Item 1A. Risk Factors
Readers should carefully consider, in connection with other information disclosed in this Report, the risks and uncertainties described below. The following discussion sets forth risks that we believe are material to our stockholders and prospective stockholders. The occurrence of any of the following risks might cause our stockholders to lose all or a part of their investment in our Company. Some statements contained in this Report, including statements in the following risk factors section, constitute
Table of Contents
forward-looking statements. Please also refer to the section titled “Forward- Looking Statements and Risk Factor Summary” at the beginning of this Report.
Risks Related to Our Business
Our services to Banco Popular, our largest customer, account for a significant portion of our revenues, and we expect that our services to Popular will continue to represent a significant portion of our revenues for the foreseeable future. If Popular were to terminate or fail to make required payments under the A&R MSA, or our other material agreements with Popular, or if Popular were to significantly reduce the services it receives from us under such agreements, our revenues could be materially reduced and our profitability and cash flows could also be materially reduced, all of which would have a material adverse effect.
For the year ended December 31, 2025, approximately 29% of our revenue was attributable to Banco Popular, a wholly-owned subsidiary of Popular. The A&R MSA by and among Popular, Banco Popular de Puerto Rico and EVERTEC Group, is our most significant client contract, and was amended and restated to include a term ending in 2028. If Popular were to terminate or fail to make required payments under the A&R MSA, or our other material agreements with Popular, or if Popular were to significantly reduce the services it receives from us under such agreements, our revenues could be materially reduced and our profitability and cash flows could also be materially reduced, all of which would have a material adverse impact on our financial condition and results of operations.
If we are unable to maintain our merchant relationships and our alliance with Popular, our business may be materially adversely affected.
Growth in our merchant acquiring business is derived primarily from acquiring new merchant relationships, new and enhanced product and service offerings, cross selling products and services into existing relationships, the shift of consumer spending to increased usage of electronic forms of payment, and the strength of our existing commercial relationship with Banco Popular. A substantial portion of our business is generated from our Amended and Restated Independent Sales Organization Sponsorship and Services Agreement (the “A&R ISO Agreement”) with Banco Popular, which ends in 2035.
Banco Popular acts as a merchant referral source and provides sponsorship into the ATH, Visa, Discover and MasterCard networks for merchants, as well as card association sponsorship, clearing and settlement services. We provide transaction-processing and related functions. Both we and Popular, as alliance partners, may provide management, sales, marketing, and other administrative services to merchants. Although Banco Popular is not our sole distribution channel, it is the most significant. We rely on the continuing growth of our merchant relationships, which in turn is dependent upon our alliance with Banco Popular and other distribution channels. There can be no guarantee that this growth will continue and the loss or deterioration of these relationships, whether due to the termination or non-renewal of the A&R ISO Agreement or otherwise, could negatively impact our business and result in a material reduction of our revenue and income.
If we are unable to renew or negotiate extensions for our A&R MSA with Popular, A&R ISO Agreement with Banco Popular and A&R ATH Network Participation Agreement with Banco Popular (the “A&R BPPR ATH Agreement ” ), or if we are required to provide significant concessions to Popular or Banco Popular to secure extensions or otherwise, our ability to renegotiate our debt, secure additional debt, results of operations, financial condition and trading price of our common stock may be materially adversely affected.
We cannot be certain that we will be able to negotiate an extension to the A&R MSA upon its current expiration date, which is scheduled for 2028. Even if we can negotiate an extension of the A&R MSA, any new master services agreement may be materially different from the existing A&R MSA. Further, Popular may require significant concessions from us with respect to pricing, services, and other key terms, both in respect of the current term and any future extension of the A&R MSA. We regularly discuss with Popular the terms of the A&R MSA and the services we provide Popular thereunder and make modifications to such terms. Any such events may materially and negatively impact our financial condition, results of operations and trading price of our common stock, as well as potentially limit our ability to renegotiate our debt.
Our A&R ISO Agreement with Banco Popular, which sets our merchant acquiring relationship with Popular, includes revenue sharing provisions with Popular, as well as a split of merchant agreements in the event of termination or non-renewal. Banco Popular sponsors us as an independent sales organization with respect to certain payment card network and is required to exclusively refer to us any merchant that inquires about the service, requests or otherwise shows interest in merchant and other services. If the A&R ISO Agreement is not renewed or is terminated, we will have to seek other card association sponsors, we may have to assign to Banco Popular up to 50% our merchant contracts, we will not benefit from Banco Popular referral of
Table of Contents
merchants and we may experience the loss of additional merchants if Banco Popular itself enters the merchant acquiring business or agrees to sponsor another independent sales organization. Any of these events may negatively impact our financial condition and results of operations.
Under such agreements, among other things, we provide Banco Popular certain ATM and POS services in connection with our ATH network; we grant a license to use the ATH logo, word mark and associated trademarks; and Banco Popular agrees to support, promote, and market the ATH network and brand and to issue debit cards bearing the symbol of the ATH network. If one or both of the A&R BPPR ATH Agreements are not extended, our ATH brand and network could be negatively impacted, and our financial condition and results of operations also be materially adversely affected.
The A&R MSA, A&R ISO Agreement, and A&R BPPR ATH Agreement have terms ending in 2028, 2035, and 2030, respectively.
Our inability to renew or continue to maintain client contracts on favorable terms or at all may materially adversely affect our results of operations and financial condition.
Our contracts with private clients generally run for a period of one to six years, and usually contain automatic renewal periods. Our government contracts typically run for one year and do not include automatic renewal periods due to government procurement rules and related fiscal funding requirements. Our standard merchant contract has an initial term of up to three years, with automatic one-year renewal periods. If we are not successful in achieving high renewal rates and/or contract terms that are favorable to us, our results of operations and financial condition may be adversely affected.
We also depend on our payment processing clients to comply with their contractual obligations, applicable laws, regulatory requirements and payment card networks rules or standards. A client’s failure to comply with any such laws or requirements could force us to declare a breach of contract and terminate the client relationship. The termination of such contracts or relationships, as well as any inability to collect any damages caused, could have a material adverse effect on our business, financial condition, and results of operations. Additionally, any such failure by clients to comply could also result in fines, penalties or obligations imputed to EVERTEC, which could also have a material adverse effect on our business.
We rely on our information technology systems, employees and certain suppliers and counterparties, and certain failures or disruptions in those systems or chains could materially adversely affect our operations.
We rely on computer systems, hardware, software, technology infrastructure, and online sites for both internal and external operations that are critical to our business (collectively, "IT Systems"). For example, we use our IT Systems to connect with our clients, business partners, people, and others. We own and manage some of these IT Systems, but also rely on third parties for a range of IT Systems and related products and services, including but not limited to cloud computing services. We and certain of our third-party providers also collect, store, transfer, process, and use business, personal, and financial data about our own business, clients, employees, business partners, and others, including information about individuals and proprietary information belonging to our business such as trade secrets.
We face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity, and availability of our IT Systems and data. These cybersecurity risks may arise from diverse threat actors, such as state-sponsored organizations and opportunistic hackers and hacktivists, as well as through diverse attack vectors, such as social engineering/phishing, malware (including ransomware), malfeasance by insiders, human or technological error, and as a result of malicious code embedded in open-source software, or misconfigurations, "bugs" or other vulnerabilities in commercial software that is integrated into our (or our suppliers' or service providers') IT Systems, products or services. Additionally, hardware, applications, or services that we develop or procure from third parties may contain defects in design or manufacture or other problems that could compromise the confidentiality, integrity, or availability of our data or IT Systems. Given the nature of complex systems, software and services like ours and the scanning tools that we deploy, we regularly identify and track security . We are to comprehensively apply patches or mitigating measures for all at all times or guarantee that patches will be applied before can be by a actor.
