10-K 1 efx10k20171231.htm 10-K Document


UNITED STATES
SECURITIES AND EXCHANGE COMMISSION 
Washington, D.C. 20549
____________________________________
FORM 10-K

ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2017 
OR

TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from                          to 
Commission File Number 001-06605
____________________________________
EQUIFAX INC.
(Exact name of registrant as specified in its charter)
Georgia
 
58-0401110
(State or other jurisdiction of incorporation or organization)
 
(I.R.S. Employer Identification No.)
1550 Peachtree Street, N.W.
 
 
Atlanta, Georgia
 
30309
(Address of principal executive offices)
 
(Zip Code)
Registrant’s telephone number, including area code: 404-885-8000
Securities registered pursuant to Section 12(b) of the Act: 
Title of each class
 
Name of each exchange on which registered
Common Stock, $1.25 par value per share
 
New York Stock Exchange
Securities registered pursuant to Section 12(g) of the Act: None.
____________________________________
Indicate by check mark if Registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Exchange Act (“Act”).   YES     NO
Indicate by check mark if Registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act.   YES   NO
Indicate by check mark whether Registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the Registrant was required to file such reports), and (2) has been subject to such filing requirements for the past 90 days.          YES     NO
Indicate by check mark whether the Registrant has submitted electronically and posted on its corporate Web site, if any, every Interactive Data File required to be submitted and posted pursuant to Rule 405 of Regulation S-T during the preceding 12 months (or for such shorter period that the Registrant was required to submit and post such files).    YES     NO  
Indicate by check mark if disclosure of delinquent filers pursuant to Item 405 of Regulation S-K is not contained herein, and will not be contained, to the best of Registrant’s knowledge, in definitive proxy or information statements incorporated by reference in Part III of this Form 10-K or any amendment to this Form 10-K.   
Indicate by check mark whether the Registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company” and "emerging growth company" in Rule 12b-2 of the Exchange Act. (Check one):
 Large accelerated filer
 
 Accelerated filer
 
 Non-accelerated filer
 
 Smaller reporting company
 
  Emerging growth company
 
 
 
(Do not check if a smaller reporting company)
 
 
 
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act.  
Indicate by check mark whether the Registrant is a shell company (as defined in Rule 12b-2 of the Act).    YES     NO
As of June 30, 2017, the aggregate market value of Registrant’s common stock held by non-affiliates of Registrant was approximately $16,541,237,155 based on the closing sale price as reported on the New York Stock Exchange. At January 31, 2018, there were 120,123,872 shares of Registrant’s common stock outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
Portions of Registrant’s definitive proxy statement for its 2018 annual meeting of shareholders are incorporated by reference in Part III of this Form 10-K.




TABLE OF CONTENTS
 
 
 
Page
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 


1



PART I
 
ITEM 1.  BUSINESS
 
OVERVIEW
 
Equifax Inc. is a leading global provider of information solutions and human resources business process outsourcing services for businesses, governments and consumers. We have a large and diversified group of clients, including financial institutions, corporations, governments and individuals. Our services are based on comprehensive databases of consumer and business information derived from numerous sources including credit, financial assets, telecommunications and utility payments, employment, income, demographic and marketing data. We use advanced statistical techniques and proprietary software tools to analyze all available data, creating customized insights, decision-making solutions and processing services for our clients. We help consumers understand, manage and protect their personal information and make more informed financial decisions. We also provide information, technology and services to support debt collections and recovery management. Additionally, we are a leading provider of payroll-related and human resource management business process outsourcing services in the United States of America, or U.S.
 
We currently operate in four global regions: North America (U.S. and Canada), Asia Pacific (Australia and New Zealand), Europe (the United Kingdom, or U.K., Spain and Portugal) and Latin America (Argentina, Chile, Costa Rica, Ecuador, El Salvador, Honduras, Mexico, Paraguay, Peru and Uruguay). We maintain support operations in the Republic of Ireland. We also offer Equifax branded credit services in Russia and India through joint ventures, have investments in consumer and/or commercial credit information companies through joint ventures in Cambodia, Malaysia, Singapore and Dubai, and have an investment in a consumer and commercial credit information company in Brazil.
 
Equifax was originally incorporated under the laws of the State of Georgia in 1913, and its predecessor company dates back to 1899. As used herein, the terms Equifax, the Company, we, our and us refer to Equifax Inc., a Georgia corporation, and its consolidated subsidiaries as a combined entity, except where it is clear that the terms mean only Equifax Inc.
 
We are organized and report our business results in four operating segments, as follows:
 
U.S. Information Solutions (USIS) provides consumer and commercial information solutions to businesses in the U.S. including online information, decisioning technology solutions, fraud and identity management services, portfolio management services, mortgage reporting and financial marketing services.

International —which includes our Asia Pacific, Europe, Canada and Latin America business units, provides products and services similar to those available in the USIS operating segment but with variations by geographic region. We also provide information, technology and services to support debt collections and recovery management.

Workforce Solutions provides services enabling clients to verify income and employment (Verification Services) as well as to outsource and automate the performance of certain payroll-related and human resource management business processes, including unemployment cost management, tax credits and incentives and I-9 management services and services to allow employers to ensure compliance with the Affordable Care Act (Employer Services).

Global Consumer Solutions provides products to consumers in the United States, Canada, and the U.K., enabling them to understand and monitor their credit and monitor and help protect their identity. We also sell consumer and credit information to resellers who combine our information with other information to provide direct to consumer monitoring, reports and scores.

2017 Cybersecurity Incident

Background. In fiscal 2017, we experienced a cybersecurity incident following a criminal attack on our systems that involved the theft of certain personally identifiable information of U.S., Canadian and U.K. consumers. Criminals exploited a U.S. website application vulnerability to gain unauthorized access to our network. Based on our forensic investigation, the unauthorized access of information occurred from mid-May through July 2017. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. and Canadian consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. The investigation determined that personal information

2



of approximately 19,000 Canadian consumers was impacted and approximately 860,000 potentially affected U.K. consumers were contacted regarding access to personal information. The forensic investigation of the cybersecurity incident was, as previously disclosed, completed in the fourth quarter of fiscal 2017. No evidence was found that the Company's core consumer, employment and income, or commercial credit reporting databases were accessed.

The Company acted promptly to notify the approximately 145.5 million U.S. consumers whose personally identifiable information the Company had identified in 2017 as potentially accessed. As a result of an ongoing analysis of data stolen in the 2017 cybersecurity incident, the Company recently announced that it was able to identify approximately 2.4 million U.S. consumers whose name and partial driver’s license information were stolen, but who were not in the affected population of approximately 145.5 million consumers previously identified by the Company in 2017. The Company is in the process of notifying these additional consumers.
 
As a result of the 2017 cybersecurity incident, we are party to numerous lawsuits and governmental investigations. See Item 1A. Risk Factors and Item 3. Legal Proceedings for more information regarding these lawsuits and investigations. We continue to cooperate with law enforcement in connection with the criminal investigation into the actors responsible for the cybersecurity incident.

Regaining Trust. The Company has taken and continues to take extensive steps designed to prevent this type of incident from happening again and to earn back the trust of consumers, customers and regulators.

Upon discovery of the unauthorized access, we acted immediately to stop the intrusion and promptly engaged a leading, independent cybersecurity firm to conduct a comprehensive forensic investigation to determine the scope of the intrusion, including the specific data potentially impacted. We have continued to analyze the data impacted, including through the use of external data providers, to identify and inform consumers who may have been impacted by this incident.

Following the cybersecurity incident, we began undertaking significant steps to enhance our data security infrastructure. In connection with these efforts, we have incurred significant costs and expect to incur additional significant costs as we take further steps to prevent unauthorized access to our systems and the data we maintain. The actions we have taken are based on our investigation of the causes of the cybersecurity incident, but there will be additional changes needed to prevent a similar incident. We have also enhanced our disclosure controls and procedures and related protocols to specifically provide that cyber incidents are promptly escalated and investigated and reported to senior management, and where appropriate, to the Board of Directors. We also engaged an independent outside consulting firm to help us with both strategic remediation activities and to review our cybersecurity framework, our controls framework and our management and employees' roles and responsibilities.

In the third and fourth quarters of 2017, our Board made strategic changes to our executive leadership team and added an independent director to our Board with highly-relevant skills in data security. Our Board also formed a Special Committee to conduct an independent review of the cybersecurity incident, the Company’s response to it and all relevant policies and practices. The Special Committee's investigation was undertaken with the assistance of outside professionals engaged by the Special Committee.

The Company has also taken action to provide consumers with new tools to protect credit data. Immediately following the announcement of the breach, the Company devoted substantial resources to consumer notifications and launched and continuously enhanced multi-faceted consumer resources, including making its TrustedID Premier service, an identity theft protection and credit file monitoring product, available for free to all U.S. consumers for 12 months for those who signed up by January 31, 2018. Similarly, for consumers impacted by the cybersecurity incident in Canada and the U.K., we are providing free credit reports and scores, credit monitoring and identity theft protection for 12 months for those consumers who signed up by January 31, 2018. As part of our commitment to providing long-term resources and protections for consumers, in January 2018, the Company introduced Lock & AlertTM, a new service that allows U.S. consumers to quickly lock and unlock their Equifax credit report for free, for life. We believe this is a meaningful step toward fulfilling our commitment to give consumers the power to protect and control access to personal credit data.


3



OUR BUSINESS STRATEGY
 
Data is at the core of our value proposition and the protection and safeguarding of that information is paramount. Our strategic objective is to be the global leader in information solutions that creates unparalleled insights to solve customer challenges. Leveraging our extensive resources, we deliver differentiated decisions through a broad and diverse set of data assets, sophisticated analytics and proprietary decisioning technology. Our long-term corporate strategy is driven by the following imperatives:

Serve as a trusted steward and advocate for consumers and our customers. This includes protecting and safeguarding the information we have using advanced data security tools, techniques and processes in order to protect consumer specific information from fraudulent access. We also strive to continuously improve the consumer and customer experience in our consumer and commercial offerings, anticipating and executing on regulatory initiatives, while simultaneously delivering industry leading security for our services.

Deliver consistently strong profitable growth and shareholder returns. We seek to enhance shareholder value through disciplined execution of our strategic initiatives and by positioning ourselves as a premier and trusted provider of high value information solutions.

Develop unparalleled analytical insights leveraging Equifax unique data. We continue to invest in and acquire unique sources of credit and non-credit information to enhance the variety and quality of our services while increasing clients’ confidence in information-based business decisions. Areas of focus for investment in new sources of data include, among others, positive payment data, fraud and personal identification data, real estate data and new commercial business data. We also have developed unique capabilities to integrate customer and third-party data into our solution offerings to further enhance the decisioning solutions we develop for our customers.

We continue to invest in and develop new technology to enhance the security, functionality and cost-effectiveness of the services we offer and further differentiate our products from those offered by our competitors. In addition to custom products for large clients, we develop software as a service based, decisioning and data access technology platforms that are cost effective for clients of all sizes. We also develop predictive scores and analytics, some of which leverage multiple data assets, to help clients acquire new customers and manage their existing customer relationships. We develop a broad array of industry, risk management, cross-sell and account acquisition models to enhance the precision of our clients’ decisioning activities. We also develop custom and generic solutions that enable customers to effectively manage their debt collection and recovery portfolios.

Innovate for market leadership in key domains and verticals. We seek to increase our share of clients’ spend on information-related services through developing and introducing new products, pricing our services in accordance with the value they represent to our customers, increasing the range of current services utilized by our clients, and improving the quality and effectiveness of our sales organization and client support interactions with consumers. We are also helping clients address increased requirements to comply with emerging regulations and rules.

We believe there are many opportunities to expand into emerging markets both in the U.S. and internationally. In the U.S., we have increased and broadened resources in key markets, including financial, mortgage, auto, insurance, telecommunications, healthcare and government, and we are delivering services ranging from identity authentication to risk management. We continue to invest in growing our ventures in Russia and India and leveraging our newer product offerings across all of our geographical business units and periodically enter new country markets through acquisitions or start-up operations.

Invest in talent to drive our strategy and foster a culture of innovation. We attract top talent by continuing to expand and diversify our talent pipeline. We regularly undertake various talent initiatives to engage, develop, and retain our top talent.


4



MARKETS AND CLIENTS
 
Our products and services serve clients across a wide range of verticals, including financial services, mortgage, employers, consumer, commercial, telecommunications, retail, automotive, utilities, brokerage, healthcare and insurance industries, as well as state and federal governments. We also serve consumers directly. Our revenue stream is highly diversified with our largest client providing less than 3% of total revenue. The following table summarizes the various end-user markets we serve:
chart-42cce64804315dd48f8.jpg
(1) 
Predominantly sold to companies who serve the direct to consumer market and includes other small end user markets.
(2) 
Other includes revenue from other miscellaneous end-user markets.

We market our products and services primarily through our own direct sales organization that is structured around sales teams that focus on client segments typically aligned by vertical markets and geography. Sales groups are based in our headquarters in Atlanta, Georgia, and field offices located in the U.S. and in the countries where we have operations. We also market our products and services through indirect channels, including alliance partners, joint ventures and other resellers. In addition, we sell through direct mail and the internet.
 
Our largest geographic market segments are the U.S.; Asia Pacific (Australia and New Zealand); Europe (the U.K., Spain and Portugal); Canada; and Latin America (Argentina, Chile, Costa Rica, Ecuador, El Salvador, Honduras, Mexico, Paraguay, Peru and Uruguay). We maintain support operations in the Republic of Ireland. We also offer Equifax branded credit services in Russia and India through joint ventures, have investments in consumer and/or commercial credit information companies through joint ventures in Cambodia, Malaysia, Singapore and Dubai, and have an investment in a consumer and commercial credit information company in Brazil. We also provide information, technology and services to support debt collections and recovery management in Asia Pacific, Europe, Canada and Latin America.
 
Revenue from international clients, including end users and resellers, amounted to 29% of our total revenue in 2017, 27% of our total revenue in 2016 and 23% of our total revenue in 2015.

PRODUCTS AND SERVICES
 
Our products and services help our clients make more informed decisions with higher levels of confidence by leveraging a broad array of data assets. Analytics are used to derive insights from the data that are most relevant for the client’s decisioning needs. The data and insights are then processed through proprietary software and transmitted to the client’s operating system to execute the decision.
 

5



The following chart summarizes the key products and services offered by each of the business units within our segments:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
USIS
 
International
 
 
 
Workforce Solutions
 
 
 
 
Online Information Solutions
 
Financial Marketing Services
 
Mortgage Services
 
Europe
 
Asia Pacific
 
Latin America
 
Canada
 
Verification Services
 
Employer Services
 
Global Consumer Solutions
 
Online data
X
 
 
 
X
 
X
 
X
 
X
 
X
 
X
 
 
 
X
 
Portfolio management services
X
 
X
 
X
 
X
 
X
 
X
 
X
 
X
 
 
 
 
 
Analytical services
X
 
X
 
X
 
X
 
X
 
X
 
X
 
X
 
X
 
X
 
Technology services
X
 
 
 
X
 
X
 
X
 
X
 
X
 
 
 
 
 
 
 
Identity management and fraud
X
 
 
 
 
 
X
 
X
 
X
 
X
 
X
 
 
 
X
 
Marketing Services
 
 
X
 
X
 
 
 
X
 
X
 
X
 
 
 
 
 
 
 
Direct to consumer credit monitoring
 
 
 
 
 
 
 
 
X
 
 
 
 
 
 
 
 
 
X
 
Employment and income verification services
 
 
 
 
 
 
 
 
X
 
 
 
 
 
X
 
 
 
 
 
Business process outsourcing (BPO)
 
 
 
 
 
 
 
 
X
 
 
 
 
 
X
 
X
 
 
 
Debt collection software, services and analytics
 
 
 
 
 
 
X
 
X
 
X
 
X
 
 
 
 
 
 
 
 
Each of our operating segments is described more fully below. For the operating revenue, operating income and total assets for each segment see Note 13 of the Notes to the Consolidated Financial Statements in this report.
 
USIS
 
USIS provides consumer and commercial information solutions to businesses in the U.S. through three product and service lines, as follows:

Online Information Solutions. Online Information Solutions’ products are derived from multiple large and comprehensive databases of consumer and commercial information that we maintain about individual consumers and businesses, including credit history, current credit status, payment history and address information. Our clients utilize the information and analytical insights we provide to make decisions for a broad range of financial and business purposes, such as whether, and on what terms, to approve auto loans or credit card applications, and whether to allow a consumer or a business to open a new utility or telephone account. In addition, this information is used by our clients for cross selling additional products to existing customers, improving their underwriting and risk management decisions, and authenticating and verifying consumer and business identities. We also sell consumer and credit information to resellers who combine our information with other information to provide services to the financial, mortgage, fraud and identity management, and other end-user markets. Our software platforms and analytical capabilities can integrate all types of information, including third-party and client information, to enhance the insights and decisioning process to help further mitigate the risk of granting credit, predict the risk of bankruptcy, indicate the applicant’s risk potential for account delinquency, ensure the identity of the consumer, and reduce exposure to fraud. These risk management services enable our clients to monitor risks and opportunities and proactively manage their portfolios.

Online Information Solutions’ clients access products through a full range of electronic distribution mechanisms, including direct real-time access, which facilitates instant decisions. We also develop and host customized applications that enhance the decision-making process for our clients. These decisioning technology applications assist with a wide variety of decisioning activities, including determining pre-approved offers, cross-selling of various products, determining deposit amounts for telephone and utility companies, and verifying the identity of their customers. We have also compiled commercial databases regarding businesses in the U.S., which include loan, credit card, public records and leasing history data, trade accounts receivable performance, and Secretary of State and Securities and Exchange Commission registration information. We offer scoring and analytical services that provide additional information to help mitigate the credit risk assumed by our clients.

Mortgage Solutions. Our Mortgage Solutions products, offered in the U.S., consist of specialized credit reports that combine information from the three major consumer credit reporting agencies (Equifax, Experian Group and TransUnion) into a single “merged” credit report in an online format, commonly referred to as a tri-merge report. Mortgage lenders use these tri-merge reports in making their mortgage underwriting decisions. Additionally, we offer various “triggering” services designed to alert lenders to changes in a consumer’s credit status during the underwriting period and securitized portfolio risk assessment services for evaluating inherent portfolio risk.
 
