with future requirements, which may negatively impact our customer experience and increase operational costs. Any failure by us to comply with these and similar reporting and record-keeping obligations could result in substantial monetary penalties and other sanctions, adversely impact our ability to do business in certain jurisdictions, and harm our business.

Environmental / Social2 | 6.7%

Environmental / Social - Risk 1

We are subject to risks associated with information disseminated through our products and services.

We may be subject to claims relating to information disseminated through our online services by our customers and other third parties, including, but not limited to, claims alleging defamation, libel, harassment, hate speech, breach of contract, invasion of privacy, negligence, copyright or trademark infringement, or other theories based on the nature and content of the materials disseminated through the services. We invest in measures intended to detect and block activities that may occur on our payments platform in violation of our policies and applicable laws. These measures require continuous improvement and may not be sufficiently effective in detecting and preventing the exchange of information in violation of our policies and applicable laws, which could negatively impact our business. If the laws or regulations that provide protections for online dissemination of information are invalidated, modified, or supplemented to reduce protections available to us, or to increase requirements on us to remove certain information or implement other processes, we could be harmed and may be forced to implement new measures to reduce our potential liability for information provided by our customers and carried on our products and services. This increased risk could require us to expend substantial resources or discontinue certain product or service offerings, which could harm our business.

Environmental / Social - Risk 2

Changed

Environmental, social and governance ("ESG") issues may have an adverse effect on our business, financial condition and results of operations and damage our reputation.

Various jurisdictions are adopting or considering new laws and regulations that expand or curtail disclosure, reporting and diligence requirements with respect to ESG matters. If we are unable to comply with new laws, regulations or guidance concerning ESG matters or fail to meet investor, industry or stakeholder expectations and standards, our reputation may be harmed, customers may choose to refrain from using our products and services, we may be subject to fines, penalties, regulatory or other enforcement actions, and our business or financial condition may be adversely affected. If our ESG-related data, processes and reporting are viewed as incomplete or inaccurate, or if we fail to achieve progress with respect to ESG-related goals on a timely basis or at all, we may be viewed negatively by stakeholders concerned about these matters. Moreover, investors, customers, partners, media, government entities, and other stakeholders (including those in support of or in opposition to ESG principles) may have a negative view of us to the extent we are perceived to have not responded appropriately to their ESG concerns or take positions that are contrary to their views or expectations. We recognize that climate-related risks may impact our business. For example, California, where our headquarters are located, has historically experienced, and is projected to continue to experience, extreme weather and natural disaster events more frequently, including drought, flooding, heat waves, and wildfires. Such events may disrupt our business and may cause us to experience additional costs to maintain or resume operations.

Ability to Sell

Total Risks: 7/30 (23%)Above Sector Average

Competition1 | 3.3%

Competition - Risk 1

We face substantial and increasingly intense competition worldwide in the global payments industry.

The global payments industry is highly competitive, dynamic, and innovative, and increasingly subject to regulatory scrutiny and oversight. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, shifting user preferences and needs, price sensitivity of consumers and merchants, and frequent introductions of new products and services. Competition also may intensify as new competitors emerge, businesses combine or enter into new partnerships, and established companies in other segments expand to become competitive with various aspects of our business. We compete with a wide range of businesses in every aspect of our business. Some of our current and potential competitors are or may be larger than we are, have larger customer bases, greater brand recognition, longer operating histories, a dominant or more secure position, broader geographic scope, volume, scale, resources, and market share than we do, or offer products and services that we do not offer. Other competitors are or may be smaller or younger companies that may be more agile in responding to regulatory and technological changes and customer preferences. Our competitors may devote greater resources to the development, promotion, and sale of products and services, and/or offer lower prices or more effectively offer their own innovative programs, products, and services. We often partner with other businesses, and the ability to continue developing these partnerships is important to our business. Competition for relationships with these partners is intense, and there can be no assurance that we will be able to continue to establish, grow, or maintain these partner relationships. If we are unable to differentiate our products and services from those of our competitors, drive value for our customers and adoption of our products and services, or effectively and efficiently align our resources with our goals and objectives, we may not be able to compete effectively, which could negatively impact our results of operations and financial condition.

Sales & Marketing5 | 16.7%

Sales & Marketing - Risk 1

Failure to deal effectively with fraud, abusive behaviors, bad transactions, and negative customer experiences may increase our loss rate and could negatively impact our business and severely diminish merchant and consumer confidence in and use of our services.