Cybersecurity threats and attacks, including computer viruses, malware, hacking, ransomware or other destructive or disruptive software, are constantly evolving and pose a risk to our IT Systems and data. Cybersecurity attacks are expected to accelerate on a global basis in frequency and magnitude as threat actors are becoming increasingly sophisticated in using techniques and tools - including artificial intelligence - that circumvent security controls, evade detection, and remove forensic evidence. As a
Table of Contents
result, we may be unable to detect, investigate, remediate, or recover from future attacks or incidents, or to avoid a material adverse impact to our IT Systems, data, or business.
There can also be no assurance that our cybersecurity risk management program and processes, including our policies, controls, or procedures, will be fully implemented, complied with, or effective in protecting our IT Systems and data, and our systems and processes may be unable to prevent material security breaches. Security breaches, improper use of our systems, and unauthorized access to our data and information by employees and others pose a risk that data may be exposed to unauthorized persons or to the public. Such occurrences could adversely affect our business, results of operations, financial position, and reputation, and could result in litigation (including class actions) or regulatory investigations or enforcement actions.
We make extensive use of third-party service providers, including providers that store, transmit and process data. These third-party service providers are also subject to malicious attacks and cybersecurity threats that could adversely affect our business, results of operations, financial condition, and reputation. In addition, because our services are connected to or integrated with some of our customers’ systems, the circumvention or failure of our cybersecurity defenses or measures could compromise the confidentiality, integrity, and availability of our customers’ own IT Systems and sensitive information.
Many of our services are based on sophisticated software, technology, computing systems, and other IT Systems, and we may encounter delays when developing new technology solutions and services. We and our third-party providers regularly experience cyberattacks and other incidents, and we expect such attacks and incidents to continue in varying degrees. In particular, we have experienced actual and attempted cyber-attacks of our IT Systems, such as through phishing scams, ransomware, exploitation of vulnerabilities in our IT Systems, and other methods of attack. Even though some of these attacks have been successful, none of these actual or attempted cyber-attacks has had a material adverse impact on our operations or financial condition but we cannot guarantee that material incidents will not occur in the future.
Our businesses are dependent on our ability to reliably process, record and monitor a large number of transactions. We settle funds on behalf of financial institutions, other businesses and consumers and process funds transactions from clients, card issuers, payment networks and consumers on a daily basis for a variety of transaction types. Transactions facilitated by us include debit card, credit card, electronic bill payment transactions, ACH payments, electronic benefits transfer (“EBT”) transactions and check clearing that supports consumers, financial institutions, and other businesses. These payment activities rely upon technology infrastructure that facilitates the verification of activity with counterparties, the facilitation of the payment and, in some cases, the detection or prevention of fraudulent payments. If any of our financial, accounting, or other data processing systems or applications or other IT Systems fail or experience other significant shortcomings, our ability to serve our clients and accordingly our results of operations could be materially adversely affected. Such failures or shortcomings could be the result of events that are beyond our control, which may include, for example, computer viruses, fires, electrical or telecommunications outages, natural disasters, future disease pandemics or other public health , terrorist acts, political , or other to property or physical assets. Certain of these events may become more frequent or intense as a result of climate change or other environmental or social pressures. Any such shortcoming could also our reputation, require us to expend significant resources to correct the , and may result in liability to third parties, especially since some of our contractual agreements with financial institutions require the crediting of certain fees if our systems do not meet certain specified service levels.
There is also a risk that we may lose critical data or experience IT System failures. We perform the vast majority of disaster recovery operations ourselves, though we utilize select third parties for some aspects of recovery. To the extent we outsource our disaster recovery, we are at risk of the vendor’s unresponsiveness in the event of breakdowns in our IT Systems. Our property, business interruption, and cybersecurity insurance may not be adequate to compensate us for all losses or failures that may occur.
We are similarly dependent on our employees to maintain our IT Systems. Our operations could be materially adversely affected if one or more employees cause a significant operational breakdown or failure, either intentionally or as a result of human error. Suppliers and third parties with which we do business could also be sources of operational risk to us, including relating to breakdowns or failures of such parties’ own systems or employees. Any of these occurrences could diminish our ability to operate one or more of our businesses, or result in potential liability to clients, reputational damage and regulatory intervention or fines, any of which could materially adversely affect our financial condition or results of operations.
We are subject to security breaches or other confidential data theft from our systems, which can adversely affect our reputation and business.
Table of Contents
As part of our business, we electronically receive, process, store and transmit a wide range of confidential information, including sensitive customer information and personal consumer data, such as names and addresses, social security numbers, driver’s license numbers, cardholder data and payment history records, as well as proprietary information belonging to our business or to our business partners (collectively, "Confidential Information"). We also operate payment, cash access and electronic card systems. Attacks on IT Systems continue to grow in frequency, complexity and sophistication, a trend we expect will continue. The objectives of these attacks include, among other things, gaining unauthorized access to systems to facilitate financial fraud, disrupt operations, cause denial of service events, corrupt data, and steal non-public information. Such attacks have become a point of focus for individuals, businesses, and governmental entities.
Unauthorized access to our or third-party IT Systems could result in the theft or publication, the deletion or modification or other compromise to the confidentiality, integrity or availability of Confidential Information and could disrupt successful operations of our businesses. These risks increase when we transmit information over the Internet as our visibility in the global payments industry attracts hackers to conduct attacks on our systems. Our security measures may also be breached due to the mishandling or misuse of Confidential Information; for example, if such information were erroneously provided to parties who are not permitted to have the information, either by employees acting contrary to our policies or as a result of a fault in our systems. For instance, in August 2025, Sinqia identified unauthorized activity in its environment of the Brazilian Central Bank (“BCB”) real-time payment system known as Pix. In response, Sinqia promptly transaction processing, engaged external cybersecurity forensic experts, and notified relevant authorities and affected customers. Approximately R$710 million in transactions affected two Sinqia customers. Within days of the , the two affected Sinqia customers confirmed they had recovered significant portions of such transaction amounts. We determined that the did not have a material impact on our operations or financial condition.
Actual or perceived vulnerabilities or data breaches may lead to claims against us, which may require us to spend significant additional resources to remediate by addressing problems caused by breaches and further protect against security or privacy breaches. Additionally, while we maintain insurance policies specifically for cyber-attacks, our current insurance policies may not be adequate to reimburse us for losses caused by security breaches, and we may not be able to collect fully, if at all, under these insurance policies. A significant security breach, such as loss of credit card numbers or other Confidential Information, could have a material adverse effect on our reputation, expose us to significant liability and result in a of customers. Some of our IT Systems have experienced in the past and may experience in the future security and, although they did not have a material effect on our results of operations or reputation, there can be no assurance of a similar result in the future. We cannot you that our security measures will prevent security or that to prevent them will not have a material effect on our business, results of operations, financial condition, and reputation. Any of network or data security at our customers, partners or vendors could have similar effects.
Our ability to recruit, retain and develop qualified personnel is critical to our success and growth.
All our businesses require a wide range of expertise and intellectual capital to adapt to the rapidly changing technological, social, economic and regulatory environments. In order to successfully compete and grow, we must recruit, retain and develop personnel who can provide the necessary expertise across a broad spectrum of intellectual capital needs. In addition, we must develop, maintain and, as necessary, implement appropriate succession plans to assure we have the necessary human resources capable of maintaining continuity in our business and the businesses we acquire. The market for qualified personnel is competitive and we may not succeed in recruiting additional personnel or may fail to effectively replace current personnel who depart with qualified or effective successors. In addition, from time to time, there may be changes in our management team that may be disruptive to our business. If our management team, including new hires that we make, fails to work together effectively and to execute our plans and strategies on a timely basis, our business could be harmed. Our effort to retain and develop personnel may also result in significant additional expenses, which could affect our . We cannot that key personnel, including our executive officers, will continue to be employed or that we will be to attract and retain qualified personnel in the future. to recruit, retain or develop qualified personnel could affect our business, financial condition or results of operations.
Failure to comply with federal, state and foreign laws and regulations relating to data privacy and security, or the expansion of current, or the enactment of new, laws or regulations relating to data privacy and security, could adversely affect our business, financial condition and operating results.
