|IHS MARKIT LTD. filed this Form 10-K on 01/18/2019|
Certain types of information we collect, compile, store, use, transfer, publish and/or sell, and certain of our products and services, are subject to regulation by governmental authorities in various jurisdictions in which we operate.
There is an increasing public concern regarding privacy, data, and consumer protection issues, and the number of jurisdictions with data protection laws has been increasing. Certain types of information we collect, compile, use, and publish, including offerings in our Automotive businesses, are subject to laws and regulations by governmental authorities in jurisdictions in which we operate. These laws and regulations pertain primarily to “personally identifiable information” and “personal data” (i.e., information relating to an identified or identifiable individual), constrain whether and how we collect that data, how that data may be used and stored, and whether, to whom, and where that data may be transferred, as well as notification and other requirements that must be followed in the event data is accessed by unauthorized persons. To conduct our operations, we regularly move data across national borders, and consequently are subject to a variety of continuously evolving and developing laws and regulations regarding privacy, data protection, and data security. Many jurisdictions have passed laws in this area, such as the European Union General Data Protection Regulation (the “GDPR”) and the cyber-security law adopted by China in June 2017, and other jurisdictions are considering imposing additional restrictions. These laws and regulations are increasing in complexity and number, change frequently and increasingly conflict among the various countries in which we operate, which has resulted in greater compliance risk and cost for us. It is possible that we could be prohibited or constrained from collecting or disseminating certain types of data or from providing certain products or services. If we fail to comply with these laws or regulations, we could be subject to significant litigation, civil or criminal penalties, monetary damages, regulatory enforcement actions or fines in one or more jurisdictions. For example, a failure to comply with the GDPR could result in fines up to the greater of €20 million or 4% of annual global revenues.
In addition, many of our customers rely on many of our products and services to meet their operational, regulatory, or compliance needs. Our financial industry customers, for example, operate within a highly regulated environment and must comply with governmental and quasi-governmental legislation, regulations, directives, and standards. Complex and ever-evolving legislative and regulatory changes around the world that impact our customers’ industries may impact how we provide products and services to our customers and may affect the structure and regulation of, and possibly the demand for, certain products and services we offer, such as indices, benchmark administration, intermediating and clearing services, and offerings in which we function as a “third-party service provider.”
It is very difficult to predict the future impact of the broad and expanding laws, rules, regulations or standards affecting our business, our products and services, and our customers. There can be no assurance that changes in laws, rules or regulations will not have a material adverse effect on our business, financial condition or results of operations. If we fail to comply with any applicable laws, rules, regulations, or standards, or fail to obtain regulatory approval to conduct certain operations or provide certain products or services, we could be subject to fines or other penalties. Additionally, we may be required to comply with multiple and potentially conflicting laws, rules, or regulations in various jurisdictions, or investigate, defend, or remedy actual or alleged violations, which could, individually or in the aggregate, result in materially higher compliance costs to us. New legislation, or a significant change in laws, rules, regulations, or standards could also result in some of our products and services becoming obsolete or prohibited, reduce demand for our products and services, increase expenses as we modify our products and services to comply with new requirements and retain relevancy, impose limitations on our operations, and increase compliance or litigation expense, each of which could have a material adverse effect on our business, financial condition and results of operations.
Our operations are subject to risks relating to worldwide operations, and our compliance and risk management methods might not be effective and may result in outcomes that could adversely affect our reputation, financial condition, and operating results.
Operating in many jurisdictions around the world, we may be affected by numerous, and sometimes conflicting, legal and regulatory regimes, including: changes in tax rates and tax laws or their interpretation, including changes related to tax holidays or tax incentives; trade protection laws, policies and measures, and other regulatory requirements affecting trade and investment, including export controls and economic sanctions laws; unexpected changes in regulatory requirements; political conditions and events, including embargoes; different liability standards and legal systems that may be less developed and less predictable than those in the United States and the United Kingdom, restrictive actions by the United States, the United Kingdom, the European Union, and foreign governments that could limit our ability to provide services in specific countries; and potential noncompliance with a wide variety of laws and regulations. We must also manage social, political, labor, or economic conditions in a specific country or region; difficulties in staffing and managing local operations; difficulties with local or grassroots activism; difficulties in penetrating new markets because of established and entrenched competitors; uncertainties of obtaining data and creating products and services that are relevant to particular geographic markets; lack of recognition of our brands, products, or services; unavailability of local joint venture partners; restrictions or limitations on outsourcing contracts or services abroad; differing levels of data privacy and intellectual property protection in various