We expect that third parties will continue to attempt to abuse access to and misuse our payments services to commit fraud by, among other things, creating fictitious PayPal accounts using stolen or synthetic identities or personal information, taking over customer accounts or creating fraudulent accounts, making transactions with stolen financial instruments, abusing or misusing our services for financial gain, or fraudulently inducing users of our products and services into engaging in fraudulent transactions. Due to the nature of PayPal's digital payments services, third parties may seek to engage in abusive schemes or fraud attacks that are often difficult to detect and may be deployed at a scale that would otherwise not be possible in physical transactions. Measures to detect and reduce the risk of fraud and abusive behavior are complex, require continuous improvement, and may not be effective in detecting and preventing fraud, particularly new and continually evolving forms of fraud or in connection with new or expanded product offerings. If these measures are not effective, our business could be negatively impacted. We also incur substantial losses from erroneous transactions and situations where linked accounts designated by customers to fund PayPal transactions have insufficient funds or are otherwise unavailable to fund the payments, or the payment is initiated to an unintended recipient in error. Numerous and evolving fraud schemes and misuse of our payments services could subject us to significant costs and liabilities, require us to change our business practices, cause us to incur significant remediation costs, lead to loss of customer confidence in, or decreased use of, our products and services, damage our reputation and brands, divert the attention of management from the operation of our business, and result in significant compensation or contractual penalties from us to our customers and their business partners as a result of losses or claims. While we actively seek to recover transaction losses where possible, such recoveries may be insufficient to compensate us for such losses. Our purchase and seller protection programs ("protection programs") are intended to reduce the likelihood of losses for consumers and merchants from unauthorized and fraudulent transactions. Our purchase protection program also protects consumers who do not receive the item ordered or who receive an item that is significantly different from its description. We incur substantial losses from our protection programs as a result of disputes filed by our customers. While we may seek to recover losses from our protection programs from the merchant, we ultimately may not be able to fully recover such losses (for example, if the merchant is unwilling or unable to pay, the transaction involves a fraudulent merchant, or the merchant provides sufficient evidence that the item was delivered). In addition, consumers who pay through PayPal or Venmo may have reimbursement rights from their payment card issuer, which in turn will seek recovery from us. If losses incurred by us related to payment card transactions become excessive, we could lose the ability to accept payment cards for payment, which would negatively impact our business. Regulators and card networks may also adapt error resolution and chargeback requirements to account for evolving forms of fraud, which could increase PayPal's exposure to fraud losses and impact the scope of coverage of our protection programs. Increases in our loss rate, including as a result of changes to the scope of transactions covered by our protection programs, could negatively impact our business and results of operations. See "Note 13-Commitments and Contingencies-Protection Programs" to our consolidated financial statements. Failure to effectively monitor and evaluate the financial condition of our merchants may expose PayPal to losses. In the event of the bankruptcy, insolvency, business failure, or other business interruption of a merchant that sells goods or services in advance of the date of their delivery or use (e.g., airline, cruise, or concert tickets, custom-made goods, and subscriptions), we could be liable to the buyers of such goods or services, including through our purchase protection program or through chargebacks on payment cards used by customers to fund their purchase. Allowances for transaction losses that we have established may be insufficient to cover incurred losses.

Sales & Marketing - Risk 2

Our credit products expose us to additional risks.

We offer credit products to a wide range of consumers and merchants in the U.S. and various international markets. The financial success of these products depends largely on the effective management of related risk. The credit decision-making process for our consumer credit products uses proprietary methodologies and credit algorithms and other analytical techniques designed to analyze the credit risk of specific consumers based on, among other factors, their past purchase and transaction history with PayPal or Venmo and their credit scores. Similarly, proprietary risk models and other indicators are applied to assess merchants who desire to use our merchant financing offerings to help predict their ability to repay. These risk models may not accurately predict the creditworthiness of a consumer or merchant due to inaccurate assumptions, including those related to the particular consumer or merchant, market conditions, economic environment, or limited transaction history or other data. The accuracy of these risk models and the ability to manage credit risk related to our credit products may also be affected by legal or regulatory requirements, changes in consumer behavior, changes in the economic environment, issuing bank policies, and other factors. We are subject to the risk that account holders who use our credit products will default on their payment obligations. The non-payment rate among account holders may increase due to, among other factors, changes to underwriting standards, risk models not accurately predicting the creditworthiness of a user, worsening economic conditions, such as a recession or government austerity programs, increases in prevailing interest rates, and high unemployment rates. Account holders who miss payments often fail to repay their loans, and account holders who file for protection under the bankruptcy laws generally do not repay their loans. Further, laws or regulations may limit the assessment of late fees or penalties on certain credit products, which could negatively impact our revenue share arrangement with an independent chartered financial institution with respect to our U.S. consumer credit products. Any deterioration in the performance of loans facilitated through our platform or unexpected losses on such loans may increase the risk of potential charge-offs, increase our allowance for loans and interest receivable, negatively impact our revenue share arrangement (as discussed in "Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations - Key Metrics and Financial Results"), and materially and adversely affect our financial condition and results of operations. We generally rely on the activities and charters of unaffiliated financial institutions to provide PayPal and Venmo branded consumer credit and merchant financing offerings to our U.S. customers. As a service provider to these unaffiliated financial institutions, which are federally supervised U.S. financial institutions, we are subject from time to time to examination by their federal banking regulators. In the event of any termination or interruption in a partner bank's ability or willingness to lend, our ability to offer consumer credit and merchant financing products could be interrupted or limited, which could materially and adversely affect our business. We may be unable to reach a similar arrangement with another unaffiliated financial institution on favorable terms or at all. Obtaining and maintaining the lending licenses required for us to originate such loans ourselves would be a costly, time-consuming and uncertain process, and would subject us to additional laws and regulatory requirements, which could significantly increase our costs and compliance obligations and require us to change our business practices. Merchant loans under our U.S. PayPal Working Capital ("PPWC") and PayPal Business Loan ("PPBL") products and certain U.S. installment loan products are provided by a state-chartered industrial bank under a program agreement with us, and we acquire the receivables generated by those loans from the state-chartered bank after origination. In June 2020, the Federal Deposit Insurance Corporation ("FDIC") approved a final rule clarifying that loans validly originated by state-chartered banks or insured branches of foreign banks remain valid throughout the lifetime of the loan, reflecting a similar rule finalized by the Office of the Comptroller of Currency ("OCC") in May 2020 for nationally chartered banks. The final rule reaffirms and codifies the so-called "valid-when-made doctrine," which provides that the permissibility of an interest rate for a loan is determined when the loan is made and will not be affected by subsequent events such as sale, assignment, or other transfer. While a number of state attorneys general have unsuccessfully challenged these FDIC and OCC rules, there remains some uncertainty whether non-bank entities purchasing loan receivables originated by FDIC-insured, state-chartered banks may rely on federal preemption of state usury laws and other state laws. An adverse outcome of these or similar challenges, or changes to applicable laws and regulations or regulatory policy, could materially impact our U.S. PPWC and PPBL products, certain installment products, and our business. We currently purchase receivables related to our U.S. PayPal-branded merchant financing offerings and certain U.S. consumer installment loan products and extend credit for our consumer and merchant products outside the U.S. through our international subsidiaries. In June 2023, we entered into a multi-year agreement to sell U.K. and European buy now, pay later ("BNPL") loan receivables originated by PayPal (Europe) and PayPal U.K., consisting of the sale of a substantial majority of the U.K. and European BNPL loan portfolio held on PayPal (Europe)'s balance sheet at the closing of the transaction and a forward-flow arrangement for the sale of future originations of eligible loans. The sale of future eligible receivables is subject to certain conditions. If these conditions are not satisfied or waived or if the parties are unable to fulfill their obligations under these arrangements, the sale of these receivables could be delayed and we may not realize the expected benefits of this arrangement.