While we are not a direct-to-consumer business, we do collect, process, store, use and share personal data of our employees and business partners, which is governed by a variety of U.S. federal and state and foreign laws and regulations. Laws and regulations relating to data privacy and security are complex and rapidly evolving and subject to potentially differing interpretations. These requirements may be interpreted and applied in a manner that is inconsistent from one jurisdiction to another or may conflict with other rules or our practices. As we seek to expand our business, we are, and may increasingly
Table of Contents
become, subject to various laws, regulations, standards, and contractual obligations relating to data privacy and security in the jurisdictions in which we operate.
Most states and countries where we conduct our business have adopted privacy and security laws that may apply to our business. These laws generally require companies to implement specific privacy and information security controls and legal protections to protect certain types of personal information and to collect or use it subject to disclosures. Additional compliance investment and potential business process changes may continue to be required as these laws and others go into effect. Further, in order to comply with the varying state laws around data breaches, we must maintain adequate security measures, which require significant investments in resources and ongoing attention. Additionally, our customers and business partners are imposing more stringent obligations on us in the form of contracts regarding privacy and information security. Laws, rules and regulations relating to privacy and data security are, in some cases, relatively new and the interpretation and application of these laws are uncertain.
Despite our efforts, our practices may not comply, now or in the future, with all such laws, regulations, requirements, and obligations. Any failure, or perceived failure, by us to comply with our posted privacy and security-related policies or with any current or future federal or state data privacy or security-related laws, regulations, regulatory guidance, orders, or other legal obligations relating to privacy or security could adversely affect our reputation, brand and business, and may result in claims, proceedings, or actions against us by governmental entities, expose us to liabilities, or require us to change our operations and/or cease using certain data sets, and may otherwise adversely affect our financial condition and operating results. We have historically been and may continue in the future to be contractually required to indemnify and hold harmless third parties from the costs or consequences of non-compliance with any laws, regulations, or other legal obligations relating to privacy or security or any inadvertent or use or disclosure of data that we store or handle as part of operating our business, which could result in a material effect on our business.
Fraud by merchants or others could adversely affect our business, financial condition or results of operations.
Under certain circumstances, we may be liable for certain fraudulent transactions and/or credits initiated by merchants or others. For instance, if we were to process payments for a merchant that engaged in unfair or deceptive trade practices, we may be subject to certain fines or penalties. Examples of merchant fraud include merchants or other parties knowingly using a stolen or counterfeit credit, debit or prepaid card, card number, or other credentials to record a false sales or credit transaction, processing an invalid card, selling goods or services that are considered forbidden by the payment card networks, or intentionally failing to deliver the merchandise or services sold in an otherwise valid transaction. Criminals and other misfeasors are using increasingly sophisticated methods to engage in and/or activities such as and . A single significant of , or increases in the overall level of , involving our services, could result in reputational to us, which could reduce the use and acceptance of our solutions and services or lead to regulation that would increase our compliance costs. to effectively manage risk and prevent could increase our chargeback liability or cause us to incur other liabilities, and our insurance coverage may be or to compensate us. It is possible that of could increase in the future. Increases in chargebacks or other liabilities could affect our business, financial condition or results of operations.
We are subject to the credit risk that our merchants will be unable to satisfy obligations for which we may also be liable.
We are subject to the credit risk of our merchants being unable to satisfy obligations for which we also may be liable. For example, as the merchant acquirer, we are contingently liable for transactions originally acquired by us that are disputed by the cardholder and charged back to the merchants. For certain merchants, if we are unable to collect amounts paid to cardholders in the form of refunds or chargebacks from the merchant, we bear the loss for those amounts. A default on payment obligations by one or more of our merchants could have a material adverse effect on our business.
Our ability to adopt technology to changing industry and customer needs or trends may affect our competitiveness or demand for our products, which may adversely affect our results of operations.
Changes in technology may limit the competitiveness of and demand for our services. Our businesses operate in industries that are subject to technological advancements, developing industry standards and changing customer needs and preferences. Our business strategy may not effectively respond to these changes, and we may fail to recognize and position ourselves to capitalize upon market opportunities. Also, our customers continue to adopt new technology for business and personal uses. We must anticipate and respond to these industry and customer changes in order to remain competitive within our relative markets. Doing so has historically required and will continue to require significant investment of resources in anticipating and adapting to such changes in technology. Our inability to respond to new competitors and technological advancements could impact all of
Table of Contents
our businesses. For example, the inability to adopt technological advancements surrounding POS technology otherwise generally available to merchants could have a material and adverse impact on our merchant acquiring business.
Our use of artificial intelligence and machine learning tools may subject us to additional risks and may adversely impact our reputation and the performance of our products, service offerings and business.
We currently use machine learning, artificial intelligence (“AI”), and automated decision-making technologies, including proprietary AI and machine learning algorithms throughout our business, and are making significant investments to continuously improve our use of such technologies. Our research and development of such technology remains ongoing, and AI presents numerous risks and challenges that could adversely affect our business. If we fail to keep pace with rapidly evolving AI technological developments, especially in the financial technology sector, our competitive position and business results may suffer.
AI and machine-learning models require training on datasets prior to production use, and in some instances, AI algorithms or training methodologies may be flawed. Datasets may be overbroad, insufficient, or contain biased information. Training on incomplete, inadequate, inaccurate, biased or otherwise poor quality data may result in models failing to provide acceptable results. Content generated by AI systems also may be offensive, illegal, or otherwise harmful. Further, such content may appear correct but is factually inaccurate, misleading or otherwise flawed, or that results in unintended biases and discriminatory outcomes, which could negatively impact our users, harm our reputation and business, and us to liability. or AI development or deployment practices by us or others could result in that the acceptance of AI solutions or cause to individuals, users, or society, or result in our products and services not working as intended. Human review of certain outputs may be required. Our implementation of AI systems could result in legal liability, regulatory action, brand, reputational, or competitive , or other impacts that could affect our business, financial condition, cash flows and results of operations.
In addition, certain AI and machine-learning models that we utilize may incorporate data and inputs from third-party sources. If third parties allege that our AI and machine learning models violate copyright law, or that our use of training data violates applicable law or the rights of a third party, we may be subject to legal liability or we may be forced to retrain our models or different datasets, which could result in unexpected costs, and adversely affect the availability of our offerings, their reliability, or otherwise make them less useful for their intended uses.
The regulatory framework governing the use of AI and machine learning technology is rapidly evolving, and we cannot predict how future legislation and regulation will impact our ability to offer products or services that we develop which leverage artificial intelligence and machine learning technology.
Our business relies on machine learning, AI, and automated decision-making technologies. The regulatory framework for AI and machine learning technology is rapidly evolving, and many federal, state, and foreign governments have introduced or are currently considering new laws and regulations relating to such technology. As a result, implementation standards and enforcement practices are also likely to remain uncertain for the foreseeable future, and we cannot determine the impact future laws, regulations, or standards may have on our business, or how best to respond to them in future.
Any failure or perceived failure by us to comply with AI technology-related laws, rules, and regulations could result in proceedings or actions against us by individuals, consumer rights groups, government agencies, or others. We could incur significant costs in investigating and defending such claims and, if found liable, pay significant damages or fines or be required to make changes to our business. Further, these proceedings and any subsequent adverse outcomes may subject us to significant negative publicity, and an erosion of trust. Moreover, it is possible that new laws and regulations will be adopted in the United States and in other non-U.S. jurisdictions, or that existing laws and regulations, including competition and antitrust laws, may be interpreted in ways that would limit our ability to use AI and machine learning technologies for our business, or require us to change the way we use AI and machine learning technologies in a manner that affects our businesses. If any of these events were to occur, our business, financial condition, cash flows and results of operations could be materially affected.
There may be a decline in the use of cards as a payment mechanism for consumers or adverse developments with respect to the card industry in general.