Financial Marketing Services. Our Financial Marketing Services products utilize consumer and commercial financial information enabling our clients to more effectively manage their marketing efforts, including targeting and segmentation, to identify and acquire new clients for their products and services; to develop portfolio strategies to minimize risk and maximize

6



profitability; and to realize additional revenue from existing customers through more effective cross selling and upselling of additional products and services. These products utilize information derived from consumer and commercial information, including credit, income, asset, liquidity, net worth and spending activity, which also support many of our Online Information Solutions’ products. These data assets broaden the understanding of consumer and business financial potential and opportunity which can further drive high value decisioning and targeting solutions for our clients. We also provide account review services, which assist our clients in managing their existing customers and prescreen services that help our clients identify new opportunities with their customers. Clients for these products primarily include institutions in the banking, brokerage, retail, insurance and mortgage industries as well as companies primarily focused on digital and interactive marketing.
  
International
 
The International operating segment includes our Asia Pacific, Europe, Latin America and Canada business units. These business units offer products that are similar to those available in the USIS operating segment, although, in some jurisdictions, data sources tend to rely more heavily on government agencies than in the U.S. We also offer specialized services that help our customers better manage risk in their consumer portfolios. This operating segment’s products and services generate revenue in Argentina, Australia, Canada, Chile, Costa Rica, Ecuador, El Salvador, Honduras, Mexico, New Zealand, Paraguay, Peru, Portugal, Spain, the U.K. and Uruguay. We also maintain support operations in the Republic of Ireland, Chile and Costa Rica. We offer consumer credit services in Russia and India through investments in joint ventures, have investments in consumer and/or commercial credit information companies through joint ventures in Cambodia, Malaysia, Singapore and Dubai, and have an investment in the second largest consumer and commercial credit information company in Brazil. We also provide information, technology and services to support debt collections and recovery management in Asia Pacific, Europe, Canada and Latin America.
 
 Europe. Our European operation provides information solutions, marketing and personal solutions products. Information solutions and personal solutions products are generated from information that we maintain and include credit reporting and scoring, asset information, risk management, identity management and authentication services, fraud detection and modeling services. Most of these products are sold in the U.K. with a more limited set of information solutions products sold in Portugal and Spain. Our commercial products, such as business credit reporting and commercial risk management services, are available mostly in the U.K, with a more limited set of information solutions products sold in Portugal and Spain. Marketing products, which are similar to those offered in our Financial Marketing Services business unit, are primarily available in the U.K. and, to a lesser extent, in Spain. We also provide information, technology and services to support debt collections and recovery management.

Asia Pacific. Our Asia Pacific operation provides consumer and commercial information solutions products, marketing products and personal solutions products. We offer a full range of products, generated from credit records, including credit reporting and scoring, decisioning technology, risk management, identity management, authentication and fraud detection services. Our consumer and commercial products are the primary source of revenue in each of the countries in which we operate and include credit reporting, decisioning tools and risk management services. We also provide information, technology and services to support debt collections and recovery management. Additionally, we provide a variety of consumer and commercial marketing products generated from credit information databases, including business profile analysis, business prospect lists and database management. The countries in which we operate include Australia and New Zealand, as well as through joint ventures in Cambodia, Malaysia, Singapore and Dubai.

Latin America. Our Latin American operation provides consumer and commercial information solutions products, marketing products and personal solutions products. We offer a full range of products, generated from credit records that we maintain, including credit reporting and scoring, decisioning technology, risk management, identity management, authentication and fraud detection services. Our consumer products are the primary source of revenue in each of the countries in this region in which we operate. We also offer various commercial products, which include credit reporting, decisioning tools and risk management services, in the countries we serve. We also provide information, technology and services to support debt collections and recovery management. Additionally, we provide a variety of consumer and commercial marketing products generated from our credit information databases, including business profile analysis, business prospect lists and database management. The countries in this region in which we operate include Argentina, Chile, Costa Rica, Ecuador, El Salvador, Honduras, Mexico, Paraguay, Peru and Uruguay.

Canada. Similar to Online Information Solutions, Mortgage Solutions and Financial Marketing Services business units, Canada offers products derived from the credit information that we maintain about individual consumers and businesses. We offer many products in Canada, including credit reporting and scoring, consumer and commercial marketing, risk management, fraud detection and modeling services, identity management and authentication services, together with certain of

7



our decisioning products that facilitate pre-approved offers of credit and automate a variety of credit decisions. We also provide information, technology and services to support debt collections and recovery management in Canada.
 
Workforce Solutions
 
Workforce Solutions operates in the U.S. through two business units:
 
Verification Services. Verification Services include employment and income verification services. Our online verification services enable direct third-party verifiers including various governmental agencies, mortgage originators, credit card and automotive lenders and pre-employment screeners to verify the employee’s employment status and income information. We also offer an offline research verification service, which expands employment verification to locate data outside our existing automated database. 
 
Employer Services. These services are aimed at reducing the cost to the human resources function of businesses through a broad suite of services including assisting with employment tax matters designed to reduce the cost of unemployment claims through effective claims representation and management and efficient processing and to better manage the tax rate that employers are assessed for unemployment taxes; comprehensive services designed to research the availability of employment-related tax credits (e.g., the federal work opportunity and welfare to work tax credits and state tax credits), and to process the necessary filings and assist the client in obtaining the tax credit; W-2 management services (which include initial distribution, reissue and correction of W-2 forms); paperless pay services that enable employees to electronically receive pay statement information as well as review and change direct deposit account or W-4 information; integrated electronic time capture and reporting services; paperless new-hire services to bring new workers on board using electronic forms; I-9 management services designed to help clients electronically comply with the immigration laws that require employers to complete an I-9 form for each new hire; and onboarding services using online forms to complete the new hire process for employees of corporate and government agencies. In addition we provide software and services to employers to assist in compliance with the Affordable Care Act ("ACA") through partnerships with government agencies.

The Work Number. The Work Number is our key repository of employment and income data serving our verifier business and enabling employer human resource services. We rely on payroll data received from over 10,600 organizations to regularly update the database. The updates occur as employers transmit data electronically to Equifax from their payroll systems. Employers contract to provide this data for specified periods under the terms of contracts which range from one to five years. We use this data to provide automated employment and income verification services to third-party verifiers as well as enabling employer services such as unemployment claims, I-9 and eVerify transactions and employer tax credits opportunities.
 
The fees we charge for these services are generally on a per transaction basis. We have not experienced significant turnover in the employer contributors to the database because we generally do not charge them to add their employment data to the database and the verification service we offer relieves them of the administrative burden and expense of responding to third-party employment verification requests. The database is approaching 330 million current and historic employment records at December 31, 2017.

Global Consumer Solutions
 
Our Global Consumer Solutions ("GCS") products give consumers information to enable them to understand and monitor their credit and monitor and help protect their identity primarily through our Equifax Complete, ID Patrol, Credit Watch and Score Watch monitoring products. Consumers can obtain credit file information about them and Equifax or FICO credit scores. Equifax products also offer monitoring features for consumers who are concerned about identity theft and data breaches, including credit report monitoring from all three bureaus, internet and bank account monitoring, lost wallet support, and the ability to lock and unlock the Equifax credit file. Our products are available to consumers in the U.S., Canada, and the U.K. directly primarily over the internet and indirectly through relationships with business partners who distribute our products or provide these services to their employees or customers. We also sell consumer and credit information to resellers who combine our information with other information to provide direct to consumer monitoring, reports and scores. Due to the 2017 cybersecurity incident, we have ceased advertising for new business as it relates to our U.S. consumer direct business and have now provided free services as discussed below.

Free Consumer Services
    
As part of our response to the cybersecurity incident announced in September 2017, we began offering in the U.S. our TrustedID Premier service, an identity theft protection and credit file monitoring product, for free to all consumers who signed up through January 31, 2018. Additionally, in January 2018, the Company introduced in the U.S., Lock & AlertTM, a new

8



service that allows customers to quickly lock and unlock their Equifax credit report for free, for life. Equifax also will provide the ability for U.S. consumers to freeze and unfreeze their Equifax credit file for free through June 30, 2018. We provide U.S. consumers with a free annual credit report in accordance with the FACT Act. For consumers impacted by the cybersecurity incident in Canada and the U.K., we are providing free credit reports and scores, credit monitoring and identity theft protection for 12 months for those consumers who signed up by January 31, 2018.

Seasonality
 
We experience seasonality in certain of our revenue streams. Revenue generated by the online consumer information services component of our USIS operating segment is typically the lowest during the first quarter, when consumer lending activity is at a seasonal low. Revenue generated from the Employer Services business unit within the Workforce Solutions operating segment is generally higher in the first quarter due primarily to the provision of Form W-2 preparation services which occur in the first quarter each year. Revenue generated from our financial wealth asset products and data management services in our Financial Marketing Services business is generally higher in the fourth quarter each year due to the significant portion of our annual renewals and deliveries which occur in the fourth quarter of each year.

COMPETITION

The market for our products and services is highly competitive and is subject to constant change. Our competitors vary widely in size and in the nature of the products and services they offer. Sources of competition are numerous and include the following:

Competition for our consumer credit information solutions and personal solutions products varies by both application and industry, but generally includes two global consumer credit reporting companies, Experian and TransUnion, both of which offer a product suite similar to our credit information solutions. In the U.S., LifeLock is a national provider of personal identity theft protection service. Also, there are emerging competitors offering free credit scores including Credit Karma in the U.S. as well as CallCredit and ClearScore in the U.K. There are also a large number of competitors who offer competing products in specialized areas (such as fraud prevention, risk management and application processing and decisioning solutions) and software companies offering credit modeling services or analytical tools. Our differentiators include our unique data assets, decisioning technology and the features and functionality of our analytical capabilities. Our competitive strategy is to emphasize improved decision making and product quality while remaining competitive on price. Our marketing services products also compete with the foregoing companies and others who offer demographic information products, including Acxiom, Harte-Hanks and infoGROUP. We also compete with Fair Isaac Corporation with respect to certain of our analytical tools and solutions.

Competition for our commercial solutions products primarily includes Experian, Dun & Bradstreet and Cortera, and providers of these services in the international markets we serve.

Competition for our employment and income verification services includes large employers who serve their own needs through in-house systems to manage verification as well as regional online verification companies, such as Verify Jobs and First Advantage, who offer verification services along with other human resources ("HR") and tax services. Competition in the Verification Services market includes employers who manage verifications in-house, lenders who obtain verifications directly from employers, and online and offline verification companies, such as Verify Job System, Corporate Cost Control, Thomas & Thorngren and Employers Edge. Competition in the Employer Services market is diverse and includes in-house management of such services or the outsourcing of one or more of such services to HR consulting firms such as Mercer and Towers Watson, HR management services providers such as Oracle and Silk Road, payroll processors such as ADP and Ceridian, accounting firms such as PricewaterhouseCoopers and Ernst & Young, analytics companies such as Tableau and Visier and hundreds of smaller companies that provide one or multiple offerings that compete with our Employer Services business.

Competition for our debt collection and recovery management software, services and analytics is similar to the competition for our consumer credit information solutions. We believe that the breadth and depth of our data assets enable our clients to develop a more current and comprehensive view of consumers. In the category of platforms and analytics, we compete to some extent with entities that deploy collections platforms, account management systems or recovery solutions. 

9



While we believe that none of our competitors offers the same mix of products and services as we do, certain competitors may have a larger share of particular geographic or product markets or operate in geographic areas where we do not currently have a presence.

We assess the principal competitive factors affecting our markets to include: our ability to protect information; product attributes such as quality, depth, coverage, adaptability, scalability, interoperability, functionality and ease of use; product price; technical performance; access to unique proprietary databases; availability in application service provider, or ASP, format; quickness of response, flexibility and client services and support; effectiveness of sales and marketing efforts; existing market penetration; and new product innovation.

TECHNOLOGY AND INTELLECTUAL PROPERTY
 
We generally seek protection under federal, state and foreign laws for strategic or financially important intellectual property developed in connection with our business. Certain intellectual property, where appropriate, is protected by registration under applicable trademark laws or by prosecution of patent applications. We own a number of patents registered in the U.S. and several in foreign countries. We also have certain registered trademarks, service marks, logos and internet domain names in the U.S. and in many foreign countries, the most important of which are “Equifax,” “Decision360,” “The Work Number” and variations thereof. These marks are used in connection with many of our product lines and services. We believe that, in the aggregate, the rights under our patents and trademarks are generally important to our operations and competitive position, but we do not regard any of our businesses as being dependent upon any single patent or group of patents or trademark. However, certain Company trademarks, which contribute to our identity and the recognition of our products and services, including but not limited to the “Equifax” trademark, are an integral part of our business, and their loss could have a significant negative impact on us. We also protect certain of our confidential intellectual property and technology in compliance with trade secret laws and through the use of nondisclosure agreements.
 
We license other companies to use certain data, software, and other technology and intellectual property rights we own or control, primarily as core components of our products and services, on terms that are consistent with customary industry standards and that are designed to protect our interest in our intellectual property. Other companies license us to use certain data, technology and other intellectual property rights they own or control. For example, we license credit-scoring algorithms and the right to sell credit scores derived from those algorithms from third parties for a fee. We do not hold any franchises or concessions that are material to our business or results of operations.
 
GOVERNMENTAL REGULATION
 
We are subject to a number of U.S. federal, state, local and foreign laws and regulations that involve matters central to our business. These laws and regulations may involve privacy, data protection, intellectual property, competition, consumer protection, anti-corruption, anti-bribery, anti-money laundering, employment, health, taxation or other subjects. In particular, we are subject to U.S. federal, state, local and foreign laws regarding the collection, protection, dissemination and use of non-public personal information we have in our possession. Failure to satisfy those legal and regulatory requirements, or the adoption of new laws or regulations, could have a significant negative impact on our results of operations, financial condition or liquidity.
 
U.S. federal, state, local and foreign laws and regulations are evolving and can be subject to significant change. In addition, the application and interpretation of these laws and regulations are often uncertain. These laws are enforced by federal, state and local regulatory agencies in the jurisdictions where we operate, and in some instances also through private civil litigation. There are also a number of legislative proposals pending before the U.S. Congress, various state legislative bodies, and foreign governments concerning consumer and data protection that could affect us.
 
Summary of U.S. Regulation Relating to Consumer and Data Protection
 
Our U.S. operations are subject to numerous laws and regulations governing the collection, protection and use of consumer credit and other information, and imposing sanctions for the misuse of such information or unauthorized access to data. Many of these provisions also affect our customers’ use of consumer credit or other data we furnish.


10



Examples of the most significant of these laws include, but are not limited to, the following:

Federal Laws and Regulation

FCRA - The Fair Credit Reporting Act (“FCRA”) regulates consumer reporting agencies, including us, as well as data furnishers and users of consumer reports such as banks and other companies. FCRA provisions govern the accuracy, fairness and privacy of information in the files of consumer reporting agencies (“CRAs”) that engage in the practice of assembling or evaluating certain information relating to consumers for certain specified purposes. The FCRA limits the type of information that may be reported by CRAs, limits the distribution and use of consumer reports and establishes consumer rights to access and dispute their credit files. CRAs are required to follow reasonable procedures to assure maximum possible accuracy of the information concerning the individual about whom the report relates and if a consumer disputes the accuracy of any information in the consumer’s file, to conduct a reasonable reinvestigation. CRAs are required to make available to consumers a free annual credit report. The FCRA imposes many other requirements on CRAs, data furnishers and users of consumer report information. Violation of the FCRA can result in civil and criminal penalties. The FCRA contains an attorney fee shifting provision to provide an incentive for consumers to bring individual or class action lawsuits against a CRA for violations of the FCRA. Regulatory enforcement of the FCRA is under the purview of the United States Federal Trade Commission (“FTC”), the Consumer Financial Protection Bureau (“CFPB”), and state attorneys general, acting alone or in concert with one another.

The Dodd-Frank Act - One of the purposes of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) is to protect consumers from abusive financial services practices. Title X of the Dodd-Frank Act created the CFPB. The Dodd-Frank Act provides the CFPB with examination and supervisory authority over CRAs, including us. The Dodd-Frank Act also prohibits unfair, deceptive or abusive acts or practices (“UDAAP”) with respect to consumer finance and provides the CFPB with authority to enforce those provisions. The CFPB may pursue administrative proceedings or litigation to enforce the laws and rules subject to its jurisdiction. In these proceedings the CFPB can obtain cease and desist orders, which can include orders for restitution to consumers or rescission of contracts, as well as other types of affirmative relief, and monetary penalties ranging from $5,000 per day for ordinary violations and up to $1 million per day for knowing violations. Also, the Dodd-Frank Act empowers state attorneys general and state regulators to bring civil actions in certain circumstances for the kind of cease and desist orders available to the CFPB (but not for civil penalties).

FTC Act - The Federal Trade Commission Act (“FTC Act”) prohibits unfair methods of competition and unfair or deceptive acts or practices. Under the FTC Act, the Federal Trade Commission's oversight includes the security measures we employ to safeguard the personal data of consumers and failure to safeguard data adequately may subject us to regulatory scrutiny or enforcement action. There is no private right of action under the FTC Act.

GLBA - The Financial Services Modernization Act of 1999, or Gramm-Leach-Bliley Act (“GLBA”) regulates, among other things, the use of non-public personal information of consumers that is held by financial institutions, including us. We are subject to various GLBA provisions, including rules relating to the use or disclosure of the underlying data and rules relating to the physical, administrative and technological protection of non-public personal financial information. Breach of the GLBA can result in civil and/or criminal liability and sanctions by regulatory authorities. Regulatory enforcement of the GLBA is under the purview of the FTC, the CFPB, the federal prudential banking regulators, the SEC and state attorneys general, acting alone or in concert with each other.

CROA - The Credit Repair Organizations Act (“CROA”) regulates companies that claim to be able to assist consumers in improving their credit standing. There have been efforts to apply the CROA to credit monitoring services offered by consumer reporting agencies and others. CROA allows for a private right of action. Consumers can sue to recover the greater of the amount paid or actual damages, punitive damages, costs, and attorney’s fees for violations of CROA.