Sales & Marketing - Risk 3

Changes in how consumers fund their PayPal transactions could harm our business.

We pay transaction fees when consumers fund payment transactions using credit cards, lower fees when consumers fund payments with debit cards, and nominal fees when consumers fund payment transactions by electronic transfer of funds from bank accounts, from an existing PayPal account balance or Venmo account balance, or through our PayPal branded consumer credit products. Our financial performance is sensitive to changes in the rate at which our consumers fund payments using payment cards, which can significantly increase our costs. Although we provide consumers in certain markets with the opportunity to use their existing PayPal account balance or Venmo account balance to fund payment transactions, some of our consumers may prefer to use payment cards, which may offer features and benefits not provided as part of their PayPal accounts. Any increase in the portion of our payment volume funded using payment cards or in fees associated with our funding mix, or other events or developments that make it more difficult or costly for us to fund transactions with lower-cost funding options, could materially and adversely affect our financial performance and significantly harm our business.

Sales & Marketing - Risk 4

Changes to payment card networks or bank fees, rules, or practices could harm our business.

To process certain transactions, we must comply with applicable payment card, bank or other network (collectively, "network") rules. The rules govern all aspects of a transaction on the networks, including fees and other practices. From time to time, the networks have increased the fees and assessments that they charge for transactions that access their networks. Certain networks have also imposed special fees or assessments for transactions that are executed through a digital wallet such as the one that PayPal offers. Our payment processors may have the right to pass any increases in fees and assessments on to us and to increase their own fees for processing. Any increase in interchange fees, special fees, or assessments for transactions that we pay to the networks or our payment processors could make our pricing less competitive, increase our operating costs, and reduce our operating income, which could materially harm our business, financial condition, and results of operations. In some jurisdictions, government regulations have required payment card networks to reduce or cap interchange fees. Any changes in interchange fee rates or limitations, or their applicability to PayPal's products and services, could adversely affect our competitive position against payment card service providers and the revenue we earn from our branded card programs, require us to change our business practices, and harm our business. We may also be subject to fines and other penalties assessed by networks resulting from any rule violations by us or our merchants. The networks set and interpret their rules, and have alleged from time to time that various aspects of our business model violate these rules, or our agreements with the networks. Such allegations may result in significant fines, penalties, damages, or other liabilities, adversely impact benefits to us under the agreements, or require changes in our business practices that may be costly and adversely affect our business, results of operations and financial condition. The network rules may also increase the cost of, impose restrictions on, or otherwise impact the development of, our products which may negatively affect product deployment and adoption. The networks could adopt new operating rules or interpret or re-interpret existing rules that we or our payment processors might find difficult or impractical to follow, or costly to implement, which could require us to make significant changes to our products, increase our operational costs, and negatively impact our business. If we become unable or limited in our ability to accept certain payment types such as debit or credit cards, our business would be materially and adversely affected.

Sales & Marketing - Risk 5

If we are unable, or perceived as unable, to effectively manage customer funds, our business could be harmed.

We hold a substantial amount of funds belonging to our customers, including balances in customer accounts and funds being remitted to sellers of goods and services or recipients of person-to-person transactions. In certain jurisdictions where we operate, we are required to comply with applicable regulatory requirements with respect to customer balances. Our success is reliant on public confidence in our ability to effectively manage our customers' balances and handle substantial transaction volumes and amounts of customer funds. Any failure to manage customer funds in compliance with applicable regulatory requirements, or any public loss of confidence in us or our ability to effectively manage customer balances, could lead customers to discontinue or reduce their use of our products or reduce customer balances held with us, which could significantly harm our business.

Brand / Reputation1 | 3.3%

Brand / Reputation - Risk 1

If our reputation or our brands are damaged, our business and operating results may be harmed.

Our reputation and brands are globally recognized, important to our business, and affect our ability to attract and retain our customers. There are numerous ways our reputation or brands could be damaged. We may experience scrutiny or criticism from customers, partners, employees, government entities, media, advocacy groups, and other influencers or stakeholders that disagree with, among other things, our product offering decisions, internal policies, or public policy positions. Damage to our reputation or our brands may result from, among other things, new features, products, services, operational efforts, or terms of service (or changes to the same), or our decisions regarding user privacy, data practices, or information security. The proliferation of social media may increase and compound the likelihood, speed, magnitude, and unpredictability of negative brand events. If our brands or reputation are damaged, our business and operating results may be adversely impacted.

Tech & Innovation

Total Risks: 5/30 (17%)Above Sector Average

Innovation / R&D1 | 3.3%

Innovation / R&D - Risk 1

If we cannot keep pace with rapid technological developments to provide new and innovative products and services, the use of our products and services and, consequently, our revenues, could decline.