If the number of electronic and digital payment transactions of the type we process does not continue to grow, if there are other, more attractive emerging means of payments or if businesses or consumers discontinue adopting our services, it could have a material adverse effect on the profitability of our business, financial position, and results of operations. We believe future
Table of Contents
growth in the use of credit, debit and other electronic and digital payments will be driven by the cost, ease-to-use, availability, and quality of products and services offered to customers and businesses. So that we may consistently increase and maintain our profitability, businesses and consumers must continue to use electronic and digital payment methods that we process, including credit and debit cards. Consumer preference has accelerated the shift away from cash and paper payment methods, with increased demand for omni-channel payment services that facilitate cashless and contactless transactions. If consumers and businesses discontinue the use of credit, debit or prepaid cards as a payment mechanism for their transactions or if there is a change in the mix of payments between cash, alternative currencies and technologies, it could have a material adverse effect on our business, results of operations and financial condition.
Changes in payment card network or other network rules, standards or mandates could adversely affect our business.
In order to provide our transaction-processing services, several of our subsidiaries are registered with or certified by Visa, Mastercard, American Express, Discover and other payment networks as members or as third-party providers for member institutions. As such, we and many of our customers are subject to payment card network rules that subject us or our customers to a variety of fines or penalties levied by the networks for certain acts or omissions by us, acquirer customers, processing customers and merchants. Visa, Discover, MasterCard and other networks, some of which are our competitors, set the standards with which we must comply. The termination of Banco Popular’s or our subsidiaries’ member registration or our subsidiaries’ status as a registered and certified third party service provider, or any changes in payment network rules, standards or mandates, including interpretation and implementation of the rules, standards or mandates, that increase the cost of doing business or limit our ability to provide transaction-processing services to or through our customers, could have an adverse effect on our business, results of operations and financial condition.
Additionally, we are subject to the Payment Card Industry’s Data Security Standards (“PCI DSS”), promulgated by the Payment Card Industry Security Standards Council. The PCI DSS contains compliance requirements regarding our security surrounding the physical and electronic storage, processing, and transmission of cardholder data. If we or our service providers are unable to comply with the security standards required by PCI DSS, we may be subject to fines, restrictions, and expulsion from card acceptance programs, which would materially and adversely affect our business. Additionally, costs and potential problems and interruptions associated with the implementation of new or upgraded IT Systems such as those necessary to maintain compliance with the PCI DSS or with maintenance or adequate support of existing systems could also disrupt or reduce the efficiency of our operations. Any material interruptions or failures in our payment related systems could have a material adverse effect on our business, financial condition and results of operations.
Changes in interchange fees charged by payment card networks could increase our costs or otherwise materially adversely affect our business.
From time to time, payment card networks change interchange, processing, and other fees, which could impact our merchant acquiring and payment services businesses. Competitive pressures could result in our merchant acquiring and payment services businesses absorbing a portion of such increases in the future, which would increase our operating costs, reduce our profit margin, and adversely affect our business, results of operations and financial condition. There is currently proposed federal (and state) legislation that, if implemented, may impact credit card interchange and, as a result, impact our business.
We are subject to extensive government regulation and oversight. Failure to comply with existing and future rules and regulations in the jurisdictions in which we operate could materially adversely affect the operations of one or more of our businesses in those jurisdictions.
Our business is subject to the laws, rules, regulations, and policies in the jurisdictions in which we operate, as well as the legal interpretation of such regulations by administrative bodies and the judiciary of those jurisdictions. The expansion of our business may also result in increased regulatory oversight and enforcement, as well as any claims by regulatory agencies and courts that we are required to obtain licenses to engage in certain business activity.
Enforcement of, failure, or perceived failure to comply with laws, rules, regulations, policies, or licensing requirements could result in criminal or civil lawsuits, penalties, fines, regulatory investigations, forfeiture of significant assets, an outright or partial restriction on our operations, enforcement in one or more jurisdictions, additional compliance and licensure requirements, reputational damage and force us to change the way we or our users do business. Any changes in our or our users’ business methods could increase cost or reduce revenue.
Table of Contents
The laws, rules, regulations, and policies in the markets in which we operate include, but are not limited to, privacy and user data protection, banking, money transmission, antitrust, anti-money laundering and the export, re-export, and re-transfer abroad of covered items. In addition, our operations in most of the countries where we operate are subject to risks related to compliance with the U.S. Foreign Corrupt Practices Act and other applicable U.S. and other local laws prohibiting corrupt payments to government officials and other third parties.
Privacy and Data Protection
Our business relies on the processing of data in multiple jurisdictions and the movement of data across national borders. Legal requirements relating to the collection, storage, handling, use, disclosure, transfer, and security of personal data continues to evolve, and regulatory scrutiny in this area is increasing around the world. Significant uncertainty exists as privacy and data protection laws may differ from country to country and may create inconsistent or conflicting requirements. Our ongoing efforts to comply with privacy, cybersecurity, and data protection laws may entail expenses, may divert resources from other initiatives and projects, and could limit the service we are able to offer. Enforcement actions and investigations by regulatory authorities related to data security incidents and privacy actions or investigations could damage our reputation and impact us through increased costs or restrictions on our business, and noncompliance could result in regulatory penalties and significant legal liability.
Although we make reasonable efforts to comply with all applicable data protection laws and regulations, our interpretations and efforts may have been or may prove to be insufficient or incorrect. We also make public statements about our use and disclosure of personal information through our privacy policy, information provided on our website and other public statements. Although we endeavor to ensure that our public statements are complete, accurate and fully implemented, we may at times fail to do so or be alleged to have failed to do so. We may be subject to potential regulatory or other legal action if such policies or statements are found to be deceptive, unfair or misrepresentative of our actual practices. In addition, from time to time, concerns may be expressed about whether our products and services compromise the privacy of our customers and others. Any concerns about our data privacy and security practices (even if unfounded), or any failure, real or perceived, by us to comply with our posted privacy policies or with any legal or regulatory requirements, standards, certifications or orders or other privacy or consumer protection-related laws and regulations applicable to us, could cause our customers, riders and users to reduce their use of our products and services.
Banking
In general, financial institution regulators require their supervised institutions to cause their service providers to agree to certain terms and to agree to supervision and oversight by applicable financial regulators, primarily to protect the safety and soundness of the financial institution. We have agreed to such terms and provisions in many of our service agreements with financial institutions.
We and our customers are also generally subject to U.S. federal, Puerto Rico and other countries’ laws, rules and regulations that affect the electronic payments industry, including with respect to activities in the countries where we operate and due to our relationship with customers that are subject to banking and financial regulation, including Popular.
Regulation of the electronic payment card industry has increased significantly in recent years. There is also continued scrutiny by the U.S. Congress of the manner in which payment card networks and card issuers set various fees. Banking regulators have been strengthening their examination guidelines with respect to relationships between banks and their third-party service providers, such as us. Any such heightened supervision of our relationship with our banking and financial services customers, including Popular, could have an effect on our contractual relationship with our customers as well as on the standards applied in the evaluation of our services. See “Part I, Item 1. Business—Government Regulation and Payment Network Rules—Regulatory Reform and Other Legislative Initiatives.”
Export
We are also subject to the Export Administration Regulations (“EAR”), which regulates the export, re-export and re-transfer abroad of covered items made or originating in the United States as well as the transfer of covered U.S.-origin technology abroad. There can be no assurance that we have not violated the EAR in past transactions or that our new policies and procedures will prevent us from violating the EAR in every transaction in which we engage. Any such violations of the EAR could result in fines, penalties or other sanctions being imposed on us, which could negatively affect our business, results of operations and financial condition.
Table of Contents
We and our subsidiaries conduct business with financial institutions and/or card payment networks operating in countries whose nationals, including some of our customers, engage in transactions in countries that are the target of U.S. economic sanctions and embargoes, including Cuba. As a U.S.-based entity, we and our subsidiaries are obligated to comply with the economic sanctions regulations administered by OFAC. These regulations prohibit U.S.-based entities from entering into or facilitating unlicensed transactions with, for the benefit of, or in some cases involving the property and property interests of, persons, governments, or countries designated by the U.S. government under one or more sanctions regimes. Various state and municipal governments, universities and other investors maintain prohibitions or restrictions on investments in companies that do business involving sanctioned countries or entities.