State Laws and Regulation Relating to Consumer and Data Protection
 
A number of states have enacted requirements similar to the federal FCRA. Some of these state laws impose additional, or more stringent, requirements than the FCRA, especially in connection with the investigations and responses to reported inaccuracies in consumer reports. The FCRA preempts some of these state laws, but the scope of preemption continues to be defined by the courts. The state of Vermont is grandfathered under the original FCRA requirements and thus we are subject to additional requirements to comply with Vermont law.

11



Most states and the District of Columbia have passed laws that give consumers the right to place a security freeze on their credit reports to prevent others from opening new accounts or obtaining new credit in their name. These laws place differing requirements on credit reporting agencies with respect to how and when to respond to such credit file freeze requests and in the fees, if any, the agencies may charge for freeze-related actions.

A majority of states have adopted versions of data security breach laws that require notification of affected consumers and potentially regulators in the event of a breach of personal information. A subset of these laws and other state data security laws require data protection measures as well. 

We are also subject to federal and state laws that are generally applicable to any U.S. business with national or international operations, such as antitrust laws, the Foreign Corrupt Practices Act, the Americans with Disabilities Act, state unfair or deceptive practices acts and various employment laws. We continuously monitor legislative and regulatory activities that involve credit reporting, data privacy, security and other relevant issues to identify issues in order to remain in compliance with all applicable laws and regulations.

Summary of International Regulation Relating to Consumer and Data Protection
 
We are subject to various data protection, privacy and consumer credit laws and regulations in the foreign countries where we operate. Examples of the most significant of these laws include, but are not limited to, the following:

In the U.K., we are subject to a regulatory framework which provides for primary regulation by the Financial Conduct Authority (the “FCA”). The FCA focuses on consumer protection and market regulation as well as prudential supervision of regulated financial institutions. The FCA has significant powers, including the power to regulate conduct related to the marketing of financial products, to specify minimum standards and to place requirements on products, impose unlimited fines, and to investigate organizations and individuals. In addition, the FCA is able to ban financial products for up to a year while considering an indefinite ban; it has the power to instruct firms to immediately retract or modify promotions which it finds to be misleading, and to publish such decisions. Our core credit reporting (“credit reference”) and debt collections services and recovery management businesses in the U.K. are subject to FCA supervision and we are required to have certain corporate and “approved person” authorizations from the FCA to carry on such businesses. The license application for our collection business (TDX Group or "TDX") was approved in 2016, and the license application for authorization in our capacity as a credit reference agency was approved in 2017. In addition to regulation by the FCA, we are also subject to regulation covering personal data and protection by the U.K. Information Commissioner’s Office. In the U.K., regulatory limitations affect our use of the Electoral Roll, one of our key data sources in that jurisdiction. Generally, the data underlying the products offered by our U.K. Information Services and Global Consumer Solutions product lines, excluding our Commercial Services products, are subject to these regulations.

In Europe, we are subject to the European Union (“EU”) Data Protection Regulation ("GDPR"), which will replace the comprehensive 1995 European Union Data Protection Directive. The GDPR maintains the prohibition on the transfer of personal information from the EU to other countries whose laws do not protect personal data to an “adequate” level of privacy or security. The GDPR establishes multiple new requirements that are generally stricter and more comprehensive than those of the U.S. and most other countries where Equifax operates. In Spain and Portugal, privacy laws also regulate all credit bureau and personal solutions activities. The GDPR, among other things, will tighten data protection requirements and make enforcement more rigorous, for example, by streamlining enforcement at a European level, introducing data breach notification requirements and substantially increasing penalties for non-compliance.

In Canada, federal and provincial laws govern how we collect, use or disclose personal information in the course of our commercial activities. Federally, the Personal Information Protection and Electronic Documents Act governs the collection, use and disclosure of personal information by organizations in the private sector. It sets out specific obligations with respect to accountability and identifying purposes, consent, collection, use, disclosure, retention, accuracy, safeguards, individual access and compliance. The federal and provincial privacy regulators have powers of investigation and intervention, and provisions of Canadian law regarding civil liability apply in the event of unlawful processing which is prejudicial to the persons concerned. Canada also has specific credit reporting legislation that is regulated at a provincial level. At present, each province has credit reporting legislation, with the exception of New Brunswick and the Territories (Northwest Territories, Yukon, and Nunavut). Generally speaking, the legislation regulates the contents of credit files, the length of time information can be included on a credit file and who can receive credit reports.

12



In Latin America, data protection and credit reporting laws and regulations vary considerably among Latin American countries. Some countries, such as El Salvador, Ecuador and Honduras, establish a constitutional right to privacy without general data protection standards or a data protection authority. These countries, however, have laws that govern the functioning of credit bureaus. In 2017, Ecuador passed a law relating to the collection of credit data and the operation of a credit bureau within the country, which, if implemented, would effectively prohibit us from operating as a credit bureau within Ecuador. The Ecuadorian Superintendent of Banks (ESB) is obligated to set up a public credit data registry within 270 days of January 1, 2018. The ESB may offer services through third parties via a bid process, which may allow continued operation by us within Ecuador, but this is not certain. Other countries, such as Argentina, Uruguay, Peru and Costa Rica, have enacted comprehensive data protection legislation similar to the EU GDPR. The EU recognizes Argentina and Uruguay as having adequate levels of protection for personal data transfers and processing. Peru also has a specific law for credit reporting. Paraguay and Chile have fewer comprehensive data protection laws in place, but do have rules regarding reporting periods, consent and data collection.

In Australia, we are subject to regulatory oversight by various agencies. The Office of the Australian Information Commissioner (OAIC) is the agency with direct responsibility for administering the Australian Privacy Principles (which relate to the collection, holding, use and disclosure of personal information) and Part IIIA of the Privacy Act 1988 (which regulates credit reporting). The OAIC can investigate a complaint, conduct its own investigations, resolve/make binding determinations and seek civil penalties. Our credit reporting business, Equifax Information Services and Solutions, is a member of an external dispute resolution scheme, the Credit and Investments Ombudsman, which has been approved by the OAIC to handle privacy and credit reporting complaints and make binding determinations. The OAIC can register codes of practice under the Privacy Act 1988, and has registered the Privacy (Credit Reporting) Code 2014. The Australian Competition and Consumer Commission (ACCC) is the agency responsible for enforcing the Competition and Consumer Act 2010 and related legislation concerning consumer protection and competition. The ACCC has the authority to use a range of actions to ensure compliance with the law, including investigative powers and the ability to seek penalties through litigation and other formal enforcement means. The Australian Retail Credit Association (ARCA) is a credit and credit reporting industry self-regulatory body, which administers principles and standards for the exchange of credit data between industry participants. Equifax Australasia Credit Ratings Pty Limited (Formerly named Corporate Scorecard Pty Limited, one of our Australian subsidiaries), holds an Australia Financial Services License (AFSL), which allows it to provide general advice to wholesale clients by issuing a credit rating, and has been approved by the Reserve Bank of New Zealand as a rating agency under section 86 of the Non-bank Deposit Takers Act 2013. The Australian Securities and Investments Commission (ASIC) regulates that business, and has authority to investigate, prosecute, ban individuals, and to seek civil penalties. In addition, in Australia, draft legislation has been released by the Federal Government, mandating the supply by large banks of comprehensive credit information to credit reporting bodies, including Equifax, and imposing certain disclosure, storage and reporting obligations on the credit reporting bodies. The draft legislation is yet to be finalized or enacted. Equifax will continue to engage with the Federal Government as it concludes its consultation process.

In New Zealand, the regulatory framework provides for primary regulation under the Office of the Privacy Commissioner (OPC). The OPC investigates complaints relating to the collection, use, holding and disclosure of personal information, both credit-related and non-credit related. The OPC can make a finding that there has been an interference with privacy but cannot impose civil penalties. In extreme cases where there has been an interference with privacy it can refer these cases to the Director of Human Rights, for determination in the Human Rights Review Tribunal. The OPC can issue practice codes under the Privacy Act 1993, and has issued and subsequently amended, the Credit Reporting Privacy Code 2004. A self-regulatory body, the Retail Credit Association of New Zealand (RCANZ) addresses reciprocity of data issues relating to comprehensive credit reporting, and data standards.

In India, various legislation including the Information Technology Act 2000 and Rules framed thereunder and the Credit Information Companies (Regulation) Act of 2005 and Rules and Regulations framed thereunder, establishes a federal data protection framework. Entities that collect and maintain personal data and/or credit information must ensure that it is complete, accurate and safeguarded, and must adopt certain privacy principles with respect to collecting, processing, preserving, sharing and using such data and/or credit information. The Indian parliament has passed legislation that would allow individuals to sue for damages in the case of a data breach, if the entity negligently failed to implement reasonable security practices and procedures to protect personal data and/or credit information. Our Indian joint venture is subject to regulation by the Reserve Bank of India, which is India’s central banking institution.


13



In Russia, credit reporting activities are governed by the Federal Law on Credit Histories No.218-fz, dated December 30, 2004. The law regulates the contents of credit files, who may submit data to a credit bureau and who can receive credit reports. Russia has also enacted a comprehensive data protection law that is similar to Europe's approach.

Tax Management Services
 
The Tax Management Services business within our Workforce Solutions segment is potentially impacted by changes in renewal or non-renewal of U.S. tax laws or interpretations, for example, those pertaining to work opportunity tax credits and unemployment compensation claims.
 
PERSONNEL
 
Equifax employed approximately 10,300 employees in 24 countries as of December 31, 2017. None of our U.S. employees are subject to a collective bargaining agreement and no work stoppages have been experienced. Pursuant to local laws, certain of our employees in Argentina and Spain are covered under government-mandated collective bargaining regulations that govern general salary and compensation matters, basic benefits and hours of work. In some of our non-U.S. subsidiaries, certain of our employees are represented by workers’ councils or statutory labor unions.
 
FORWARD-LOOKING STATEMENTS
 
This report contains information that may constitute “forward-looking statements.” Generally, the words “believe,” “expect,” “intend,” “estimate,” “anticipate,” “project,” “will” and similar expressions identify forward-looking statements, which generally are not historical in nature. All statements that address operating performance, events or developments that we expect or anticipate will occur in the future, including statements relating to future operating results and statements related to the cybersecurity incident reported in the third quarter of 2017 and the Tax Cuts and Jobs Act of 2017, are forward-looking statements. Management believes that these forward-looking statements are reasonable as and when made. However, forward-looking statements are subject to certain risks and uncertainties that could cause actual results to differ materially from our Company’s historical experience and our present expectations or projections, including without limitation our expectations regarding the Company’s outlook, long-term organic and inorganic growth, and customer acceptance of our business solutions referenced above under "Business” and below in Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operation “Business Environment and Company Outlook.” These risks and uncertainties include, but are not limited to, those described below in Item 1A. Risk Factors, and elsewhere in this report and those described from time to time in our future reports filed with the United States Securities and Exchange Commission, or SEC. As a result of such risks and uncertainties, we urge you not to place undue reliance on any such forward-looking statements. Forward-looking statements speak only as of the date when made. We undertake no obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events or otherwise, except as required by law.
 
AVAILABLE INFORMATION
 
Detailed information about us is contained in our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, proxy statements and other reports, and amendments to those reports, that we file with, or furnish to, the SEC. These reports are available free of charge at our website, www.equifax.com, as soon as reasonably practicable after we electronically file such reports with or furnish such reports to the SEC. However, our website and any contents thereof should not be considered to be incorporated by reference into this document. We will furnish copies of such reports free of charge upon written request to Equifax Inc., Attn: Office of Corporate Secretary, P.O. Box 4081, Atlanta, Georgia, 30302.

ITEM 1A. RISK FACTORS
 
All of the risks and uncertainties described below and the other information included in this Form 10-K should be considered and read carefully. The risks described below are not the only ones facing us. The occurrence of any of the following risks or additional risks and uncertainties not presently known to us or that we currently believe to be immaterial could materially and adversely affect our business, financial condition or results of operations. This Form 10-K also contains forward-looking statements and estimates that involve risks and uncertainties. Our actual results could differ materially from those anticipated in the forward-looking statements as a result of specific factors, including the risks and uncertainties described below.

14



Security breaches like the cybersecurity incident announced in September 2017 and other disruptions to our information technology infrastructure could compromise Company, consumer and customer information, interfere with our operations, cause us to incur significant costs for remediation and enhancement of our IT systems and expose us to legal liability, all of which could have a substantial negative impact on our business and reputation.

In the ordinary course of business, we collect, process, transmit and store sensitive data, including intellectual property, proprietary business information and personally identifiable information of consumers. The secure operation of our information technology networks and systems, and of the processing and maintenance of this information, is critical to our business operations and strategy. Despite our substantial investment in physical and technological security measures, employee training and contractual precautions, our information technology networks and infrastructure (or those of our third-party vendors and other service providers) are vulnerable to unauthorized access to data or breaches of confidential information due to criminal conduct, attacks by hackers, employee or insider malfeasance and/or human error.

In 2017, we were the target of a cybersecurity attack that involved the theft of certain personally identifiable information of U.S., Canadian and U.K. consumers. As a result of an ongoing analysis of data stolen in the 2017 cybersecurity incident, the Company recently announced that it was able to identify approximately 2.4 million U.S. consumers whose name and partial driver's license information were stolen, but who were not in the affected population of approximately 145.5 million consumers previously identified by the Company in 2017. The Company is in the process of notifying these additional consumers. It is possible that further analysis will identify additional consumers affected or additional types of data accessed, which could result in additional notifications and negative publicity.

Following the cybersecurity incident, we began undertaking significant remediation efforts and other steps to enhance our data security infrastructure. In connection with these efforts, we have incurred significant costs and expect to incur additional significant costs as we take further steps to prevent unauthorized access to our systems and the data we maintain. The actions we have taken are based on our investigation of the causes of the cybersecurity incident, but there will be additional changes needed to prevent a similar incident. We cannot assure that all potential causes of the incident have been identified and remediated and will not occur again.

Because our products and services involve the storage and transmission of personal information of consumers, we will continue to routinely be the target of attempted cyber and other security threats by outside third parties, including technically sophisticated and well-resourced bad actors attempting to access or steal the data we store. Insider or employee cyber and security threats are also a significant concern for all companies, including ours. In addition, the 2017 cybersecurity incident may embolden individuals or groups to target our systems. We must continuously monitor and develop our information technology networks and infrastructure to prevent, detect, address and mitigate the risk of unauthorized access, misuse, computer viruses and other events that could have a security impact. If we experience additional breaches of our security measures, including from incidents that we fail to detect for a period of time, sensitive data may be accessed, stolen, disclosed or lost. Any such access, disclosure or other loss of information could subject us to significant additional litigation, regulatory fines, penalties, losses of customers or reputational damage, any of which could have a significant negative impact on our cash flows, competitive position, financial condition or results of operations. We expect our insurance coverage will not be adequate to compensate us for all losses that may occur due to the 2017 cybersecurity incident and we cannot ensure that our insurance policies in the future will be adequate to cover losses from any future failures. In addition, our third-party insurance coverage will vary from time to time in both type and amount depending on availability, cost and our decisions with respect to risk retention.

The government investigations and litigation resulting from the 2017 cybersecurity incident will continue to adversely impact our business and results of operations.

As a result of the 2017 cybersecurity incident, we are currently a party to a consolidated multi-district consumer class action lawsuit and a consolidated multi-district financial institution class action lawsuit, as well as securities class action lawsuits, shareholder derivative litigation and other lawsuits and claims allegedly arising out of the cybersecurity incident seeking monetary damages or other relief. A number of U.S. federal, state, local and foreign governmental officials and agencies, including Congressional committees, the FTC, the CFPB, the SEC, the U.S. Department of Justice and state attorneys general offices in the U.S., the FCA in the U.K. and the Office of the Privacy Commissioner in Canada, continue to investigate events related to the 2017 cybersecurity incident, including how it occurred, the consequences thereof and our response thereto. Additional lawsuits, investigations and reports related to the 2017 cybersecurity incident may be filed, commenced or issued. The claims and investigations have resulted in the incurrence of significant external and internal legal costs and expenses and reputational damage to our business and are expected to continue throughout 2018 and beyond. The resolution of these matters may result in damages, costs, fines or penalties substantially in excess of our insurance coverage, which, depending on the amount, could have a material adverse effect on our liquidity or compliance with our credit agreements. If such damages, costs,

15



fines or penalties were great enough that we could not pay them through funds generated from operating activities and/or cause a default under our revolving credit facility, we may be forced to renegotiate or obtain a waiver under our revolving credit facility and/or seek additional debt or equity financing. Such renegotiation or financing may not be available on acceptable terms, or at all. In these circumstances, if we were unable to obtain sufficient financing, we may not be able to meet our obligations as they come due. The outcome of such claims and investigations could also adversely affect or cause us to change how we operate our business. The governmental agencies investigating the cybersecurity incident may seek to impose injunctive relief, consent decrees, or other civil or criminal penalties, which could, among other things, impact our ability to collect and use consumer information, materially increase our data security costs and/or otherwise require us to alter how we operate our business. Any legislative or regulatory changes adopted in reaction to the cybersecurity incident or other companies’ data breaches could require us to make modifications to the operation of our business that could have an adverse effect and/or increase or accelerate our compliance costs. Furthermore, these matters necessitate significant attention by management, which may divert the focus of management from the operation of our business resulting in an adverse impact on our results of operations.

The cybersecurity incident and the adverse publicity that followed have had a negative impact on our reputation, and we cannot assure it will not have a long-term effect on our relationships with our customers, our revenue and our business.
 
Our revenue growth in 2017 as compared to 2016 was negatively impacted by the cybersecurity incident. Certain of our customers have determined to defer or cancel new contracts or projects and others could consider such actions unless and until we can provide assurances regarding our ability to prevent unauthorized access to our systems and the data we maintain. Many of our customers are requiring security audits of our systems and any negative results of such audits may cause further losses of customers. In addition, some of our current and potential customers and the contracts governing certain customer relationships, as well as certain of our data suppliers, require us to maintain International Organization for Standardization (“ISO”) certifications, such as ISO 27001 certification, that specify requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system. Due to the 2017 cybersecurity incident, certain of our ISO certifications have been suspended and we will be required to take additional remediation steps to retain such certifications, which efforts may not be successful. Additionally, certain of our payment card industry certifications have been suspended which could result in fines and loss of access to data if we are not able to complete the necessary remediation steps to retain these certifications, which would adversely affect our ability to offer certain products to customers. If we are unable to demonstrate the security of our systems and the data we maintain and rebuild the trust of our customers, consumers and data suppliers, and if further negative publicity continues, we could experience a substantial negative impact on our business.