Rapid, significant, and disruptive technological changes impact the industries in which we operate, including payment technologies (including real-time payments, payment card tokenization, virtual currencies, distributed ledger and blockchain technologies, and proximity payment technology such as Near Field Communication and other contactless payments); internet browser technologies that enable users to easily store their payment card information for use on any retail or e-commerce website; artificial intelligence ("AI") and machine learning; developments in technologies supporting our regulatory and compliance obligations; and in-store, digital, and social commerce. We expect that new technologies applicable to the industries in which we operate, including the development, adoption, and use of generative AI technologies, will continue to emerge and may be superior to, or render obsolete, the technologies we currently use in our products and services. We cannot predict the effects of technological changes on our business, which technological developments or innovations will become widely adopted, and how those technologies may be regulated. Developing and incorporating new technologies into new and existing products and services may require significant investment, take considerable time, and may not ultimately be successful. For example, AI algorithms that we use may be flawed or may be based on datasets that are biased or insufficient. In addition, any latency, disruption, or failure in our AI systems or infrastructure could result in delays or errors in our offerings. There also may be real or perceived social harm, unfairness, or other outcomes that undermine public confidence in the use of our products or of AI. In addition, third parties may deploy AI technologies in a manner that reduces customer demand for our products and services. We rely in part on third parties, including some of our competitors, for the development of and access to new or evolving technologies. These third parties may restrict or prevent our access to, or utilization of, those technologies, as well as their platforms or products. Our ability to develop, provide or incorporate new technologies and adapt our existing products and services or develop future and new products and services using new technologies may be limited or restricted by industry-wide standards, platform providers, payments networks, changes to laws and regulations, changing customer expectations, third-party intellectual property rights, and other factors. If we are unable to develop and incorporate new technologies and adapt to technological changes and evolving industry standards in a timely or cost-effective manner, our business, results of operations, or reputation could be harmed.

Trade Secrets2 | 6.7%

Trade Secrets - Risk 1

We may be unable to protect or enforce our intellectual property.

The protection of our proprietary rights, including our trademarks, copyrights, domain names, trade dress, patents and trade secrets, is important to the success of our business. Effective protection of our proprietary rights may not be available in every jurisdiction in which we offer our products and services. Although we have generally taken measures to protect our intellectual property, there can be no assurance that we will be successful in protecting or enforcing our rights in every jurisdiction, that our contractual arrangements will prevent or deter third parties from infringing or misappropriating our intellectual property, or that third parties will not independently develop equivalent or superior intellectual property rights. We may be required to expend significant time and resources to prevent infringement and enforce our rights, and we may be unable to discover or determine the extent of any unauthorized use of our proprietary rights. If we are unable to prevent third parties from infringing or otherwise violating our proprietary rights, the uniqueness and value of our products and services could be adversely affected, the value of our brands could be diminished, and our business could be adversely affected. We expect to continue to license in the future certain of our proprietary rights, such as trademarks or copyrighted material, to others. These licensees may take actions that diminish the value of our proprietary rights or harm our reputation. Any failure to adequately protect or enforce our proprietary rights, or significant costs incurred in doing so, could diminish the value of our intangible assets and materially harm our business.

Trade Secrets - Risk 2

Third parties may allege that we are infringing their patents and other intellectual property rights.

We are frequently subject to litigation based on allegations of infringement or other violations of intellectual property rights. Intellectual property infringement claims against us may result from, among other things, our expansion into new business areas, including through acquisitions of businesses and technology, or new or expanded products and services and their convergence with technologies not previously associated with areas related to our business, products and services. The ultimate outcome of any allegation or claim is often uncertain and any such claim, with or without merit, may be time-consuming to defend, result in costly litigation, divert management's time and attention from our business, result in reputational harm, and require us to, among other things, redesign or stop providing our products or services, pay substantial amounts to settle claims or lawsuits, satisfy judgments, or pay substantial royalty or licensing fees.

Cyber Security1 | 3.3%

Cyber Security - Risk 1

Cyberattacks and security vulnerabilities could result in serious harm to our reputation, business, and financial condition.

The techniques used to attempt to obtain unauthorized or illegal access to systems and information (including customers' personal data), disable or degrade service, exploit vulnerabilities, or sabotage systems are continuously evolving. In some circumstances, these attempts may not be recognized or detected until after they have been launched against a target. Unauthorized parties continuously attempt to gain access to our systems or facilities through various means, including through hacking into our systems or facilities or those of our customers, partners, or vendors, and attempting to fraudulently induce users of our systems (including employees, vendor and partner personnel and customers) into disclosing user names, passwords, payment card information, multi-factor authentication application access or other sensitive information used to gain access to such systems or facilities. This information may, in turn, be used to access our customers' confidential personal or proprietary information and financial instrument data that are stored on or accessible through our information technology systems and those of third parties with whom we partner. This information may also be used to execute fraudulent transactions or otherwise engage in fraudulent actions. Numerous and evolving cybersecurity and related threats, including advanced and persisting cyberattacks, cyberextortion, distributed denial-of-service attacks, ransomware, spear phishing and social engineering schemes, the introduction of computer viruses or other malware, and the physical destruction of all or portions of our information technology and infrastructure and those of third parties with whom we partner or that are part of our information technology supply chain, are becoming increasingly sophisticated and complex, may be difficult to detect, and could compromise the confidentiality, availability, and integrity of the data in our systems, as well as the systems themselves. We believe that hostile actors, who may comprise individuals, coordinated groups, sophisticated organizations, or nation state supported entities, may target PayPal due to our name, brand recognition, types of data (including sensitive payments- and identity-related data) that customers provide to us, and the widespread adoption and use of our products and services. We have experienced from time to time, and may experience in the future, cybersecurity incidents, including breaches of our security measures, network breaches, and compromise of personally identifiable customer information due to human error, deception, malfeasance, insider threats, system errors, defects, vulnerabilities, or other issues. Any of the foregoing events may subject us to fines, penalties, regulatory or other enforcement actions, and our business, reputation or financial condition may be adversely affected. Any cybersecurity incidents, including cyberattacks or data security breaches affecting the information technology or infrastructure of our customers, partners, or vendors (including data center and cloud computing providers) or of companies we acquire, could have similar negative effects. Under payment card network rules and our contracts with our payment processors, if there is a breach of payment card information stored by us or our direct payment card processing vendors, we could be liable to the payment card issuing banks, including for their cost of issuing new cards and related expenses. We have experienced, and may experience in the future, breaches involving customer information for which we have notified, and may notify, regulators, customers and other third parties. These or other cybersecurity breaches and other exploited security vulnerabilities have subjected us and could further subject us to significant costs and third-party liabilities, result in improper disclosure of data and violations of applicable privacy and other laws, require us to change our business practices, cause us to incur significant remediation costs, lead to loss of customer confidence in, or decreased use of, our products and services, damage our reputation and brands, divert the attention of management from the operation of our business, result in significant compensation or contractual penalties from us to our customers and their business partners as a result of losses to or claims by them, or expose us to litigation, regulatory investigations, and significant fines and penalties. Moreover, under payment card network rules and our contracts with our payment processors, if there is a breach of payment card information stored by us or our direct payment card processing vendors, we could be liable to the payment card issuing banks, including for their cost of issuing new cards and related expenses. While we maintain insurance policies intended to help offset the financial impact we may experience from these risks, our coverage may be insufficient to compensate us for all losses caused by security breaches and other damage to or unavailability of our systems.