Because we process transactions on behalf of financial institutions through the payment networks, we have processed a limited number of transactions potentially involving sanctioned countries and there can be no assurances that, in the future, we will not inadvertently process such transactions. Due to a variety of factors, including technical failures and limitations of our transaction screening process, conflicts between U.S. and local laws, political or other concerns in certain countries in which we and our subsidiaries operate, and/or failures in our ability to effectively control employees operating in certain non-U.S. subsidiaries, we have not rejected every transaction originating from or otherwise involving sanctioned countries, or persons and there can be no assurances that, in the future, we will not inadvertently fail to reject such transactions.
Antitrust
Due to our ownership of the ATH network and our merchant acquiring and payment services business in Puerto Rico, we are involved in a significant percentage of the debit and credit card transactions conducted in Puerto Rico each day. We have in the past been subject to regulatory investigations and any future regulatory scrutiny of, or regulatory enforcement action in connection with, compliance with U.S. state and federal antitrust requirements could potentially have a material adverse effect on our reputation and business. In addition, we are subject to applicable antitrust requirements in each of the countries in which we operate. All of these laws and requirements may affect potential acquisitions in the relevant jurisdictions.
Puerto Rico ’ s fiscal crisis could have a material adverse effect on our business and the trading price of our common stock.
For the years ended December 31, 2025 and 2024, approximately 61% and 64%, respectively, of our total revenues were generated from our operations in Puerto Rico. Some revenues that are generated from our operations outside Puerto Rico are dependent upon our operations in Puerto Rico. As a result, our financial condition and results of operations are highly dependent on the economic and political conditions in Puerto Rico, and could be significantly impacted by adverse economic or political developments in Puerto Rico, including adverse effects on the trading price of our common stock, our customer base, general consumer spending and the timeliness of the government’s payments, thus increasing our government accounts receivable, and potentially impairing the collectability of those accounts receivable. As of December 31, 2025, we had net receivables of $14.3 million from the Government and certain public corporations.
Puerto Rico’s economy, including the ongoing financial crisis and the effects of potential natural disasters, including weather events connected to climate change, or future disease pandemics or other public health crises, could have a prolonged negative impact on the countries and markets in which we operate and, as a result, could have a material adverse effect on our business and results of operations.
Puerto Rico’s location in the Caribbean exposes the island to increased risk of hurricanes and other severe tropical weather conditions and natural disasters. Hurricanes and other natural disasters including earthquakes and wildfires, and their potential aftermaths, such as widespread power outages in Puerto Rico, damage to infrastructure and communications networks, and the temporary cessation and slow pace of reestablishment of regular day-to-day commerce, may severely impact the economies of Puerto Rico and the Caribbean more generally. These events have accelerated and could continue to accelerate the ongoing emigration trend of Puerto Rico residents to the United States. Prolonged delays in the repairs to the island’s infrastructures, decline in business volumes, insufficient federal recovery and rebuilding assistance and any other economic due to natural and their may impact the demand for our services and could have a material effect on our business and results of operations. Additionally, future pandemics or any other public health may materially affect our business, results of operations and financial condition. economic uncertainties could limit our ability to grow our business and affect our operating results. Moreover, the global electronic payments industry and the banking and financial services industries depend heavily upon the overall levels of consumer, business and government spending. economic conditions could result in a decrease in consumers' use of banking services and financial service providers resulting in significant decreases in the demand for our products and services which could affect our business and operating results.
Table of Contents
As a result of Puerto Rico’s high cost of electricity and governmental financial crisis, businesses may be reluctant to establish or expand their operations in Puerto Rico and the Caribbean, or might consider closing operations currently in such locations. If companies in the financial services and related industries decide not to commence new operations or not to expand their existing operations in Puerto Rico, or consider closing operations in Puerto Rico, the demand for our services could be negatively affected.
We are exposed to risks associated with our presence in international markets, including global political, social and economic instability.
Our financial performance and results of operations may be adversely affected by general economic, political, and social conditions and uncertainty in the international markets in which we operate. Many countries in Latin America have suffered significant political, social and economic crises in the past and these events may occur again in the future. Instability in Latin America has been caused by many different factors, including (i) exposure to foreign exchange variation, (ii) significant governmental influence over local economies; (iii) substantial fluctuations in economic growth; (iv) instability in the banking sector and high inflation levels or domestic interest rates; (v) wage, price or exchange controls, or restrictions on expatriation of earnings; (vi) changes in governmental economic or tax policies or unexpected changes in regulation which may restrict the movement of funds or results in the deprivation of contract or property rights; (vii) imposition of trade barriers; (viii) terrorist attacks and other acts of violence or war; (ix) high unemployment; and (x) overall political, social, and economic . Any of these events in the markets in which we operate could result in a material impact on our customers and our business. Further, changes in laws or policies governing the terms of foreign trade, and in particular increased trade restrictions, tariffs or taxes on imports or exports from or to countries where the Company operates, may affect the Company’s business.
Failure to protect our intellectual property rights and defend ourselves from potential intellectual property infringement claims may diminish our competitive advantages or restrict us from delivering our services, which could result in a material and adverse impact on our business operations.
Our trademarks, proprietary software, and other intellectual property, including technology/software licenses, are important to our future success. Limitations or restrictions on our ability to use such marks or a diminution in the perceived quality associated therewith could have an adverse impact on the growth of our businesses. It is possible that others will independently develop the same or similar software or technology, which would permit them to compete with us more efficiently.
Unauthorized parties may attempt to copy or misappropriate certain aspects of our services, infringe upon our rights, or to obtain and use information that we regard as proprietary. Policing such unauthorized use of our proprietary rights is often very difficult and, therefore, we are unable to guarantee that the steps we have taken will prevent misappropriation of our proprietary software/technology or that the agreements entered into for that purpose will be effective or enforceable in all instances. Misappropriation of our intellectual property or potential litigation concerning such matters could have a material adverse effect on our results of operations or financial condition. Our registrations and/or applications for trademarks, copyrights, and patents could be challenged, invalidated, or by others and may not be of sufficient scope or to provide us with maximum protection or meaningful . The laws of certain foreign countries in which we do business or contemplate doing business in the future may not protect intellectual property rights to the same extent as do the laws of the United States or Puerto Rico. determinations in judicial or administrative proceedings related to intellectual property or licenses could prevent us from selling our services and products or prevent us from others from selling competing services, impose liability costs on us, or result in a non- settlement, all of which could result in a material effect on our business, financial condition and results of operations.
Assertions by third parties of infringement or other violations by us of their intellectual property rights, whether or not correct, could result in significant costs and harm our business and operating results.
Third parties have and may in the future assert claims of infringement, misappropriation or other violations of intellectual property rights against us. They may also assert such claims against our customers or reseller partners, whom we typically indemnify against claims that our products and services infringe, misappropriate, or otherwise violate the intellectual property rights of third parties. If we were found to be infringing a third party’s rights and are unable to provide a sufficient workaround, we may need to negotiate with holders of those rights to obtain a license to those rights or otherwise settle any infringement claim as a party that makes a claim of us may obtain an us from shipping products containing the technology. As the number of products and competitors in our market increase and overlaps occur, of , and other of intellectual property rights may increase. Any claim of , or other of intellectual property rights by a third party, even those without merit, could cause us to incur substantial costs the claim and could our management from our business.
Table of Contents
We incorporate technology and components from third parties into our products, and our inability to obtain or maintain rights to such technology could harm our business.