The loss of access to credit, employment, financial and other data from external sources could harm our ability to provide our products and services.

We rely extensively upon data from external sources to maintain our proprietary and non-proprietary databases, including data received from customers, strategic partners and various government and public record sources. This data includes the widespread and voluntary contribution of credit data from most lenders in the U.S and many other markets as well as the contribution of data under proprietary contractual agreements, such as employers’ contribution of employment and income data to The Work Number, financial institutions’ contribution of individual financial data to IXI, and telecommunications, cable and utility companies’ contribution of payment and fraud data to the National Cable, Telecommunications and Utility Exchange. For a variety of reasons, including concerns of data furnishers arising out of the 2017 cybersecurity incident, legislatively or judicially imposed restrictions on use, additional security breaches or competitive reasons, our data sources could withdraw, delay receipt of or increase the cost of their data provided to us. Where we currently have exclusive use of data, the providers of the data sources could elect to make the information available to competitors. We also compete with several of our third-party data suppliers. If a substantial number of data sources or certain key data sources were to withdraw or be unable to provide their data, if we were to lose access to data due to government regulation, if we lose exclusive right to the use of data, or if the collection, disclosure or use of data becomes uneconomical, our ability to provide products and services to our clients could have a significant negative impact, which could result in decreased revenue, net income and earnings per share and reputational loss. There can be no assurance that we would be able to obtain data from alternative sources if our current sources become unavailable.

Negative changes in general economic conditions, including interest rates, unemployment rates, income, home prices, investment values and consumer confidence, could adversely affect us.

Our customers, and therefore our business and revenues, are sensitive to negative changes in general economic conditions, including the demand and availability of affordable credit and capital, the level and volatility of interest rates, inflation, employment levels, consumer confidence and housing demand, both inside and outside the U.S. Business customers

16



use our credit information and related analytical services and data to process applications for new credit cards, automobile loans, home and equity loans and other consumer loans, and to manage their existing credit relationships. Demand for our services tends to be correlated to general levels of economic activity and to consumer credit activity. Bank and other lenders’ willingness to extend credit is adversely affected by elevated consumer delinquency and loan losses in a weak economy. Consumer demand for credit (i.e., rates of spending and levels of indebtedness) also tends to grow more slowly or decline during periods of economic contraction or slow economic growth.

Our customer base suffers when financial markets experience volatility, illiquidity and disruption, which has occurred in the past and which could reoccur, and the potential for increased and continuing disruptions going forward presents considerable risks to our business and revenue. High or rising rates of unemployment and interest, declines in income, home prices or investment values, lower consumer confidence and reduced access to credit adversely affect demand for our products and services, and consequently our revenue and results of operations, as consumers may postpone or reduce their spending and use of credit, and lenders may reduce the amount of credit offered or available.

Our markets are highly competitive and new product introductions and pricing strategies being offered by our competitors could decrease our sales and market share or require us to enhance our products and services or reduce our prices in a manner that reduces our operating margins.

We operate in a number of geographic, product and service markets that are highly competitive. Competitors may develop products and services that are superior to or that achieve greater market acceptance than our products and services. The size of our competitors varies across market segments, as do the resources we have allocated to the segments we target. Therefore, some of our competitors may have significantly greater financial, technical, marketing or other resources than we do in one or more of our market segments, or overall. As a result, our competitors may be in a position to respond more quickly than we can to new or emerging technologies and changes in customer requirements, or may devote greater resources than we can to the development, enhancement, promotion, sale and support of products and services, or some of our customers may develop products of their own that replace the products they currently purchase from us, which would result in lower revenue. In addition, many of our competitors have extensive consumer relationships, including relationships with our current and potential customers. Moreover, new competitors or alliances among our competitors may emerge and potentially reduce our market share, revenue or margins.

We also sell our information to competing firms, and buy information from certain of our competitors, in order to sell “tri-bureau” and other products, most notably into the U.S. mortgage market. Changes in prices between competitors for this information and/or changes in the design or sale of tri-bureau versus single bureau product offerings may affect our revenue or profitability.

Some of our competitors may choose to sell products that compete with ours at lower prices by accepting lower margins and profitability, or may be able to sell products competitive to ours at lower prices, individually or as a part of integrated suites, given proprietary ownership of data, technological superiority or economies of scale. Price reductions by our competitors could negatively impact our margins and results of operations and could also harm our ability to obtain new customers on favorable terms. Historically, certain of our key products have experienced declines in per unit pricing due to competitive factors and customer demand. Since a significant portion of our operating expenses is relatively fixed in nature due to sales, information technology and development and other costs, if we were unable to respond quickly enough to changes in competition or customer demand, we could experience further reductions in our operating margins.

Our relationships with key long-term customers may be materially diminished or terminated

We have long-standing relationships with a number of our customers, many of whom could unilaterally terminate their relationship with us or materially reduce the amount of business they conduct with us at any time. Many of our material customer agreements can be terminated by the customer for convenience on advance written notice, which provides our customers with the opportunity to renegotiate their contracts with us or to award more business to our competitors.

We also provide our services to business partners who may combine them with their own or other branded services to be offered as a bundle to consumers, governmental agencies and businesses in support of fraud or credit protection, credit monitoring, identity authentication, insurance or credit underwriting, and collections. Some of these partners are the largest providers of credit information or identity protection services to the consumer market.

Market competition, business requirements, financial condition and consolidation through mergers or acquisitions, could adversely affect our ability to continue or expand our relationships with our customers and business partners. There is no guarantee that we will be able to retain or renew existing agreements, maintain relationships with any of our customers or

17



business partners on acceptable terms or at all, or collect amounts owed to us from insolvent customers or business partners. The loss of one or more of our major customers or business partners could adversely affect our business, financial condition and results of operations.
 
If we do not introduce successful new products, services and analytical capabilities in a timely manner, or if the market does not adopt our new services, our competitiveness and operating results will suffer.

We generally sell our products in industries that are characterized by rapid technological changes, frequent new product and service introductions and changing industry standards. In addition, certain of the markets in which we operate are seasonal and cyclical. Without the timely introduction of new products, services and enhancements, our products and services will become technologically or commercially obsolete over time, in which case our revenue and operating results would suffer. The success of our new products and services will depend on several factors, including our ability to properly identify customer needs; innovate and develop new technologies, services and applications; successfully commercialize new technologies in a timely manner; produce and deliver our products in sufficient volumes on time; differentiate our offerings from competitor offerings; price our products competitively; anticipate our competitors’ development of new products, services or technological innovations; and control product quality in our product development process. Our resources have to be committed to any new products and services before knowing whether the market will adopt the new offerings. In addition, our management is and will continue to be intensely focused on enhancing our security measures and responding to consumer and customer concerns relating to the 2017 cybersecurity incident and may not be able to devote sufficient time to new product development, which could cause us to be less competitive as compared to our peers, lose out on new revenue opportunities and have an adverse effect on our growth and our business.

The demand for some of our products and services may be negatively impacted to the extent the availability of free or less expensive consumer information increases.

Public or commercial sources of free or relatively inexpensive consumer credit, credit score and other information have become increasingly available, particularly through the internet, and this trend is expected to continue. In addition, governmental agencies in particular have increased the amount of information to which they provide free public access and these or other sources of free or relatively inexpensive consumer information from competitors or other commercial sources may reduce demand for our services, particularly in our USIS and Global Consumer Solutions business units. Recently, there also has been an increase in companies offering free or low-cost direct to consumer credit services (such as credit scores, reports and monitoring) as part of alternative business models that use such services as a means to introduce consumers to other products and services. To the extent that our customers choose not to obtain services from us and instead rely on information obtained at no cost or relatively inexpensively from these other sources, our business, financial condition and results of operations may be adversely affected.

Due to the 2017 cybersecurity incident and our provision of free services to consumers in connection therewith, we ceased the advertisement and sale of new products in our direct to consumer business, which resulted in a significant decline in revenue in that business. Furthermore, in late January 2018, we began offering a new credit lock service, Lock & AlertTM, that is free for life and is aimed at empowering consumers to control access to their Equifax credit file directly and quickly from their smartphone or computer. We expect services like our Lock & AlertTM to continue to increase, thereby eliminating the market for many consumer direct products and services. As a result of these factors, we expect that revenue from our direct to consumer business will continue to decline. Additionally, if a significant number of consumers lock or freeze their file, our population of data is reduced which could affect our product offerings and value to our customers in our other businesses.

If we experience system constraints or failures, or our customers do not modify and/or upgrade their systems to accept new releases of our products and services, our services to our customers could be delayed or interrupted, which could result in lost revenues or customers, lower margins, or other harm to our business and reputation.

We depend on reliable, stable, efficient and uninterrupted operation of our technology network, systems, and data centers to provide service to our customers. Many of the services and systems upon which we rely have been outsourced to third parties. In addition, many of our revenue streams are dependent on links to third party telecommunications providers. These systems and operations, and the personnel that support, service and operate these systems, could be exposed to interruption, damage or destruction from power loss, telecommunication failures, computer viruses, denial-of-service attacks, employee or insider malfeasance, human error, fire, natural disasters, war, terrorist acts or civil unrest. We may not have sufficient disaster recovery or redundant operations in place to cover a loss or failure of systems or telecommunications links in a timely manner. In addition, we will continue to be intensely focused on enhancing our data security infrastructure and implementation of those enhancements could result in service interruptions. Any significant delay or interruption could result in lost revenues or customers, lower margins, or other significant harm to our business or reputation.

18



We and our customers are subject to various current laws and governmental regulations, and could be affected by new laws or regulations, including as a result of the 2017 cybersecurity incident, compliance with which may cause us to incur significant expenses and change our business practices, and if we fail to maintain satisfactory compliance with certain regulations, we could be subject to civil or criminal penalties.

We are subject to a number of U.S. federal, state, local and foreign laws and regulations relating to consumer privacy, data and financial protection. See Item 1. Business - "Governmental Regulation" in this Form 10-K for a summary of the U.S. and foreign consumer and data protection laws and regulations to which we are subject. These regulations are complex, change frequently, have tended to become more stringent over time, and are subject to administrative interpretation and judicial construction in ways that could harm our business. Furthermore, we expect there to be an increased focus on laws and regulations related to our business because of the great public concern in the U.S. with regard to the operation of credit reporting agencies, as well as the collection, use, accuracy, correction and sharing of personal information, which was heightened by the 2017 cybersecurity incident. For example, there are a number of legislative proposals pending before the U.S. Congress, various state legislative bodies and foreign governments concerning data protection due to our 2017 cybersecurity incident and other high-profile breaches that could affect us and the President of the United States could act by Executive Order. In addition, a growing number of legislative and regulatory bodies have adopted consumer notification and other requirements in the event that consumer information is accessed by unauthorized persons and additional regulations regarding the use, access, accuracy and security of such data are possible. In the U.S., state laws provide for disparate notification regimes, all of which we are subject to. Further, any perception that our practices or products are an invasion of privacy, whether or not consistent with current or future regulations and industry practices, may subject us to public criticism, private class actions, reputational harm, or claims by regulators, which could disrupt our business and expose us to increased liability.

We devote substantial compliance, legal and operational business resources to facilitate compliance with applicable regulations and requirements. In the future, we may be subject to significant additional expense to ensure continued compliance with applicable laws and regulations and to investigate, defend or remedy actual or alleged violations. Additionally, we cooperate with CFPB supervisory examinations and respond to other state, federal and foreign government investigations of our business practices. Any failure by us to comply with, or remedy any violations of, applicable laws and regulations could result in the curtailment of certain of our operations, the imposition of fines and penalties, liability to private plaintiffs as a result of individual or class action litigation, restrictions on our ability to carry on or expand our operations, and reputational harm. In addition, because many of our products are regulated or sold to customers in various industries, we must comply with additional regulations in marketing our products. Moreover, our compliance with privacy laws and regulations and our reputation depend in part on customers' adherence to privacy laws and regulations and their use of our services in ways consistent with consumer expectations and regulatory requirements. We cannot predict the ultimate impact on our business of new or proposed CFPB, FCA or other rules, supervisory examinations or government investigations or enforcement actions.

The following legal and regulatory developments also could have a substantial negative impact on our business, financial condition or results of operations:

amendment, enactment or interpretation of laws and regulations that restrict the access and use of personal information and reduce the availability or effectiveness of our solutions or the supply of data available to customers;
changes in cultural and consumer attitudes in favor of further restrictions on information collection and sharing, which may lead to regulations that prevent full utilization of our solutions;
failure of data suppliers or customers to comply with laws or regulations, where mutual compliance is required;
failure of our solutions to comply with current laws and regulations; and
failure of our solutions to adapt to changes in the regulatory environment in an efficient, cost effective manner.

For example, Ecuador passed a law in December 2017 that, if implemented, would effectively prohibit us from operating as a credit bureau within Ecuador unless we are selected to operate under contract to serve the public authority that the new law tasks with providing such services. These laws and regulations (as well as actions that may be taken by legislatures and regulatory bodies in other countries) and the consequences of any violation could limit our ability to pursue business opportunities we might otherwise consider engaging in, impose additional costs on us, result in significant loss of revenue, result in significant restitution and fines, impact the value of assets we hold, or otherwise adversely affect our business. See “Item 1. Business - Governmental Regulation” and “Item 3. Legal Proceedings” in this Form 10-K.

Regulatory oversight of our contractual relationships with certain of our customers may adversely affect our business.

The federal banking agencies, including the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System and the CFPB, as well as many state banking agencies

19



have issued guidance to insured depository institutions and other providers of financial services on assessing and managing risks associated with third-party relationships, which include all business arrangements between a financial services provider and another entity, by contract or otherwise, and generally requires banks and financial services providers to exercise comprehensive oversight throughout each phase of a bank or financial service provider’s business arrangement with third-party service providers, and instructs banks and financial service providers to adopt risk management processes commensurate with the level of risk and complexity of their third-party relationships. This guidance requires more rigorous oversight of third-party relationships that involve certain “critical activities.” In light of this guidance, our existing or potential bank and financial services customers subject to this guidance may continue to revise their third-party risk management policies and processes and the terms on which they do business with us, which may adversely affect our relationship with such customers. In response to the 2017 cybersecurity incident, we also have been contacted by state banking regulators seeking to examine our practices as a third-party service provider to the entities that they regulate. It is possible that these or similar examinations by federal or state banking regulators could lead to adverse changes in our customer relationships.

Economic, political and other risks associated with international sales and operations could adversely affect our results of operations.

Sales outside the U.S. comprised 29% of our operating revenue in 2017. As a result, our business is subject to various risks associated with doing business internationally. In addition, many of our employees, suppliers, job functions and facilities are located outside the U.S. Accordingly, our future results could be harmed by a variety of factors including:

changes in specific country or region political, economic or other conditions;
trade protection measures;
data privacy and consumer protection regulations;
difficulty in staffing and managing widespread operations;
differing labor, intellectual property protection and technology standards and regulations;
business licensing requirements or other requirements relating to making foreign direct investments, which could increase our cost of doing business in certain jurisdictions, prevent us from entering certain markets, increase our operating costs or lead to penalties or restrictions;
difficulties associated with repatriating cash generated or held abroad in a tax-efficient manner;
implementation of exchange controls;
geopolitical instability, including terrorism and war;
foreign currency changes;
increased travel, infrastructure, legal and compliance costs of multiple international locations;
foreign laws and regulatory requirements;
terrorist activity, natural disasters and other catastrophic events;
restrictions on the import and export of technologies;
difficulties in enforcing contracts and collecting accounts receivable;
longer payment cycles;
failure to meet quality standards for outsourced work;
unfavorable tax rules;
the presence and acceptance of varying level of business corruption in international markets; and
varying business practices in foreign countries

We earn revenue, pay expenses, own assets and incur liabilities in countries using currencies other than the U.S. dollar, including among others the British pound, the Australian dollar, the Canadian dollar, the Argentine peso, the Chilean peso, the Euro, the New Zealand dollar, the Costa Rican colon, the Singapore dollar, the Brazilian real, the Russian ruble and the Indian rupee. Because our consolidated financial statements are presented in U.S. dollars, we must translate revenue, income and expenses, as well as assets and liabilities, into U.S. dollars at exchange rates in effect during or at the end of each reporting period. Therefore, increases or decreases in the value of the U.S. dollar against major currencies will affect our operating revenues, operating income and the value of balance sheet items denominated in foreign currencies. In 2017, a general weakening of foreign currencies in countries where we have operations against the U.S. dollar had a negative impact on our results as reported in U.S. dollars. See “Segment Financial Results - International - Asia Pacific,” “ - Europe,” “ -Latin America,” and “- Canada” and “Effects of Inflation and Changes in Foreign Currency Exchange Rates” in the Management’s Discussion and Analysis section of this Form 10-K. Because of the geographic diversity of our operations, weaknesses in some currencies might be offset by strengths in others over time. We generally do not mitigate the risks associated with fluctuating exchange rates, although we may from time to time through forward contracts or other derivative instruments hedge a portion of our translational foreign currency exposure or exchange rate risks associated with material transactions which are denominated in a foreign currency. The use of such hedging activities may not offset any or more than a portion of the adverse financial effects of unfavorable movements in foreign exchange rates over the limited time the hedges are in place.

20



Accordingly, fluctuations in foreign currency exchange rates, particularly the strengthening of the U.S. dollar against major currencies, may materially affect our consolidated financial results.

We also have a cost method investment in a credit information company in Brazil valued in Brazilian reais. Economic and competition risks within Brazil, and the company’s ability to successfully implement its strategic and operating plans, have had an adverse financial impact on the value of our investment and could result in an additional impairment of the investment.

Compliance with applicable U.S. and foreign laws and regulations, such as anti-corruption laws, tax laws, foreign exchange controls and restrictions on repatriation of earnings or other similar restraints, data privacy requirements, labor laws and anti-competition relations increases the cost of doing business in foreign jurisdictions. Although we have implemented policies and procedures to comply with these laws and regulations, a violation by our employees, contractors or agents could nevertheless occur.

We are regularly involved in claims, suits, government investigations, supervisory examinations and other proceedings that may result in adverse outcomes.