Technology1 | 3.3%

Technology - Risk 1

Business interruptions or systems failures may impair the availability of our websites, applications, products or services, or otherwise harm our business.

Our systems and operations and those of our service providers and partners have experienced from time to time, and may experience in the future, business interruptions or degradation of service because of distributed denial-of-service and other cyberattacks, insider threats, hardware and software defects or malfunctions, human error, earthquakes, hurricanes, floods, fires, and other natural disasters, public health crises (including pandemics), power losses, disruptions in telecommunications services, fraud, military or political conflicts, terrorist attacks, computer viruses or other malware, or other events. The frequency and intensity of weather events related to climate change are increasing, which could increase the likelihood and severity of such disasters as well as related damage and business interruption. Our corporate headquarters are located in the San Francisco Bay Area, a seismically active region in California. A catastrophic event that could lead to a disruption or failure of our systems or operations could result in significant losses and require substantial recovery time and significant expenditures to resume or maintain operations. Further, some of our systems, including those of companies that we have acquired, are not fully redundant and any failure of these acquired systems, including due to a catastrophic event, may lead to operational outages or delays. While we engage in disaster recovery planning and testing intended to mitigate risks from outages or delays, our planning and testing may not be effective or sufficient for all possible outcomes or events. As a provider of payments solutions, we are also subject to heightened scrutiny by regulators that may require specific business continuity, resiliency and disaster recovery plans, and rigorous testing of such plans, which may be costly and time-consuming to implement, and may divert our resources from other business priorities. Any of the foregoing risks could have a material adverse impact on our business, financial condition, and results of operations. We have experienced, and expect to continue to experience, system failures, cyberattacks, unplanned outages, and other events or conditions from time to time that have and may interrupt the availability, or reduce or adversely affect the speed or functionality, of our products and services. While we continue to undertake system upgrades and re-platforming efforts designed to improve the availability, reliability, resiliency, and speed of our payments platform, these efforts are costly and time-consuming, involve significant technical complexity and risk, may divert our resources from new features and products, and may ultimately not be effective. A prolonged interruption of, or reduction in, the availability, speed, or functionality of our products and services could materially harm our business and financial condition. Frequent or persistent interruptions in our services could permanently harm our relationship with our customers and partners and our reputation. If any system failure or similar event results in damage to our customers or their business partners, they could seek significant compensation or contractual penalties from us for their losses. These claims, even if unsuccessful, would likely be time-consuming and costly for us to address. We also rely on facilities, components, applications, software, and services supplied by third parties, including data center facilities and cloud data storage and processing services. From time to time, we have experienced interruptions in the provision of such facilities and services provided by these third parties. If these third parties experience operational interference or disruptions (including a cybersecurity incident), fail to perform their obligations, or breach their agreements with us, our operations could be disrupted or negatively affected, which could result in customer dissatisfaction, regulatory scrutiny, and damage to our reputation and brands, and materially and adversely affect our business. While we maintain insurance policies intended to help offset the financial impact we may experience from these risks, our coverage may be insufficient to compensate us for all losses caused by interruptions in our service due to systems failures and similar events. In addition, any failure to successfully implement new information systems and technologies or improvements or upgrades to existing information systems and technologies in a timely manner could lead to regulatory scrutiny, significant fines and penalties, and mandatory and costly changes to our business, adversely impact our business, internal controls, results of operations, and financial condition, and ultimately could cause us to lose existing licenses that we need to operate or prevent or delay us from obtaining additional licenses that may be required for our business.

Finance & Corporate

Total Risks: 4/30 (13%)Below Sector Average

Accounting & Financial Operations1 | 3.3%

Accounting & Financial Operations - Risk 1

Real or perceived inaccuracies in our key metrics may harm our reputation and negatively affect our business.