We incorporate technology and software from third parties into our products. We cannot be certain that our vendors and licensors are not infringing the intellectual property rights of third parties or that the vendors and licensors have sufficient rights to the software and technology in all jurisdictions in which it may sell our products. If we are unable to obtain or maintain rights to any of this software or technology because of intellectual property infringement claims brought by third parties against our vendors and licensors or against us, or if we are unable to continue to obtain such software and technology or enter into new agreements on commercially reasonable terms, our ability to develop and sell products, subscriptions and services containing such software and technology could be severely limited, and our business could be harmed. Further, disputes with vendors and licensors over uses or terms could result in the payment of additional royalties or by us, or non-renewal of the underlying license or . Any such event could have a material and impact on our business, financial condition, and results of operation. Additionally, if we are to obtain necessary software or technology from third parties, we may be to acquire or develop alternative software and technology, which may require significant time, cost and effort and may be of lower quality or performance standards. This would limit or our ability to offer new or competitive products and increase our costs. If alternative software or technology cannot be obtained or developed, we may not be to offer certain functionality as part of our products, subscriptions and services. As a result, our margins, market share and results of operations could be significantly .
Our use of "open source" software could subject our proprietary software to general release, negatively affect our ability to offer our products and subject us to possible litigation.
We have used “open source” software (“OSS”) in connection with the development and deployment of some of our software products, and we expect to continue to use OSS in the future. Certain OSS licenses may give rise to requirements to disclose or license our proprietary source code or make available any derivative works or modifications of the OSS on unfavorable terms or at no cost, and we may be subject to such terms if we combine, link or otherwise integrate our proprietary software with OSS in certain ways. The terms of many OSS licenses to which we are subject have not been interpreted by U.S. or foreign courts, and there is a risk that OSS licenses could be construed in a manner that imposes unanticipated conditions or restrictions on our ability to provide or distribute our products or services.
If we were found to be non-compliant with any OSS license terms, third parties could claim ownership of, or demand release of, the OSS or derivative works that we developed using such software, which could include our proprietary source code, or could otherwise seek to enforce the terms of the applicable OSS license, which could subject us to certain requirements, including requirements that we offer our software that incorporates or links to the OSS at a reduced cost or for free, or that we make available the proprietary source code for such software, which we consider to be a trade secret, to the general public. Any such claim could result in costly litigation and could require us to make our software source code freely available, purchase a costly license or cease offering the implicated products or services unless and until we can re-engineer them to avoid infringement, which may be a costly and time-consuming process. In any such event, we could be required to seek licenses from third parties and pay royalties in order to continue using the OSS necessary to operate our business or we could be required to discontinue use of our services and other software in the event re-engineering cannot be on a timely basis. Any of the foregoing could require us to devote additional research and development resources to re-engineer our services, could result in user , could allow our competitors to create similar platforms with lower development effort and time and may affect our business, financial condition, cash flows and results of operations. Moreover, any actual or claimed requirement to our proprietary source code or pay for of contract could our business and could help third parties, including our competitors, develop products and services that are similar to or than ours.
While we monitor our use of OSS and try to ensure that none is used in a manner that would require us to disclose our proprietary source code or that would otherwise breach the terms of an open source agreement, we cannot guarantee that we will be successful, that all OSS is reviewed prior to use in our products, that our developers have not incorporated OSS into our products that we are unaware of or that they will not do so in the future.
In addition to risks related to license requirements, use of certain OSS carries greater technical and legal risks than does the use of third-party commercial software. To the extent that our products depend upon the successful operation of OSS, any undetected errors or defects in OSS that we use could prevent the deployment or impair the functionality of our systems and injure our reputation. In addition, the public availability of such software may make it easier for others to compromise our products. Any of the foregoing risks could materially and adversely affect our business, financial condition, and results of operations.
Table of Contents
Confidentiality arrangements with employees and others may not adequately prevent disclosure of trade secrets and other proprietary information.
We have devoted substantial resources to the development of our technology, business operations and business plans. In order to protect our trade secrets and proprietary information, we rely in significant part on confidentiality arrangements with our employees, licensees, independent contractors, advisors, suppliers, reseller partners, and customers. Despite these efforts, these arrangements may not be effective to prevent disclosure of confidential information, including trade secrets, and may not provide an adequate remedy in the event of unauthorized disclosure of confidential information. Unauthorized parties may also attempt to copy or reverse engineer certain aspects of our technologies that we consider proprietary. In addition, if others independently develop equivalent knowledge, methods, and know-how, we would not be able to assert trade secret rights against such parties. Monitoring unauthorized uses and disclosures is difficult, and we do not know whether the steps we have taken to protect our proprietary information will be effective.
EVERTEC Group has a preferential tax exemption grant from the Government of Puerto Rico. If EVERTEC fails to renew or extend such grant or fails to comply with its terms, we could have a material adverse effect on our financial condition, results of operations and our stock price.
EVERTEC Group has a tax exemption grant under the Tax Incentive Act No. 73 of 2008 from the Government of Puerto Rico. Under this grant, EVERTEC Group will benefit from a preferential income tax rate of 4% on industrial development income, as well as from tax exemptions with respect to its municipal and property tax obligations for certain activities derived from its data processing operations in Puerto Rico. The grant has a term of 15 years effective as of January 1, 2012 with respect to income tax obligations and July 1, 2013 and January 1, 2013 with respect to municipal and property tax obligations, respectively. More than 90% of our Puerto Rico taxable income benefits from the preferential tax rates under the grant.
The grant contains customary commitments, conditions, and representations that EVERTEC Group is required to comply with in order to maintain the grant. The more significant commitments include: (i) maintaining at least 750 employees in EVERTEC Group’s Puerto Rico data processing operations during 2012 and at least 700 employees for the remaining years of the grant, (ii) investing at least $200.0 million in building, machinery, equipment or computer programs to be used in Puerto Rico during the effective term of the grant (to be made over four year capital investment cycles in $50.0 million increments), (iii) an additional best efforts capital investments requirement of $75.0 million by December 31, 2026 (to be made over four year capital investment cycles in $20.0 million the first three increments and $15.0 million the last increment); and (iv) 80% of EVERTEC Group employees must be residents of Puerto Rico. Failure to meet the requirements could result, among other things, in reductions in the benefits of the grant, tax penalties, other payment obligations or revocation of the grant in its entirety. In addition, if Evertec Group fails to renew or extend the decree, all preferential tax benefits will expire on December 31, 2026 for income tax purposes, December 31, 2027 and June 30, 2028 for property and municipal license tax obligations respectively. Any of these potential outcomes could have a material effect on our financial condition and results of operations.
The enactment of legislation implementing changes in tax legislation or policies in different geographic jurisdictions including the United States could materially impact our business, financial condition and results of operations.
We conduct business and file income tax returns in several jurisdictions. Our consolidated effective income tax rate could be materially adversely affected by several factors, including: changing tax laws, regulations and treaties, or the interpretation thereof; tax policy initiatives and reforms (such as those related to the One Big Beautiful Bill Act, or OBBBA, Organization for Economic Co-Operation and Development’s (“OECD”) Base Erosion and Profit Shifting, or BEPS, project and other initiatives); the practices of tax authorities in jurisdictions in which we operate; the resolution of issues arising from tax audits or examinations and any related interest or penalties. Such changes may include (but are not limited to) the taxation of operating income, investment income, dividends received or (in the specific context of withholding tax) dividends, royalties and interest paid.
The OBBBA includes provisions, such as the permanent extension of certain expiring provisions of the Tax Cuts and Jobs Act, modifications to the international tax framework, and the restoration of favorable tax treatment for certain business provisions. The legislation has multiple effective dates beginning in 2025.
Various foreign taxing jurisdictions enacted local legislation formally adopting the Global Anti-Base Erosion Model Rules ("Pillar Two"), which generally provides for a minimum effective tax rate of 15%, as established by the OECD Pillar Two Framework. The Group of Seven (G7) countries have agreed that U.S. Multi-National Entities (“MNEs”) should be excluded from certain aspects of the Pillar Two global minimum tax rules in exchange for the U.S. not imposing retaliatory taxes. On
Table of Contents
January 5, 2026, the OECD released additional guidance and announced the Side-by-Side package which introduces simplifications and new safe harbors for U.S. MNEs.