In addition to what we are currently experiencing due to the 2017 cybersecurity incident, we are regularly involved in claims, suits, government investigations, supervisory examinations and regulatory proceedings arising from the ordinary course of our business, including actions with respect to consumer protection and data protection, including purported class action lawsuits. Such claims, suits, government investigations and proceedings are inherently uncertain and their results cannot be predicted with certainty. Regardless of their outcome, such legal proceedings can have an adverse impact on us because of legal costs, diversion of management and other personnel, and other factors. In addition, it is possible that a resolution of one or more such proceedings could result in reputational harm, liability, penalties, or sanctions, as well as judgments, consent decrees, or orders preventing us from offering certain features, functionalities, products, or services, or requiring a change in our business practices, products or technologies, which could in the future materially and adversely affect our business, operating results, and financial condition. The FCRA contains an attorney fee shifting provision to provide an incentive for consumers to bring individual and class action lawsuits against a CRA for violation of the FCRA, and the number of consumer lawsuits (both individual and class action) against us alleging a violation of FCRA and our resulting costs associated with resolving these lawsuits have increased substantially over the past several years.

We rely, in part, on acquisitions, joint ventures and other alliances to grow our business and expand our geographic reach. The acquisition, integration or divestiture of businesses by us may not produce the expected financial, operating results or IT and data security profile we expect. In addition, if we are unable to make acquisitions or successfully develop and maintain joint ventures and other alliances, our growth may be adversely impacted.

Historically, we have relied, in part, on acquisitions, joint ventures and other alliances to grow our business. Over the past several years, we have acquired many smaller businesses in the U.S. and across the world. Furthermore, during 2016, we acquired Veda, the leading provider of credit information and analysis in Australia and New Zealand, for cash consideration plus debt assumed of approximately $1.9 billion. In January 2014, we acquired TDX, a debt placement service and debt management platform company in the United Kingdom for approximately $323 million. Acquisitions may not be completed on favorable terms, and the expected benefits, synergies and growth from these initiatives may not materialize as planned. We may have difficulty assimilating new businesses and their products, services, technologies, IT systems and personnel into our operations. IT and data security profiles of acquired companies may not meet the Equifax standard and may take longer to integrate and remediate than planned. This may result in significantly greater transaction costs for future acquisitions than we have experienced historically, or it could mean that we will not pursue certain acquisitions where the costs of integration and remediation are too significant. We may also have difficulty integrating and operating businesses in countries and geographies where we do not currently have a significant presence, and acquisitions of businesses having a significant presence outside of the U.S. will increase our exposure to risks of conducting operations in international markets. Similarly, any divestitures will be accompanied by risks commonly encountered in the sale of businesses. These difficulties could disrupt our ongoing business, distract our management and workforce, increase our expenses and adversely affect our operating results and financial condition.

Despite our past experience, opportunities to grow our business through acquisitions, joint ventures and other alliances may not be available to us in the future. In addition, as a result of the 2017 cybersecurity incident and the resources and management attention required in connection therewith, there may be more limited resources available for acquisitions and management’s attention is likely to be diverted away from sourcing and developing potential acquisition and joint venture opportunities, resulting in decreased growth.


21



Dependence on outsourcing certain portions of our operations may adversely affect our ability to bring products to market and damage our reputation. Dependence on outsourced information technology and other administrative functions may impair our ability to operate effectively.

As part of our efforts to streamline operations and to reduce operating costs, we have outsourced various components of our application development, information technology, operational support and administrative functions and will continue to evaluate additional outsourcing. Although we have implemented service level agreements and have established monitoring controls, if our outsourcing vendors fail to perform their obligations in a timely manner or at satisfactory quality levels including with respect to data and system security, or increase prices for their services to unreasonable levels, our ability to bring products to market and support our customers, and our reputation could suffer. Any failure to perform on the part of these third-party providers could impair our ability to operate effectively and could result in lower future revenue, unrealized efficiencies and adversely impact our results of operations and our financial condition. Much of our outsourcing takes place in developing countries and, as a result, may be subject to geopolitical uncertainty.

Changes in income tax laws can significantly impact our net income.

Federal and state governments in the U.S. as well as a number of other governments around the world are currently facing significant fiscal pressures and have considered or may consider changes to their tax laws for revenue raising or economic competitiveness reasons. Changes to tax laws can have immediate impacts, either favorable or unfavorable, on our results of operations and cash flows, and may impact our competitive position versus certain competitors who are domiciled in other jurisdictions and subject to different tax laws. In December 2017, the U.S. enacted the Tax Cuts and Jobs Act of 2017 which will significantly impact our U.S. and global tax expense. The application of many provisions in the Tax Cuts and Jobs Act of 2017 are uncertain at this time. The impact on Equifax will not be fully known until further guidance is provided by the U.S. Treasury.

If our government contracts are terminated, if we are suspended from government work, or if our ability to compete for new contracts is adversely affected, our business could suffer.

We derive a portion of our revenue from direct and indirect sales to U.S., state, local and foreign governments and their respective agencies. Such contracts are subject to various procurement laws and regulations, and contract provisions relating to their formation, administration and performance. Failure to comply with these laws, regulations or provisions in our government contracts could result in the imposition of various civil and criminal penalties, termination of contracts, forfeiture of profits, suspension of payments, or suspension of future government contracting. Following the 2017 cybersecurity incident, our government contracts received enhanced scrutiny and negative media attention that resulted in the suspension of one of our contracts. If we are unable to repair the reputational damage cause by the 2017 cybersecurity incident and ensure the security of the data we maintain, our ability to maintain our existing and acquire new government contracts may be substantially impacted.
 
Also, the government programs to which we provide services, or which are the basis of compliance services we provide non-governmental clients, including, in particular, the employer requirements under the Affordable Care Act, may be terminated or substantially altered by the government and our services would no longer be needed. If our government contracts are terminated, if we are suspended from government work, if the services we provide are no longer needed due to government program change or termination, or if our ability to compete for new contracts is adversely affected, our business could suffer.

Third parties may claim that we are infringing on their intellectual property and we could suffer significant litigation or licensing expenses or be prevented from selling products or services.

There has been substantial litigation in the U.S. regarding intellectual property rights in the information technology industry. From time to time, third parties may claim that one or more of our products or services infringe their intellectual property rights. We analyze and take action in response to such claims on a case by case basis. Any dispute or litigation regarding patents or other intellectual property could be costly and time-consuming due to the complexity of our technology and the uncertainty of intellectual property litigation, could divert our management and key personnel from our business operations and we may not prevail. A claim of intellectual property infringement could force us to enter into a costly or restrictive license agreement, which might not be available under acceptable terms or at all, or could subject us to significant damages or to an injunction against development and sale of certain of our products or services. Our intellectual property portfolio may not be useful in asserting a counterclaim, or negotiating a license, in response to a claim of intellectual property infringement. In certain of our businesses we rely on third-party intellectual property licenses and we cannot ensure that these licenses will be available to us in the future on favorable terms or at all. Although our policy is to obtain licenses or other rights where necessary, we cannot provide assurance that we have obtained all required licenses or rights.


22



Third parties may misappropriate or infringe on our intellectual property and we may suffer competitive injury or expend significant resources enforcing our rights.

Our success increasingly depends on our proprietary technology. We rely on various intellectual property rights, including patents, copyrights, database rights, trademarks and trade secrets, as well as contract restrictions, confidentiality provisions and licensing arrangements, to establish our proprietary rights. The extent to which such rights can be protected varies in different jurisdictions. If we do not enforce our intellectual property rights successfully our competitive position may suffer which could harm our operating results. Our pending patent and trademark applications may not be allowed or competitors may challenge the validity or scope of our intellectual property rights. In addition, our patents, copyrights, trademarks and other intellectual property rights may not provide us a significant competitive advantage.

We may need to devote significant resources, including cybersecurity resources, to monitoring our intellectual property rights and we may or may not be able to detect misappropriation or infringement by third parties. Our competitive position may be harmed if we cannot detect misappropriation or infringement and enforce our intellectual property rights quickly or at all. In some circumstances, enforcement may not be available to us because a third party has a dominant intellectual property position or for other business reasons. In addition, competitors might avoid infringement by designing around our intellectual property rights or by developing non-infringing competing technologies. Intellectual property rights and our ability to enforce them may be unavailable or limited in some countries which could make it easier for competitors to capture market share and could result in lost revenue.

The U.K’s impending departure from the EU could adversely affect us.

The referendum on the U.K.’s membership in the EU (referred to as “Brexit”) approving the exit of the U.K. from the EU could cause disruptions to and create uncertainty surrounding our business, including affecting our relationships with our existing and future customers, suppliers and employees, which could have an adverse effect on our business, financial results and operations. While the referendum was non-binding, the U.K. parliament has voted in favor of allowing the government to commence negotiations to determine the future terms of the U.K.’s relationship with the EU, including the terms of trade between the U.K. and the EU and other nations. The effects of Brexit will depend on any agreements the U.K. makes to retain access to EU markets either during a transitional period or more permanently. In addition, developments regarding Brexit may also create global economic uncertainty, which may cause our clients to closely monitor their costs and reduce their spending on our solutions and services.

A downgrade to our credit ratings would increase our cost of borrowing under our credit facility and adversely affect our ability to access the capital markets.

We are party to a $900.0 million unsecured, revolving credit facility that matures in November 2020 and an $800.0 million term loan facility that matures in November 2018 (collectively, the “Senior Credit Facilities”). The cost of borrowing under the Senior Credit Facilities and our ability and the terms under which we may access the credit markets are affected by credit ratings assigned to our indebtedness by the major credit rating agencies. These ratings are premised on our performance under assorted financial metrics, such as leverage and interest coverage ratios and other measures of financial strength, business and financial risk, industry conditions, transparency with rating agencies and timeliness of financial reporting. Our current ratings have served to lower our borrowing costs and facilitate access to a variety of lenders. However, there can be no assurance that our credit ratings or outlook will not be lowered in the future in response to adverse changes in these metrics caused by our operating results or by actions that we take that reduce our profitability or that require us to incur additional indebtedness for items such as substantial cash acquisitions, significant increases in costs and capital spending in security and IT systems, significant costs related to settlements of litigation or regulatory requirements, or by returning excess cash to shareholders through dividends or under our share repurchase program. A downgrade of our credit ratings would increase our cost of borrowing under the Senior Credit Facilities, negatively affect our ability to access the capital markets on advantageous terms, or at all, negatively affect the trading price of our securities and have a significant negative impact on our business, financial condition and results of operations.

We may not be able to borrow under our revolving credit facility and Receivables Facility.

We are party to a $225.0 million, 2-year receivables funding facility ("the "Receivables Facility") as well as the Senior Credit Facilities. Our revolving credit facility and Receivables Facility have representations, covenants, financial covenants and events of default which may limit our ability to borrow under such debt obligations. Any breach of a representation or failure to comply with any covenant or financial covenant or the occurrence of any event of default under the Senior Credit Facilities or the Receivables Facility could result in a prohibition of further borrowings under the revolving credit facility and Receivables

23



Facility or acceleration of any obligations outstanding thereunder. Any event of default under the Senior Credit Facilities or Receivables Facility could result in a cross default under our other outstanding debt obligations.

Changes in interest rates could adversely affect our cost of capital and net income.

Rising interest rates, credit market dislocations and decisions and actions by credit rating agencies can affect the availability and cost of our funding and adversely affect our net income.

Our business will suffer if we are not able to retain and hire key personnel.

Our future success depends partly on the continued service of our key development, sales, marketing, executive and administrative personnel. Additionally, increased retention risk exists in certain key areas of our operations, such as IT and security, which require specialized skills, such as maintenance of certain legacy computer systems, data security experts and analytical modelers. If we fail to retain and hire a sufficient number of these personnel, we will not be able to maintain or expand our business. Further, as a result of the cybersecurity incident we may suffer increased attrition. We believe our pay levels are competitive within the regions in which we operate. However, there is also intense competition for certain highly technical specialties in geographic areas where we continue to recruit, and it may become more difficult to retain our key employees.

Our retirement and post-retirement pension plans are subject to financial market risks that could adversely affect our future results of operations and cash flows.

We have significant retirement and post retirement pension plan assets and obligations. The performance of the financial markets and interest rates impact our plan expenses and funding obligations. Significant decreases in market interest rates, decreases in the fair value of plan assets and investment losses on plan assets will increase our funding obligations, and adversely impact our results of operations and cash flows.

We are subject to a variety of other general risks and uncertainties inherent in doing business.

In addition to the specific factors discussed above, we are subject to risks that are inherent to doing business. These include growth rates, general economic and political conditions, customer satisfaction with the quality of our services, costs of obtaining insurance, changes in unemployment rates, and other events that can impact revenue and the cost of doing business.

ITEM 1B. UNRESOLVED STAFF COMMENTS
 
None.
 
ITEM 2. PROPERTIES
 
Our executive offices are located at 1550 Peachtree Street, N.W., Atlanta, Georgia. Our other properties are geographically distributed to meet sales and operating requirements worldwide. We consider these properties to be both suitable and adequate to meet our current operating requirements. We ordinarily lease office space for conducting our business and are obligated under approximately 80 leases and other rental arrangements for our field locations. We owned 8 office buildings at December 31, 2017, including our executive offices, one campus which houses our Alpharetta, Georgia data center, a building utilized by our Workforce Solutions operations located in St. Louis, Missouri, as well as three buildings utilized by our Latin America operations located in Mexico City, Mexico and Asuncion, Paraguay. We also own 23.5 acres adjacent to the Alpharetta, Georgia data center.
 
For additional information regarding our obligations under leases, see Note 6 of the Notes to Consolidated Financial Statements in this report. We believe that suitable additional space will be available to accommodate our future needs.


24



ITEM 3. LEGAL PROCEEDINGS
 
Cybersecurity Incident Litigation, Claims and Government Investigations. Following the 2017 cybersecurity incident, hundreds of class actions were filed by consumers against us in federal, state and Canadian courts relating to the cybersecurity incident. The plaintiffs in these cases, who purport to represent various classes of consumers, generally claim to have been harmed by alleged actions and/or omissions by Equifax in connection with the cybersecurity incident and assert a variety of common law and statutory claims seeking monetary damages, injunctive relief and other related relief. In addition, certain class actions have been filed by financial institutions who allege their businesses have been placed at risk due to the cybersecurity incident and generally assert various common law claims such as claims for negligence and breach of contract, as well as, in some cases, statutory claims. The financial institutions class actions seek compensatory damages and other related relief. Furthermore, a lawsuit has been filed by the City of Chicago with respect to the cybersecurity incident alleging violations of state laws and local ordinances governing protection of personal data, consumer fraud and breach notice requirements and business practices. Beginning on December 6, 2017 and pursuant to multiple subsequent orders, the U.S. Judicial Panel on Multidistrict Litigation ordered the consolidation and transfer for pre-trial proceedings with respect to the U.S. cases pending in federal court discussed above to the Northern District of Georgia as the single U.S. District Court for centralized proceedings. Based on this order, consolidated pre-trial hearings with respect to U.S. consumer and financial institution federal class actions related to the cybersecurity incident have begun in the Northern District of Georgia. In addition to these federal court proceedings, four putative class actions arising from the cybersecurity incident have been filed in the Fulton County Superior Court in Georgia. We have also appeared or notified the appropriate parties of representation in the Canadian class actions, but such actions are all at the preliminary stages. In addition, a civil enforcement action has been filed by the Attorney General of Massachusetts and a lawsuit has been filed by the City of San Francisco, each of which are in the initial pre-trial stages. We dispute the allegations in the complaints described above and intend to defend against such claims.

In addition, we continue to cooperate with federal, state, city and foreign governmental agencies and officials investigating or otherwise seeking information and/or documents, including through Civil Investigative Demands, regarding the cybersecurity incident and related matters, including 49 state Attorneys General offices, as well as the District of Columbia, the Federal Trade Commission, the Consumer Finance Protection Bureau, the U.S. Securities and Exchange Commission (“SEC”), the U.S. Department of Justice, the New York Department of Financial Services, the New York Department of State - Division of Consumer Protection, other U.S. state regulators, including state banking regulators, the Financial Industry Regulatory Authority, certain Congressional committees of both the U.S. Senate and House of Representatives, the United Kingdom’s Financial Conduct Authority (“FCA”), the Information Commissioner’s Office in the United Kingdom and the Office of the Privacy Commissioner of Canada. Although we are actively cooperating with these investigations and inquiries, an adverse outcome to any such investigations and inquiries could subject us to fines or other obligations, which may have an adverse effect on how we operate our business or our results of operations. In addition, we continue to cooperate with the SEC and the U.S. Attorney’s Office for the Northern District of Georgia regarding investigations into the trading activities by certain of our employees in relation to the cybersecurity incident.
TransUnion Litigation. On November 27, 2017, Trans Union LLC and TransUnion Interactive, Inc. (collectively, “TransUnion”) filed a lawsuit in the U.S. District Court for the Northern District of Illinois against Equifax Information Services LLC, Equifax Inc., and Equifax Consumer Services LLC f/k/a Equifax Consumer Services, Inc. In its lawsuit, TransUnion asserts claims for declaratory relief, breach of contract, and anticipatory repudiation of contract based on our Reciprocal Data Supply Agreement (the “Agreement”), which sets forth the pricing terms for credit monitoring supplied by the parties to each other. TransUnion seeks a declaration regarding its contractual rights under the Agreement and monetary damages. On January 26, 2018, we moved to dismiss TransUnion’s claims, and discovery in the case has been stayed until a ruling on that motion is issued. We dispute the allegations by TransUnion and intend to defend against its claims.
Securities Class Action Litigation. A consolidated putative class action lawsuit alleging violations of the federal securities laws in connection with statements regarding our cybersecurity systems and controls is pending against us and certain of our current and former officers and directors in the Northern District of Georgia. The complaints seek certification of a class of all persons who purchased or otherwise acquired Equifax securities during a set period of time and unspecified monetary damages, costs and attorneys’ fees. We dispute the allegations in these complaints and intend to defend against the claims.
Shareholder Derivative Litigation. Four putative shareholder derivative lawsuits have been commenced in the Northern District of Georgia naming certain of our current and former officers and directors as defendants and naming us as a nominal defendant. Among other things, the complaints allege claims for breaches of fiduciary duties, unjust enrichment, corporate waste, and insider selling by certain defendants. Three of the complaints also allege claims for violations of certain federal securities laws. The Complaints seek unspecified damages on behalf of the Company, plus certain equitable relief. Certain plaintiffs have filed motions seeking consolidation of the actions and appointment as lead plaintiffs. We have appointed

25



a committee of independent directors empowered to evaluate and respond in our best interests to the claims and related litigation demands.
It is not possible at this time to estimate the amount of loss or range of possible loss that might result from adverse judgments, settlements, penalties or other resolution of the above described proceedings and investigations based on the early stage of these proceedings and investigations, that alleged damages have not been specified, the uncertainty as to the certification of a class or classes and the size of any certified class, as applicable, and the lack of resolution on significant factual and legal issues.
Additional lawsuits and claims related to the 2017 cybersecurity incident may be asserted by or on behalf of consumers, customers, shareholders or others seeking damages or other related relief and additional inquiries from governmental agencies may be received or investigations by governmental agencies commenced.