Our key metrics are calculated using internal company data based on the activity we measure on our payments platform and compiled from multiple systems, including systems that are internally developed or acquired through business combinations. While the measurement of our key metrics is based on what we believe to be reasonable methodologies and estimates, there are inherent challenges and limitations in measuring our key metrics globally at scale. The methodologies used to calculate our key metrics require significant judgment. We regularly review our processes for calculating these key metrics, and from time to time we may make adjustments to improve the accuracy or relevance of our metrics. For example, we continuously apply models, processes and practices designed to detect and prevent fraudulent account creation on our platforms, and work to improve and enhance those capabilities. When we detect a significant volume of illegitimate activity, we generally remove the activity identified from our key metrics. Although such adjustments may impact key metrics reported in prior periods, we generally do not update previously reported key metrics to reflect these subsequent adjustments unless the retrospective impact of process improvements or enhancements is determined by management to be material. Further, as our business develops, we may revise or cease reporting metrics if we determine that such metrics are no longer appropriate measures of our performance. If investors, analysts, or customers do not consider our reported measures to be sufficient or to accurately reflect our business, we may receive negative publicity, our reputation may be harmed, and our business may be adversely impacted.

Debt & Financing2 | 6.7%

Debt & Financing - Risk 1

If one or more of our counterparty financial institutions default on their financial or performance obligations to us or fail,we may incur significant losses.

We have significant amounts of cash, cash equivalents, receivables outstanding, and other investments on deposit or in accounts with banks or other financial institutions in the U.S. and international jurisdictions. As part of our foreign exchange hedging activities, we regularly enter into transactions involving derivative financial instruments with various financial institutions. Certain banks and other financial institutions are also lenders under our credit facilities. We regularly monitor our concentration of, and exposure to counterparty risk, and actively manage this exposure to mitigate the associated risk. Despite these efforts, we may be exposed to the risk of default on obligations by, or deteriorating operating results or financial condition or failure of, these counterparty financial institutions. If one of our counterparty financial institutions were to become insolvent, placed into receivership, or file for bankruptcy, our ability to recover losses incurred as a result of default or to access or recover our assets that are deposited, held in accounts with, or otherwise due from, such counterparty may be limited due to the insufficiency of the failed institutions' estate to satisfy all claims in full or the applicable laws or regulations governing the insolvency, bankruptcy, or resolution proceedings. In the event of default on obligations by, or the failure of, one or more of these counterparties, we could incur significant losses, which could negatively impact our results of operations and financial condition.

Debt & Financing - Risk 2

There are risks associated with our indebtedness.

We have incurred indebtedness, and we may incur additional indebtedness in the future. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our business operations and generate sufficient cash flows to service such debt. Our outstanding indebtedness and any additional indebtedness we incur may have significant consequences, including the need to use a significant portion of our cash flow from operations and other available cash to service our indebtedness, thereby reducing the funds available for other purposes, including capital expenditures, acquisitions, strategic investments, and share repurchases; the reduction of our flexibility in planning for or reacting to changes in our business, competitive pressures and market conditions; and limits on our ability to obtain additional financing for working capital, capital expenditures, acquisitions, strategic investments, share repurchases, or other general corporate purposes. Our revolving credit facilities and the indentures for our senior unsecured notes pursuant to which certain of our outstanding debt securities were issued contain financial and other covenants that restrict or could restrict, among other things, our business and operations. If we fail to pay amounts due under a debt instrument or breach any of its covenants, the lenders or noteholders would typically have the right to demand immediate repayment of all borrowings thereunder (subject in certain cases to a grace or cure period). Moreover, any such acceleration and required repayment of, or default in respect of, our indebtedness could, in turn, constitute an event of default under other debt instruments, thereby resulting in the acceleration and required repayment of our indebtedness. Any of these events could materially adversely affect our liquidity and financial condition. Changes by any rating agency to our outlook or credit rating could negatively affect the value of both our debt and equity securities and increase our borrowing costs. If our credit ratings are downgraded or other negative action is taken, the interest rates payable by us under our indebtedness may increase, and our ability to obtain additional financing in the future on favorable terms or at all could be adversely affected.

Corporate Activity and Growth1 | 3.3%

Corporate Activity and Growth - Risk 1

Acquisitions, dispositions, strategic investments, and other strategic transactions could result in operating difficulties and could harm our business.

We expect to continue to consider and evaluate a wide array of potential strategic transactions as part of our overall business strategy, including business combinations, acquisitions, and dispositions of certain businesses, technologies, services, products, and other assets; strategic investments; and commercial and strategic partnerships (collectively, "strategic transactions"). At any given time, we may be engaged in discussions or negotiations with respect to one or more strategic transactions, any of which could, individually or in the aggregate, be material to our financial condition and results of operations. There can be no assurance that we will be successful in identifying, negotiating, consummating and integrating transaction opportunities. Strategic transactions may involve additional significant challenges, uncertainties, and risks, including challenges of obtaining regulatory or other approvals, integrating new employees, products, systems, technologies, operations, and business cultures; challenges associated with operating acquired businesses in markets or business areas in which we may have limited or no experience; disruption of our ongoing operations and diversion of our management's attention; inadequate data security, cybersecurity, or operational and information technology resilience; failure to identify, or our underestimation of, commitments, liabilities, deficiencies and other risks associated with acquired businesses or assets; potential exposure to new or incremental risks associated with acquired businesses and entities, strategic investments or other strategic transactions, including potential new or increased regulatory oversight and uncertain or evolving legal, regulatory, and compliance requirements, particularly with respect to companies in new or developing businesses or industries; challenges associated with dispositions of business or operations, including disruption to other parts of our business, potential loss of employees or customers, the transfer of technology and/or certain intellectual property rights to third-party purchasers, or exposure to unanticipated liabilities or ongoing obligations to us following any such dispositions; failure of the transaction to advance our business strategy or for its anticipated benefits to materialize; potential impairment of goodwill or other acquisition-related intangible assets; and the potential for our acquisitions to result in dilutive issuances of our equity securities or the incurrence of significant additional debt. Strategic transactions are inherently risky, may not be successful, and may harm our business, results of operations, and financial condition. Strategic investments in which we have a minority ownership stake inherently involve a lesser degree of influence over business operations. The success of our strategic investments may be dependent on controlling shareholders, management, or other persons or entities that may have business interests, strategies, or goals that are inconsistent with ours. Business decisions or other actions or omissions of the controlling shareholders, management, or other persons or entities who control companies in which we invest may adversely affect the value of our investment, result in litigation or regulatory action against us, and damage our reputation.