The OBBBA and Pillar Two did not have a material effect on our financial statements for the year ended December 31, 2025, and we are continuing to evaluate the potential effect on future periods.
Our tax returns and positions are subject to review and audit by federal, state, local and international taxing authorities. An unfavorable outcome to a tax audit could result in higher tax expense, thereby adversely affecting our business, financial condition, results of operations and cash flows. We exercise significant judgment and make estimates that we believe to be reasonable in calculating our worldwide provision for income taxes and other tax liabilities. However, relevant tax authorities may disagree with our estimates, interpretations or tax treatment of certain material items. Failure to sustain our position in these matters could adversely affect our business, financial condition, results of operations and cash flows.
We are unable to predict what tax reforms may be proposed or enacted in the future or what effect such changes would have on our business, but such changes, to the extent they are brought into tax legislation, regulations, policies or practices in jurisdictions in which we operate, could increase the estimated tax liability that we have expensed to date and paid or accrued on our Consolidated Statement of Financial Position, and otherwise affect our future results of operations, cash flows in a particular period and overall or effective tax rates in the future in countries where we have operations, reduce post-tax returns to our stockholders and increase the complexity, burden and cost of tax compliance.
Exposure to foreign exchange fluctuations and capital controls may adversely affect our costs, earnings and the value of some of our assets.
Our reporting currency is the U.S. dollar; however we conduct a portion of our business in currencies other than the U.S. dollar, as an example the Brazilian Real, the Chilean Peso and the Costa Rica Colon. Some currencies have been historically volatile and may devalue. Our consolidated financials are directly impacted by movements from foreign currencies to U.S. dollar exchange rate. For example, an appreciation of the U.S. dollar against a foreign currency would reduce the U.S. dollar value of our results while any depreciation of the U.S. dollar would increase our costs.
Further, strengthening of the U.S. dollar could create inflationary pressures and cause foreign governments to, among other measures, increase interest rates. Restrictive macroeconomic policies could reduce the stability of foreign economies and harm our results of operations and profitability.
We are exposed to fluctuations in inflation, which could negatively affect our business, financial condition and results of operations.
The markets in which we operate have experienced historically high levels of inflation. Though inflation rates have declined compared to prior years, if they were to increase again, it may affect our expenses, including, but not limited to, increased employee compensation expenses and benefits as well as increased general administrative costs as was the case in prior high inflationary periods. In addition, inflation has driven in the past and may in the future drive a rising interest rate environment, which has had and may in the future have an adverse effect on our cost of funding, as well as led and may in the future lead to enhanced volatility on foreign currency exchange rates.
In the event inflation increases again, we may seek to increase the sales prices of our products and services in order to maintain satisfactory margins. Any attempts to offset cost increases with price increases may result in reduced sales, increase customer dissatisfaction or otherwise harm our reputation. Moreover, to the extent inflation has other adverse effects on the market, it may adversely affect our business, financial condition and results of operations.
Acquisitions, strategic investments, partnerships, or alliances could be difficult to identify, pose integration challenges, divert the attention of management, disrupt our business, dilute shareholder value, and adversely affect our business, financial condition and results of operations.
We may in the future seek to acquire or invest in businesses, joint ventures, products and platform capabilities, or technologies that we believe could complement or expand our products and platform capabilities, enhance our technical capabilities, or otherwise offer growth opportunities. For example, (i) in November 2023, we completed the Sinqia Transaction, pursuant to which, among other things, Sinqia became a wholly-owned subsidiary of Evertec BR; (ii) in October 2025, we completed the Tecnobank Transaction, pursuant to which Evertec BR became owner of 75% of Tecnobank's share capital; and (iii) in January 2026, we announced the entry into a share purchase agreement to acquire 100% of the share capital of Dimensa S.A. Any such acquisition or investment may divert the attention of management and cause us to incur various expenses in identifying,
Table of Contents
investigating, and pursuing suitable opportunities, whether or not the transactions are completed, and may result in unforeseen operating difficulties and expenditures. In particular, we may encounter difficulties assimilating or integrating the businesses, technologies, products and platform capabilities, personnel, or operations of the acquired companies, particularly if we are unable to retain the key personnel of the acquired company, their software is not easily adapted to work with our existing platforms, or we have difficulty retaining customer, vendors and other relationships of any acquired business due to changes in ownership, management, or otherwise. These transactions may also disrupt our business, divert our resources, and require significant management attention that would otherwise be available for development of our existing businesses. Any such transactions that we are able to complete may not result in any synergies or other benefits we had expected to , which could result in substantial charges.
In addition, we may not be able to find and identify desirable acquisition targets or business opportunities or be successful in entering into agreements with any particular strategic partner. We expect that certain of our competitors, many of which have greater resources than we do, will compete with us in acquiring complementary businesses or products. This competition could increase prices for potential acquisitions that we believe are attractive. Also, acquisitions are often subject to various regulatory approvals. If we fail to receive the appropriate regulatory approvals, we may not be able to consummate an acquisition that we believe is in our best interests and may incur significant costs. These transactions could also result in transaction fees, dilutive issuances of our equity securities, incurrence of debt or contingent liabilities, and fluctuations in quarterly results and expenses. Further, if the resulting business from such a transaction fails to meet our expectations, our business, financial condition and results of operations may be affected, or we may be to unknown risks or liabilities.
We may acquire businesses located primarily or entirely outside the United States which could increase our current exposure to international operations located in the Caribbean and Latin America including currency exchange fluctuations, regulatory and organizational complexity, and varying economic, climatic and geopolitical circumstances.
Risks Related to Our Securities, Corporate Structure and Governance
Future sales or the possibility of future sales of a substantial amount of our common stock may depress the price of shares of our common stock.
We may sell additional shares of common stock in subsequent public offerings or otherwise, including financing acquisitions. Our amended and restated certificate of incorporation authorizes us to issue 206,000,000 shares of common stock, of which 61,756,639 are outstanding as of December 31, 2025. All of these shares, other than certain outstanding shares held by our officers and directors as of December 31, 2025, are freely transferable without restriction or further registration under the Securities Act. We cannot predict the size of future issuances of our common stock or the effect, if any that future issuances and sales of our common stock will have on the market price of our common stock. Sales of substantial amounts of our common stock (including any shares issued in connection with an acquisition), or the perception that such sales could occur, may adversely affect prevailing market prices for our common stock.
Purchases of our common stock pursuant to our stock repurchase plan may affect the value of our common stock, and there can be no assurance that our stock repurchase plan will enhance stockholder value.
In 2025, we approved an increase to our existing share repurchase authorization to permit repurchases of up to $150 million in worth of shares of our common stock, including through open market purchases, accelerated share repurchase programs, Rule 10b5-1 plans, or privately negotiated transactions, each in accordance with applicable securities laws and other restrictions. Repurchase activity has previously impacted and could in the future increase (or reduce the size of any decrease in) the market price of our common stock. Additionally, repurchases diminish our cash reserves, which could impact our ability to pursue other possible strategic opportunities or could result in lower overall returns on our cash balances. There can be no assurance that any share repurchases will enhance stockholder value because the market price of our common stock shares could decline. Although the share repurchase program is intended to enhance long-term stockholder value, short-term share price fluctuations could reduce the program’s effectiveness.
We are a holding company and rely on dividends and other payments, advances, and transfers of funds from our subsidiaries to meet our obligations and pay any dividends.
We have no direct operations or significant assets other than the ownership of 100% of the membership interest of Holdings, which in turn has no significant assets other than ownership of 100% of the membership interest of EVERTEC Group. Given that we conduct our operations through our subsidiaries, we depend on those entities for dividends and other payments to generate the funds necessary to meet our financial obligations, and to pay any dividends with respect to our common stock. Legal and contractual restrictions in our existing secured credit facilities and other agreements which may govern future
Table of Contents
indebtedness of our subsidiaries, as well as the financial condition and operating requirements of our subsidiaries, may limit our ability to obtain cash from our subsidiaries. We are prohibited from paying any cash dividend on our common stock unless we satisfy certain conditions. The secured credit facilities also include limitations on the ability of our subsidiaries to pay dividends to us. The earnings from, or other available assets of, our subsidiaries may not be sufficient to pay dividends or make distributions or loans or enable us to pay any dividends on our common stock or other obligations.