ACCC Investigation. In March 2017, the Australian Competition and Consumer Commission (the “ACCC”) commenced an investigation to determine whether the Company has been or is engaged in unlawful acts or practices relating to advertising, marketing and sale of consumer reports, credit scores or credit monitoring products in violation of the Australian Consumer Law, which prohibits misleading or deceptive conduct and false representations. The ACCC issued a number of notices to produce documents and information. The Company expects that the ACCC will commence proceedings. If this occurs the ACCC may seek restitution, civil monetary penalties, injunctive and declaratory relief or other corrective action. The Company continues to cooperate with the ACCC in its investigation.
California Bankruptcy Litigation. In consolidated actions filed in the U.S. District Court for the Central District of California, captioned Terri N. White, et al. v. Equifax Information Services LLC, Jose Hernandez v. Equifax Information Services LLC, Kathryn L. Pike v. Equifax Information Services LLC, and Jose L. Acosta, Jr., et al. v. Trans Union LLC, et al., plaintiffs asserted that Equifax violated federal and state law (the FCRA, the California Credit Reporting Act and the California Unfair Competition Law) by failing to follow reasonable procedures to determine whether credit accounts are discharged in bankruptcy, including the method for updating the status of an account following a bankruptcy discharge. On August 20, 2008, the District Court approved a Settlement Agreement and Release providing for certain changes in the procedures used by defendants to record discharges in bankruptcy on consumer credit files. That settlement resolved claims for injunctive relief, but not plaintiffs’ claims for damages. On May 7, 2009, the District Court issued an order preliminarily approving an agreement to settle remaining class claims. The District Court subsequently deferred final approval of the settlement and required the settling parties to send a supplemental notice to those class members who filed a claim and objected to the settlement or opted out, with the cost for the re-notice to be deducted from the plaintiffs’ counsel fee award. Mailing of the supplemental notice was completed on February 15, 2011 and the deadline for this group of settling plaintiffs to provide additional documentation to support their damage claims or to opt-out of the settlement was March 31, 2011. On July 15, 2011, the District Court approved the settlement. Several objecting plaintiffs subsequently filed notices of appeal to the U.S. Court of Appeals for the Ninth Circuit, which, on April 22, 2013, issued an order vacating the settlement and remanding the case to the District Court for further proceedings. On January 21, 2014, the District Court denied the objecting plaintiffs’ motion to disqualify counsel for the settling plaintiffs and granted the motion of counsel for the settling plaintiffs to be appointed as interim lead class counsel. On March 28, 2016, the U.S. Court of Appeals for the Ninth Circuit affirmed the District Court’s lead counsel appointment. On January 9, 2017, the United States Supreme Court denied the objectors’ Petition for a Writ of Certiorari. The parties re-engaged in settlement discussions, including participation in mediations in August 2016 and November 2016, and reached an agreement to again settle the monetary claims. Settlement documents were filed with the District Court on April 14, 2017. On June 16, 2017, the Court granted preliminary approval of the proposed settlement, conditionally certified the settlement class, and appointed class counsel and administrator. A Final Fairness Hearing was held on December 11, 2017. Upon issuance of a Final Order by the Court, any appeals will be due within thirty days.

Other. Equifax has been named as a defendant in various other legal actions, including administrative claims, regulatory matters, government investigations, class actions and other litigation arising in connection with our business. Some of the legal actions include claims for substantial compensatory or punitive damages or claims for indeterminate amounts of damages. We believe we have defenses to and, where appropriate, will contest, many of these matters. Given the number of these matters, some are likely to result in adverse judgments, penalties, injunctions, fines or other relief. We may explore potential settlements before a case is taken through trial because of the uncertainty and risks inherent in the litigation process.
 
For information regarding our accounting for legal contingencies, see Note 6 of the Notes to Consolidated Financial Statements in this Form 10-K.


26



ITEM 4. MINE SAFETY DISCLOSURES
 
Not applicable.


27



PART II
 
ITEM 5. MARKET FOR THE REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
 
Equifax’s common stock is traded on the New York Stock Exchange under the symbol “EFX.” As of January 31, 2018, Equifax had approximately 2,206 holders of record; however, Equifax believes the number of beneficial owners of common stock exceeds this number.
 
The table below sets forth the high and low sales prices per share of Equifax common stock, as reported on the New York Stock Exchange, for each quarter in the last two fiscal years and dividends declared per share:
 
High Sales Price
 
Low Sales Price
 
Dividends (1)
2017
 
 
 
 
 
First Quarter
$
137.76

 
$
116.31

 
$
0.39

Second Quarter
$
144.00

 
$
131.62

 
$
0.39

Third Quarter
$
147.02

 
$
89.59

 
$
0.39

Fourth Quarter
$
120.77

 
$
105.31

 
$
0.39

 
 
 
 
 
 
2016
 
 
 
 
 
First Quarter
$
114.67

 
$
91.72

 
$
0.33

Second Quarter
$
128.41

 
$
113.09

 
$
0.33

Third Quarter
$
136.97

 
$
127.85

 
$
0.33

Fourth Quarter
$
134.56

 
$
110.87

 
$
0.33

(1)
Equifax’s Senior Credit Facilities, as defined in Note 5 of the Notes to Consolidated Financial Statements in this Form 10-K, restricts our ability to pay cash dividends on our capital stock or repurchase capital stock if a default exists or would result according to the terms of the credit agreement.
    
We anticipate continuing the payment of quarterly cash dividends. The actual amount of such dividends is subject to declaration by our Board of Directors and will depend upon future earnings, results of operations, capital requirements, our financial condition and other relevant factors. There can be no assurance that the Company will continue to pay quarterly cash dividends at current levels or at all.

28



Shareholder Return Performance Graph
 
The graph below compares Equifax’s five-year cumulative total shareholder return with that of the Standard & Poor’s Composite Stock Index (S&P 500) and a peer group index, the S&P 500 Banks Index (Industry Group). The graph assumes that the value of the investment in our Common Stock and each index was $100 on the last trading day of 2012 and that all quarterly dividends were reinvested without commissions. Our past performance may not be indicative of future performance.

COMPARATIVE FIVE-YEAR CUMULATIVE TOTAL RETURN AMONG EQUIFAX INC., S&P 500 INDEX, AND S&P 500 BANKS INDEX (INDUSTRY GROUP)
chart-65abe6a099a053f1b3e.jpg
 
Fiscal Year Ended December 31,
 
Initial
 
2013
 
2014
 
2015
 
2016
 
2017
Equifax Inc.
100.00

 
129.52

 
153.68

 
214.06

 
226.90

 
228.22

S&P 500 Index
100.00

 
132.39

 
150.51

 
152.59

 
169.24

 
205.24

S&P 500 Banks Index (Industry Group)
100.00

 
132.25

 
149.79

 
148.23

 
178.13

 
214.75


    

29



The table below contains information with respect to purchases made by or on behalf of Equifax of its common stock during the fourth quarter ended December 31, 2017:
 
Issuer Purchases of Equity Securities
Period
 
Total Number of Shares Purchased (1)
 
Average Price Paid Per Share (2)
 
Total Number of Shares Purchased as Part of Publicly-Announced Plans or Programs
 
Maximum Number (or Approximate Dollar Value) of Shares that May Yet Be Purchased Under the Plans or Programs (3)
October 1 - October 31, 2017
 
48,395

 
$

 

 
$
590,092,166

November 1 - November 30, 2017
 
450

 
$

 

 
$
590,092,166

December 1 - December 31, 2017
 
958

 
$

 

 
$
590,092,166

Total
 
49,803

 
$

 

 
$
590,092,166


 (1)
The total number of shares purchased includes: (a) shares purchased pursuant to our publicly-announced share repurchase program, or Program; and (b) shares surrendered, or deemed surrendered, in satisfaction of the exercise price and/or to satisfy tax withholding obligations in connection with the exercise of employee stock options and vesting of restricted stock, totaling 48,395 shares for the month of October 2017, 450 shares for the month of November 2017 and 958 shares for the month of December 2017.

(2)
Average price paid per share for shares purchased as part of our Program (includes brokerage commissions).

(3)
Under the Program, we repurchased 0.5 million common shares during the twelve months ended December 31, 2017 for $77.1 million. At December 31, 2017, the amount authorized for future share repurchases under the Program was $590.1 million.

Information relating to compensation plans under which the Company’s equity securities are authorized for issuance is included in the section captioned “Equity Compensation Plan Information” in our 2018 Proxy Statement and is incorporated herein by reference.

30



ITEM 6. SELECTED FINANCIAL DATA
 
The table below summarizes our selected historical financial information for each of the last five years. The summary of operations data for the years ended December 31, 2017, 2016, 2015, and the balance sheet data as of December 31, 2017 and 2016, have been derived from our audited Consolidated Financial Statements included in this report. The summary of operations data for the years ended December 31, 2014 and 2013, and the balance sheet data as of December 31, 2015, 2014 and 2013, have been derived from our audited Consolidated Financial Statements not included in this report. The historical selected financial information may not be indicative of our future performance and should be read in conjunction with the information contained in Management’s Discussion and Analysis of Financial Condition and Results of Operations, and the Consolidated Financial Statements and the accompanying Notes to the Consolidated Financial Statements in this report.
 
 
Twelve Months Ended
December 31,
 
2017 (1) (2)
 
2016 (3)
 
2015 (4)(5)
 
2014 (6)
 
2013(7)(8)
 
(In millions, except per share data)
Summary of Operations:
 
 
 
 
 
 
 
 
 
Operating revenue
$
3,362.2

 
$
3,144.9

 
$
2,663.6

 
$
2,436.4

 
$
2,303.9

Operating expenses
2,537.6

 
2,327.0

 
1,969.7

 
1,798.2

 
1,692.7

Operating income
824.6

 
817.9

 
693.9

 
638.2

 
611.2

Consolidated income from continuing operations
598.0

 
495.1

 
434.8

 
374.0

 
341.5

Discontinued operations, net of tax (7)

 

 

 

 
18.4

Net income attributable to Equifax
$
587.3

 
$
488.8

 
$
429.1

 
$
367.4

 
$
351.8

 
 
 
 
 
 
 
 
 
 
Dividends paid to Equifax shareholders
$
187.4


$
157.6


$
137.8


$
121.2


$
106.7

Diluted earnings per share














Net income from continuing operations attributable to Equifax
$
4.83


$
4.04


$
3.55


$
2.97


$
2.69

Discontinued operations attributable to Equifax








0.15

Net income attributable to Equifax
$
4.83


$
4.04


$
3.55


$
2.97


$
2.84

Cash dividends declared per share
$
1.56


$
1.32


$
1.16


$
1.00


$
0.88

Weighted-average shares outstanding (diluted)
121.5


121.1


120.9


123.5


123.7

 
As of December 31,
 
2017 (1) (2)
 
2016 (3)
 
2015 (4)(5)
 
2014 (6)
 
2013(7)(8)
 
(In millions)
Balance Sheet Data:
 
 
 
 
 
 
 
 
 
Total assets
$
7,233.4


$
6,664.0


$
4,501.5


$
4,661.0


$
4,522.5

Short-term debt and current maturities
965.3


585.4


49.3


380.4


296.5

Long-term debt, net of current portion
1,739.0


2,086.8


1,138.4


1,145.7


1,145.5

Total debt, net
2,704.3


2,672.2


1,187.7


1,526.1


1,442.0

Total equity
3,239.0


2,721.3


2,350.4


2,234.6


2,341.0

 

(1)
Through December 31, 2017, the Company recorded $164.0 million of pretax expenses related to the cybersecurity incident and insurance recoveries of $50.0 million for net expenses of $114.0 million. We included $14.2 million of these expenses in Cost of services and $99.8 million in Selling, general and administrative expenses in the accompanying Consolidated Statements of Income for the year ended December 31, 2017. Expenses include costs to investigate and remediate the cybersecurity incident and legal and other professional services related thereto, all of which were expensed as incurred. Additionally, as a result of the cybersecurity incident, we offered free credit file monitoring and identity theft protection to all U.S. consumers. We have recorded the expenses necessary to provide this

31



service to those who signed up. For additional information, see Note 6 of the Notes to the Consolidated Financial Statements in this report.

(2)
The Tax Cuts and Jobs Act of 2017 (“Tax Act”), as signed by the President of the United States on December 22, 2017, significantly revises U.S. tax law. The legislation will positively impact the Company’s ongoing effective tax rate due to the reduction of the U.S. federal corporate tax rate from 35% to 21%. The Tax Act makes major changes to the U.S. international tax system. Under previous law, foreign earnings were subject to U.S. tax when repatriated to the U.S. Under the Tax Act, foreign earnings are generally exempt from U.S. tax. Additionally, there is a one-time deemed repatriation tax on undistributed foreign earnings and profits (the “transition tax”). The Tax Act imposes other U.S. taxes on “global intangible low taxed income” and “base erosion anti-abuse transactions.” Other significant changes include limitations on the deductibility of interest expense and executive compensation, and repeal of the deduction for domestic production activities. As a result of the current interpretation and estimated impact of the Tax Act, the Company recorded adjustments totaling a net tax benefit of $48.3 million in the fourth quarter of 2017 to provisionally account for the estimated impact. Refer to Note 7 of the Notes to the Consolidated Financial Statements in this Form 10-K for additional information. We also prospectively applied the provisions of ASU 2016-09 "Compensation - Stock Compensation (Topic 718)," related to the recognition of windfall tax benefits in the Consolidated Statement of Income which resulted in the recognition of $26.7 million of tax benefits for the year ended December 31, 2017.

(3)
In the first quarter of 2016, we completed the acquisition of 100% of the ordinary voting shares of Veda for cash consideration plus debt assumed of approximately $1.9 billion. The acquisition provides a strong platform for Equifax to offer data and analytic services and further broaden the Company's geographic footprint. Additionally, on August 23, 2016, the Company completed the acquisition of 100% of the assets and certain liabilities of unemployment tax and claims management specialists Barnett & Associates ("Barnett"), as well as the verifications business, Computersoft, LLC ("Computersoft"). For the year ended December 31, 2016, we recorded $40.2 million ($28.2 million, net of tax) for Veda acquisition related amounts. Of this amount, $30.1 million relates to transaction and integration costs in operating income, $9.2 million is recorded in other income and is the impact of foreign currency changes on the transaction structure, including the economic hedges, $0.2 million is recorded in depreciation and amortization, and $0.7 million is recorded in interest expense. For additional information, see Note 3 of the Notes to the Consolidated Financial Statements in this report.

(4)
In the first quarter of 2015, we recorded a $20.7 million restructuring charge ($13.2 million, net of tax) all of which was recorded in Selling, general and administrative expenses on our Consolidated Statements of Income. This charge resulted from our continuing efforts to realign our internal resources to support the Company’s strategic objectives and increase the integration of our global operations. For additional information, see Note 12 of the Notes to Consolidated Financial Statements in this report.

(5)
During the second quarter of 2015, the management of Boa Vista Servicos S.A. ("BVS"), in which we hold a 15% cost method investment, updated the financial projections of BVS. The updated projections, along with the continued weakness in the Brazilian consumer and small commercial credit markets were considered indicators of impairment. As a result of these changes, and the associated near-term changes in cash flow expected from the business, we recorded a 46.0 million Brazilian Reais ($14.8 million) impairment of our investment. For additional information, see Note 2 of the Notes to Consolidated Financial Statements in this report.

(6)
During the first quarter of 2014, we acquired 100% of the stock of TDX, a data, technology and services company in the United Kingdom that specializes in debt collections and recovery management through the use of analytics, data exchanges and technology platforms. The results of this acquisition have been included in our USIS and International operating segments subsequent to the acquisition. We also purchased Forseva, a provider of end-to-end, cloud-based credit-management software solutions. The results of this acquisition have been included in our USIS operating segment subsequent to the acquisition.

(7)
During the first quarter of 2013, we divested two non-strategic business lines, Equifax Settlement Services, which was part of our Mortgage business within the USIS operating segment, and Talent Management Services, which was part of our Employer Services business within our Workforce Solutions operating segment, for a total of $47.5 million. We have presented the Equifax Settlement Services and Talent Management Services operations as discontinued operations for all periods presented.

(8)
During the fourth quarter of 2013, the management of BVS, in which we hold a 15% cost method investment, revised its near-term outlook and its operating plans to reflect reduced near-term market expectations for credit information services in Brazil and increased investment needed to achieve its strategic objectives. As a result of these changes, and the

32



associated near-term changes in cash flow expected from the business, we recorded a 40 million Brazilian Reais ($17.0 million) impairment of our original investment of 130 million Brazilian Reais. For additional information, see Note 2 of the Notes to Consolidated Financial Statements in this report.

33



ITEM 7.  MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS
 
As used herein, the terms Equifax, the Company, we, our and us refer to Equifax Inc., a Georgia corporation, and its consolidated subsidiaries as a combined entity, except where it is clear that the terms mean only Equifax Inc.
 
All references to earnings per share data in Management’s Discussion and Analysis, or MD&A, are to diluted earnings per share, or EPS, unless otherwise noted. Diluted EPS is calculated to reflect the potential dilution that would occur if stock options or other contracts to issue common stock were exercised and resulted in additional common shares outstanding.
 
BUSINESS OVERVIEW
 
We are a leading global provider of information solutions, employment and income verifications and human resources business process outsourcing services. We leverage some of the largest sources of consumer and commercial data, along with advanced analytics and proprietary technology, to create customized insights which enable our business customers to grow faster, more efficiently and more profitably, and to inform and empower consumers.