Macro & Political

Total Risks: 4/30 (13%)Above Sector Average

Economy & Political Environment1 | 3.3%

Economy & Political Environment - Risk 1

Changed

Global and regional economic conditions could harm our business.

Adverse global and regional economic conditions such as political unrest and turmoil affecting the banking system or financial markets, including, but not limited to, tightening in the credit markets, extreme volatility or distress in the financial markets (including the fixed income, credit, currency, equity, and commodity markets), unemployment, consumer debt levels, recessionary or inflationary pressures, supply chain issues, reduced consumer confidence or economic activity, government fiscal, monetary and tax policies, U.S. and international trade relationships, agreements, treaties, changes in or new tariffs and restrictive actions or threats of such actions, including an escalation of trade tensions between the U.S. and its trading partners, the inability of a government to enact a budget in a fiscal year, government shutdowns, government austerity programs, geopolitical conditions or events, and other negative financial news or macroeconomic developments could have a material adverse impact on the demand for our products and services, including a reduction in the volume and size of transactions on our payments platform. In particular, recent tariffs and reciprocal trade measures enacted or threatened to be enacted by the U.S. and other countries have led to increased volatility and uncertainty in certain parts of the global economy. We cannot predict the timing, strength or duration of the current or any future potential economic volatility or slowdown in the U.S. or globally. These conditions could have a material adverse impact on the demand for our products and services which could adversely affect our results of operations. Additionally, any inability to access the capital markets when needed due to volatility or illiquidity in the markets, liquidity needs due to unanticipated reductions in customer balances, or increased regulatory liquidity and capital requirements may strain our liquidity position. Such conditions may also expose us to fluctuations in foreign exchange rates or interest rates that could materially and adversely affect our financial results.

International Operations1 | 3.3%

International Operations - Risk 1

Changed

Our international operations subject us to increased risks, which could harm our business.

Our international operations generate a significant portion of our net revenues. Our international operations subject us to significant challenges, uncertainties, and risks, including, but not limited to, local regulatory, licensing, reporting, and legal obligations; costs and challenges associated with operating in markets in which we may have limited or no experience, including effectively localizing our products and services and adapting them to local preferences; difficulties in developing, staffing, and simultaneously managing a large number of varying foreign operations as a result of distance, language, and cultural differences and in light of varying laws, regulations, and customs; differing employment practices and the existence of works councils; difficulties in recruiting and retaining qualified employees and maintaining our company culture; fluctuations in foreign exchange rates; exchange control regulations; profit repatriation restrictions; changes in or new tariffs, sanctions, fines, or other trade barriers or restrictions and the related uncertainty thereof; import or export regulations; compliance with U.S. and foreign anti-bribery, anti-corruption, sanctions, anti-money laundering and counter-terrorist financing laws and regulations; the interpretation and application of laws of multiple jurisdictions; and national or regional political, economic, or social instability. In addition, some countries have enacted or are considering data localization or residency laws, which require that certain data be maintained, stored and/or processed within their country of origin. Maintaining local data centers in individual countries could significantly increase our operating costs. Our international operations also may heighten many of the other risks described in this "Risk Factors" section. Any violations of the complex foreign and U.S. laws, rules and regulations that may apply to our international operations may result in lawsuits, enforcement actions, criminal actions, or sanctions against us and, our directors, officers, and employees; prohibit or require us to change our business practices; and damage our reputation. Although we have implemented policies and procedures designed to promote compliance with these laws, there can be no assurance that our employees, contractors, or agents will not violate our policies. These risks are inherent in our international operations, may increase our costs of doing business internationally, and could materially and adversely affect our business.