Our organizational documents may impede or discourage a takeover, which could deprive our investors of the opportunity to receive a premium for their shares.
Provisions of our amended and restated certificate of incorporation and amended and restated bylaws may make it more difficult for, or prevent a third party from, acquiring control of us without the approval of our Board. These provisions include:
• prohibiting cumulative voting in the election of directors;
• authorizing the issuance of “blank check” preferred stock without any need for action by stockholders (as further described below);
• prohibiting stockholders from acting by written consent unless the action is taken by unanimous written consent; and
• establishing advance notice requirements for nominations for election to our Board or for proposing matters that can be acted on by stockholders at stockholder meetings.
Our issuance of shares of preferred stock could delay or prevent a change in control of us. Our Board has authority to issue shares of preferred stock. Our Board may issue preferred stock in one or more series, designate the number of shares constituting any series, and fix the rights, preferences, privileges and restrictions thereof, including dividend rights, voting rights, rights and terms of redemption, redemption price or prices and liquidation preferences of such series. The existence of the foregoing provisions could limit the price that investors might be willing to pay in the future for shares of our common stock. They could also deter potential acquirers of us, thereby reducing the likelihood that you could receive a premium for your common stock in an acquisition.
The market price of our common stock may be volatile.
The market price of our common stock may fluctuate significantly in response to a number of factors, some of which may be beyond our control. These factors include the perceived prospects for or actual operating results of our business; changes in estimates of our operating results by analysts, investors or our management; our actual operating results relative to such estimates or expectations; actions or announcements by us, our agents, or our competitors; litigation and judicial decisions; legislative or regulatory actions; and changes in general economic or market conditions. In addition, the stock market in general has from time to time experienced extreme price and volume fluctuations. These market fluctuations could reduce the market price of our common stock for reasons unrelated to our operating performance.
From time to time we are subject to various legal proceedings which could adversely affect our business, financial condition or results of operations.
We are involved in various litigation matters from time to time. Such matters can be time-consuming, divert management’s attention and resources and cause us to incur significant expenses. Our insurance or indemnities may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation. If we are unsuccessful in our defense in these litigation matters, or any other legal proceeding, we may be forced to pay damages or fines, enter into consent decrees or change our business practices, any of which could adversely affect our business, financial condition or results of operations.
Short sellers of our stock may be manipulative and may drive down the market price of our common stock.
Short selling is the practice of selling securities that the seller does not own, but rather has borrowed or intends to borrow from a third party with the intention of buying identical securities at a later date to return to the lender. A short seller hopes to profit from a decline in the value of the securities between the sale of the borrowed securities and the purchase of the replacement shares, as the short seller expects to pay less in that purchase than it received in the sale. It is therefore in the short seller’s
Table of Contents
interest for the price of the stock to decline, and some short sellers publish, or arrange for the publication of, opinions or characterizations regarding the relevant issuer, often involving misrepresentations of the issuer’s business prospects and similar matters calculated to create negative market momentum, which may permit them to obtain profits for themselves as a result of selling the stock short.
As a public entity, we may be the subject of concerted efforts by short sellers to spread negative information in order to gain a market advantage. In addition, the publication of misinformation may also result in lawsuits, the uncertainty and expense of which could adversely impact our business, financial condition, and reputation. There are no assurances that we will not face short sellers’ efforts or similar tactics in the future, and the market price of our stock may decline as a result of their actions.
Risks Related to Our Indebtedness
Our leverage could adversely affect our ability to raise additional capital, limit our ability to react to changes in the economy or our industry, expose us to interest rate risk and prevent us from meeting our obligations with respect to our substantial indebtedness, and we and our subsidiaries may be able to incur significant additional indebtedness, which could further increase such risks.
As of December 31, 2025, the total principal amount of our indebtedness was approximately $1,095.7 million. Our degree of leverage could have a significant impact on us, including (i) increasing our vulnerability to adverse economic, industry or competitive developments; (ii) requiring a substantial portion of cash flow from operations to be dedicated to the payment of principal and interest on our indebtedness, reducing our ability to use our cash flow for other purposes, including for our operations, capital expenditures and future business opportunities; (iii) exposing us to the risk of increased interest rates because our borrowings are predominantly at variable rates of interest; (iv) making it difficult for us to satisfy our indebtedness obligations generally, including complying with restrictive covenants and borrowing conditions, our noncompliance with which could result in an event of default under the agreements setting forth the terms of such indebtedness; (v) restricting us from making strategic acquisitions or causing us to make non-strategic divestitures; (vi) limiting our ability to obtain additional debt or equity financing for working capital, capital expenditures, business development, debt service requirements, acquisitions and general corporate or other purposes; and (vii) limiting our flexibility in planning for, or reacting to, changes in our business or market conditions and placing us at a competitive to competitors who may be less highly leveraged.
We and our subsidiaries may be able to incur substantial additional indebtedness in the future, some of which may be secured. In addition to the $184.4 million which was available for borrowing under our revolving credit facility as of December 31, 2025, the terms of the secured credit facilities enable us to increase the amount available under the term loan and/or revolving credit facilities if we are able to obtain loan commitments from banks and satisfy certain other conditions. If new debt is added to our and our subsidiaries’ existing debt levels, the related risks that we face would increase.
Further, borrowings under our secured credit facilities are at variable rates of interest and are exposed to market risk due to the floating interest rates. Our results of operations, cash flows and financial position could be affected adversely by significant fluctuations in interest rates from current levels.
If we are unable to comply with covenants in our debt instruments that limit our flexibility in operating our business or obligate us to take action such as deliver financial reports, we may default under our debt instruments and our indebtedness may become due.
The agreement setting forth the terms of the secured credit facilities contains, and any future indebtedness we incur may contain, various covenants that limit our ability to engage in specified types of transactions. These covenants limit our ability and our subsidiaries’ ability to, among other things: (i) incur or guarantee additional indebtedness; (ii) pay dividends or other distributions on, or repurchase or make distributions in respect of (or agree not to pay dividends or other distributions on , or repurchase or make distributions in respect of) our capital stock; (iii) make investments; (iv) sell assets; (v) grant (or agree not to grant) liens on our assets; (vi) consummate a consolidation, merger or similar transaction; (vii) enter into transactions with our affiliates; (viii) make payments in respect of certain indebtedness or modify the documents governing such indebtedness; and/or; (ix) modify our organizational documents.
We are also required under the secured credit facilities to maintain compliance with a maximum total net leverage ratio at the end of each fiscal quarter.
As a result of these covenants, we are limited in the manner in which we conduct our business, and we may be unable to engage in favorable business activities or finance future operations or capital needs. A breach of any of these covenants could result in
Table of Contents
a default under our secured credit facilities and other material agreements, including as a result of cross default provisions. Upon the occurrence of an event of default under the secured credit facilities, the lenders can cease making revolving loans to us and could elect to declare all amounts outstanding under the secured credit facilities to be immediately due and payable and terminate all commitments to extend further credit. Such actions by those lenders could also cause cross defaults under our other indebtedness.
If any such debt is accelerated and we are unable to repay the amounts outstanding thereunder, the lenders under any such secured credit facilities could proceed against the collateral securing such indebtedness. We have pledged a significant portion of our assets as collateral under the secured credit facilities. If the lenders under the secured credit facilities accelerate the repayment of borrowings, the proceeds from the sale or foreclosure upon such assets will first be used to repay debt under our secured credit facilities and we may not have sufficient assets to repay our unsecured indebtedness thereafter. As a result, our common stock could be negatively impacted.