Businesses rely on us for consumer and business credit intelligence, credit portfolio management, fraud detection, decisioning technology, marketing tools, debt management and human resources-related services. We also offer a portfolio of products that enable individual consumers to manage their financial affairs and protect their identity. Our revenue stream is diversified among businesses across a wide range of industries, international geographies and individual consumers.

2017 Cybersecurity Incident

In fiscal 2017, we experienced a cybersecurity incident following a criminal attack on our systems that involved the theft of certain personally identifiable information of U.S., Canadian and U.K. consumers. Criminals exploited a U.S. website application vulnerability to gain unauthorized access to our network. Based on our forensic investigation, the unauthorized access of information occurred from mid-May through July 2017. The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 U.S. and Canadian consumers, and certain dispute documents with personal identifying information for approximately 182,000 U.S. consumers, were accessed. The investigation determined that personal information of approximately 19,000 Canadian consumers was impacted and approximately 860,000 potentially affected U.K. consumers were contacted regarding access to personal information. The forensic investigation of the cybersecurity incident was, as previously disclosed, completed in the fourth quarter of fiscal 2017. No evidence was found that the Company's core consumer, employment and income, or commercial credit reporting databases were accessed.

The Company acted promptly to notify the approximately 145.5 million U.S. consumers whose personally identifiable information the Company had identified in 2017 as potentially accessed. As a result of an ongoing analysis of data stolen in the 2017 cybersecurity incident, the Company recently announced that it was able to identify approximately 2.4 million U.S. consumers whose name and partial driver’s license information were stolen, but who were not in the affected population of approximately 145.5 million consumers previously identified by the Company in 2017. The Company is in the process of notifying these additional consumers.
 
As a result of the 2017 cybersecurity incident, we are party to numerous lawsuits and governmental investigations. See Part I, Item 1A. Risk Factors and Part I, Item 3. Legal Proceedings for more information regarding these lawsuits and investigations. We continue to cooperate with law enforcement in connection with the criminal investigation into the actors responsible for the cybersecurity incident.
    
Expenses Incurred. Through December 31, 2017, the Company recorded $113.3 million of pretax expenses related to the cybersecurity incident. We have included $14.2 million of these expenses in Cost of services and $99.1 million in Selling, general and administrative expenses in the accompanying Consolidated Statements of Income for the year ended December 31, 2017. Expenses include costs to investigate and remediate the cybersecurity incident and legal and other professional services related thereto, all of which were expensed as incurred. 

Product Liability. Additionally, as a result of the cybersecurity incident, we offered free credit file monitoring and identity theft protection to all U.S. consumers. We have recorded the expenses necessary to provide this service to those who signed up. We have recorded $50.7 million through December 31, 2017 included in Selling, general and administrative expenses in the accompanying Consolidated Statements of Income.


34



Litigation, Claims and Government Investigations. As a result of the cybersecurity incident, we are subject to a significant number of proceedings and investigations as described in Part I, "Item 3. Legal Proceedings." While we believe it is reasonably possible that we will incur losses associated with these proceedings and investigations, it is not possible to estimate the amount of loss or range of possible loss that might result from adverse judgments, settlements, penalties or other resolution of such proceedings and investigations based on the early stage of these proceedings and investigations, that alleged damages have not been specified, the uncertainty as to the certification of a class or classes and the size of any certified class, as applicable, and the lack of resolution on significant factual and legal issues. The Company will continue to evaluate information as it becomes known and will record an estimate for losses at the time or times when it is both probable that a loss has been incurred and the amount of the loss is reasonably estimable. The Company believes that the ultimate amount paid on these actions, claims and investigations could be material to the Company’s consolidated financial condition, results of operations, or cash flows in future periods.

Future Costs. We expect to incur significant legal and other professional services expenses associated with the cybersecurity incident in future periods. We will recognize these expenses as services are received. Costs related to the cybersecurity incident that will be incurred in future periods will also include increased expenses and capital investments for IT and security. We expect to incur increased expenses for insurance, finance, compliance activities, and to meet increased legal and regulatory requirements. We will also incur increased costs to provide free services to consumers including increased customer support costs.

Insurance Coverage. We maintain $125 million of cybersecurity insurance coverage, above a $7.5 million deductible, to limit our exposure to losses such as those related to the cybersecurity incident. As of December 31, 2017, the Company has recorded a receivable of $35.0 million and received payments of $15 million for costs incurred to date that are reimbursable and probable of recovery under our insurance coverage.

Segment and Geographic Information
 
Segments. The USIS segment, the largest of our four segments, consists of three service lines: Online Information Solutions; Mortgage Solutions; and Financial Marketing Services. Online Information Solutions and Mortgage Solutions revenue is principally transaction-based and is derived from our sales of products such as consumer and commercial credit reporting and scoring, identity management, fraud detection and modeling services. USIS also markets certain decisioning software services, which facilitate and automate a variety of consumer and commercial credit-oriented decisions. Financial Marketing Services revenue is principally project and subscription based and is derived from our sales of batch credit and consumer wealth information such as those that assist clients in acquiring new customers, cross selling to existing customers and managing portfolio risk.
 
The International segment consists of Asia Pacific, Europe, Latin America and Canada. Canada’s services are similar to our USIS offerings. Asia Pacific, Europe and Latin America are made up of varying mixes of service lines that are generally in our USIS reportable segment. We also provide information and technology services to support lenders and other creditors in the collections and recovery management process.
 
The Workforce Solutions segment consists of the Verification Services and Employer Services business lines. Verification Services revenue is transaction-based and is derived primarily from employment and income verification. Employer Services revenues are derived from our provision of certain human resources business process outsourcing services that include both transaction and subscription based product offerings. These services include unemployment claims management, employment-based tax credit services and other complementary employment-based transaction services.
 
Global Consumer Solutions revenue is both transaction and subscription based and is derived from the sale of credit monitoring and identity theft protection products, which we deliver electronically to consumers primarily via the internet in the U.S., Canada, and the U.K. We reach consumers directly and indirectly through partners. We also sell consumer and credit information to resellers who combine our information with other information to provide direct to consumer monitoring, reports and scores. Due to the cybersecurity incident we ceased advertising our consumer business in the U.S. in September 2017. As part of our response to the cybersecurity incident announced in September 2017, we began offering in the U.S. our TrustedID Premier service, an identity theft protection and credit file monitoring product, for free to all consumers who signed up through January 31, 2018. Additionally, in January 2018, the Company introduced in the U.S., Lock & AlertTM, a new service that allows customers to quickly lock and unlock their Equifax credit report for free, for life. Equifax also will provide the ability for U.S. consumers to freeze and unfreeze their Equifax credit file for free through June 30, 2018. We provide U.S. consumers with a free annual credit report in accordance with the FACT Act. For consumers impacted by the cybersecurity incident in Canada and the U.K., we are providing free credit reports and scores, credit monitoring and identity theft protection for 12 months for those consumers who signed up by January 31, 2018.

35



    
Geographic Information. We currently have significant operations in the following countries: Argentina, Australia, Canada, Chile, Costa Rica, Ecuador, El Salvador, Honduras, India, Mexico, New Zealand, Paraguay, Peru, Portugal, the Republic of Ireland, Spain, the U.K., Uruguay and the U.S. We also offer Equifax branded credit services in India and Russia through joint ventures, we have investments in consumer and/or commercial credit information companies through joint ventures in Cambodia, Malaysia, Singapore and Dubai, and have an investment in a consumer and commercial credit information company in Brazil. Approximately 71% of our revenue was generated in the U.S. during the twelve months ended December 31, 2017.
 
Key Performance Indicators.  Management focuses on a variety of key indicators to monitor operating and financial performance. These performance indicators include measurements of operating revenue, change in operating revenue, operating income, operating margin, net income, diluted earnings per share, cash provided by operating activities and capital expenditures. Key performance indicators for the twelve months ended December 31, 2017, 2016 and 2015, include the following: 
 
Key Performance Indicators
Twelve Months Ended
December 31,
 
2017
 
2016
 
2015
 
(In millions, except per share data)
Operating revenue
$
3,362.2

 
$
3,144.9

 
$
2,663.6

Operating revenue change
7
%
 
18
%
 
9
%
Operating income
$
824.6

 
$
817.9

 
$
693.9

Operating margin
24.5
%
 
26.0
%
 
26.1
%
Net income attributable to Equifax
$
587.3

 
$
488.8

 
$
429.1

Diluted earnings per share
$
4.83

 
$
4.04

 
$
3.55

Cash provided by operating activities
$
816.0

 
$
823.0

 
$
769.1

Capital expenditures*
$
(214.0
)
 
$
(191.5
)
 
$
(150.7
)
*Amounts above exclude changes in accruals for capital expenditures.
 
Business Environment and Company Outlook 

Demand for our services tends to be correlated to general levels of economic activity and to consumer credit activity, small commercial credit and marketing activity. Demand is also enhanced by our initiatives to expand our products, capabilities, and markets served. In the United States we expect 2018 economic activity, as measured by GDP, to be about flat with levels seen in the second half of 2017. We expect modest growth in consumer credit, excluding mortgage, over the course of 2018. U.S. Mortgage market originations are expected to be down for the full year of 2018 versus 2017. We anticipate 2018 economic activity, as measured by GDP, in Canada and Australia to be at or slightly below the levels seen in the second half of 2017. In the European markets we serve, the U.K. and Spain, we are expecting 2018 economic activity, as measured by GDP, to be at or slightly below the levels in calendar year 2017. In Argentina and Chile, our two largest markets in our Latin American Region, we are expecting 2018 economic activity, again as measured by GDP, to increase from the levels in calendar year 2017.
    
The cybersecurity incident announced in the third quarter of 2017 is expected to negatively impact revenue, principally in our U.S. businesses, and to a lesser extent in Canada and the U.K., in 2018. We will also incur, in 2018, legal, consulting and other costs related to the analysis and response to the cybersecurity incident. In 2018, we will incur costs and capital expenditures for providing the free TrustedID credit file monitoring and identity theft protection, and free Lock & AlertTM, to U.S. consumers, as well as services to U.K. and Canadian consumers. Additionally, in 2018 and beyond, we will incur increased information technology and security costs and capital expenditures related to actions to improve information technology security and network resilience globally. In 2018 and beyond, we will have increases in the ongoing run-rate of IT and security spending. We also expect to incur increased expenses for insurance, finance, compliance activities, and to meet increased legal and regulatory requirements. We also expect to incur increased costs to provide free services to consumers, including increased customer support costs. The ultimate amount of these increases is yet to be determined but we expect them to be significant.

As a result of the cybersecurity incident, we are subject to a significant number of proceedings and investigations as described in Part I, "Item 3. Legal Proceedings." While we believe it is reasonably possible that we will incur losses associated

36



with these proceedings and investigations, it is not possible to estimate the amount of loss or range of possible loss that might result from adverse judgments, settlements, penalties or other resolution of such proceedings and investigations based on the early stage of these proceedings and investigations, that alleged damages have not been specified, the uncertainty as to the certification of a class or classes and the size of any certified class, as applicable, and the lack of resolution on significant factual and legal issues.

The Tax Cuts and Jobs Act of 2017 (“Tax Act”), as signed by the President of the United States on December 22, 2017, significantly revises U.S. tax law. The legislation will positively impact the Company’s ongoing effective tax rate due to the reduction of the U.S. federal corporate tax rate from 35% to 21%. The Tax Act makes major changes to the U.S. international tax system. Under previous law, foreign earnings were subject to U.S. tax when repatriated to the U.S. Under the Tax Act, foreign earnings are generally exempt from U.S. tax. Additionally, there is a one-time deemed repatriation tax on undistributed foreign earnings and profits (the “transition tax”). The Tax Act imposes other U.S. taxes on “global intangible low taxed income” and “base erosion anti-abuse transactions.” Other significant changes include limitations on the deductibility of interest expense and executive compensation, and repeal of the deduction for domestic production activities. As a result of the current interpretation and estimated impact of the Tax Act, the Company recorded adjustments totaling a net tax benefit of $48.3 million in the fourth quarter of 2017 to provisionally account or the estimated impact. Refer to Note 7 of the Notes to the Consolidated Financial Statements in this Form 10-K for additional information.
    
RESULTS OF OPERATIONS —
TWELVE MONTHS ENDED DECEMBER 31, 2017, 2016 AND 2015
 
Consolidated Financial Results
 
Operating Revenue
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
Operating Revenue
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
U.S. Information Solutions
 
$
1,262.7

 
$
1,236.5

 
$
1,171.3

 
$
26.2

 
2
%
 
$
65.2

 
6
%
International
 
932.3

 
803.6

 
568.5

 
128.7

 
16
%
 
235.1

 
41
%
Workforce Solutions
 
764.2

 
702.2

 
577.7

 
62.0

 
9
%
 
124.5

 
22
%
Global Consumer Solutions
 
403.0

 
402.6

 
346.1

 
0.4

 
%
 
56.5

 
16
%
Consolidated operating revenue
 
$
3,362.2

 
$
3,144.9

 
$
2,663.6

 
$
217.3

 
7
%
 
$
481.3

 
18
%
 
Revenue for 2017 increased by 7% compared to 2016. The growth was driven by our International and Workforce Solutions segments. International had strong growth across all regions, which reflects broad based organic growth and the Veda acquisition. Workforce Solutions saw strong growth driven by Verification Services. USIS had an increase in revenue compared to 2016, reflecting growth in core credit decisioning, financial marketing services, mortgage and identity and fraud solutions. Revenue in our USIS, Global Consumer Solutions and Workforce Solutions segments were negatively impacted by the cybersecurity incident. The effect of foreign exchange rates reduced revenue by $6.0 million in 2017 compared to 2016.

Revenue for 2016 increased by 18% compared to 2015. The growth was driven by broad-based organic growth due to revenue increases in mortgage, government, healthcare, and direct to consumer reseller verticals as well as the Veda acquisition. The effect of foreign exchange rates reduced revenue by $75.2 million or 3% in 2016 compared to 2015.

37



Operating Expenses
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
Operating Expenses
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Consolidated cost of services
 
$
1,210.7

 
$
1,113.4

 
$
887.4

 
$
97.3

 
9
%
 
$
226.0

 
25
%
Consolidated selling, general and administrative expenses
 
1,039.1

 
948.2

 
884.3

 
90.9

 
10
%
 
63.9

 
7
%
Consolidated depreciation and amortization expense
 
287.8

 
265.4

 
198.0

 
22.4

 
8
%
 
67.4

 
34
%
Consolidated operating expenses
 
$
2,537.6

 
$
2,327.0

 
$
1,969.7

 
$
210.6

 
9
%
 
$
357.3

 
18
%
 
Cost of Services.  Cost of services increased $97.3 million in 2017 compared to 2016. The increase in cost of services, when compared to 2016, was due to the increase in production costs driven by higher revenues, as well as increases in professional services related to the cybersecurity incident and in people costs. The effect of changes in foreign exchange rates reduced cost of services by $2.1 million.

Cost of services increased $226.0 million in 2016 compared to 2015. The increase in cost of services, when compared to 2015, was due to the increase in production costs driven by higher revenues including the Veda acquisition, as well as increases in people costs, and to a lesser extent an increase in technology costs. The effect of changes in foreign exchange rates reduced cost of services by $21.4 million.

Selling, General and Administrative Expenses.  Selling, general and administrative expenses increased $90.9 million in 2017 as compared to 2016. The increase was due to costs related to the cybersecurity incident, higher occupancy and people costs, partially offset by a decline in Veda integration and transaction costs. The impact of changes in foreign currency exchange rates decreased our selling, general and administrative expenses by $2.2 million.

Selling, general and administrative expenses increased $63.9 million in 2016 as compared to 2015. The increase was due to Veda selling, general and administrative expense and integration and transaction costs and increases in people costs across the business. The increase was offset by a decline in costs related to the realignment of internal resources. The impact of changes in foreign currency exchange rates decreased our selling, general and administrative expenses by $23.7 million.
 
Depreciation and Amortization.  Depreciation and amortization expense for 2017 increased by $22.4 million primarily due to increased depreciation due to increased capital expenditures.
 
Depreciation and amortization expense for 2016 increased by $67.4 million primarily due to the Veda acquisition.
 
Operating Income and Operating Margin
 
 
Twelve Months Ended December 31,
 
Change
Operating Income and Operating Margin
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Consolidated operating revenue
 
$
3,362.2

 
$
3,144.9

 
$
2,663.6

 
$
217.3

 
7
 %
 
$
481.3

 
18
 %
Consolidated operating expenses
 
2,537.6

 
2,327.0

 
1,969.7

 
210.6

 
9
 %
 
357.3

 
18
 %
Consolidated operating income
 
$
824.6

 
$
817.9

 
$
693.9

 
$
6.7

 
1
 %
 
$
124.0

 
18
 %
Consolidated operating margin
 
24.5
%
 
26.0
%
 
26.1
%
 
 

 
(1.5
)pts
 
 
(0.1
)pts
 
Total company margin decreased in 2017 versus 2016, primarily due to the costs related to the cybersecurity incident, partially offset by increased margins in International and Equifax Workforce Solutions business segments and lower integration costs related to the acquisition of Veda.


38



Total company margin decreased slightly in 2016 versus 2015 due to transaction and integration costs as well as increased amortization of acquired intangibles related to the acquisition of Veda. This was partially offset by a decline in costs related to realignment of internal resources. Margins in our USIS, Workforce Solutions and Global Consumer businesses all increased in 2016, with these increases offset by lower margins in International, principally due to the Veda transaction and integration costs and related amortization of intangibles.

Interest Expense and Other Income (Expense), net
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
Consolidated Interest and Other Income (Expense), net
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Consolidated interest expense
 
$
(92.8
)
 
$
(92.1
)
 
$
(63.8
)
 
$
(0.7
)
 
1
%
 
$
(28.3
)
 
44
 %
Consolidated other income, net
 
14.8

 
2.4

 
6.5

 
12.4

 
517
%
 
(4.1
)
 
(63
)%
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Average cost of debt
 
3.4
%
 
3.5
%
 
4.5
%
 
 

 
 

 
 

 
 

Total consolidated debt, net, at year end
 
$
2,704.3

 
$
2,672.2

 
$
1,187.7

 
$
32.1

 
1
%
 
$
1,484.5

 
125
 %
 
Interest expense increased in 2017, when compared to 2016, due to an increase in our average consolidated debt outstanding in 2017, reflecting debt incurred in the first quarter of 2016 to finance the acquisition of Veda. Our average cost of debt decreased in 2017 compared to 2016, due to the higher balance of low rate commercial paper outstanding and lower long-term rates due to the repayment on July 3, 2017 of $272.5 million in principal amount of our 6.3% senior notes.
 
Interest expense increased in 2016, when compared to 2015, due to an overall increase in our consolidated debt outstanding as of December 31, 2016 to fund the acquisition of Veda in 2016. Our average cost of debt decreased in 2016 compared to 2015, due to the higher balance of low rate commercial paper outstanding and lower long-term rates related to the issuance of 2.3% and 3.25% Senior Notes.

The increase in other income (expense), net, in 2017 is primarily due to a 2016 loss on the economic hedges, offset by a foreign currency gain on intercompany debt, both items related to the Veda transaction which did not recur in 2017. There were also higher earnings on certain equity method investments in 2017.

The decrease in other income (expense), net, in 2016 is due to 2016 foreign exchange losses related to the Veda acquisition and the 2015 income from the settlement of escrow amounts related to an acquisition from January 2014 which did not recur in 2016. These items were partially offset by the impairment of our cost method investment in Brazil in the second quarter of 2015 which did not recur in 2016.

Income Taxes
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
Provision for Income Taxes
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Consolidated provision for income taxes
 
$
(148.6
)
 
$
(233.1
)
 
$
(201.8
)
 
$
84.5

 
(36
)%
 
$
(31.3
)
 
16
%
Effective income tax rate
 
19.9
%
 
32.0
%
 
31.7
%
 
 

 
 

 
 

 
 

 
Overall, our effective tax rate was 19.9% for 2017, down from 32.0% for the same period in 2016. The decrease in our effective income tax rate for 2017 is primarily attributable to recording the preliminary impact of the Tax Act enacted in the fourth quarter of 2017, and the adoption of the new stock-based compensation guidance we prospectively adopted in the first quarter of 2017. We recognized a $48.3 million and $26.7 million tax benefit related to the estimated impact of tax legislation enacted in 2017 and the accounting change for stock-based compensation guidance for the full year 2017, respectively.
 

39



Overall, our effective tax rate was 32.0% for 2016, up from 31.7% for the same period in 2015. The 2016 rate benefited by 2% due to international related items, specifically higher earnings in lower tax jurisdictions and the rationalization of the structure of foreign subsidiaries. This was offset by other non-recurring permanent items that benefited the 2015 tax rate including the settlement of escrow related to a past acquisition and state law changes, that did not recur in 2016.

Net Income
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
Net Income
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions, except per share amounts)
Consolidated operating income
 
$
824.6

 
$
817.9

 
$
693.9

 
$
6.7

 
1
 %
 
$
124.0

 
18
%
Consolidated other expense, net
 
(78.0
)
 
(89.7
)
 
(57.3
)
 
11.7

 
(13
)%
 
(32.4
)
 
57
%
Consolidated provision for income taxes
 
(148.6
)
 
(233.1
)
 
(201.8
)
 
84.5

 
(36
)%
 
(31.3
)
 
16
%
Consolidated net income
 
598.0

 
495.1

 
434.8

 
102.9

 
21
 %
 
60.3

 
14
%
Net income attributable to noncontrolling interests
 
(10.7
)
 
(6.3
)
 
(5.7
)
 
(4.4
)
 
70
 %
 
(0.6
)
 
11
%
Net income attributable to Equifax
 
$
587.3

 
$
488.8

 
$
429.1

 
$
98.5

 
20
 %
 
$
59.7

 
14
%
Diluted earnings per share:
 
 

 
 

 
 

 
 

 
 

 
 

 
 

Net income attributable to Equifax
 
$
4.83

 
$
4.04

 
$
3.55

 
$
0.79

 
20
 %
 
$
0.49

 
14
%
Weighted-average shares used in computing diluted earnings per share
 
121.5

 
121.1

 
120.9

 
 

 
 

 
 

 
 

 
Consolidated net income increased by $102.9 million, or 21%, in 2017 compared to 2016 due to increased operating income, principally in our International, Workforce Solutions, and USIS businesses, partially offset by the cybersecurity costs and lower operating income in the Global Consumer Solutions business. There were also several income tax benefits, consisting principally of the fourth quarter tax benefit related to the Tax Act and the prospective adoption of the new stock-based compensation guidance in the first quarter of 2017. Additionally there was an increase in other income, primarily due to a 2016 loss on economic hedges, offset by a foreign currency gain on intercompany debt, both items related to the Veda transaction which did not recur in 2017.

Consolidated net income increased by $60.3 million, or 14%, in 2016 compared to 2015 due to increased operating income in our USIS and Workforce Solutions businesses. This increase was partially offset by declines due to foreign exchange rates that impacted the International operating segment, the increase in interest expense, as well as increased corporate expenses as described below.

Segment Financial Results
 
U.S. Information Solutions
 
 
Twelve Months Ended December 31,
 
Change
U.S. Information Solutions
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Operating revenue:
 
 

 
 

 
 

 
 

 
 

 
 

 
 

Online Information Solutions
 
$
889.6

 
$
879.3

 
$
842.1

 
$
10.3

 
1
 %
 
$
37.2

 
4
%
Mortgage Solutions
 
148.9

 
142.2

 
124.1

 
6.7

 
5
 %
 
18.1

 
15
%
Financial Marketing Services
 
224.2

 
215.0

 
205.1

 
9.2

 
4
 %
 
9.9

 
5
%
Total operating revenue
 
$
1,262.7

 
$
1,236.5

 
$
1,171.3

 
$
26.2

 
2
 %
 
$
65.2

 
6
%
% of consolidated revenue
 
37
%
 
39
%
 
44
%
 
 

 
 

 
 

 
 

Total operating income
 
$
539.1

 
$
537.0

 
$
491.2

 
$
2.1

 
 %
 
$
45.8

 
9
%
Operating margin
 
42.7
%
 
43.4
%
 
41.9
%
 
 

 
(0.7
)pts
 
 

 
1.5
pts

40



 
U.S. Information Solutions revenue increased 2% in 2017 compared to 2016 due to growth in the mortgage and financial verticals, partially offset by a decline in our auto vertical and the impact of the cybersecurity incident.
 
U.S. Information Solutions revenue increased 6% in 2016 compared to 2015. USIS realized solid growth from our mortgage business, as well as continued revenue growth in the automotive and financial services verticals.

 Online Information Solutions.  Revenue for 2017 increased 1% compared to 2016, due to growth in core credit decisioning and identity and fraud solutions.

Revenue for 2016 increased 4% compared to 2015, due to higher average revenue per unit and increased volumes to mortgage resellers, auto, and other resellers. Revenue also benefited from growth in identity and fraud solutions.
 
Mortgage Solutions.  Revenue increased 5% in 2017 compared to 2016, driven by growth in core mortgage, as well as growth from other mortgage product offerings.

Revenue increased 15% in 2016 compared to 2015, driven by a strong market for refinancing and purchase activity, as well as growth from other mortgage product offerings.
 
Financial Marketing Services.  Revenue increased 4% in 2017 compared to 2016 due to growth in credit marketing services and project related revenue.

Revenue increased 5% in 2016 compared to 2015 due to growth in credit marketing services, which resulted from increased demand from financial services customers.
 
U.S. Information Solutions Operating Margin.  USIS operating margin decreased to 42.7% in 2017 compared to 2016 of 43.4% , primarily due to increased people costs, partially offset by product mix. USIS operating margin increased to 43.4% in 2016 as compared to 2015 of 41.9%. Margin expansion resulted from strong revenue growth and product mix.

International 
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
International
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Operating revenue:
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Asia Pacific
 
$
308.9

 
$
244.2

 
$
9.0

 
$
64.7

 
26
%
 
$
235.2

 
nm

Europe
 
273.8

 
253.6

 
237.5

 
20.2

 
8
%
 
16.1

 
7
 %
Latin America
 
213.6

 
183.9

 
199.6

 
29.7

 
16
%
 
(15.7
)
 
(8
)%
Canada
 
136.0

 
121.9

 
122.4

 
14.1

 
12
%
 
(0.5
)
 
 %
Total operating revenue
 
$
932.3

 
$
803.6

 
$
568.5

 
$
128.7

 
16
%
 
$
235.1

 
41
 %
% of consolidated revenue
 
28
%
 
26
%
 
21
%
 
 
 
 
 
 
 
 
Total operating income
 
$
169.4

 
$
111.4

 
$
113.5

 
$
58.0

 
52
%
 
$
(2.1
)
 
(2
)%
Operating margin
 
18.2
%
 
13.9
%
 
20.0
%
 
 
 
4.3
pts
 
 

 
(6.1
)pts
 
International revenue increased by 16% in 2017 as compared to 2016. Local currency organic revenue growth for 2017, excluding Veda, was 11%, driven by growth across all regions. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $4.3 million, or 1%.

International revenue increased by 41% in 2016 as compared to 2015. Local currency organic revenue growth for 2016, which excludes Veda, was 12%, primarily driven by strong growth in Europe and Latin America. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $69.8 million, or 12%.
 
Asia Pacific. Local currency growth was 24% in 2017 primarily due to the Veda acquisition. Local currency fluctuations against the U.S. dollar positively impacted revenue by $6.1 million, or 3%, in 2017. Reported revenue increased 26% in 2017.


41



Revenue growth of $235.2 million in 2016 was due to the Veda acquisition.

Europe.  Local currency revenue growth was 12% in 2017 primarily due to growth in U.K. debt management services and other growth in the U.K. and Spain. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $9.1 million, or 4%, for 2017. Reported revenue increased 8% in 2017.

Local currency revenue growth was 18% in 2016 primarily due to growth in U.K. debt management services and analytical services in both the U.K. and Spain. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $25.9 million, or 11%, for 2016. Reported revenue increased 7% in 2016.

Latin America. Local currency revenue increased 18% in 2017 driven by growth primarily in Argentina and Chile. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $3.9 million, or 2%, in 2017, most notably due to depreciation in the foreign exchange rate of the Argentine peso, partially offset by appreciation of the Chilean peso. Reported revenue increased 16% in 2017.

Local currency revenue increased 12% in 2016 driven by core organic growth primarily in Argentina, Chile, and Paraguay. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $39.5 million, or 20%, in 2016, most notably due to depreciation in the foreign exchange rate of the Argentine peso. Reported revenue decreased 8% in 2016.
 
Canada.  Local currency revenue increased 9% in 2017 compared to 2016, primarily due to organic growth. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $2.7 million, or 2%, in 2017. Reported revenue increased 12% in 2017.

 Local currency revenue increased 3% in 2016 compared to 2015, primarily due to core organic growth. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $4.4 million, or 4%, in 2016. Reported revenue was flat in 2016.

International Operating Margin.  Operating margin increased to 18.2% in 2017 as compared to 13.9% in 2016. The increase primarily resulted from a decrease in integration costs related to the Veda acquisition, lower growth in people costs, a gain on the sale of an asset, and a slight decrease in purchased intangibles amortization. Operating margin decreased to 13.9% in 2016 as compared to 20.0% in 2015. The decline primarily resulted from increased purchased intangibles amortization, integration costs related to the Veda acquisition and a decline in the margin of Latin America. The decline was partially offset by increased margins in Europe and Canada.
 
Workforce Solutions
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
Workforce Solutions
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Operating Revenue:
 
 

 
 

 
 

 
 

 
 

 
 

 
 

Verification Services
 
$
501.5

 
$
437.3

 
$
364.4

 
$
64.2

 
15
 %
 
$
72.9

 
20
%
Employer Services
 
262.7

 
264.9

 
213.3

 
(2.2
)
 
(1
)%
 
51.6

 
24
%
Total operating revenue
 
$
764.2

 
$
702.2

 
$
577.7

 
$
62.0

 
9
 %
 
$
124.5

 
22
%
% of consolidated revenue
 
23
%
 
22
%
 
22
%
 
 

 
 

 
 

 
 

Total operating income
 
$
331.9

 
$
295.5

 
$
218.8

 
$
36.4

 
12
 %
 
$
76.7

 
35
%
Operating margin
 
43.4
%
 
42.1
%
 
37.9
%
 
 

 
1.3
 pts
 
 

 
4.2
pts
 
Workforce Solutions revenue increased by 9% in 2017 compared to 2016 due to strong growth in the government, mortgage, financial and pre-employment screening verticals, partially offset by the impact of the cybersecurity incident.

Workforce Solutions revenue increased by 22% in 2016 compared to 2015 due to strong growth in the healthcare, mortgage, government, and financial verticals.


42



Verification Services.  Revenue increased 15% in 2017 compared to 2016, due to strong growth in government, mortgage, financial, pre-employment screening and telecommunications verticals, and continued addition of new records to The Work Number database.

Revenue increased 20% in 2016 compared to 2015, due to strong growth in mortgage, government, financial, pre-employment screening and auto verticals, and continued addition of new records to The Work Number database.
 
Employer Services.  Revenue decreased 1% in 2017 compared to 2016 due to a decline in our employment based tax credit services and workforce analytics offset by an increase in our on-boarding and unemployment claims services.

Revenue grew 24% in 2016 compared to 2015 due to growth in our workforce analytics and other employer services businesses.
 
Workforce Solutions Operating Margin.  Operating margin increased 130 basis points to 43.4% in 2017 as compared to 42.1% in 2016 due to revenue growth and product mix, offset by increased people costs. Operating margin increased 420 basis points to 42.1% in 2016 as compared to 37.9% in 2015. Margin expansion in 2016 was driven by strong revenue growth in 2016.
 
Global Consumer Solutions
 
 
Twelve Months Ended December 31,
 
Change
Global Consumer Solutions
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
Total operating revenue
 
$
403.0

 
$
402.6

 
$
346.1

 
$
0.4

 
 %
 
$
56.5

 
16
%
% of consolidated revenue
 
12
%
 
13
%
 
13
%
 
 
 
 
 
 
 
 
Total operating income
 
$
106.2

 
$
112.4

 
$
95.2

 
$
(6.2
)
 
(6
)%
 
$
17.2

 
18
%
Operating margin
 
26.4
%
 
27.9
%
 
27.5
%
 
 
 
(1.5
)pts
 
 

 
0.4
pts

Revenue was flat for 2017, as compared to prior year. Local currency revenue grew 1% in 2017, due to an increase in our partner revenue, which includes revenue from the ID Watchdog acquisition. The increase in revenue was offset by a decrease in our global consumer direct revenue which was primarily in the U.S. as we ceased advertising our consumer business in the U.S. in September 2017 following the cybersecurity incident. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $1.8 million for 2017. We do not intend to advertise our U.S. paid products in the first half of 2018 and expect a corresponding decline in revenue for 2018. Operating margin decreased in 2017 to 26.4% as compared to 27.9% in the prior year, due to higher technology costs, product mix, higher depreciation and acquisition costs, partially offset by lower marketing expenses.

Revenue increased 16% for 2016, as compared to prior year. Local currency revenue grew 18% in 2016, principally due to the growth of direct to consumer reseller revenue, and to a lesser extent, due to consumer direct revenue growth globally. Local currency fluctuations against the U.S. dollar negatively impacted revenue by $5.4 million, or 2%, for 2016. Operating margin increased in 2016 to 27.9% as compared to 27.5% in the prior year, due to lower marketing expenses partially offset by higher production costs due to reseller product mix and increases in partner implementation costs

General Corporate Expense
 
 
Twelve Months Ended December 31,
 
Change
 
 
 
 
 
 
 
 
2017 vs. 2016
 
2016 vs. 2015
General Corporate Expense
 
2017
 
2016
 
2015
 
$
 
%
 
$
 
%
 
 
(In millions)
General corporate expense
 
$
322.0

 
$
238.4

 
$
224.8

 
$
83.6

 
35
%
 
$
13.6

 
6
%
 
Our general corporate expenses are unallocated costs that are incurred at the corporate level and include those expenses impacted by corporate direction, including shared services, technology, administrative, legal, restructuring, and the portion of management incentive compensation determined by total company-wide performance. General corporate expense increased $83.6 million in 2017 primarily due to costs related to the cybersecurity incident.

43




General corporate expense increased $13.6 million in 2016 due to Veda transaction and integration costs as well as other increases in people costs, offset by a decline in costs related to the realignment of internal resources.

44



LIQUIDITY AND FINANCIAL CONDITION
 
Management assesses liquidity in terms of our ability to generate cash to fund operating, investing and financing activities. We continue to generate substantial cash from operating activities and remain in a strong financial position managing our capital structure to meet short- and long-term objectives including reinvestment in existing businesses and strategic acquisitions.
 
Sources and Uses of Cash
 
Funds generated by operating activities and our commercial paper program, credit facilities and Receivables Facility are our most significant sources of liquidity. We expect that funds generated by operating activities will be sufficient to finance our anticipated working capital and other cash requirements (such as ongoing capital expenditures associated with near-term actions to enhance IT systems and data security, interest payments, debt payments, potential pension funding contributions and dividend payments) for the foreseeable future. However, currently it is not possible to estimate the amount of loss or range of possible loss that might result from adverse judgments, settlements, penalties, or other resolution of the proceedings and investigations resulting from the 2017 cybersecurity incident. Such potential payments, if great enough, could have an adverse effect on our liquidity. In this case, funds generated from operating activities and our credit facilities may not be sufficient to pay such damages, costs, penalties and fines. See Part I, Item 1A. Risk Factors "The government investigations and litigation resulting from the 2017 cybersecurity incident will continue to adversely impact our business and results of operations" and Part I, Item 3. Legal Proceedings. At December 31, 2017, $221.9 million was available to borrow under our Revolver. As of December 31, 2017, $204.3 million was available to borrow under our Receivables Facility. In the event that additional financing is needed, we would finance using the public and private corporate bond markets and/or syndicated loan markets.
    
 Information about our cash flows, by category, is presented in the Consolidated Statements of Cash Flows. The following table summarizes our cash flows for the twelve months ended December 31, 2017, 2016 and 2015:
 
 
Twelve Months Ended December 31,
 
Change
Net cash provided by (used in):
 
2017
 
2016
 
2015
 
2017 vs. 2016
 
2016 vs. 2015
 
 
(In millions)
Operating activities
 
$