Capital Markets2 | 6.7%

Capital Markets - Risk 1

Added

Cryptocurrency Regulation and Related Risks

Our customer cryptocurrency offerings could subject us to additional regulations, licensing requirements, or other obligations or liabilities. Within the U.S., we are regulated by the New York State Department of Financial Services as a virtual currency business, which does not qualify us to engage in securities brokerage or dealing activities. The regulatory status of particular cryptocurrencies is unclear under existing law. The evolving legislative and regulatory landscapes with respect to cryptocurrency other than stablecoins may subject us to additional licensing and regulatory obligations or to inquiries or investigations from various regulators and governmental authorities, and require us to make product changes, restrict or discontinue product offerings in certain markets, implement additional and potentially costly controls, or take other actions. In August 2023, a third-party issuer with which we have partnered commercially (the "PYUSD Issuer") launched a U.S. dollar-denominated stablecoin named PayPal USD ("PYUSD"), which is available to PayPal U.S. customers and Venmo customers. These PayPal and Venmo customers may, if provisioned for external transfers and subject to our sanctions and anti-money laundering controls, send PYUSD to external wallets not controlled by PayPal. The PYUSD Issuer may also allow institutional users to directly purchase PYUSD from the PYUSD Issuer (as per the PYUSD Issuer's stablecoin terms and conditions). The regulatory treatment of stablecoins is evolving and has drawn significant attention from legislative and regulatory bodies around the world. Recently enacted U.S. federal stablecoin legislation provides a regulatory framework that is in the process of being implemented. While PYUSD is designed to comply with this U.S. framework, there remain uncertainties on how ongoing changes to international laws and regulations will apply to stablecoins in practice, and we and the PYUSD Issuer may face substantial costs to operationalize and comply with any additional or changed requirement. If we or the PYUSD Issuer fail to comply with regulations, requirements, prohibitions or other obligations applicable to us, we could face regulatory or other enforcement actions, potential fines, penalties, and other consequences. In addition, we could face reputational harm through our relationship with the PYUSD Issuer if the PYUSD Issuer were to face regulatory scrutiny or PYUSD is alleged to be used for transactions in connection with illicit or illegal activities. We hold our customers' cryptocurrency assets through one or more third-party custodians. Financial and third-party risks related to our customer cryptocurrency offerings, such as inappropriate access to, theft, or destruction of cryptocurrency assets held by our custodians, insufficient insurance coverage by a custodian to reimburse us for all such losses, a custodian's failure to maintain effective controls over the custody and settlement services provided to us, a custodian's inability to purchase or liquidate cryptocurrency holdings, the failure of the PYUSD Issuer to maintain sufficient reserve assets backing PYUSD and defaults on financial or performance obligations by a custodian, banks with which the PYUSD Issuer maintains reserve assets or counterparty financial institutions, could expose our customers and us to loss, and significantly harm our business, financial condition, and reputation. We have selected custodian partners and the PYUSD Issuer, and may in the future select additional custodian partners and stablecoin issuing entities, that are subject to regulatory oversight, capital requirements, maintenance of audit and compliance industry certifications, and cybersecurity procedures and policies. Nevertheless, any operational disruptions at any such custodian or issuer, or such custodians' or issuer's failure to safeguard cryptocurrency holdings (or reserve assets), could result in losses of customer assets, expose us to customer claims, reduce consumer confidence and materially impact our cryptocurrency product offerings and our operating results. Custodial arrangements to safeguard cryptocurrency assets involve unique risks and uncertainties in the event of a custodian's bankruptcy. While other types of assets and some custodied cryptocurrencies have been deemed not to be part of the custodian's bankruptcy estate under various regulatory regimes, bankruptcy courts have not yet definitively determined the appropriate treatment of custodial holdings of digital assets in a bankruptcy proceeding. In the event of a custodian's bankruptcy, the lack of precedent and the highly fact-dependent nature of the determination could delay or preclude the return of custodied cryptocurrency assets to us or to our customers. Although we contractually require our custodians to segregate our customer assets and not commingle them with proprietary or other assets, we cannot be certain that these contractual obligations, even if duly observed by a custodian, will be effective in preventing such assets from being treated as part of the custodian's estate under bankruptcy or other insolvency law. In that event, our claim on behalf of such customers against a custodian's estate for our customers' cryptocurrency assets could be treated as a general unsecured claim against the custodian, in which case our customers could seek to hold us liable for any resulting losses.

Capital Markets - Risk 2

Changed

Any factors that reduce cross-border trade or make such trade more difficult could harm our business.

Cross-border trade (i.e., transactions where the merchant and consumer are in different countries) is an important source of our revenues and profits. Cross-border transactions generally provide higher revenues and operating income than similar transactions that take place within a single country or market. In certain markets, cross-border trade represents our primary (and in some instances our only) offerings. Cross-border trade may be negatively impacted by various factors including foreign exchange rate fluctuations, changes in or new tariffs, trade wars, barriers or restrictions, or threats of such actions, or the related uncertainty thereof, sanctions, import or export controls, and the interpretation and application of laws of multiple jurisdictions in the context of cross-border trade and foreign exchange. Any factors that increase the costs or uncertainty of cross-border trade for us or our customers or that restrict, delay, or make cross-border trade more difficult or impractical could reduce our cross-border transactions and volume, negatively impact our revenues and profits, and harm our business.

Production

Total Risks: 2/30 (7%)Below Sector Average

Employment / Personnel1 | 3.3%

Employment / Personnel - Risk 1

We may be unable to attract, retain, and develop the highly skilled employees we need to support our business.

Competition for key and other highly skilled personnel is intense, especially for executive talent, software engineers, and other technology talent. We may be limited in our ability to recruit or hire internationally, including due to restrictive laws or policies on immigration, travel, or availability of visas for skilled workers. The loss of the services of any of our key personnel, or our inability to attract, hire, develop, motivate and retain key and other highly qualified and diverse talent, whether in a remote or in-office environment, or protect the safety, health and productivity of our workforce could harm our overall business and results of operations.

Supply Chain1 | 3.3%

Supply Chain - Risk 1

Changed

We rely on third parties in many aspects of our business, which creates additional risk.

We rely on third parties in many aspects of our business, including, but not limited to, networks, banks, payment processors, and payment gateways that link us to the payment card and bank clearing networks to process transactions; unaffiliated third-party lenders to originate our U.S. credit products to consumers, U.S. merchant financing, and branded credit card products; branded debit card and savings products issued by unaffiliated banks; cryptocurrency custodial service providers; and external business partners and contractors who provide key functions (including, but not limited to, data center facilities and cloud computing, information technology, and outsourced customer support and product development functions). We are subject to additional risks inherent in engaging and relying upon third-party providers, including operational, legal, regulatory, information security, reputational, commercial, and resiliency risks. If we are unable to effectively manage our third-party relationships, these third parties are unable to meet their obligations to us, we are overly reliant on certain relationships, we are unable to negotiate favorable contractual terms, or we experience substantial disruptions in these relationships (including interruptions to the availability of our products and services), our operations, results of operations, liquidity and financial results could be adversely impacted. Additionally, our relationships with third parties inherently involve a lesser degree of control over business operations, governance, and compliance, which potentially increases our financial, legal, reputational, and operational risk.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing