ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the fiscal year ended December 31, 2023
OR
☐
TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934
For the transition period from to
Commission File No. 1-7657
American Express Company
(Exact name of registrant as specified in its charter)
New York
13-4922250
(State or other jurisdiction of incorporation or organization)
(I.R.S. Employer Identification No.)
200 Vesey Street
New York, New York
10285
(Address of principal executive offices)
(Zip Code)
Registrant’s telephone number, including area code: (212) 640-2000
Securities registered pursuant to Section 12(b) of the Act:
Title of each class
Trading Symbol(s)
Name of each exchange on which registered
Common Shares (par value $0.20 per Share)
AXP
New York Stock Exchange
Securities registered pursuant to section 12(g) of the Act: None
Indicate by check mark if the registrant is a well-known seasoned issuer, as defined in Rule 405 of the Securities Act. Yesþ No o
Indicate by check mark if the registrant is not required to file reports pursuant to Section 13 or Section 15(d) of the Act. Yes oNoþ
Indicate by check mark whether the registrant (1) has filed all reports required to be filed by Section 13 or 15(d) of the Securities Exchange Act of 1934 during the preceding 12 months (or for such shorter period that the registrant was required to file such reports) and (2) has been subject to such filing requirements for the past 90 days. Yesþ No o
Indicate by check mark whether the registrant has submitted electronically every Interactive Data File required to be submitted pursuant to Rule 405 of Regulation S-T (§ 232.405 of this chapter) during the preceding 12 months (or for such shorter period that the registrant was required to submit such files). Yesþ No o
Indicate by check mark whether the registrant is a large accelerated filer, an accelerated filer, a non-accelerated filer, a smaller reporting company, or an emerging growth company. See the definitions of “large accelerated filer,” “accelerated filer,” “smaller reporting company” and “emerging growth company” in Rule 12b-2 of the Exchange Act.
Large accelerated filerþ
Accelerated filer o
Non-accelerated filer o
Smaller reporting company ☐
Emerging growth company ☐
If an emerging growth company, indicate by check mark if the registrant has elected not to use the extended transition period for complying with any new or revised financial accounting standards provided pursuant to Section 13(a) of the Exchange Act. o
Indicate by check mark whether the registrant has filed a report on and attestation to its management’s assessment of the effectiveness of its internal control over financial reporting under section 404(b) of the Sarbanes-Oxley Act (15 U.S.C. 7262(b)) by the registered public accounting firm that prepared or issued its audit report. þ
If securities are registered pursuant to Section 12(b) of the Act, indicate by check mark whether the financial statements of the registrant included in the filing reflect the correction of an error to previously issued financial statements. o
Indicate by check mark whether any of those error corrections are restatements that required a recovery analysis of incentive-based compensation received by any of the registrant’s executive officers during the relevant recovery period pursuant to § 240.10D-1(b). o
Indicate by check mark whether the registrant is a shell company (as defined in Rule 12b-2 of the Act). Yes ☐ No þ
As of June 30, 2023, the aggregate market value of the registrant’s voting shares held by non-affiliates of the registrant was approximately $128.1 billion based on the closing sale price as reported on the New York Stock Exchange.
As of February 1, 2024, there were 723,869,787 common shares of the registrant outstanding.
DOCUMENTS INCORPORATED BY REFERENCE
Part III: Portions of Registrant’s Proxy Statement to be filed with the Securities and Exchange Commission in connection with the Annual Meeting of Shareholders to be held on May 6, 2024.
This Annual Report on Form 10-K, including the “Management’s Discussion and Analysis of Financial Condition and Results of Operations,” contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 that are subject to risks and uncertainties. You can identify forward-looking statements by words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “aim,” “will,” “may,” “should,” “could,” “would,” “likely,” “estimate,” “potential,” “continue” or other similar expressions. We discuss certain factors that affect our business and operations and that may cause our actual results to differ materially from these forward-looking statements under “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements.” You are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. We undertake no obligation to update publicly or revise any forward-looking statements.
This report includes trademarks, such as American Express®, which are protected under applicable intellectual property laws and are the property of American Express Company or its subsidiaries. This report also contains trademarks, service marks, copyrights and trade names of other companies, which are the property of their respective owners. Solely for convenience, our trademarks and trade names referred to in this report may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the right of the applicable licensor to these trademarks and trade names.
Throughout this report the terms “American Express,” “we,” “our” or “us,” refer to American Express Company and its subsidiaries on a consolidated basis, unless stated or the context implies otherwise. The use of the term “partner” or “partnering” in this report does not mean or imply a formal legal partnership, and is not meant in any way to alter the terms of American Express’ relationship with any third parties. Refer to the “ Glossary of Selected Terminology” under “MD&A” for the definitions of other key terms used in this report.
American Express is a globally integrated payments company, providing customers with access to products, insights and experiences that enrich lives and build business success. We are a leader in providing credit and charge cards to consumers, small businesses, mid-sized companies and large corporations around the world. American Express® cards issued by us, as well as by third-party banks and other institutions on the American Express network, can be used by Card Members to charge purchases at the millions of merchants around the world that accept cards bearing our logo.
Our various products and services are offered globally to diverse customer groups through various channels, including mobile and online applications, affiliate marketing, customer referral programs, third-party service providers and business partners, direct mail, telephone, in-house sales teams and direct response advertising.
We were founded in 1850 as a joint stock association and were incorporated in 1965 as a New York corporation. American Express Company and its principal operating subsidiary, American Express Travel Related Services Company, Inc. (TRS), are bank holding companies under the Bank Holding Company Act of 1956, as amended (the BHC Act), subject to supervision and examination by the Board of Governors of the Federal Reserve System (the Federal Reserve).
We principally engage in businesses comprising four reportable operating segments: U.S. Consumer Services (USCS), Commercial Services (CS), International Card Services (ICS) and Global Merchant and Network Services (GMNS). Corporate functions and certain other businesses are included in Corporate & Other. Our businesses function together to form our end-to-end integrated payments platform, which we believe is a differentiator that underpins our business model. For further information about our reportable operating segments, see “Business Segment Results of Operations” under “MD&A.”
Our Integrated Payments Platform and Technology
Through our general-purpose card-issuing, merchant-acquiring and card network businesses, we are able to connect participants and provide differentiated value across the commerce path. We maintain direct relationships with Card Members (as a card issuer) and merchants (as an acquirer), which provides us with direct access to information at both ends of the card transaction, distinguishing our integrated payments platform from the bankcard networks. Through contractual relationships, we also obtain information from third-party card issuers, merchant acquirers, aggregators and processors with whom we do business.
Our integrated payments platform and the systems and infrastructure that underlie it allow us to analyze information on Card Member spending, build models and use analytical tools to help us underwrite risk, reduce fraud and provide targeted marketing and other information services for merchants and partners and special offers and services to Card Members, all while maintaining our commitment to respect Card Member preferences and protect Card Member and merchant data in compliance with applicable policies and legal requirements. We also leverage technology to allow for faster introduction and greater differentiation of products, as well as to develop and improve our service capabilities to continue to deliver a high-quality customer experience.
Card Issuing Businesses
Our global proprietary card-issuing businesses are conducted through our USCS, CS and ICS reportable operating segments. We offer a broad set of card products, rewards and services to a diverse consumer and commercial customer base, in the United States and internationally. We acquire and retain high-spending, engaged and creditworthy Card Members by:
•Designing innovative credit, charge and debit card products and payment and lending solutions that appeal to our target customer base and meet their spending and borrowing needs
•Using incentives to drive spending on our various card products and increase customer engagement, including our Membership Rewards® and Amex® Offers programs, cash-back reward features, interest rates offered on deposits and participation in loyalty programs sponsored by our cobrand and other partners
•Providing digital and mobile services and an array of benefits and experiences across card products, such as lounge access, dining experiences and other travel and lifestyle benefits
•Creating world-class service experiences by delivering exceptional customer care
•Developing a wide range of partner relationships, including with other corporations and institutions that sponsor certain of our cards under cobrand arrangements and provide benefits and services to our Card Members
Over the last several years, we have focused on broadening the appeal of our products to attract new customers, particularly Millennial and Gen Z customers, as well as expanding our position with small and mid-sized enterprise (SME) customers by providing more ways to help them manage and grow their businesses. We have a number of products that complement our card products, such as our business checking and consumer rewards checking account products, our business-to-business (B2B) payment products and other non-card payment and financing products, our Business Blueprint digital cash flow management hub, our Resy restaurant platform and other new digital capabilities. Additionally, we are focused on driving growth and efficiencies internationally, including a greater focus on local priorities in international jurisdictions. Jurisdictions that represent a significant portion of our billed business outside of the United States include the United Kingdom (UK), the European Union (EU), Australia, Japan, Canada and Mexico.
For the year ended December 31, 2023, worldwide billed business (spending on American Express cards issued by us) was $1,460 billion and at December 31, 2023, we had 80.2 million proprietary cards-in-force worldwide.
Merchant Acquiring Business
Our GMNS reportable operating segment builds and manages relationships with millions of merchants around the world that choose to accept American Express cards. This includes signing new merchants to accept our cards, agreeing on the discount rate (a fee charged to the merchant for accepting our cards) and handling servicing for merchants. We also build and maintain relationships with merchant acquirers, aggregators and processors to manage aspects of our merchant services business. For example, through our OptBlue® merchant-acquiring program, third-party processors contract directly with small merchants for card acceptance on our network and determine merchant pricing. We continue to grow merchant acceptance of American Express cards around the world and work with merchant partners so that our Card Members are warmly welcomed and encouraged to spend in the millions of places where their American Express cards are accepted. We also seek to drive greater usage of the American Express network by deepening merchant engagement and increasing Card Member awareness through initiatives such as our Shop Small campaigns and expanding our payment options such as through debit and B2B capabilities.
GMNS also provides fraud-prevention tools, marketing solutions, data analytics and other programs and services to merchants and other partners that leverage the capabilities of our integrated payments platform.
We operate a payments network through which we establish and maintain relationships with third-party banks and other institutions in approximately 110 countries and territories, licensing the American Express brand and extending the reach of our global network. These network partners are licensed to issue local currency American Express-branded cards in their countries and/or serve as the merchant acquirer for local merchants on our network.
For the year ended December 31, 2023, worldwide network services processed volume (spending on American Express cards issued by third parties) was $220.5 billion and at December 31, 2023, we had 61.0 million cards-in-force issued by third parties worldwide.
Diverse Customer Base and Global Footprint
Our broad and diverse customer base spans consumers, small businesses, mid-sized companies and large corporations around the world. The following chart provides a summary of our diverse set of customers and broad geographic footprint based on worldwide network volumes:
Our integrated payments platform allows us to work with a range of business partners, and our partners in return help drive the scale and relevance of the platform.
There are many examples of how we work with partners, including: issuing cards under cobrand arrangements with other corporations and institutions (e.g., Delta Air Lines (Delta), Marriott International, Hilton Worldwide Holdings and British Airways); offering innovative ways for our Card Members to earn and use points with our merchants (e.g., Pay with Points at Amazon.com); providing greater value to our Card Members (e.g., Amex Offers and statement credits for purchases with partners); expanding merchant acceptance with third-party acquirers and processors (e.g., OptBlue partners); operating through joint ventures in certain jurisdictions (e.g., in China, the Middle East and Switzerland); developing new capabilities and features with our digital partners (e.g., PayPal and i2c); integrating into the supplier payment processes of our business customers (e.g., BILL and Extend); and enhancing our travel benefits and services (e.g., Fine Hotels and Resorts). We also have a significant ownership position in, and extensive commercial arrangements with, Global Business Travel Group, Inc. (GBTG), which provides business travel-related services.
Delta is our largest strategic partner. Our relationships with, and revenues and expenses related to, Delta are significant and represent an important source of value for our Card Members. We issue cards under cobrand arrangements with Delta and the Delta cobrand portfolio represented approximately 10 percent of worldwide network volumes and approximately 21 percent of worldwide Card Member loans as of December 31, 2023. The Delta cobrand portfolio generates fee revenue and interest income from Card Members and discount revenue from Delta and other merchants for spending on Delta cobrand cards. The current Delta cobrand agreement runs through the end of 2029 and we expect to continue to make significant investments in this partnership. Among other things, Delta is also a key participant in our Membership Rewards program, provides travel-related benefits and services, including airport lounge access for certain American Express Card Members, accepts American Express cards as a merchant and is a corporate payments customer.
Working with all of our partners, we seek to provide value, choice and unique experiences across our customer base.
Our Spend-Centric Model and Revenue Mix
Our “spend-centric” business model focuses on generating revenues primarily by driving spending on our cards and secondarily through finance charges and fees. Spending on our cards, which is higher on average on a per-card basis versus our network competitors, offers superior value to merchants in the form of loyal customers and larger transactions. Because of the revenues generated from having high-spending Card Members and the annual card fees we charge on many of our products, we are able to invest in attractive rewards and other benefits for Card Members, as well as targeted marketing and other programs and investments for merchants. This creates incentives for Card Members to spend more on their cards and positively differentiates American Express cards.
We believe our spend-centric model gives us the ability to provide differentiated value to Card Members, merchants and business partners.
The American Express Brand and Service Excellence
Our brand and its attributes—trust, security and service—are key assets. We invest heavily in managing, marketing, promoting and protecting our brand, including through the delivery of our products and services in a manner consistent with our brand promise. The American Express brand is ranked among the most valuable brands in the world. We place significant importance on trademarks, service marks and patents, and seek to secure our intellectual property rights around the world.
We aim to provide the world’s best customer experience every day and our reputation for world-class service has been recognized by numerous awards over the years. Our customer care professionals, travel consultants and partners treat servicing interactions as an opportunity to bring the brand to life for our customers, add meaningful value and deepen relationships.
We seek to grow our business by focusing on four strategic imperatives:
First, we aim to expand our leadership in the premium consumer space by continuing to deliver membership benefits that span our customers’ everyday spending, borrowing, travel and lifestyle needs, expanding our roster of business partners around the globe and developing a range of experiences that attract high-spending customers.
Second, we seek to build on our strong position in commercial payments by evolving our card value propositions, further differentiating our corporate card and accounts payable expense management solutions and designing innovative products and features, including financing, banking and payment solutions for our business customers.
Third, we are focused on strengthening our global, integrated network by continuing to increase merchant acceptance, providing merchants with fraud protection services, marketing insights and connections to higher-spending Card Members and working with our network partners to offer expanded products and services.
Finally, we want to continue to build on our unique global position, seeking ways to use our differentiated business model and global presence as we progress against our other strategic imperatives.
We also have an Environmental, Social and Governance (ESG) strategy that focuses on three pillars. The Building Financial Confidence pillar seeks to provide responsible, secure and transparent products and services to help people and businesses build financial resilience. The Advancing Climate Solutions pillar focuses on enhancing our operations and capabilities to meet customer and community needs in the transition to a low-carbon future. Finally, the Promoting Diversity, Equity and Inclusion (DE&I) pillar supports a diverse, equitable and inclusive workforce, marketplace and society.
Our colleagues are integral to executing our business strategies and to our overall success. As of December 31, 2023, we employed approximately 74,600 people, whom we refer to as colleagues, with approximately 26,000 colleagues in the United States and approximately 48,600 colleagues outside the United States. In 2023, we continued to invest in our colleagues, building on a wide range of learning and development opportunities and enhancing our competitive benefits in key areas including holistic health and wellness, total compensation and flexibility.
We conduct an annual Colleague Experience Survey to better understand our colleagues’ needs and overall experience at American Express, and in 2023, 91 percent of colleagues who participated in the survey said they would recommend American Express as a great place to work.
To attract and retain the best talent, we strive to offer a compelling value proposition to our colleagues, which represents the ways in which we support our colleagues in four key areas: (1) our culture; (2) career growth and development; (3) rewards and holistic well-being; and (4) diversity, equity and inclusion.
Our Culture
Our culture is built on strong relationships, shared values and purpose and a commitment to back our customers, communities and each other. At the heart of our culture is what we call our Blue Box Values – a set of guiding principles that serve as the foundation for how we operate:
We Do What’s Right
We Embrace Diversity
We Back Our Customers
We Stand for Equity and Inclusion
We Make It Great
We Win as A Team
We Respect People
We Support Communities
Career Growth and Development
We continuously invest in programs, benefits and resources to foster the personal and professional growth of our colleagues. We start with opportunities for colleagues to learn on the job, build cross-functional skills and grow in their careers through a defined, collaborative process for performance management. Colleagues have access to a wide variety of resources: career coaching, mentoring, professional networking, and rotation opportunities, as well as courses on-demand and with classroom-style instruction.
Rewards and Holistic Well-Being
We aim to provide our colleagues with competitive compensation and leading benefits and take a holistic approach to well-being, providing resources that address the physical, financial and mental health of our colleagues. Our financial well-being program, Smart Saving, provides tools and resources to help colleagues build their knowledge and skills for all life stages. We support our colleagues’ physical health and well-being through our corporate wellness program, Healthy Living. We also provide resources and support to increase awareness about mental health among our colleagues through our Healthy Minds Program.
Diversity, Equity and Inclusion
We continue to work to build an inclusive and diverse workplace that values our colleagues’ voices, rewards teamwork, celebrates different points of view and reflects the diversity of the communities in which we operate. As of December 31, 2023, women represented 53.2 percent of our global workforce and Asian, Black/African American and Hispanic/Latinx people represented 20.6 percent, 15.6 percent and 14.3 percent, respectively, of our U.S. workforce based on preliminary data for our 2023 U.S. EEO-1 submission. As of December 31, 2023, 50 percent of our Executive Committee were women or from diverse races and ethnic backgrounds (based on self-identified characteristics). We also regularly review our compensation practices to ensure colleagues in the same job, level and location are compensated fairly regardless of gender globally, and regardless of race and ethnicity in the United States. These reviews consider several factors known to affect compensation, including role, level, tenure, performance and geography. In the instances where a review has found inconsistencies, we have made adjustments. After making these adjustments, we believe we maintained 100 percent pay equity in 2023 for colleagues across genders globally and across races and ethnicities in the United States.
Set forth below, in alphabetical order, is a list of our executive officers as of February 9, 2024, including each executive officer’s principal occupation and employment during the past five years. None of our executive officers has any family relationship with any other executive officer, and none of our executive officers became an officer pursuant to any arrangement or understanding with any other person. Each executive officer has been elected to serve until the next annual election of officers or until his or her successor is elected and qualified. Each officer’s age is indicated by the number in parentheses next to his or her name.
DOUGLAS E. BUCKMINSTER —
Vice Chairman
Mr. Buckminster (63) has been Vice Chairman since April 2021. Prior thereto, he had been Group President, Global Consumer Services Group since February 2018.
JEFFREY C. CAMPBELL —
Vice Chairman
Mr. Campbell (63) has been Vice Chairman since April 2021. He also served as Chief Financial Officer (CFO) from August 2013 to August 2023.
HOWARD GROSFIELD —
President, U.S. Consumer Services
Mr. Grosfield (55) has been President, U.S. Consumer Services since May 2022. Prior thereto, he had been Executive Vice President and General Manager of U.S. Consumer Marketing and Global Premium Services since February 2021 and Executive Vice President and General Manager of U.S. Consumer Marketing Services from January 2016 to February 2021.
MONIQUE HERENA —
Chief Colleague Experience Officer
Ms. Herena (52) has been Chief Colleague Experience Officer since April 2019. Ms. Herena joined American Express from BNY Mellon, where she served as the Chief Human Resources Officer and Senior Executive Vice President, Human Resources, Marketing and Communications since 2014.
RAYMOND JOABAR —
Group President, Global Merchant and Network Services
Mr. Joabar (58) has been Group President, Global Merchant and Network Services since April 2021. Prior thereto, he had been President, Global Risk and Compliance and Chief Risk Officer since September 2019. He also served as President of International Consumer Services and Global Travel and Lifestyle Services from February 2018 to September 2019.
CHRISTOPHE Y. LE CAILLEC —
Chief Financial Officer
Mr. Le Caillec (58) has been CFO since August 2023. Prior thereto, he had been Deputy CFO since December 2021 and Head of Corporate Planning since February 2019. He also served as Business CFO for the Global Consumer Services Group from May 2016 to February 2019.
RAFAEL MARQUEZ —
President, International Card Services
Mr. Marquez (52) has been President, International Card Services since May 2022. Prior thereto, he had been President, International Consumer Services and Global Loyalty Coalition since September 2019 and Executive Vice President of International Consumer Services Europe, Joint Ventures EMEA and International Member Engagement from November 2015 to September 2019.
ANNA MARRS —
Group President, Commercial Services and Credit & Fraud Risk
Ms. Marrs (50) has been Group President, Commercial Services and Credit & Fraud Risk since April 2021. Prior thereto, she had been President, Commercial Services since September 2018.
GLENDA MCNEAL —
Chief Partner Officer
Ms. McNeal (63) has been Chief Partner Officer since February 2024. Prior thereto, she had been President, Enterprise Strategic Partnerships since March 2017.
DAVID NIGRO —
Chief Risk Officer
Mr. Nigro (62) has been Chief Risk Officer since April 2021. Prior thereto, he had been Executive Vice President and Chief Credit Officer, Global Consumer Services and Credit and Fraud Risk Capability since April 2018.
DENISE PICKETT —
President, Global Services Group
Ms. Pickett (58) has been President, Global Services Group since September 2019. Prior thereto, she had been Chief Risk Officer and President, Global Risk, Banking & Compliance since February 2018.
Mr. Radhakrishnan (52) has been Chief Information Officer since January 2022. Mr. Radhakrishnan joined American Express from Wells Fargo & Company, where he served as Chief Information Officer for the Commercial Banking and Corporate & Investment Banking businesses since May 2020. Prior thereto, he had been Chief Information Officer, Wholesale, Wealth & Investment Management and Innovation from May 2019 to May 2020. He also served as Enterprise Chief Information Officer from March 2017 to May 2019.
ELIZABETH RUTLEDGE —
Chief Marketing Officer
Ms. Rutledge (62) has been Chief Marketing Officer since February 2018.
LAUREEN E. SEEGER —
Chief Legal Officer
Ms. Seeger (62) has been Chief Legal Officer since July 2014.
JENNIFER SKYLER —
Chief Corporate Affairs Officer
Ms. Skyler (47) has been Chief Corporate Affairs Officer since October 2019. Ms. Skyler joined American Express from WeWork, where she served as Chief Communications Officer from January 2018 to September 2019.
STEPHEN J. SQUERI —
Chairman and Chief Executive Officer
Mr. Squeri (64) has been Chairman and Chief Executive Officer since February 2018.
ANRÉ WILLIAMS —
Group President, Enterprise Services
Mr. Williams (58) has been Group President, Enterprise Services since April 2021. Prior thereto, he had been Group President, Global Merchant and Network Services since February 2018. Mr. Williams also serves as the Chief Executive Officer of American Express National Bank.
We compete in the global payments industry with card networks, issuers and acquirers, paper-based transactions (e.g., cash and checks), bank transfer models (e.g., wire transfers and Automated Clearing House, or ACH), as well as evolving and growing alternative mechanisms, systems and products that leverage new technologies, business models and customer relationships to create payment, financing or banking solutions. The payments industry continues to undergo dynamic changes in response to evolving technologies, consumer habits and merchant needs, such as an increased shift to digital payments.
As a card issuer, we compete with financial institutions that issue general-purpose credit and debit cards, as well as businesses that issue private label cards, operate mobile wallets, provide payment services or extend credit. We face intense competition in the premium space and for cobrand relationships, as both card issuer and network competitors have targeted high-spending customers and key business partners with attractive value propositions. We also face competition for partners and other differentiated offerings, such as lounge space in U.S. and global hub airports, restaurant reservation capabilities and other experiential offerings to customers. Our banking products also face strong competition, such as with respect to the rates offered on deposits.
Our global card network competes in the global payments industry with other card networks, including, among others, China UnionPay, Visa, Mastercard, JCB, Discover and Diners Club International (which is owned by Discover). We are the fourth largest general-purpose card network globally based on purchase volume, behind China UnionPay, Visa and Mastercard. In addition to such networks, a range of companies globally, including merchant acquirers, processors and web- and mobile-based payment platforms (e.g., Alipay, PayPal and Venmo), as well as regional payment networks (such as the National Payments Corporation of India), carry out some activities similar to those performed by our GMNS business.
The principal competitive factors that affect the card-issuing, merchant and network businesses include:
•The features, value and quality of the products and services, including customer care, rewards programs, partnerships, travel and lifestyle-related benefits, and digital and mobile services, as well as the costs associated with providing such features and services
•Reputation and brand recognition
•The number, spending characteristics and credit performance of customers
•The quantity, diversity and quality of the establishments where the cards can be used
•The attractiveness of the value proposition to card issuers, merchant acquirers, cardholders, corporate clients and merchants (including the relative cost of using or accepting the products and services, and capabilities such as fraud prevention and data analytics)
•The number and quality of other cards and other forms of payment and financing available to customers
•The success of marketing and promotional campaigns
•The speed of innovation and investment in systems, technologies and product and service offerings
•The nature and quality of expense management tools, electronic payment methods and data capture and reporting capabilities, particularly for business customers
•The security of cardholder, merchant and network partner information
Another aspect of competition is the dynamic and rapid growth of alternative payment and financing mechanisms, systems and products, which include payment facilitators and aggregators, digital payment, open banking and electronic wallet platforms, point-of-sale lenders and buy now, pay later products, real-time settlement and processing systems, financial technology companies, digital currencies developed by both central banks and the private sector, blockchain and similar distributed ledger technologies, prepaid systems and gift cards, and systems linked to customer accounts or that provide payment solutions. Various competitors are integrating more financial services into their product offerings and competitors are seeking to attain the benefits of closed-loop, loyalty and rewards functionalities, such as ours.
In addition to the discussion in this section, see “Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry” under “Risk Factors” for further discussion of the potential impact of competition on our business, and “Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition” and “Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand” under “Risk Factors” for a discussion of the potential impact on our ability to compete effectively due to government regulations or if ongoing legal proceedings limit our ability to prevent merchants from engaging in various actions to discriminate against our card products.
We are subject to evolving and extensive government regulation and supervision in jurisdictions around the world, and the costs of ongoing compliance are substantial. The financial services industry is subject to rigorous scrutiny, high regulatory expectations, a range of regulations and a stringent and unpredictable enforcement environment.
Governmental authorities have focused, and we believe will continue to focus, considerable attention on reviewing compliance by financial services firms and payment systems with laws and regulations, and as a result, we continually work to evolve and improve our risk management framework, governance structures, practices and procedures. Reviews by us and governmental authorities to assess compliance with laws and regulations, as well as our own internal reviews to assess compliance with internal policies, including errors or misconduct by colleagues or third parties or control failures, have resulted in, and are likely to continue to result in, changes to our products, practices and procedures, restitution to our customers and increased costs related to regulatory oversight, supervision and examination. We have also been subject to regulatory actions and may continue to be the subject of such actions, including governmental inquiries, investigations, enforcement proceedings and the imposition of fines or civil money penalties, in the event of noncompliance or alleged noncompliance with laws or regulations. For example, as previously disclosed, we are cooperating with governmental investigations related to certain of our historical sales practices, which are described in more detail in Note 12 to the “Consolidated Financial Statements.” External publicity concerning investigations can increase the scope and scale of those investigations and lead to further regulatory inquiries.
Policymakers around the world continue to propose and adopt new and increasingly complex laws and regulations governing a wide variety of issues that may impact our business or change our operating environment in substantial and unpredictable ways. For example, legislators and regulators in various countries in which we operate have focused on the offering of consumer financial products and the operation of payment networks, resulting in changes to certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, the establishment of broad and ongoing regulatory oversight regimes.
The following discussion summarizes elements of the extensive regulatory environment in which we operate; it does not purport to be complete or to describe all of the laws or regulations to which we are subject or all possible or proposed changes in laws or regulations that may become applicable to us. See “Operational and Compliance/Legal Risks” under “Risk Factors” for a discussion of the potential impact that changes in applicable law or regulation, and in their interpretation and application by regulatory agencies and other governmental authorities, may have on our business, results of operations and financial condition.
Banking Regulation
American Express entities are subject to banking regulation in the United States and in certain jurisdictions internationally. U.S. federal and state banking laws, regulations and policies extensively regulate the Company, TRS and our U.S. bank subsidiary, American Express National Bank (AENB). For purposes of this Supervision and Regulation section, the “Company” refers only to American Express Company, a bank holding company, and does not include its subsidiaries. Both the Company and TRS are subject to comprehensive consolidated supervision, regulation and examination by the Federal Reserve and AENB is supervised, regulated and examined by the Office of the Comptroller of the Currency (OCC). The Company and its subsidiaries are also subject to the rulemaking, enforcement and examination authority of the Consumer Financial Protection Bureau (CFPB). Banking regulators have broad examination and enforcement power, including the power to impose substantial fines, limit dividends and other capital distributions, restrict operations and acquisitions and require divestitures, any of which could compromise our competitive position. Many aspects of our business also are subject to rigorous regulation by other U.S. federal and state regulatory agencies and by non-U.S. government agencies and regulatory bodies. For example, non-U.S. regulators supervising our international regulated financial institutions use many of the same principles of regulation and supervision that are used by U.S. federal bank regulators.
Activities
The BHC Act generally limits bank holding companies to activities that are considered to be banking activities and certain closely related activities. As noted above, each of the Company and TRS is a bank holding company and each has elected to become a financial holding company, which is authorized to engage in a broader range of financial and related activities. In order to remain eligible for financial holding company status, we must meet certain eligibility requirements. Those requirements include that each of the Company and AENB must be “well capitalized” and “well managed,” and AENB must have received at least a “satisfactory” rating on its most recent assessment under the Community Reinvestment Act of 1977 (the CRA). The Company and TRS engage in various activities permissible only for financial holding companies, including, in particular, providing travel agency
services, acting as a finder and engaging in certain insurance underwriting and agency services. If the Company fails to meet eligibility requirements for financial holding company status, it and its subsidiaries are likely to be barred from engaging in new types of financial activities or making certain types of acquisitions or investments in reliance on its status as a financial holding company, and ultimately could be required to either discontinue the broader range of activities permitted to financial holding companies or divest AENB. In addition, the Company and its subsidiaries are prohibited by law from engaging in practices that regulatory authorities deem unsafe or unsound (which such authorities generally interpret broadly) and regulatory authorities have discretion in determining whether new or modified activities can be conducted in a safe and sound manner.
Acquisitions and Investments
Applicable federal and state laws place limitations on the ability of persons to invest in or acquire control of us without providing notice to or obtaining the approval of one or more of our regulators. In addition, we are subject to banking laws and regulations that limit our investments and acquisitions and, in some cases, subject them to the prior review and approval of our regulators, including the Federal Reserve and the OCC. Federal banking regulators have broad discretion in evaluating proposed acquisitions and investments that are subject to their prior review or approval.
Enhanced Prudential Standards
The Company is subject to the U.S. federal bank regulatory agencies’ rules that tailor the application of enhanced prudential standards to bank holding companies and depository institutions with $100 billion or more in total consolidated assets. Under these rules, each such bank holding company, as well as its bank subsidiaries, is assigned to one of four categories based on its status as a U.S. global systemically important banking organization and five other risk-based indicators: (i) total assets, (ii) cross-jurisdictional activity, (iii) non-bank assets, (iv) off-balance sheet exposure, and (v) weighted short-term wholesale funding, with the most stringent requirements applying to Category I firms and the least stringent requirements applying to Category IV firms. Under these rules, the Company (and its depository institution subsidiary, AENB) is currently subject to Category IV standards. However, changes in the levels of these risk-based indicators at the Company could result in changes to our regulatory tailoring category. Category III firms include those firms with greater than $250 billion but less than $700 billion in total consolidated assets, calculated based on a four-quarter trailing average. Our total consolidated assets were $251 billion and $261 billion as of September 30 and December 31, 2023, respectively, and, accordingly, we anticipate becoming a Category III firm in 2024. Category III firms are subject to heightened capital, liquidity and prudential requirements, single-counterparty credit limits and additional stress tests, which in some cases are subject to a transition period following a financial institution becoming a Category III firm. Moreover, further changes in the risk-based indicators described above, such as if we have $75 billion or more in cross-jurisdictional activity (calculated based on a four-quarter trailing average), could result in us becoming a Category II firm and subject to more stringent capital, liquidity and prudential requirements. Our cross-jurisdictional activity was $67 billion as of December 31, 2023, and the four-quarter trailing average was $60 billion.
Capital and Liquidity Regulation
Capital Rules
The Company and AENB are required to comply with the applicable capital adequacy rules established by federal banking regulators. These rules are intended to ensure that bank holding companies and depository institutions (collectively, banking organizations) have adequate capital given their level of assets and off-balance sheet obligations. The federal banking regulators’ current capital rules (the Capital Rules) implement the Basel Committee on Banking Supervision’s framework for strengthening international capital regulation, known as Basel III. For additional information regarding our capital ratios, see “Consolidated Capital Resources and Liquidity” under “MD&A.”
Under the Capital Rules, banking organizations are required to maintain minimum ratios for Common Equity Tier 1 (CET1 capital), Tier 1 capital (that is, CET1 capital plus additional Tier 1 capital) and Total capital (that is, Tier 1 capital plus Tier 2 capital) to risk-weighted assets. We report our capital adequacy ratios using risk-weighted assets calculated under the standardized approach. Category IV firms such as us and Category III firms are not subject to the advanced approaches capital requirements, whereas Category II firms are subject to the advanced approaches capital requirements under current capital rules, which introduce additional complexities in the methodologies used to calculate risk-weighted assets for purposes of determining capital adequacy ratios.
On July 27, 2023, the U.S. federal bank regulatory agencies issued a notice of proposed rulemaking that would significantly revise U.S. regulatory capital requirements for large banking organizations, including the Company and AENB. The proposed rules would apply a new expanded risk-based approach to calculating risk-based capital ratios, and large banking organizations would be required to calculate their risk-based capital ratios under both (i) the standardized approach and (ii) the expanded risk-based approach and use the lower of the two ratio calculations to determine binding capital constraints under each risk-based capital ratio. The expanded risk-based approach to calculating risk-weighted assets would apply more granular risk-weighting methodologies for credit risk, include a new standardized methodology for operational risk, include new approaches for calculating market and credit valuation adjustment risk and revise the treatment of equity exposures not subject to market risk capital requirements. The new approach to calculating market risk also would apply to calculations under the standardized approach. The methodology for operational risk would include differential treatment of fee and other non-interest revenues as compared to interest income for purposes of determining operational risk-weighted assets. The proposed rules would also include additional credit risk capital requirements for certain “unconditionally cancellable commitments” such as unused portions of committed lines of credit (e.g., credit cards), and would create a proxy methodology to assign capital requirements to credit exposure on products that carry no pre-set spending limits such as charge cards.
Under the proposal, the revisions would become effective on July 1, 2025, subject to a three-year transition period for certain provisions, including phasing in the use of risk-weighted assets under the expanded risk-based approach. While the U.S. federal bank regulatory agencies have solicited comments on the proposal and the rule may not be adopted as proposed, based on a preliminary analysis, we estimate that the increase in our risk-weighted assets under the expanded risk-based approach as currently proposed could consume the capital buffer between our minimum regulatory requirements and our current CET1 risk-based capital ratio. See below for additional information on our minimum CET1 regulatory requirement and “Consolidated Capital Resources and Liquidity — Capital Strategy” under “MD&A” for additional information on our current CET1 risk-based capital ratio. This estimated impact reflects our current understanding of the proposal, the application to our businesses as currently conducted and the current composition of our balance sheet, and therefore does not reflect the impact of any changes we may make in the future as a result of the expanded risk-based approach or otherwise. The ultimate impact will depend on the final rulemaking, future minimum regulatory requirements as well as management decisions regarding our product constructs, capital distributions and target capital levels, and the actual impact of any final rule could materially differ from our current estimate.
In December 2018, federal banking regulators issued a final rule that provides an optional three-year phase-in period for the adverse regulatory capital effects of adopting the Current Expected Credit Loss (CECL) methodology pursuant to new accounting guidance for the recognition of credit losses on certain financial instruments, which became effective January 1, 2020. In August 2020, federal banking regulators issued a final rule that provides an option to delay the estimated impact of the adoption of the CECL methodology on regulatory capital for up to two years, followed by the three-year phase-in period at 25 percent once per year beginning in January 1, 2022. We elected to delay the recognition of $0.7 billion of reduction in regulatory capital from the adoption of the CECL methodology for two years, followed by the three-year phase-in period. As of January 1, 2024, the Company has phased in 75 percent of such amount. See “Critical Accounting Estimates” under “MD&A” for additional information on CECL.
The Company and AENB must each maintain CET1 capital, Tier 1 capital and Total capital ratios of at least 4.5 percent, 6.0 percent and 8.0 percent, respectively. On top of these minimum capital ratios, the Company is subject to a dynamic stress capital buffer (SCB) composed entirely of CET1 capital with a floor of 2.5 percent and AENB is subject to a static 2.5 percent capital conservation buffer (CCB). The SCB equals (i) the difference between a bank holding company’s starting and minimum projected CET1 capital ratios under the supervisory severely adverse scenario under the Federal Reserve’s stress tests described below, plus (ii) one year of planned common stock dividends as a percentage of risk-weighted assets.
On July 27, 2023, the Federal Reserve confirmed the SCB for the Company of 2.5 percent, which remained unchanged from the level announced in August 2022. As a result, the effective minimum ratios for the Company (taking into account the SCB requirement) and AENB (taking into account the CCB requirement) are 7.0 percent, 8.5 percent and 10.5 percent for the CET1 capital, Tier 1 capital and Total capital ratios, respectively. Banking organizations whose ratios of CET1 capital, Tier 1 capital or Total capital to risk-weighted assets are below these effective minimum ratios face constraints on discretionary distributions such as dividends, repurchases and redemptions of capital securities, and executive compensation. A bank holding company’s SCB requirement is effective on October 1 of each year and will remain in effect through September 30 of the following year unless it is reset in connection with resubmission of a capital plan, as discussed below.
Category III firms are also subject to (i) if enacted by the Federal Reserve, a CET1 countercyclical capital buffer requirement of up to an additional 2.5 percent and (ii) a minimum supplementary leverage ratio of 3.0 percent that takes into account both on‐balance sheet and certain off‐balance sheet exposures.
We are also required to comply with minimum leverage ratio requirements. The leverage ratio is the ratio of a banking organization’s Tier 1 capital to its average total consolidated assets (as defined for regulatory purposes). All banking organizations are required to maintain a leverage ratio of at least 4.0 percent.
Liquidity Regulation
The Federal Reserve’s enhanced prudential standards rule includes heightened liquidity and overall risk management requirements. The rule requires the maintenance of a liquidity buffer, consisting of highly liquid assets, that is sufficient to meet projected net outflows for 30 days over a range of liquidity stress scenarios, and a minimum liquidity coverage ratio (LCR) that measures a firm’s high-quality liquid assets to its projected net outflows. A second standard provided for in the Basel III liquidity framework, referred to as the net stable funding ratio (NSFR), requires a minimum amount of longer-term funding based on the assets and activities of banking entities. As a Category IV firm with less than $50 billion in weighted short-term wholesale funding, we are not currently subject to a specific LCR or NSFR requirement; however, as described above, we anticipate becoming a Category III firm in 2024. Category III firms and their depository institution subsidiaries are subject to LCR and NSFR requirements but at a reduced level (that is, at 85 percent of the full requirements), unless they have $75 billion or more in weighted short-term wholesale funding, in which case the full requirements would apply. Category II firms and their depository institution subsidiaries are subject to the full requirements of the LCR and NSFR, as well as a requirement to submit a liquidity monitoring report on a daily (rather than monthly) basis.
Proposed Long-Term Debt Requirements
On August 29, 2023, the U.S. federal bank regulatory agencies issued a notice of proposed rulemaking that, if adopted as proposed, would require covered bank holding companies such as the Company to issue and maintain minimum amounts of eligible external long-term debt with specific terms for purposes of absorbing losses or recapitalizing the covered bank holding company and its operating subsidiaries. The notice of proposed rulemaking also proposed requiring certain insured depository institutions that have at least $100 billion in consolidated assets, such as AENB, to maintain minimum amounts of eligible internal long-term debt for purposes of absorbing losses or recapitalizing the insured depository institution.
Stress Testing and Capital Planning
Under the Federal Reserve’s regulations, the Company is subject to supervisory stress testing requirements that are designed to evaluate whether a bank holding company has sufficient capital on a total consolidated basis to absorb losses and support operations under adverse economic conditions. As part of the Comprehensive Capital Analysis and Review (CCAR), the Federal Reserve uses pro-forma capital positions and ratios under such stress scenarios to determine the size of the SCB for each CCAR participating firm.
Because the Company is currently a Category IV firm, it is required to participate in the supervisory stress tests every other year and is subject to the Federal Reserve’s supervisory stress tests in 2024. The Company is required to develop and submit to the Federal Reserve an annual capital plan on or before April 5 of each year.
For Category IV firms, the portion of the SCB based on the Federal Reserve’s supervisory stress tests is calculated every other year. During a year in which a Category IV firm does not undergo a supervisory stress test, the firm receives an updated SCB that reflects the firm’s updated planned common stock dividends. A Category IV firm can elect to participate in the supervisory stress test in an “off year” and consequently receive an updated SCB.
We may be required to revise and resubmit our capital plan following certain events or developments, such as a significant acquisition or an event that could result in a material change in our risk profile or financial condition. If we are required to resubmit our capital plan, we must receive prior approval from the Federal Reserve for any capital distributions (including common stock dividend payments and share repurchases), other than a capital distribution on a newly issued capital instrument.
Category III firms are subject to annual supervisory stress tests, with the SCB calculated each year, and must conduct company‐run stress tests every other year (commonly referred to as Dodd‐Frank Act Stress Tests or “DFASTs”). Category II firms must conduct company-run stress tests on an annual basis rather than every other year.
The Company and TRS, as well as AENB and the Company’s insurance and other regulated subsidiaries, are limited in their ability to pay dividends by statutes, regulations and supervisory policy.
Common stock dividend payments and share repurchases by the Company are subject to the oversight of the Federal Reserve, as described above. The Company will be subject to limitations and restrictions on capital distributions if, among other things, (i) the Company’s regulatory capital ratios do not satisfy applicable minimum requirements and buffers or (ii) the Company is required to resubmit its capital plan.
In general, federal laws and regulations prohibit, without first obtaining the OCC’s approval, AENB from making dividend distributions to TRS, if such distributions are not paid out of available recent earnings or would cause AENB to fail to meet capital adequacy standards. In addition to specific limitations on the dividends AENB can pay to TRS, federal banking regulators have authority to prohibit or limit the payment of a dividend if, in the banking regulator’s opinion, payment of a dividend would constitute an unsafe or unsound practice in light of the financial condition of the institution.
Prompt Corrective Action
The Federal Deposit Insurance Act (FDIA) requires, among other things, that federal banking regulators take prompt corrective action in respect of depository institutions insured by the FDIC (such as AENB) that do not meet minimum capital requirements. The FDIA establishes five capital categories for FDIC-insured banks: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. The FDIA imposes progressively more restrictive constraints on operations, management and capital distributions, depending on the capital category in which an institution is classified. In order to be considered “well capitalized,” AENB must maintain CET1 capital, Tier 1 capital, Total capital and Tier 1 leverage ratios of 6.5 percent, 8.0 percent, 10.0 percent and 5.0 percent, respectively.
Under the FDIA, AENB could be prohibited from accepting brokered deposits (i.e., deposits raised through third-party brokerage networks) or offering interest rates on any deposits significantly higher than the prevailing rate in its normal market area or nationally (depending upon where the deposits are solicited), unless (1) it is well capitalized or (2) it is adequately capitalized and receives a waiver from the FDIC. A portion of our outstanding U.S. retail deposits are considered brokered deposits for bank regulatory purposes. If a federal regulator determines that we are in an unsafe or unsound condition or that we are engaging in unsafe or unsound banking practices, the regulator may reclassify our capital category or otherwise place restrictions on our ability to accept or solicit brokered deposits.
Resolution Planning
Certain bank holding companies are required to submit resolution plans to the Federal Reserve and FDIC providing for the company’s strategy for rapid and orderly resolution in the event of its material financial distress or failure. However, Category IV firms are not required to submit a holding company resolution plan, while Category III firms are required to submit a holding company resolution plan every three years.
AENB continues to be required to prepare and provide a separate resolution plan to the FDIC that would enable the FDIC, as receiver, to effectively resolve AENB under the FDIA in the event of failure. Under the FDIC’s rule and its accompanying June 2021 statement on resolution plans for insured depository institutions, insured depository institutions with $100 billion or more in assets, such as AENB, are required to submit resolution plans on a three-year cycle. AENB submitted its most recent resolution plan in December 2022, as required.
On August 29, 2023, the FDIC issued a notice of proposed rulemaking that would require insured depository institutions with $100 billion or more in assets, including AENB, to submit full resolution plans every two years with interim supplements in non-submission years. Under the proposal, resolution plans would be subject to more stringent standards with respect to their assumptions and content, as well as enhanced credibility standards for the FDIC’s evaluation of resolution plans and expanded expectations regarding engagement and capabilities testing.
Orderly Liquidation Authority
The Company could become subject to the Orderly Liquidation Authority (OLA), a resolution regime under which the Treasury Secretary may appoint the FDIC as receiver to liquidate a systemically important financial institution, if the Company is in danger of default and is determined to present a systemic risk to U.S. financial stability. As under the FDIC resolution model, under the OLA, the FDIC has broad power as receiver. Substantial differences exist, however, between the OLA and the U.S. Bankruptcy Code, including the right of the FDIC under the OLA to disregard the strict priority of creditor claims in limited circumstances, the use of an administrative claims procedure to determine creditor claims (as opposed to the judicial procedure used in bankruptcy proceedings), and the right of the FDIC to transfer claims to a “bridge” entity.
The FDIC has developed a strategy under OLA, referred to as the “single point of entry” or “SPOE” strategy, under which the FDIC would resolve a failed financial holding company by transferring its assets (including shares of its operating subsidiaries) and, potentially, very limited liabilities to a “bridge” holding company; utilize the resources of the failed financial holding company to recapitalize the operating subsidiaries; and satisfy the claims of unsecured creditors of the failed financial holding company and other claimants in the receivership by delivering securities of one or more new financial companies that would emerge from the bridge holding company. Under this strategy, management of the failed financial holding company would be replaced and its shareholders and creditors would bear the losses resulting from the failure.
FDIC Powers upon Insolvency of AENB
If the FDIC is appointed the conservator or receiver of AENB, the FDIC has the power to: (1) transfer any of AENB’s assets and liabilities to a new obligor without the approval of AENB’s creditors; (2) enforce the terms of AENB’s contracts pursuant to their terms; or (3) repudiate or disaffirm any contract or lease to which AENB is a party, the performance of which is determined by the FDIC to be burdensome and the disaffirmation or repudiation of which is determined by the FDIC to promote the orderly administration of AENB. In addition, the claims of holders of U.S. deposit liabilities and certain claims for administrative expenses of the FDIC against AENB would be afforded priority over other general unsecured claims against AENB, including claims of debt holders and depositors in non-U.S. offices, in the liquidation or other resolution of AENB. As a result, regardless of whether the FDIC ever sought to repudiate any debt obligations of AENB, the debt holders and depositors in non-U.S. offices would be treated differently from, and could receive substantially less, if anything, than the depositors in the U.S. offices of AENB.
Other Banking Regulations
Source of Strength
The Company is required to act as a source of financial and managerial strength to its U.S. bank subsidiary, AENB, and may be required to commit capital and financial resources to support AENB. Such support may be required at times when, absent this requirement, the Company otherwise might determine not to provide it. Capital loans by the Company to AENB are subordinate in right of payment to deposits and to certain other indebtedness of AENB. In the event of the Company’s bankruptcy, any commitment by the Company to a federal banking regulator to maintain the capital of AENB will be assumed by the bankruptcy trustee and entitled to a priority of payment.
Transactions Between AENB and its Affiliates
Certain transactions (including loans and credit extensions from AENB) between AENB and its affiliates (including the Company, TRS and their other subsidiaries) are subject to quantitative and qualitative limitations, collateral requirements and other restrictions imposed by statute and regulation. Transactions subject to these restrictions are generally required to be made on an arm’s-length basis.
FDIC Deposit Insurance and Insurance Assessments
AENB accepts deposits that are insured by the FDIC up to the applicable limits. Under the FDIA, the FDIC may terminate the insurance of an institution’s deposits upon a finding that the institution has engaged in unsafe or unsound practices; is in an unsafe or unsound condition to continue operations; or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC. We do not know of any practice, condition or violation that would lead to termination of deposit insurance at AENB. The FDIC’s deposit insurance fund is funded by assessments on insured depository institutions, including AENB, which are subject to adjustment by the FDIC. On November 16, 2023, the FDIC adopted a final rule imposing a special assessment to recover the cost associated with protecting uninsured depositors in connection with the failures of two U.S. banks in March 2023. The special assessment will total approximately $53 million for us (which amount was recognized as an expense in the fourth quarter of 2023), and will be paid over eight quarterly assessment periods, with the first quarterly assessment period beginning on January 1, 2024.
Community Reinvestment Act
AENB is subject to the CRA, which imposes affirmative, ongoing obligations on depository institutions to meet the credit needs of their local communities, including low- and moderate-income neighborhoods, consistent with the safe and sound operation of the institution. AENB is currently designated a “limited purpose bank” under CRA regulations. In October 2023, the U.S. federal bank
regulatory agencies adopted a final rule that makes extensive revisions to the CRA regulatory framework, including to the definition of “limited purpose bank,” which could impact AENB and alter its CRA compliance obligations. Certain provisions of the final rule become effective on April 1, 2024, but the majority of the final rule’s operative provisions (including the revisions to the definition of “limited purpose bank”) become effective on January 1, 2026, with additional data collection and reporting requirements becoming effective on January 1, 2027. We are currently evaluating the impact of the final rule but expect that it will increase AENB’s obligations and compliance costs.
Climate Risk Management
The U.S. federal bank regulatory agencies have recently increased their focus on climate risk-related supervision. For example, on October 24, 2023, the U.S. federal bank regulatory agencies issued “Principles for Climate-Related Financial Risk Management for Large Financial Institutions.” The principles would apply to financial institutions with more than $100 billion in total consolidated assets, like the Company and AENB, and are broadly designed to provide a high-level framework for the safe and sound management of exposures to climate-related financial risks consistent with existing U.S. federal bank regulatory agencies’ rules and guidance. The principles outline six key aspects of climate-related financial risk management: governance; policies, procedures and limits; strategic planning; risk management; data, risk measurement and reporting; and scenario analysis. In addition, the principles offer risk assessment guidance for incorporating climate-related financial risks in various traditional risk categories. It is too early to determine what other regulations and policies may be adopted or apply to the Company and AENB and the effect of any such regulations or policies on the Company and AENB.
Consumer Financial Products Regulation
Our consumer-oriented activities are subject to regulation and supervision in the United States and internationally. In the United States, our marketing, sale and servicing of consumer financial products and our compliance with certain federal consumer financial laws are supervised and examined by the CFPB, which has broad rulemaking and enforcement authority over providers of credit, savings and payment services and products, and authority to prevent “unfair, deceptive or abusive” acts or practices. The CFPB has the authority to write regulations under federal consumer financial protection laws, to enforce those laws and to examine for compliance. It is also authorized to collect fines and require consumer restitution in the event of violations, engage in consumer financial education, track consumer complaints, request data and promote the availability of financial services to underserved consumers and communities. In addition, a number of U.S. states have significant consumer credit protection, disclosure and other laws (in certain cases more stringent than U.S. federal laws). U.S. federal law also regulates abusive debt collection practices, which, along with bankruptcy and debtor relief laws, can affect our ability to collect amounts owed to us or subject us to regulatory scrutiny.
On February 1, 2023, the CFPB issued a proposed rule to lower the safe harbor amount that would be considered, by regulation, to be “reasonable and proportional” to the costs incurred by credit card issuers for late payments. The proposed rule would also eliminate the annual inflation adjustment for such safe harbor amount and prohibit late fee amounts above 25 percent of the consumer’s required minimum payment.
On March 30, 2023, the CFPB adopted a final rule requiring covered financial institutions, such as us, to collect and report data to the CFPB regarding certain small business credit applications. Based on our small business credit transaction volume, we will be required to comply with this rule by October 1, 2024, subject to the outcome of litigation over the final rule.
On October 19, 2023, the CFPB issued a proposed rule on personal financial data rights that the CFPB stated would accelerate a shift toward open banking. The proposed rule would require data providers to provide consumers and consumer-authorized third parties with access to consumers’ financial data free of charge and would also impose requirements on authorized third parties, as well as data aggregators that facilitate access to consumers’ financial data. If the proposed rule is adopted as proposed, it (and other open banking initiatives) has the potential to change the competitive landscape, which would present new challenges and opportunities to our business model.
We are also regulated in the United States under the “money transmitter” or “sale of check” laws in effect in most states. In addition, we are required by the laws of many states to comply with unclaimed and abandoned property laws, under which we must pay to states the face amount of any Travelers Cheque or prepaid card that is uncashed or unredeemed after a period of time depending on the type of product. Additionally, we are regulated under insurance laws in the United States and other countries where we offer insurance services.
In countries outside the United States, regulators continue to focus on a number of key areas impacting our card-issuing businesses, particularly consumer protection (such as in the European Union (EU), the United Kingdom and Canada) and responsible lending (such as in Australia, Mexico, New Zealand and Singapore), with increasing importance on and attention to customers and outcomes rather than just ensuring compliance with local rules and regulations. Regulators’ expectations of firms in relation to their compliance, risk and control frameworks continue to increase and regulators are placing significant emphasis on a firm’s systems and controls relating to the identification and resolution of issues.
Legislators and regulators in various countries in which we operate have focused on the operation of card networks, including through enforcement actions, legislation and regulations to change certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, to establish broad regulatory regimes for payment systems.
The EU, Australia, Canada and other jurisdictions have focused on interchange fees (that is, the fee paid by the bankcard merchant acquirer to the card issuer in payment networks like Visa and Mastercard), as well as the rules, contract terms and practices governing merchant card acceptance. Regulation and other governmental actions relating to pricing or practices could affect all networks directly or indirectly, as well as adversely impact consumers and merchants. Among other things, regulation of bankcard fees has negatively impacted and may continue to negatively impact the discount revenue we earn, including as a result of downward pressure on our merchant discount rates from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend to certain aspects of our business, such as network and cobrand arrangements or the terms of card acceptance for merchants, and we have exited our network businesses in the EU and Australia as a result of regulation in those jurisdictions, for example. There is uncertainty as to when or how interchange fee caps and other provisions of the EU payments legislation might apply when we work with cobrand partners and agents in the EU. In a ruling issued on February 7, 2018, the EU Court of Justice confirmed the validity of fee capping and other provisions in circumstances where three-party networks issue cards with a cobrand partner or through an agent, although the ruling provided only limited guidance as to when or how the provisions might apply in such circumstances and remains subject to differing interpretations by regulators and participants in cobrand arrangements. On August 29, 2023, the Dutch Trade and Industry Appeals Tribunal referred questions to the EU Court of Justice on the interpretation of the application of the interchange fee caps in connection with an administrative proceeding by the Netherlands Authority for Consumers and Markets regarding our cobrand relationship with KLM Royal Dutch Airlines. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. See “Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition” under “Risk Factors.”
In various countries, such as certain Member States in the EU, Australia and Canada (other than in Quebec), merchants are permitted by law to surcharge card purchases. In addition, the laws of a number of states in the United States that prohibit surcharging have been overturned and certain states have passed or are considering laws to permit surcharging by merchants. Surcharging is an adverse customer experience and could have a material adverse effect on us, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business. In addition, other steering or differential acceptance practices that are permitted by regulation in some jurisdictions could also have a material adverse effect on us. See “Surcharging or steering by merchants could materially adversely affect our business and results of operations” under “Risk Factors.”
In some countries, governments have established regulatory regimes that require international card networks to be locally licensed and/or to localize aspects of their operations. For example, the Reserve Bank of India, which has broad power under the Payment and Settlement Systems Act, 2007 to regulate the membership and operations of card networks, issued a mandate requiring payment systems operators in India to store certain payments data locally. In 2021, it imposed restrictions on American Express Banking Corp. from engaging in certain card issuing activities in India, which were lifted in 2022 following significant investment in technology, infrastructure and resources to comply with the regulation. The development and enforcement of these and other similar laws, regulations and policies may adversely affect our ability to compete effectively and maintain and extend our global network.
Privacy, Data Protection, Data Governance, Information Security and Cybersecurity
Regulatory and legislative activity in the areas of privacy, data protection, data governance and information security and cybersecurity continues to increase worldwide. We have established, and continue to maintain, policies and a governance framework to comply with applicable privacy, data protection, data governance and information security and cybersecurity laws and requirements, meet evolving customer and industry expectations and support and enable business innovation and growth; however, our policies and governance framework may be insufficient given the size and complexity of our business and heightened regulatory scrutiny.
Our regulators are increasingly focused on ensuring that our privacy, data protection, data governance and cybersecurity-related policies and practices are adequate to inform customers of our data collection, use, sharing and/or security practices, to provide them with choices, if required, about how we use and share their information, and to appropriately safeguard their personal information and account access. Regulators are also focused on data management, technology infrastructure and architecture, technology operations, resiliency and business continuity, and third-party risk management policies and practices.
In the United States, certain of our businesses are subject to the privacy, disclosure and safeguarding provisions of the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations and guidance. Among other things, GLBA imposes certain limitations on our ability to share consumers’ nonpublic personal information with nonaffiliated third parties and requires us to develop, implement and maintain a written comprehensive information security program containing safeguards that are appropriate to the size and complexity of our business, the nature and scope of our activities and the sensitivity of customer information that we process. We also have expanded privacy-related obligations with respect to California residents who are not covered by GLBA, pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020. Various regulators and other U.S. states and territories are considering similar requirements or have adopted laws, rules and regulations pertaining to privacy and/or information security and cybersecurity that may be more stringent and/or expansive than federal requirements.
We are also subject to certain privacy, data protection, data governance and information security and cybersecurity laws in other countries in which we operate (including Member States in the EU, Australia, Canada, China, Japan, Hong Kong, India, Indonesia, Mexico, Singapore, Thailand and the United Kingdom), some of which are more stringent and/or expansive than those in the United States and some of which may conflict with each other. Some jurisdictions have instituted or are considering instituting requirements that make it onerous to transfer personal data to other jurisdictions, and certain countries require in-country data processing and/or in-country storage of data. Compliance with such laws results in higher technology, administrative and other costs for us, could limit our ability to optimize the use of our closed-loop data, and could require use of local technology services. Some of these laws also require us to provide foreign governments and other third parties broader access to our data and intellectual property. Data breach and operational outage notification laws or regulatory activities to encourage such notifications and regulatory activity and laws around resiliency, business continuity and third-party risk management are also becoming more prevalent in jurisdictions outside the United States in which we operate.
The EU General Data Protection Regulation (GDPR) and the equivalent UK GDPR impose legal and compliance obligations on companies that process personal data of individuals in the EU and UK, irrespective of the geographical location of the company, with the potential for significant fines for non-compliance (up to 4 percent of total annual worldwide revenue). These laws include, among other things, a requirement for prompt notice of data breaches, in certain circumstances, to affected individuals and supervisory authorities and restrictions on the cross-border transfers of EU or UK personal data. We rely on a variety of compliant transfer mechanisms to transfer this personal data, including the use of binding corporate rules and standard contractual clauses. In 2023, the EU and UK regulators approved the EU-U.S. Data Privacy Framework and the UK Data Bridge, enabling easier transfers of EU and UK personal data to participating companies in the United States. We are also subject to certain data protection laws in Member States in the EU, which may be more stringent than the EU GDPR. Our data protection programs have become the subject of heightened scrutiny in certain Member States in the EU and we continue to make changes to our privacy practices and data governance to comply with these requirements.
Anti-Money Laundering, Countering the Financing of Terrorism, Economic Sanctions and Anti-Corruption Compliance
We are subject to significant supervision and regulation, and an increasingly stringent enforcement environment, with respect to compliance with anti-money laundering (AML), countering the financing of terrorism (CFT), sanctions and anti-corruption laws and regulations. Failure to maintain and implement adequate programs and policies and procedures for AML/CFT, sanctions and anti-corruption compliance could have material financial, legal and reputational consequences.
Anti-Money Laundering and Countering the Financing of Terrorism
We are subject to a significant number of AML/CFT laws and regulations globally.
In the United States, the majority of AML/CFT requirements are derived from the Currency and Foreign Transactions Reporting Act and the accompanying regulations issued by the U.S. Department of the Treasury (collectively referred to as the Bank Secrecy Act), as amended by the USA PATRIOT Act of 2001 (the Patriot Act). The Anti-Money Laundering Act of 2020 (the AMLA), enacted in January 2021, amended the Bank Secrecy Act and is intended to comprehensively reform and modernize U.S. AML/CFT laws. Many of the statutory provisions in the AMLA will require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance.
In Europe, AML/CFT requirements are largely the result of countries transposing the 5th and 6th EU Anti-Money Laundering Directives (and preceding EU Anti-Money Laundering Directives) into local laws and regulations. Numerous other countries have also enacted or proposed new or enhanced AML/CFT legislation and regulations applicable to American Express.
Among other things, these laws and regulations generally require us to establish AML/CFT programs that meet certain standards, including policies and procedures to collect information from and verify the identities of our customers, and to monitor for and report suspicious transactions, in addition to other information gathering and recordkeeping requirements. Our AML/CFT
programs have become the subject of heightened scrutiny in some countries, including certain Member States in the EU. Any errors, failures or delays in complying with AML/CFT laws, perceived deficiencies in our AML/CFT programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activity can give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions.
Economic Sanctions
National governments and international bodies, such as the United Nations and the EU, have imposed economic sanctions against individuals, entities, vessels, governments and countries that endanger their interests or violate international norms of behavior. Sanctions have been used to advance a range of foreign policy goals, including conflict resolution, counterterrorism, counternarcotics and promotion of democracy and human rights, among other national and international interests. Failure to comply with such requirements could subject us to serious legal and reputational consequences, including criminal penalties.
The United States has imposed economic sanctions that affect transactions involving targeted jurisdictions, parties or activities. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers most U.S. sanctions. OFAC regulations prohibit U.S. persons from engaging in financial transactions with or relating to, or other dealings involving, a targeted individual, entity, vessel, government or country without a license or other authorization and require U.S. persons to block property and property interests of parties on OFAC’s Specially Designated Nationals and Blocked Persons List and entities owned 50 percent or more by one or more Specially Designated Nationals. Blocked property (e.g., bank deposits or other financial assets) cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Regulatory authorities in other international jurisdictions, such as the United Kingdom and Member States in the EU, administer similar programs to U.S. sanction programs.
We maintain a global sanctions compliance program designed to meet the requirements of applicable sanctions regimes.
Anti-Corruption
We are subject to complex anti-corruption laws and regulations, including the U.S. Foreign Corrupt Practices Act (the FCPA), the UK Bribery Act and other laws that prohibit the making or offering of improper payments. The FCPA makes it illegal to corruptly offer or provide anything of value to foreign government officials, political parties or political party officials for the purpose of obtaining or retaining business or an improper advantage. The FCPA also requires us to strictly comply with certain accounting and internal controls standards. The UK Bribery Act also prohibits commercial bribery and the receipt of a bribe, and makes it a corporate offense to fail to prevent bribery by an associated person, in addition to prohibiting improper payments to foreign government officials. Failure by us or our colleagues, contractors or agents to comply with the FCPA, the UK Bribery Act and other similar laws can expose us and/or individual colleagues to investigation, prosecution and potentially severe criminal and civil penalties.
Compensation Practices
Our compensation practices are subject to oversight by the Federal Reserve and the OCC. The federal banking regulators’ guidance on sound incentive compensation practices sets forth three key principles for incentive compensation arrangements that are designed to help ensure that incentive compensation plans do not encourage imprudent risk-taking and are consistent with the safety and soundness of banking organizations. The three principles provide that a banking organization’s incentive compensation arrangements should (1) provide incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks, (2) be compatible with effective internal controls and risk management and (3) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors. Any deficiencies in our compensation practices that are identified by the banking regulators in connection with their review of our compensation practices may be incorporated into our supervisory ratings, which can affect our ability to make acquisitions or perform other actions. Enforcement actions may be taken against us if our incentive compensation arrangements or related risk-management control or governance processes are determined to pose a risk to our safety and soundness, and we have not taken prompt and effective measures to correct the deficiencies.
The Dodd-Frank Act requires U.S. financial regulators, including the Federal Reserve and the Securities and Exchange Commission (SEC), to adopt rules on incentive-based payment arrangements at specified regulated entities having at least $1 billion in total assets. In 2016, the federal banking regulators, the SEC, the Federal Housing Finance Agency and the National Credit Union Administration proposed revised rules on incentive-based compensation practices, which have not yet been finalized. If these or other regulations are adopted in a form similar to what has been proposed, they will impose limitations on the manner in which we may structure compensation for our colleagues, which could adversely affect our ability to hire, retain and motivate key colleagues.
We maintain an Investor Relations website at http://ir.americanexpress.com. We make available free of charge, on or through this website, our annual, quarterly and current reports and any amendments to those reports as soon as reasonably practicable following the time they are electronically filed with or furnished to the SEC.
In addition, we routinely post financial and other information, some of which could be material to investors, on our Investor Relations website. Information regarding our corporate sustainability initiatives, including our Environmental, Social and Governance reports, are available on the Corporate Sustainability section of our website at http://about.americanexpress.com/corporate-sustainability.
The content of any of our websites referred to in this report is not incorporated by reference into this report or any other report filed with or furnished to the SEC. We have included such website addresses only as inactive textual references and do not intend them to be active links.
You can find certain statistical disclosures required of bank holding companies starting on page A-1, which are incorporated herein by reference.
Our business as a whole has not experienced significant seasonal fluctuations, although network volumes tend to be moderately higher in the fourth quarter than in other quarters. As a result, the amount of Card Member loans and receivables outstanding tend to be moderately higher during that quarter. Additionally, we tend to have a higher proportion of retail-related billed business in the fourth quarter, which on average has a slightly lower merchant discount rate.
This section highlights certain risks that could affect us and our businesses, broadly categorized in accordance with the risk types identified in our Enterprise Risk Management (ERM) Framework: “Strategic & Business, Reputational and Country Risks,” “Operational and Compliance/Legal Risks” and “Market, Funding & Liquidity, Credit and Model Risks.” You should carefully consider each of the following risks and all of the other information set forth in this Annual Report on Form 10-K, including in “Risk Management” under “MD&A,” which describes our approach to identifying, monitoring and managing the risks we assume in conducting our businesses and provides certain quantitative and qualitative disclosures about market risks. The risks and uncertainties we face are not limited to those described below. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business.
Strategic & Business, Reputational and Country Risks
Business and economic conditions are a major driver of our results of operations and difficult conditions in the business and economic environment may materially adversely affect our business.
We offer a broad array of products and services to consumers, small businesses, mid-sized companies and large corporations and thus are very dependent upon the level of consumer and business activity and the demand for payment and financing products. Slow economic growth, economic contraction or shifts in broader consumer and business trends significantly impact customer behaviors, including spending on our cards, the ability and willingness of Card Members to borrow and pay amounts owed to us and demand for fee-based products and services.
Factors such as consumer spending and confidence, household income and housing prices, unemployment rates, business investment and inventory levels, bankruptcies, geopolitical instability, public policy decisions, government spending, international trade relationships, interest rates, taxes, inflation and deflation (including the effects of related governmental responses), energy costs, availability of capital and credit and the lingering impacts of the COVID-19 pandemic all affect the economic environment and, ultimately, our profitability. Additionally, sustained periods of high inflation may, among other things, increase certain of our expenses and erode consumer purchasing power, confidence and spending. An economic downturn or recession may result in higher unemployment and lower household income, consumer spending, corporate earnings and business investment, which may negatively impact spending on our cards and demand for our products, and increase delinquencies and write-off rates.
Travel and entertainment (T&E) expenditures, which comprised approximately 28 percent of our worldwide billed business during 2023, for example, are sensitive to business and personal discretionary spending levels and tend to decline during general economic downturns. Likewise, spending by small business and corporate clients, which comprised approximately 43 percent of our worldwide billed business during 2023, depends in part on the economic environment and a favorable climate for continued business investment and new business formation. Increases in delinquencies and write-off rates as a result of increases in bankruptcies, unemployment rates, changes in customer behaviors or otherwise could also have a material adverse effect on our results of operations. The consequences of negative circumstances impacting us or the economic environment generally can be sudden and severe and can impact customer types and geographies in which we operate in very different ways.
Our business is subject to the effects of geopolitical conditions, weather, natural disasters and other catastrophic events.
Geopolitical conditions, terrorist attacks, military conflicts, natural disasters, severe weather, widespread health emergencies or pandemics, information or cybersecurity incidents (including intrusion into or degradation or unavailability of systems or technology by cyberattacks), operational incidents and other catastrophic events can have a material adverse effect on our business. Political and social conditions, including actions upending geopolitical stability (such as from tensions involving China and the U.S.), fiscal and monetary policies (including developments related to the U.S. federal debt ceiling, budgetary issues and government shutdowns), trade wars and tariffs, labor shortages, regional or domestic hostilities, economic sanctions and the prospect or occurrence of more widespread conflicts could also negatively affect our business, operations and partners, consumer and business spending, including travel patterns and business investment, and demand for credit. Because we derive a portion of our revenues from travel-related spending, our business is sensitive to safety concerns related to travel and tourism, limitations on travel and mobility and health-related risks. In addition, disruptions in air travel and other forms of travel can result in the payment of claims under travel protection products we offer.
The COVID-19 pandemic had widespread, rapidly evolving and unpredictable impacts on global society, economies, financial markets and consumer and business behaviors. The pandemic and resulting containment measures adversely impacted a significant portion of our network volumes. The global macroeconomic outlook continues to remain uncertain due to a variety of factors, including the emergence of new variants, impacts to the labor market, supply chain disruptions and inflation. The extent to which our business and results of operations may continue to be adversely affected by this macroeconomic uncertainty will depend on numerous evolving factors and future developments, including the continued spread and severity of the virus and new variants; the availability, distribution, use and effectiveness of treatments and vaccines; the extent and duration of lingering effects on the economy, inflation, consumer confidence and consumer and business spending; and the impact on consumers and businesses as forbearance and government support programs end, including the end of the moratorium on student loan repayments.
Several military conflicts are taking place across the world (such as the ongoing Russia-Ukraine and Israel-Hamas wars), which may adversely affect our business, and geopolitical tensions may result in additional conflicts or escalate existing conflicts. Following the Russian invasion of Ukraine, we announced that we suspended business operations in Russia and Belarus and this
conflict has led to economic uncertainty and market disruptions, including the imposition of financial and economic sanctions and export controls designed to constrain Russia. The conflict in Israel and surrounding areas has also created economic uncertainty and regional instability, including due to the risk of escalation into a wider regional conflict, and resulted in the imposition of sanctions targeting Hamas-affiliated individuals and entities. The broader consequences of these conflicts remain uncertain, but may include further sanctions, regional instability and geopolitical shifts, increased prevalence and sophistication of cyberattacks, potential retaliatory action against companies such as us, heightened regulatory scrutiny related to sanctions compliance, increased inflation, further increases or fluctuations in commodity and energy prices, decreases in global travel, further disruptions to the global supply chain and other adverse effects on macroeconomic conditions.
Hurricanes and other natural disasters have impacted spending and credit performance in the areas affected. Other disasters or catastrophic events in the future, and the impact of such events on certain industries or the overall economy, could have a negative effect on our business, results of operations and infrastructure, including our technology and systems. Climate change may exacerbate certain of these threats, including the frequency and severity of weather-related events. Card Members in California, Florida, New York, Texas, Georgia and New Jersey account for a significant portion of U.S. consumer and small business billed business and Card Member loans, and our results of operations could be impacted by events or conditions that disproportionately or specifically affect one or more of those states.
Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry.
The payments industry is highly competitive, and we compete with card networks, issuers and acquirers, paper-based transactions (e.g., cash and checks), bank transfer models (e.g., wire transfers and ACH), as well as evolving and growing alternative payment and financing providers. If we are not able to differentiate ourselves from our competitors, develop compelling value propositions for our customers and/or effectively grow in areas such as mobile and online payments and emerging technologies, we may not be able to compete effectively.
We believe Visa and Mastercard are larger than we are in most countries based on purchase volume. As a result, card issuers and acquirers on the Visa and Mastercard networks may be able to benefit from the dominant position, scale, resources, marketing and pricing of those networks. Our business may also be negatively affected if we are unable to continue increasing merchant acceptance (including by merchants that accept cards on the Visa and Mastercard networks) and perceptions of coverage, or if our Card Members do not experience welcome acceptance of our cards.
Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have and may offer richer value propositions or a wider range of programs and services than we offer or may use more effective strategies to acquire and retain more customers, capture a greater share of spending and borrowings, develop more attractive cobrand card and other partner programs and maintain greater merchant acceptance than we have. Government actions or initiatives may also provide competitors with increased opportunities to derive competitive advantages and may create new competitors, including in some cases a government entity. We may not be able to compete effectively against these threats or respond or adapt to changes in consumer spending and borrowing habits as effectively as our competitors. Costs such as Card Member rewards and Card Member services expenses could continue to increase as we evolve our value propositions, including in response to increased competition.
Spending on our cards could continue to be impacted by increasing consumer usage of credit and debit cards issued on other networks, as well as adoption of alternative payment mechanisms, systems and products. The fragmentation of customer spending to take advantage of different merchant or card incentives or for convenience with technological solutions may continue to increase. Revolving credit balances on our cards could also be impacted by alternative financing providers, such as point-of-sale lenders and buy now, pay later products. To the extent other payment and financing mechanisms, systems and products continue to successfully expand, our discount revenues earned from Card Member spending and our net interest income earned from Card Member borrowing could be negatively impacted. In addition, companies that control access to consumer and merchant payment method choices at the point of sale or through digital wallets, commerce-related experiences, mobile applications or other technologies could choose not to accept, suppress use of, or degrade the experience of using our products or could restrict our access to our customers and transaction data. Such companies could also require payments from us to participate in such digital wallets, experiences or applications or negotiate incentives or pricing concessions, impacting our profitability on transactions.
The competitive value of our closed-loop data and demand for our products and services may also be diminished as traditional and non-traditional competitors use other, new data sources and technologies to derive similar insights and by certain regulations, such as open banking initiatives that are increasingly being promoted by governments and regulators, which may result in disintermediating existing financial services providers, steering customers away from our products and services or decreasing our attractiveness to partners.
To the extent we expand into, or further grow in, new business areas and new geographic regions, such as mainland China, we will face competitors with more experience and more established relationships with relevant customers, regulators and industry participants, which could adversely affect our ability to compete. Laws and business practices that favor local competitors, require card transactions to be routed over domestic networks or prohibit or limit foreign ownership of certain businesses could limit our growth in international regions.
We may face additional compliance and regulatory risks to the extent that we expand into new business areas, and we may need to dedicate more expense, time and resources to comply with regulatory requirements than our competitors, particularly those that are not regulated financial institutions.
Many of our competitors are subject to different, and in some cases, less stringent, legislative and regulatory regimes, and some may have lower cost structures and more agile business models and systems. More restrictive laws and regulations that do not apply to all of our competitors can put us at a disadvantage, including prohibiting us from engaging in certain transactions, regulating our business practices or adversely affecting our cost structure.
We face intense competition for partner relationships, which could result in a loss or renegotiation of these arrangements that could have a material adverse impact on our business and results of operations.
In the ordinary course of our business we enter into different types of contractual arrangements with business partners in a variety of industries. For example, we work with partners such as Delta, Marriott, Hilton and British Airways to offer cobranded cards for consumers and small businesses, and with partners in many industries, including Delta, to offer benefits and rewards to Card Members. See “Partners and Relationships” under “Business” for additional information on our business partnerships, including with Delta.
Competition for relationships with key business partners is very intense and there can be no assurance we will be able to grow or maintain these partner relationships or that they will remain as profitable or valued by our customers. Establishing and retaining attractive cobrand card partnerships is particularly competitive among card issuers and networks as these partnerships typically appeal to high-spending loyal customers. All of our cobrand portfolios in the aggregate accounted for approximately 21 percent of our worldwide network volumes for the year ended December 31, 2023. Card Member loans related to our cobrand portfolios accounted for approximately 36 percent of our worldwide Card Member loans as of December 31, 2023.
Cobrand arrangements are entered into for a fixed period, generally ranging from five to ten years, and will terminate in accordance with their terms, including at the end of the fixed period unless extended or renewed at the option of the parties, or upon early termination as a result of an event of default or otherwise. We face the risk that we could lose partner relationships, even after we have invested significant resources in the relationships. Additionally, partners may make changes to the products and services they offer, which may lower the value of our products, such as the cobranded cards we issue to our customers. We may also choose to not renew certain cobrand relationships. Network volumes could decline and Card Member attrition could increase, in each case, significantly as a result of the termination of one or more cobrand partnership relationships. In addition, some of our cobrand arrangements provide that, upon expiration or termination, the cobrand partner may purchase or designate a third party to purchase the loans generated with respect to such cobranded card portfolio, which could result in the loss of the card accounts and a significant decline in our Card Member loans outstanding.
We regularly seek to extend or renew cobrand arrangements in advance of the end of the contract term and face the risk that existing relationships will be renegotiated with less favorable terms for us or that we may be unable to renegotiate on terms that are acceptable to us, as competition for such relationships continues to increase. We make payments to our cobrand partners, which can be significant, based primarily on the amount of Card Member spending and corresponding rewards earned on such spending and, under certain arrangements, on the number of accounts acquired and retained. The amount we pay to our cobrand partners has increased, particularly in the United States, and may continue to increase as arrangements are renegotiated due to increasingly intense competition for cobrand partners among card issuers and networks.
The loss of exclusivity arrangements with business partners, the loss of the partner relationship altogether (whether by non-renewal at the end of the contract period, such as the end of our relationship with Costco in the United States in 2016, or as the result of a merger, legal or regulatory action or otherwise) or the renegotiation of existing partnerships with terms that are significantly worse for us could have a material adverse impact on our business and results of operations. See “Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition” above for information on the uncertainty regarding our cobrand and agent relationships in the EU. In addition, any publicity associated with the loss of any of our key business partners could harm our reputation, making it more difficult to attract and retain Card Members and merchants, and could weaken our negotiating position with our remaining and prospective business partners.
Arrangements with our business partners represent a significant portion of our business. We are exposed to risks associated with our business partners, including reputational issues, business slowdowns, bankruptcies, liquidations, restructurings and consolidations, and the possible obligation to make payments to our partners.
Our success is, in many ways, dependent on the success of our partners. From customer acquisition to cobranding arrangements, from participation in our rewards programs to facilitating B2B supplier payments for our corporate clients, we rely on our business partners across many aspects of our company and our arrangements with business partners represent a significant portion of our business. Some of our partners manage certain aspects of our customer relationships, such as our OptBlue partners. To the extent any of our partners fail to effectively promote and support our products, experience a slowdown in their business, operational disruptions, reputational issues or loss of consumer confidence, or are otherwise unable to meet our expectations or those of their other stakeholders, our business may be materially negatively impacted. For example, the operational rights relating to our prepaid reloadable and gift card business are owned by a business partner and the reloadable operations have experienced disruptions and compliance issues that impacted the ability of our prepaid customers to load and use their cards. If such operations are interrupted, suspended, terminated or otherwise experience further issues in the future, it could further negatively impact our customers’
experience, result in additional costs, litigation and regulatory action, and harm our business and reputation. We also face the risk that existing relationships will be renegotiated with less favorable terms for us or that we may be unable to renegotiate on terms that are acceptable to us. In addition, we may be obligated to make or accelerate payments to certain business partners such as cobrand partners upon the occurrence of certain triggering events such as a shortfall in certain performance and revenue levels. If we are not able to effectively manage these triggering events, we could unexpectedly have to make payments to these partners, which could have a negative effect on our financial condition and results of operations. See Note 12 to the “Consolidated Financial Statements” for additional information on financial commitments related to agreements with certain cobrand partners.
Similarly, we are exposed to risk from bankruptcies, liquidations, insolvencies, financial distress, restructurings, consolidations, operational outages, cybersecurity incidents and other similar events that may occur in any industry representing a significant portion of our network volumes, which could negatively impact particular card products and services (and volumes generally) and our financial condition and results of operations. We have previously and may in the future pre-purchase loyalty points from certain of our cobrand partners, the value of which may diminish to the extent such partners cease operations or such points become less desirable to our customers. We could also be materially impacted if we were obligated or elected to reimburse Card Members for products and services purchased from merchants that have ceased operations or stopped accepting our cards. For example, we are exposed to credit risk in the airline industry to the extent we protect Card Members against non-delivery of purchases, such as where we have remitted payment to an airline for a Card Member purchase of tickets that have not yet been used or “flown.” If we are unable to collect the amount from the airline, we may bear the loss for the amount credited to the Card Member. At December 31, 2023, our best estimate of the maximum amount of billed business for purchases that had yet to be delivered by, or could be charged back to, merchants was $35.3 billion. This amount assumes all such merchants worldwide cease operations and thus are no longer available to deliver such purchases or to accept such chargebacks, and that all such billed business results in claims-in-full by Card Members. Such a maximum amount has not been indicative of our actual loss exposure in the past and we have not experienced significant losses related to these exposures to date; however, our historical experience may not be representative in the current environment given the current global economic, financial and geopolitical conditions.
For additional information relating to operational risks of our business partners, see “We rely on third-party providers for acquiring and servicing customers, technology, platforms and other services integral to the operations of our businesses. These third parties may act in ways that could materially harm our business” below and for the general risks related to the airline industry, see “Risk Management — Institutional Credit Risk — Exposure to the Airline and Travel Industry” under “MD&A.”
We face continued intense competitive pressure that may materially impact the prices we charge for accepting our cards for payment, as well as the risk of losing merchant relationships, which could have a material adverse impact on our business and results of operations.
We face pressure from competitors that primarily rely on sources of revenue other than discount revenue or have lower costs that can make their pricing for card acceptance more attractive. Merchants, business partners and third-party merchant acquirers and aggregators are also able to negotiate incentives, pricing concessions and other favorable contractual provisions from us as a condition to accepting our cards, being cobrand partners, offering benefits to our Card Members or signing merchants on our behalf. As merchants become even larger (such as the largest tech companies), we may have to increase the amount of incentives and/or concessions we provide to them. We also face the risk of losing a merchant relationship that could materially adversely affect our network volumes, ability to retain current Card Members and attract new Card Members and therefore, our business and results of operations.
Our merchant discount rates have been impacted by regulatory changes affecting competitor pricing in certain international countries and may in the future be impacted by pricing regulation. We have also experienced erosion of our merchant discount rates as we increase merchant acceptance. We may not be successful in significantly expanding merchant acceptance or offsetting rate erosion with volumes at new merchants. In addition, the regulatory environment and differentiated payment models and technologies from non-traditional players in the alternative payments space could pose challenges to our traditional payment model and adversely impact our merchant discount rates. Some merchants, including large tech companies and other large merchants, continue to invest in their own payment and financing solutions, such as proprietary-branded mobile wallets, using both traditional and new technology platforms. If merchants are able to drive broad consumer adoption and usage, it could adversely impact our merchant discount rates and network and loan volumes.
A continuing priority of ours is to drive greater and differentiated value to our merchants that, if not successful, could negatively impact our discount revenue and financial results. We may not succeed in maintaining merchant discount rates or offsetting the impact of declining merchant discount rates, for the reasons discussed above and others, which could materially and adversely affect our revenues and profitability, and therefore our ability to invest in innovation and in value-added services for merchants, business partners and Card Members.
Surcharging or steering by merchants could materially adversely affect our business and results of operations.
In certain countries, such as Australia, Canada (other than in Quebec) and certain Member States in the EU, and in certain states in the United States, merchants are permitted by law to surcharge certain card purchases. In jurisdictions allowing surcharging, we have seen merchant surcharging on American Express cards in certain merchant categories, and in some cases, either the surcharge is greater than that applied to Visa and Mastercard cards or Visa and Mastercard cards are not surcharged at all (practices that are known as differential surcharging), even though there are many cards issued on competing networks that have an equal or greater cost of acceptance for the merchant.
We also encounter merchants that accept our cards, but tell their customers that they prefer to accept another type of payment or otherwise seek to suppress use of our cards or certain of our cards, which could become more prevalent with the existence of debit cards on the American Express network. Our Card Members value the ability to use their cards where and when they want to, and we, therefore, take steps to meet our Card Members’ expectations and to protect the American Express brand by prohibiting discrimination through provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, subject to local legal requirements. We have increasingly relied on merchant acquirers, aggregators and processors to manage certain aspects of our merchant relationships. When we work with such third parties, we are dependent on them to promote and support the acceptance and usage of our cards, but they may have business interests, strategies or goals that are inconsistent with ours.
New products, such as debit cards on the American Express network, could fail to gain market acceptance and American Express cards could become less desirable to consumers and businesses generally due to surcharging, steering or other forms of discrimination, which could result in a decrease in cards-in-force, coverage and transaction volumes. The impact could vary depending on such factors as: the industry or manner in which a surcharge is levied; how Card Members are surcharged or steered to other card products or payment forms at the point of sale; the ease and speed of implementation for merchants, merchant acquirers, aggregators, processors or other merchant service providers, including as a result of new or emerging technologies; the size and recurrence of the underlying charges; and whether and to what extent these actions are applied to other forms of payment, including whether it varies depending on the type of card (e.g., credit or debit), product, network, acquirer or issuer. Discrimination against American Express cards could have a material adverse effect on our business, financial condition and results of operations, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business.
We may not be successful in our efforts to promote card usage or attract new Card Members, including through marketing and promotion, merchant acceptance and Card Member rewards and services, or to effectively control the costs of such investments, both of which may materially impact our profitability.
Revenue growth is dependent on increasing consumer and business spending on our cards, growing loan balances and increasing fee revenue. We have been investing in a number of growth initiatives, including to attract new Card Members, retain existing Card Members and capture a greater share of customers’ total spending and borrowings. There can be no assurance that our investments will continue to be effective, particularly as consumer and business behaviors continue to change. In addition, if we develop new products or offers that attract customers looking for short-term incentives rather than incentivize long-term loyalty, Card Member attrition and costs could increase. Increasing spending on our cards also depends on our continued expansion of merchant acceptance of our cards. If we are unable to continue growing merchant acceptance and perceptions of coverage or merchants decide to no longer accept American Express cards, our business could suffer. Expanding our service offerings, adding customer acquisition channels and forming new partnerships or renewing current partnerships could have higher costs than our current arrangements, fail to resonate with customers, adversely impact our merchant discount rates or dilute our brand.
Another way we invest in customer value is through our Membership Rewards program, as well as other Card Member benefits. Any significant change in, or failure by management to reasonably estimate, actual redemptions of Membership Rewards points and associated redemption costs could adversely affect our profitability. We rely on third parties for certain redemption options and may not be able to continue to offer such redemption options in the future, which could diminish the value of the program for our Card Members. Our two largest redemption partners are Amazon and Delta. In addition, many credit card issuers have instituted rewards and cobrand programs and other benefits and services that are similar to ours and may be more attractive. An inability to differentiate our products and services could materially adversely affect us.
We may not be able to cost-effectively manage and expand Card Member benefits, including containing the growth of marketing, promotion, rewards and Card Member services expenses in the future. If such expenses increase beyond our expectations, we will need to find ways to offset the financial impact by increasing other areas of revenues such as fee-based revenues, decreasing operating expenses or other investments in our business, or both. We may not succeed in doing so, particularly in the current competitive and regulatory environment. In addition, increased costs as a result of inflation, colleague retention and recruitment, supply chain issues and shortages of materials such as chips for our cards may require that we reduce investments in other areas.
Our brand and reputation are key assets of our Company, and our business may be materially affected by how we are perceived in the marketplace.
Our brand and its attributes are key assets, and we believe our continued success depends on our ability to preserve, grow and realize the benefits of the value of our brand. Our ability to attract and retain consumer and small business Card Members and corporate clients is highly dependent upon the external perceptions of our level of service, trustworthiness, business practices, privacy and data protection, management, workplace culture, merchant acceptance, financial condition, response to political and social issues or catastrophic events and other subjective qualities. Negative perceptions or publicity regarding these matters — even if related to seemingly isolated incidents and whether or not factually correct—could erode trust and confidence and damage our reputation among existing and potential Card Members, corporate clients, merchants and partners, which could make it difficult for us to attract new customers and maintain existing ones. Negative public opinion could result from actual or alleged conduct in any number of activities or circumstances, including card practices, regulatory compliance, the use and protection of
customer information, conduct by our colleagues and policy engagement, including activities of the American Express Company Political Action Committee, and from actions taken by regulators or others in response thereto. Discussion about such matters in social media channels can also cause rapid, widespread reputational harm to our brand.
Our brand and reputation may also be harmed by actions taken by third parties that are outside our control. For example, any shortcoming of or controversy related to a third-party service provider, business partner, merchant acquirer or network partner may be attributed by Card Members and merchants to us, thus damaging our reputation and brand value. Our brand may also be negatively impacted by acceptance of American Express cards by merchants in certain industries, when American Express cards are used for payment for legal, but controversial, products and services or any government inquiries or legislative scrutiny related to card acceptance or usage. The lack of acceptance, suppression of card usage or surcharging by merchants can also negatively impact perceptions of our brand and our products, lower overall transaction volume and increase the attractiveness of other payment products or systems. Adverse developments with respect to our industry, including the creation and implementation of new merchant categories codes, may also negatively impact our reputation, or result in greater regulatory or legislative scrutiny or litigation against us. Furthermore, as a corporation with headquarters and operations located in the United States and a brand name referring to the United States, a negative perception of the United States arising from its political or other positions could harm the perception of our company and our brand. These risks to our brand and reputation, as well as other risks described in this Risk Factors section, are heightened by the increasing sophistication and availability of artificial intelligence technology that can assist with the creation of deepfakes and increase the velocity of distribution of disinformation. Although we monitor developments for areas of potential risk to our reputation and brand, negative perceptions or publicity could materially and adversely affect our business volumes, revenues and profitability.
We may face increased scrutiny related to our ESG goals and initiatives, which could result in litigation and other adverse consequences. There can be no assurance that we will achieve our ESG goals, which depend in part on third-party performance or data that is outside of our control, or that any such achievements will have the desired results. Further, our ESG goals and the methodologies for reporting may change over time and we may be subject to new legal and regulatory requirements related to ESG matters. Our failure or perceived failure to achieve progress in these areas on a timely basis, if at all, or inaccurate perceptions or misrepresentations of our ESG goals and initiatives could impact our reputation, colleague hiring and retention and public perceptions of our business.
If we are not able to successfully invest in, and compete with respect to, technological developments and new products and services across all our businesses, our revenue and profitability could be materially adversely affected.
Our industry is subject to rapid and significant technological changes. In order to compete in our industry, we need to continue to invest in technology across all areas of our business, including in transaction processing, data management and analytics, machine learning and artificial intelligence, customer interactions and communications, open banking and alternative payment and financing mechanisms, authentication technologies and digital identification, tokenization, real-time settlement and risk management and compliance systems. Incorporating new technologies into our products and services, including developing the appropriate governance and controls consistent with regulatory expectations, requires substantial expenditures and takes considerable time, and ultimately may not be successful. We expect that new technologies in the payments industry will continue to emerge, and these new technologies may be superior to, or render obsolete, our existing technology.
The process of developing new products and services, enhancing existing products and services and adapting to technological changes and evolving industry standards is complex, costly and uncertain, and any failure by us to anticipate customers’ changing needs and emerging technological trends accurately could significantly impede our ability to compete effectively. Adoption by consumers, merchants and other service providers is a key competitive factor and our competitors may develop products, platforms or technologies that become more widely adopted than ours. In addition, we may underestimate the resources needed and overestimate our ability to develop new products and services, particularly beyond our traditional card products and travel-related services. The use of artificial intelligence and machine learning technologies, including generative artificial intelligence, has increased rapidly with increasing complexity and changes in the nature of the technology. Our use of artificial intelligence and machine learning is subject to various risks including the use of personal information, flaws in our models or datasets that may result in biased or inaccurate results, ethical considerations regarding artificial intelligence, and our ability to safely deploy and implement governance and controls for artificial intelligence systems. Additionally, laws and regulations related to automated decision making, artificial intelligence and machine learning are still evolving and there is uncertainty as to new laws and regulations that will be adopted and the application of existing laws and regulations, which may restrict or impose burdensome and costly requirements on our ability to use artificial intelligence and machine learning. Adverse consequences of these risks related to artificial intelligence and machine learning could undermine the decisions, predictions or analysis such technologies produce and subject us to competitive harm, legal liability, heightened regulatory scrutiny and brand or reputational harm.
Our ability to adopt new technologies may be inhibited by the emergence of industry-wide standards, a changing legislative and regulatory environment, an inability to develop appropriate governance and controls, a lack of internal product and engineering expertise, resistance to change from Card Members, merchants or service providers, lack of appropriate change management processes or the complexity of our systems. In addition, our adoption of new technologies and our introduction of new products and services may expose us to new or enhanced risks, particularly in areas where we have less experience or our existing governance and control systems may be insufficient, which could require us to make substantial expenditures or subject us to legal liability, heightened regulatory scrutiny and brand or reputational harm.
We may not be successful in realizing the benefits associated with our acquisitions, strategic alliances, joint ventures and investment activity, and our business and reputation could be materially adversely affected.
We have acquired a number of businesses and have made a number of strategic investments, and continue to evaluate potential transactions. There is no assurance that we will be able to successfully identify suitable candidates, value potential investment or acquisition opportunities accurately, negotiate acceptable terms for those opportunities, or complete proposed acquisitions and investments. The process of integrating an acquired company, business or technology could create unforeseen operating difficulties and expenditures, including in integrating systems and personnel or further developing the acquired business or technology, result in unanticipated liabilities, including legal claims, violations of laws, commercial disputes and information security vulnerabilities or breaches (including from not integrating the acquired company, business or technology quickly or appropriately, from activities that occurred prior to the acquisition, from inadequate systems or controls of the acquired company, and from exposure to third party relationships of the acquired company or business or new laws and regulations), and harm our business generally. It may take us longer than expected to fully realize the anticipated benefits of these transactions, and those benefits may ultimately be smaller than anticipated or may not be realized at all, which could materially adversely affect our business and operating results, including as a result of write-downs of goodwill and other intangible assets.
Joint ventures, including our joint ventures in China and Switzerland, and minority investments in companies such as GBTG inherently involve a lesser degree of control over business operations, thereby potentially increasing the financial, legal, operational and/or compliance risks associated with the joint venture or minority investment, including as a result of being subject to different laws or regulations. Joint ventures and other partnerships or minority investments operating in foreign jurisdictions may also face risks from adverse regulatory actions, which could adversely affect their operations or our investment. In addition, we may be dependent on joint venture partners, controlling shareholders or management who may have business interests, strategies or goals that are inconsistent with ours and we have been and may in the future be involved in litigation with our joint venture partners and other shareholders and parties related to the joint ventures and investments. We have extensive commercial arrangements with GBTG, including, among other things, a long-term trademark license agreement pursuant to which GBTG uses the American Express brand, GBTG’s support of our partnerships, GBTG negotiations with travel suppliers on our behalf and a strategic relationship between GBTG and our Commercial Services business. Business decisions or other actions or omissions of a joint venture partner, other shareholders or management of our joint ventures and companies in which we have minority investments may adversely affect the value of our investment, result in litigation or regulatory action against us and otherwise damage our reputation and brand. In addition, trade secrets and other proprietary information we may provide to a joint venture may become available to third parties beyond our control. The ability to enforce intellectual property and contractual rights to prevent disclosure of our trade secrets and other proprietary information may be limited in certain jurisdictions.
Additionally, from time to time we may decide to divest certain businesses or assets. These divestitures may involve significant uncertainty and execution complexity, which may cause us not to achieve our strategic objectives, realize expected cost savings or obtain other benefits from the divestiture and may result in unexpected losses of colleagues or harm to our brand, customers or other partners. Further, during the pendency of a divestiture, we may be subject to risks such as that the transaction may not close or the business to be divested may decline, and if a divestiture is not completed, we may not be able to find another acquiror on similar terms.
Operational and Compliance/Legal Risks
We may not be able to effectively manage the operational and compliance risks to which we are exposed.
We consider operational risk to be the risk of loss due to, among other things, inadequate or failed processes, people or information systems, or impacts from the external environment (e.g., natural disasters). Operational risk includes, among others, the risk that error or misconduct could result in a material financial misstatement, a failure to monitor a third party’s compliance with regulatory or legal requirements, a failure to adequately monitor and control access to, or use of, data in our systems we grant to third parties or a failure to satisfy our obligations to our customers with respect to our products and services. As processes or organizations are changed or become more complex, we grow in size, new products and services are introduced, such as new lending features, debit products, checking accounts and digital collectibles, or we become subject to more stringent or complicated regulatory requirements, we may not identify or address new operational risks. Through human error, fraud or malfeasance, conduct risk can result in harm to customers, legal liability, fines, sanctions, customer remediation and brand damage.
Compliance risk arises from violations of, or failure to conform or comply with, laws, rules, regulations, internal policies and procedures and ethical standards. We need to continually update and enhance our control environment to address operational and compliance risks. Operational and compliance failures, deficiencies in our control environment or an inability to maintain high standards of business conduct can expose us to reputational and legal risks as well as fines, civil money penalties or payment of damages and can lead to diminished business opportunities and diminished ability to expand key operations.
A major information or cybersecurity incident or an increase in fraudulent activity could lead to reputational damage to our brand and material legal, regulatory and financial exposure, and could reduce the use and acceptance of our products and services.
We and third parties collect, process, transfer, host, store, analyze, retain, provide access to and dispose of account information, payment transaction information, and certain types of personally identifiable and other information pertaining to our customers and colleagues in connection with our cards and other products and in the normal course of our business.
Global financial institutions like us, as well as our customers, colleagues, regulators, service providers and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of increasingly sophisticated cyberattacks, including computer viruses, malicious or destructive code, ransomware, social engineering attacks (including phishing, impersonation and identity takeover attempts), artificial intelligence-assisted deepfake attacks and disinformation campaigns, corporate espionage, hacking, website defacement, denial-of-service attacks, exploitation of vulnerabilities and other attacks and similar disruptions from the misconfiguration or unauthorized use of or access to computer systems. These threats can arise from external parties, as well as insiders who knowingly or unknowingly engage in or enable malicious cyber activities. There are a number of motivations for cyber threat actors, including criminal activities such as fraud, identity theft and ransom, corporate or nation-state espionage, political agendas, public embarrassment with the intent to cause financial or reputational harm, intent to disrupt information technology systems and supply chains, and to expose and exploit potential security and privacy vulnerabilities in corporate systems and websites. Cyber threat actors have increasingly demonstrated advanced capabilities, including the rapid integration of new technology such as advanced forms of artificial intelligence and quantum computing. Cyber threats, including attacks from state sponsored or nation-state actors, can increase during periods of diplomatic or armed conflict, such as the ongoing Russia-Ukraine and Israel-Hamas wars.
Our networks and systems are subject to constant attempts to disrupt our business operations and capture, destroy, manipulate or expose various types of information relating to corporate trade secrets, customer information, including Card Member, travel and loyalty program data, colleague information and other sensitive business information, including acquisition activity, non-public financial results and intellectual property. For example, we and other U.S. financial services providers have been the target of distributed denial-of-service attacks. We develop and maintain systems and processes aimed at detecting and preventing information security and cybersecurity incidents and fraudulent activity, which require significant investment, maintenance and ongoing monitoring and updating as technologies and regulatory requirements change, new vulnerabilities and exploits are discovered and as efforts to overcome security measures become more sophisticated. In addition, we maintain cyber crisis response procedures and regularly test our procedures to remain prepared and reduce the risk of harm to our business operations, customers and third parties in the event of an information or cybersecurity incident.
Despite our efforts and the efforts of third parties that process, transmit or store our data and data of our customers and colleagues or support our operations, such as service providers, merchants and regulators, the possibility of information, operational and cybersecurity incidents, malicious social engineering, password mismanagement, corporate espionage, fraudulent or other malicious activities and human error or malfeasance cannot be eliminated entirely and will evolve as new and emerging technology is deployed, including quantum computing and the increasing use of platforms that are outside of our network and control environments. For example, we are aware that certain of our third-party service providers have been the victims of ransomware and other cyberattacks, in some instances that affected our data or the services they provide to us. In addition, new products and services, such as checking accounts and non-card lending, may lead to an increase in the number or types of cyber attacks and our exposure to fraud and other malfeasance. Risks associated with such incidents and activities include theft of funds and other monetary loss, disruption of our operations and the unauthorized disclosure, release, gathering, monitoring, misuse, modification, loss or destruction of confidential, proprietary, trade secret or other information (including account data information). An incident may not be detected until well after it occurs and the severity and potential impact may not be fully known for a substantial period of time after it has been discovered. Our ability to address incidents may also depend on the timing and nature of assistance that may be provided from relevant governmental or law enforcement agencies.
Information, operational or cybersecurity incidents, fraudulent activity and other actual or perceived failures to maintain confidentiality, integrity, availability of services, privacy and/or security has led to increased regulatory scrutiny and may lead to regulatory investigations and intervention (such as mandatory card reissuance), consent decrees, increased litigation (including class action litigation), response costs (including notification and remediation costs), fines, negative assessments of us and our subsidiaries by banking regulators and rating agencies, reputational and financial damage to our brand, negative impacts to our partner relationships, and reduced usage of our products and services, all of which could have a material adverse impact on our business. The disclosure of sensitive company information could also undermine our competitive advantage and divert management attention and resources.
Successful cyberattacks, data breaches, disruptions or other incidents related to the actual or perceived failures to maintain confidentiality, integrity, data availability, privacy and/or security at other large financial institutions, large retailers, travel and hospitality companies, government agencies or other market participants, whether or not we are impacted, could lead to a general loss of customer confidence that could negatively affect us, including harming the market perception of the effectiveness of our security measures or harming the reputation of the financial system in general, which could result in reduced use of our products and services. Such events could also result in legislation and additional regulatory requirements. Although we maintain cyber insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate.
The uninterrupted operation of our information systems is critical to our success and a significant disruption could have a material adverse effect on our business and results of operations.
Our information technology systems and those of our third parties upon which we rely, including our transaction authorization, clearing and settlement systems, and data centers, have experienced and may continue to experience service disruptions or degradation, which may result from technology malfunction, sudden increases in processing or other volumes, natural disasters and weather events, fires, accidents, technology change management issues, power outages, internet outages, telecommunications failures, fraud, denial-of-service, ransomware and other cyberattacks, inadequate infrastructure in lesser-developed markets, technology capacity management issues, terrorism, computer viruses, vulnerabilities in hardware or software, physical or electronic break-ins, or similar events. Service disruptions or degradations can prevent access to our online services and account information, compromise or limit access to company or customer data, impede or prevent transaction processing, communications to customers and financial reporting, disrupt ordinary business operations, result in contractual penalties or obligations, trigger regulatory reporting obligations, and lead to regulatory investigations and fines, increased regulatory oversight, and litigation (including class action litigation). Any such service disruption or degradation could adversely affect the perception of the reliability of our products and services and materially adversely affect our overall business, reputation and results of operations.
Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition.
We are subject to evolving and comprehensive government regulation and supervision in jurisdictions around the world, which significantly affects our business and requires continual enhancement of our compliance efforts. Supervision efforts and the enforcement of existing laws and regulations impact the scope and profitability of our existing business activities, limit our ability to pursue certain business opportunities and adopt new technologies, compromise our competitive position, and affect our relationships with Card Members, partners, merchants, service providers and other third parties. New laws or regulations could similarly affect our business, increase the costs and complexity of doing business, impact what we are able to charge for, or offer in connection with, our products and services, impose conflicting obligations, and require us to change certain of our business practices and invest significant management attention and resources, all of which could adversely affect our results of operations and financial condition. Legislators and regulators around the world are aware of each other’s approaches to the regulation of the financial services industry. Consequently, a development in one country, state or region may influence regulatory approaches in another.
If we fail to satisfy regulatory requirements or maintain our financial holding company status, our financial condition and results of operations could be adversely affected, and we may be restricted in our ability to take certain capital actions (such as declaring dividends or repurchasing outstanding shares) or engage in certain business activities or acquisitions, which could compromise our competitive position. Additionally, our banking regulators have wide discretion in the examination and the enforcement of applicable banking statutes and regulations and may restrict our ability to engage in certain business activities or acquisitions or require us to maintain more capital. In response to recent bank failures and stress in the banking sector, legislators and regulators have increased their scrutiny of financial institutions and are proposing new measures and regulations, including those related to capital levels, liquidity standards, deposit concentrations and risk management practices, as well as increased deposit assessments. As we continue to grow, we expect to become subject to heightened regulatory expectations and more stringent regulatory requirements, such as becoming a Category III or Category II firm for purposes of the U.S. federal bank regulatory agencies’ enhanced prudential standards, which may increase our compliance costs and adversely affect our business.
Legislators and regulators continue to focus on the operation of card networks, including interchange fees paid to card issuers in payment networks such as Visa and Mastercard, network routing practices and the fees merchants are charged to accept cards. Even where we are not directly regulated, regulation of bankcard fees significantly negatively impacts the discount revenue derived from our business, including as a result of downward pressure on our discount rate from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend, or may extend, to certain aspects of our business, such as network and cobrand arrangements, new products or services we may offer, or the terms of card acceptance for merchants, including terms relating to non-discrimination and honor-all-cards. For example, we have exited our network licensing businesses in the EU and Australia as a result of regulation in those jurisdictions. In addition, there is uncertainty as to when or how interchange fee caps and other provisions of payments legislation might apply when we work with cobrand partners and agents in the EU. In a ruling issued on February 7, 2018, the EU Court of Justice confirmed the validity of fee capping and other provisions in circumstances where three-party networks issue cards with a cobrand partner or through an agent, although the ruling provided only limited guidance as to when or how the provisions might apply in such circumstances and remains subject to differing interpretations by regulators and participants in cobrand arrangements. On August 29, 2023, the Dutch Trade and Industry Appeals Tribunal referred questions to the EU Court of Justice on the interpretation of the application of the interchange fee caps in connection with an administrative proceeding by the Netherlands Authority for Consumers and Markets regarding our cobrand relationship with KLM Royal Dutch Airlines. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. Legislators and regulators have also increased their focus on limiting fees associated with card and banking products, such as the recent proposed rule by the CFPB related to credit card fees for late payments, which could negatively impact our fee revenue.
Legislators and regulators also continue to focus on consumer protection, including product design and pricing constructs, account management and security, credit bureau reporting, disclosure rules, marketing and debt collection practices. Any new requirements or increased enforcement of existing requirements may result in increased scrutiny of our pricing, underwriting and account management practices, the imposition of fines and customer remediation, higher compliance costs, restrictions on our ability to issue cards, appropriately price for the value of our products or partner with other financial institutions and otherwise result in changes to our business practices, which could materially and adversely impact our revenue growth and profitability.
We are subject to significant supervision and regulation with respect to compliance with AML/CFT laws and sanctions regimes in numerous jurisdictions. As regulators increase their focus in these areas, new technologies such as digital currencies develop, near real-time money movement solutions are adopted, we introduce new products like checking accounts and geopolitical tensions increase, we face increased costs related to oversight, supervision and potential fines. Our AML/CFT programs have become the subject of heightened scrutiny in some countries, including certain Member States in the EU. Any errors, failures or delays in complying with AML/CFT and sanctions laws, perceived deficiencies in our related compliance programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activities or sanctioned persons, entities, governments or countries can give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions, and our reputation may suffer due to our customers’ association with certain countries, persons or entities or the existence of any such transactions.
See “Supervision and Regulation” under “Business” for more information about certain laws and regulations to which we are subject and their impact on us.
Litigation and regulatory actions could subject us to significant fines, penalties, judgments and/or requirements resulting in significantly increased expenses, damage to our reputation and/or a material adverse effect on our business and results of operations.
At any given time, we are involved in a number of legal proceedings, including class action lawsuits, mass arbitrations and similar actions. Many of these actions include claims for substantial compensatory or punitive damages and require us to incur significant costs for legal representation, arbitration fees or other legal or related services. While we have historically relied on our arbitration clause in agreements with customers to limit our exposure to class action litigation, there can be no assurance that we will continue to be successful in enforcing our arbitration clause in the future, including as a result of possible regulation that would require that our consumer arbitration clause not apply to cases filed in court as class actions, and claims of the type we previously arbitrated could be subject to the complexities, risks and costs associated with class action cases. The continued focus of merchants on issues relating to the acceptance of various forms of payment may lead to additional litigation and other legal actions. Given the inherent uncertainties involved in litigation, and the very large or indeterminate damages sought in some matters asserted against us, there is significant uncertainty as to the ultimate liability we may incur from litigation.
We expect that financial institutions, such as us, will continue to face significant regulatory scrutiny, with regulators taking formal enforcement actions against financial institutions in addition to addressing supervisory concerns through non-public supervisory actions or findings, which could involve restrictions on our activities, among other limitations, that could adversely affect our business. In addition, a violation of law or regulation by another financial institution could give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Further, a single event may give rise to numerous and overlapping investigations and proceedings. External publicity concerning investigations can increase the scope and scale of investigations and lead to further regulatory inquiries.
We are also involved at any given time with governmental and regulatory inquiries, investigations and proceedings. Regulatory scrutiny has continued to increase in a number of areas, and regulatory action could subject us to significant fines, penalties or other requirements resulting in Card Member reimbursements, increased expenses, limitations or conditions on our business activities, and damage to our reputation and our brand, all of which could materially adversely affect our business and results of operations. For example, as previously disclosed and described in more detail in Note 12 to the “Consolidated Financial Statements,” we are cooperating with governmental investigations related to certain of our historical sales practices and have already paid a civil money penalty pursuant to a settlement with the OCC with respect to its investigation. Other investigations of our historical sales practices are ongoing.
Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand.
We are, and have been in the past, a defendant in a number of actions, including legal proceedings and proposed class actions, challenging certain provisions of our card acceptance agreements. See Note 12 to the “Consolidated Financial Statements” for a description of certain outstanding legal proceedings.
An adverse outcome in these proceedings could have a material adverse effect on our business and results of operations, require us to change our merchant agreements in a way that could expose our cards to increased merchant steering and other forms of discrimination that could impair the Card Member experience, result in additional litigation and/or arbitrations, impose substantial monetary damages and damage our reputation and brand. Even if we were not required to change our merchant agreements,
changes in Visa’s and Mastercard’s policies or practices as a result of legal proceedings, lawsuit settlements or regulatory actions pending against them could result in changes to our business practices and materially and adversely impact our profitability.
We rely on third-party providers for acquiring and servicing customers, technology, platforms and other services integral to the operations of our businesses. These third parties may act in ways that could materially harm our business.
We rely on third-party service providers, cobrand partners, merchants, affiliate marketing firms, processors, aggregators, network partners and other third parties for services that are integral to our operations and are subject to the risk that activities of such third parties may adversely affect our business. As outsourcing, specialization of functions, third-party digital services and technology innovation within the payments industry increase (including with respect to mobile technologies, tokenization, big data, artificial intelligence and cloud-based solutions), more third parties are involved in processing card transactions, handling our data and supporting our operations. For example, we rely on third parties for the timely transmission of accurate information across our global network, card acquisition and provision of services to our customers.
We have experienced in certain limited circumstances and may continue to experience disruptions or other events at our third parties or our third parties’ service providers, including their failure to fulfill their obligations and the information, cybersecurity and operational incidents described above. Such disruptions could interrupt or compromise the quality of our services to customers, impact the confidentiality, integrity, availability and security of our data, lead to fraudulent transactions on our cards or other products, impact our business, cause brand or reputational damage, and lead to costs associated with responding to such a disruption, including notification and remediation costs, costs to switch service providers or move operations in house, regulatory investigations and fines and increased regulatory oversight and litigation. Third parties may also act in other ways that are inconsistent with our interests or contrary to our strategic or technological initiatives, such as ceasing to provide data to us or using our data in a way that was not authorized or diminishes the value of the transaction data we receive through our integrated payments platform.
The management and oversight of an increasing number of third parties increases our operational complexity and governance challenges and decreases our control. Additionally, third-party oversight and practices related to third parties such as outsourcing have become subject to heightened regulatory scrutiny both in the United States and internationally. A failure to exercise adequate oversight over third parties, including compliance with service level agreements or regulatory or legal requirements, could result in regulatory actions, fines, litigation, sanctions or economic and reputational harm to us. In addition, we may not be able to effectively monitor or mitigate operational risks relating to our third-party providers’ service providers. We are also exposed to the risk that a service disruption at a service provider common to our third parties could impede their ability to provide services to us. Notwithstanding any attempts to diversify our reliance on third parties, in certain cases there may be limited alternatives or high costs for diversification, and we also may not be able to effectively mitigate operational risks relating to the service providers of our third-party providers.
Our success is dependent on maintaining a culture of integrity and respect, the resilience of our colleagues through changes in the working environment, and upon our executive officers and other key personnel, and misconduct by or loss of personnel could materially adversely affect our business.
We rely upon our colleagues not only for business success, but also to act with integrity and promote a culture of respect. To the extent our colleagues behave in a manner that does not comport with our company’s values, the consequences to our brand and reputation could be severe and could negatively affect our financial condition and results of operations. The changing nature of the office environment, such as changes in the prevalence of remote and hybrid working and expectations regarding such arrangements, may result in increased costs and present operational and workplace culture challenges and difficulties in attracting, developing and retaining personnel that may also adversely affect our business.
The market for qualified, highly motivated individuals with diverse perspectives and reflecting the diversity of our communities is highly competitive, with elevated levels of turnover in recent years, and we may not be able to attract and retain such individuals. We have and may continue to experience increased costs related to compensation and other benefits necessary to attract and retain such individuals, however the compensation and benefits we offer may still be viewed as less favorable than that offered by our competitors. Changes in immigration and work permit laws and regulations or the administration or enforcement of such laws or regulations or other changes in the legal or regulatory environment can also impair our ability to attract and retain qualified personnel, or to employ colleagues in the location(s) of our choice. Our compensation practices are subject to review and oversight by the Federal Reserve and the compensation practices of AENB are subject to review and oversight by the OCC. This regulatory review and oversight could further affect our ability to attract and retain our executive officers and other key personnel. Our inability to attract, develop and retain highly skilled, motivated and diverse personnel could materially adversely affect our business and our culture.
Regulation in the areas of privacy, data protection, data governance, resiliency, data transfer, third party oversight, account access, artificial intelligence and machine learning and information security and cybersecurity could increase our costs and affect or limit our business opportunities and how we collect and/or use personal information.
Legislators and regulators in the United States and other countries in which we operate are increasingly adopting or revising privacy, data protection, data governance, resiliency, data transfer, third party oversight, account access, artificial intelligence and machine learning and information security and cybersecurity laws, including data localization, authentication and notification laws. As such laws are interpreted and applied (in some cases, with significant differences or conflicting requirements across
jurisdictions), compliance and technology costs will continue to increase, particularly in the context of ensuring that adequate data governance, data management, data protection, incident management, resiliency, third party management, data transfer, security controls, account access mechanisms and controls related to artificial intelligence and machine learning are in place.
Compliance with current or future privacy, data protection, data governance, resiliency, data transfer, third party oversight, account access, artificial intelligence and machine learning and information security and cybersecurity laws could significantly impact our collection, use, sharing, retention and safeguarding of consumer and/or colleague information and could restrict our ability to fully maximize our closed-loop capability or provide certain products and services or work with certain service providers, which could materially and adversely affect our profitability. Our failure to comply with such laws or to maintain sufficient governance and control structures could result in potentially significant regulatory and/or governmental investigations and/or actions, litigation, fines, sanctions, ongoing regulatory monitoring, customer attrition, decreases in the use or acceptance of our cards and damage to our reputation and our brand. In recent years, there has been increasing regulatory enforcement and litigation activity in the areas of privacy, data protection and information security and cybersecurity in the United States, the EU and various other countries in which we operate and our data protection and governance programs have become the subject of heightened scrutiny.
For more information on regulatory and legislative activity in this area, see “Supervision and Regulation — Privacy, Data Protection, Data Governance, Information Security and Cybersecurity” under “Business.”
If we are not able to protect our intellectual property, or successfully defend against any infringement or misappropriation assertions brought against us, our revenue and profitability could be negatively affected.
We rely on a variety of measures to protect our intellectual property and control access to, and distribution of, our trade secrets and other proprietary information. These measures may not prevent infringement of our intellectual property rights or misappropriation of our proprietary information and a resulting loss of competitive advantage. The ability to enforce intellectual property rights to prevent disclosure of our trade secrets and other proprietary information may be limited in certain jurisdictions. In addition, competitors or other third parties may allege that our products, systems, processes or technologies infringe on their intellectual property rights. Given the complex, rapidly changing and competitive technological and business environments in which we operate, and the potential risks and uncertainties of intellectual property-related litigation, a future assertion of an infringement or misappropriation claim against us could cause us to lose significant revenues, incur significant defense, license, royalty or technology development expenses, and/or pay significant monetary damages.
Tax legislative initiatives or assessments could adversely affect our results of operations and financial condition.
We are subject to income and other taxes in the United States and in various foreign jurisdictions. The laws and regulations related to tax matters are extremely complex and subject to varying interpretations. Although management believes our positions are reasonable, we are subject to audit by the Internal Revenue Service in the United States and by tax authorities in all the jurisdictions in which we conduct business operations. We are being challenged in a number of countries regarding our application of value-added taxes (VAT) to certain transactions. While we believe we comply with all applicable VAT and other tax laws, rules and regulations in the relevant jurisdictions, the tax authorities may determine that we owe additional taxes or apply existing laws and regulations more broadly, which could result in a significant increase in liabilities for taxes and interest in excess of accrued liabilities.
Legislative action or inaction in the countries in which we have operations could increase our effective tax rate. For example, new guidelines issued by the Organization for Economic Cooperation and Development (OECD) will impact how multinational enterprises (MNEs) are taxed on their global profits. In particular, the OECD’s guidelines on a global minimum tax of 15 percent will impact the effective tax rate for many MNEs. Several countries are beginning to implement these minimum tax guidelines, with effectiveness commencing in 2024, and if all OECD member countries were to implement these minimum tax guidelines in their current form, we expect that it would result in a significant increase to our effective tax rate. In addition to legislative changes, actions by tax authorities, including an increase in tax audit activity, could have an adverse impact on our tax liabilities.
Jurisdictions may also make changes related to the tax treatment of card transactions, such as imposing taxes on Card Member rewards, which could decrease the value we provide to customers and adversely impact our business.
Our operations, business, customers and partners could be adversely affected by climate change.
There are increasing and rapidly evolving concerns over the risks of climate change and related environmental sustainability matters. We face physical risks related to climate change, including rising average global temperatures, rising sea levels and an increase in the frequency and severity of extreme weather events and natural disasters. Such events and disasters could disrupt our operations or the operations of customers or third parties on which we rely and could result in market volatility or negatively impact our customers’ spending behaviors or ability to pay outstanding loans. Additionally, we may face risks related to the transition to a low-carbon economy. Changes in consumer preferences, travel patterns and legal requirements could impact our revenues or expenses or otherwise adversely affect our business, our customers and partners. We and other parties in our value chain are expected to be subject to additional climate and other environmental-related obligations arising from legislation and regulation in the United States and abroad, including those that may impose inconsistent or conflicting requirements. Banking regulators and other governmental authorities and stakeholders are increasingly focused on the issue of climate risk at financial institutions, and several of the U.S. federal bank regulatory agencies have issued principles designed to provide a framework for the management of climate-related risks. Legislators and regulators have begun to mandate, or are considering mandating,
disclosure of additional climate-related information by companies, even as the availability and quality of such information remains limited. We could also be required to change our business and management practices and experience increased expenses resulting from strategic planning, litigation and changes to our technology, operations, products and services, as well as reputational harm as a result of negative public sentiment, regulatory scrutiny and reduced stakeholder confidence, due to our response to climate change and our efforts relating to the Advancing Climate Solutions pillar of our ESG strategy. Our risk management framework may not be effective in identifying, measuring and controlling our exposure to climate-related risks, particularly given that the timing, nature and severity of the impacts of climate change may not be predictable.
Market, Funding & Liquidity, Credit and Model Risks
Our risk management policies and procedures, including our use of models to manage risk, may not be effective.
Our risk management framework seeks to identify and mitigate risk and appropriately balance risk and return. Although we have devoted significant resources to develop our risk management policies and procedures and expect to continue to do so in the future, these policies and procedures, as well as our risk management techniques, such as our hedging strategies, may not be fully effective. There may also be risks that exist, or develop in the future, that we have not appropriately identified or mitigated. As regulations, technology and competition continue to evolve, our risk management framework may not always keep sufficient pace with those changes. If our risk management framework does not effectively identify or mitigate our risks, we could suffer unexpected losses and could be materially adversely affected.
Management of our risks in some cases depends upon the use of analytical and/or forecasting models. Although we have a governance framework for model development and independent model validation, the modeling methodology or key assumptions could be erroneous or the models could be misused. In addition, issues with the quality or effectiveness of our data aggregation and validation procedures, as well as the quality and integrity of data inputs, could result in ineffective or inaccurate model outputs and reports. For example, models based on historical data sets might not be accurate predictors of future outcomes, such as because of changes in the credit profile of our Card Members, and they may not be able to predict future outcomes. Our models also may not be able to function properly in the current geopolitical and macroeconomic environment given the lack of recent precedent. The CECL methodology requires measurement of expected credit losses for the estimated life of certain financial instruments, not only based on historical experience and current conditions, but also by including forecasts incorporating forward-looking information. If our business decisions or estimates for credit losses are based on incorrect or misused models and assumptions or we fail to manage data inputs effectively and to aggregate or analyze data in an accurate and timely manner, our results of operations and financial condition may be materially adversely affected.
We are exposed to credit risk and trends that affect Card Member spending and the ability of customers and partners to pay us, which could have a material adverse effect on our results of operations and financial condition.
We are exposed to both individual credit risk, principally from consumer and small business Card Member loans and receivables, and institutional credit risk, principally from corporate Card Member loans and receivables, merchants, network partners, loyalty coalition partners and treasury and investment counterparties. Third parties may default on their obligations to us due to bankruptcy, lack of liquidity, operational failure or other reasons. General economic factors, such as gross domestic product, unemployment, inflation and interest rates, may result in greater delinquencies that lead to greater credit losses. A customer’s ability and willingness to repay us can be negatively impacted not only by economic, market, political and social conditions but also by a customer’s other payment obligations, and increasing leverage can result in a higher risk that customers will default or become delinquent in their obligations to us.
We rely principally on the customer’s creditworthiness for repayment of loans or receivables and therefore often have no other recourse for collection. Our ability to assess creditworthiness may be impaired as a result of changes in our underwriting practices or if the criteria or models we use to manage our credit risk prove inaccurate in predicting future losses, which could have a negative impact on our results of operations. This may be exacerbated to the extent information we have historically relied upon to make credit decisions does not accurately portray a customer’s creditworthiness, including as a result of the current high rates of inflation and economic slowdown. Further, our pricing strategies, particularly for new lending features and non-card lending products, may not offset the negative impact on profitability caused by increases in delinquencies and losses; thus any material increases in delinquencies and losses beyond our current estimates could have a material adverse impact on us. Although we make estimates to provide for credit losses in our outstanding portfolio of loans and receivables, these estimates may not be accurate. In addition, the information we use in managing our credit risk may be inaccurate or incomplete.
We have experienced higher delinquency and write-off rates for the year ended December 31, 2023, as compared to the year ended December 31, 2022, and such rates are expected to continue to increase. Rising delinquencies and rising rates of bankruptcy are often precursors of future write-offs and may require us to increase our reserve for credit losses. Higher write-off rates and the resulting increase in our reserves for credit losses adversely affect our profitability and the performance of our securitizations, and may increase our cost of funds.
Although we regularly review our credit exposure to specific clients and counterparties and to specific industries, countries and regions that we believe may present credit concerns, default risk may arise from events or circumstances that are difficult to foresee or detect, such as fraud. In addition, our ability to manage credit risk or collect amounts owed to us may be adversely affected by legal or regulatory changes (such as restrictions on collections or changes in bankruptcy laws, minimum payment regulations and re-age guidance). Increased credit risk, whether resulting from underestimating the credit losses inherent in our
portfolio of loans and receivables, deteriorating economic conditions (particularly in the United States where, for example, U.S. Card Members were responsible for approximately 87 percent of our total Card Member loans outstanding as of December 31, 2023), increases in the level of loan balances, changes in our mix of business or otherwise, could require us to increase our provisions for losses and could have a material adverse effect on our results of operations and financial condition.
Interest rate changes could materially adversely affect our earnings.
Our interest expense was approximately $6.8 billion for the year ended December 31, 2023. If the rate of interest we pay on our borrowings increases more or decreases less than the rate of interest we earn on our loans, our net interest yield, and consequently our net interest income, could decrease. We expect the rates we pay on our deposits will change as benchmark interest rates change. For example, the Federal Reserve and other central banks have raised interest rates in response to heightened inflationary pressures. In addition, interest rate changes may affect customer behavior, such as impacting the loan balances Card Members carry on their credit cards or their ability to make payments as higher interest rates lead to higher payment requirements, further impacting our results of operations. For a further discussion of our interest rate risk, see “Risk Management ― Market Risk Management Process” under “MD&A.”
We are subject to capital adequacy and liquidity rules, and if we fail to meet these rules, our business would be materially adversely affected.
Failure to meet current or future capital or liquidity requirements could compromise our competitive position and could result in restrictions imposed by the Federal Reserve, or the OCC with respect to AENB, including limiting our ability to pay dividends, repurchase our capital stock, invest in our business, expand our business or engage in acquisitions. Some elements of the capital and liquidity regimes are not yet final and certain developments could significantly impact the requirements applicable to financial institutions. For example, if the capital rule proposal by the U.S. federal bank regulatory agencies is adopted as proposed, it would result in significantly higher regulatory capital requirements for us, as discussed in “Supervision and Regulation — Capital and Liquidity Regulation” under “Business”. The U.S. federal bank regulatory agencies have also issued a proposed rule that would require us and AENB to issue and/or maintain minimum amounts of eligible long-term debt with specific terms. In addition, it may be necessary for us to hold additional capital because of an increase in the SCB requirement based on results from a supervisory stress test.
Compliance with capital adequacy and liquidity rules requires a material investment of resources. An inability to meet regulatory expectations regarding our compliance with applicable capital adequacy and liquidity rules may also negatively impact the assessment of us and AENB by federal banking regulators. Additionally, changes in our regulatory tailoring category, such as becoming a Category III or Category II firm, would subject us to more stringent capital and liquidity requirements.
For more information on capital adequacy requirements, see “Supervision and Regulation — Capital and Liquidity Regulation” under “Business.”
We are subject to restrictions that limit our ability to pay dividends and repurchase our capital stock. Our subsidiaries are also subject to restrictions that limit their ability to pay dividends to us, which may adversely affect our liquidity.
We are limited in our ability to pay dividends and repurchase capital stock by our regulators, who have broad authority to prohibit any action that would be considered an unsafe or unsound banking practice. We are subject to a requirement to submit capital plans to the Federal Reserve for review that include, among other things, projected dividend payments and repurchases of capital stock. As part of the capital planning and stress testing process, our proposed capital actions are assessed against our ability to satisfy applicable capital requirements in the event of a stressed market environment. If we fail to satisfy applicable capital requirements, including the stress capital buffer, our ability to undertake capital actions may be restricted.
Our ability to declare or pay dividends on, or to purchase, redeem or otherwise acquire, shares of our common stock will be prohibited, subject to certain exceptions, in the event that we do not declare and pay in full dividends for the last preceding dividend period of our preferred stock.
We rely on dividends from our subsidiaries for liquidity, and such dividends may be limited by law, regulation or supervisory policy. For example, AENB is subject to various statutory and regulatory limitations on its declaration and payment of dividends. These limitations may hinder our ability to access funds we may need to make payments on our obligations, make dividend payments or otherwise achieve strategic objectives.
Any future reduction or elimination of our common stock dividend or share repurchase program could adversely affect the market price of our common stock and market perceptions of American Express. For more information on bank holding company and depository institution dividend restrictions, see “Supervision and Regulation — Stress Testing and Capital Planning” and “— Dividends and Other Capital Distributions” under “Business,” as well as “Consolidated Capital Resources and Liquidity — Dividends and Share Repurchases” under “MD&A” and Note 22 to the “Consolidated Financial Statements.”
Adverse market conditions may significantly affect our access to, and cost of, capital and ability to meet liquidity needs.
Our ability to obtain financing in the debt capital markets for unsecured term debt and asset securitizations is dependent on financial market conditions. Disruptions, uncertainty or volatility across the financial markets, as well as adverse developments affecting our competitors and the financial industry generally, could negatively impact market liquidity and limit our access to funding required to operate our business. Such market conditions may also limit our ability to replace, in a timely manner,
maturing liabilities, satisfy regulatory capital requirements and access the funding necessary to grow our business. In some circumstances, we may incur an unattractive cost to raise capital, which could decrease profitability and significantly reduce financial flexibility. Additional factors affecting the extent to which we may securitize loans and receivables in the future include the overall credit quality of our loans and receivables, the costs of securitizing our loans and receivables, the demand for credit card asset-backed securities and the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally. Our liquidity and cost of funds would also be adversely affected by the occurrence of events that could result in the early amortization of our existing securitization transactions. For a further discussion of our liquidity and funding needs, see “Consolidated Capital Resources and Liquidity” under “MD&A.”
Any reduction in our credit ratings could increase the cost of our funding from, and restrict our access to, the capital markets and have a material adverse effect on our results of operations and financial condition.
Ratings of our long-term and short-term debt and deposits are based on a number of factors, including financial strength, as well as factors not within our control, including conditions affecting the financial services industry, and the macroeconomic environment. Our ratings could be downgraded at any time and without any notice by any of the rating agencies, which could, among other things, adversely limit our access to the capital markets and adversely affect the cost and other terms upon which we are able to obtain funding. Our ability to raise funding through the securitization market also depends, in part, on the credit ratings of the securities we issue from our securitization trusts. If we are not able to satisfy rating agency requirements to confirm the ratings of our asset-backed securities, it could limit our ability to access the securitization markets.
Adverse currency fluctuations and foreign exchange controls could decrease earnings we receive from our international operations and impact our capital.
During 2023, approximately 22 percent of our total revenues net of interest expense were generated from activities outside the United States. We are exposed to foreign exchange risk from our international operations, and accordingly the revenue we generate outside the United States is subject to unpredictable fluctuations if the values of other currencies change relative to the U.S. dollar, which could have a material adverse effect on our results of operations.
Foreign exchange regulations or capital controls might restrict or prohibit the conversion of other currencies into U.S. dollars or our ability to transfer them. Political and economic conditions in other countries could also cause fluctuations in the values of their currencies, such as the devaluation of the Argentinian peso, and impact the availability of foreign exchange for the payment to us by the local card issuer for obligations arising out of local Card Members’ spending outside such country and for the payment by Card Members who are billed in a currency other than their local currency. Substantial and sudden devaluation of local Card Members’ currency can also affect their ability to make payments to the local issuer of the card in connection with spending outside the local country. The occurrence of any of these circumstances could further impact our results of operations.
An inability to accept or maintain deposits due to market demand or regulatory constraints could materially adversely affect our liquidity position and our ability to fund our business.
Our U.S. bank subsidiary, AENB, accepts deposits and uses the proceeds as a source of funding, with our direct retail deposits becoming a larger proportion of our funding over time. We continue to face strong competition with regard to deposits, and pricing and product changes may adversely affect our ability to attract and retain cost-effective deposit balances. To the extent we offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Additionally, a decrease in confidence in the soundness of us or in the banking sector more broadly, such as following the occurrence of bank failures, or in the level of insurance available on deposits may cause rapid deposit withdrawals or an unwillingness to maintain deposits with us, which could materially adversely affect us and our ability to fund our business. The use of social media and similar channels has the potential to intensify and accelerate such a decrease in confidence in soundness.
Our ability to obtain deposit funding and offer competitive interest rates on deposits is also dependent on AENB’s capital levels. The FDIA’s brokered deposit provisions and related FDIC rules in certain circumstances prohibit banks from accepting or renewing brokered deposits and apply other restrictions, such as a cap on interest rates that can be paid. Additionally, our regulators can adjust applicable capital requirements at any time and have authority to place limitations on our deposit businesses. An inability to attract or maintain deposits in the future could materially adversely affect our ability to fund our business.
The value of our investments may be adversely impacted by economic, political or market conditions.
Market risk includes the loss in value of portfolios and financial instruments due to adverse changes in market variables, which could negatively impact our financial condition. We have experienced realized and unrealized losses in our Amex Ventures equity investments and may experience further losses in the future. As of December 31, 2023, we held approximately $2.2 billion of investment securities, primarily consisting of debt securities, and equity investments, including certain equity method investments, totaling approximately $2.0 billion. Negative market conditions, changes in valuations or increases in default rates or bankruptcies with respect to these investments, due to economic conditions, business performance or otherwise, could have a material adverse impact on the value of our investments, potentially resulting in impairment charges. Defaults, threats of defaults or economic disruptions, even in countries or territories in which we do not have material investment exposure, conduct business or have operations, could adversely affect us.
We maintain an information security and cybersecurity program and a cybersecurity governance framework that are designed to protect our information systems against operational risks related to cybersecurity.
Cybersecurity Risk Management and Strategy
We define information security and cybersecurity risk as the risk that the confidentiality, integrity or availability of our information and information systems are impacted by unauthorized or unintended access, use, disclosure, disruption, modification or destruction. Information security and cybersecurity risk is an operational risk that is measured and managed as part of our operational risk framework. Operational risk is incorporated into our comprehensive Enterprise Risk Management (ERM) program, which we use to identify, aggregate, monitor, report and manage risks. For more information on our ERM program, see “Risk Management” under “MD&A.”
Our Technology Risk and Information Security (TRIS) program, which is our enterprise information security and cybersecurity program incorporated in our ERM program and led by our Chief Information Security Officer (CISO), is designed to (i) ensure the security, confidentiality, integrity and availability of our information and information systems; (ii) protect against any anticipated threats or hazards to the security, confidentiality, integrity or availability of such information and information systems; and (iii) protect against unauthorized access to or use of such information or information systems that could result in substantial harm or inconvenience to us, our colleagues or our customers. The TRIS program is built upon a foundation of advanced security technology, employs a highly trained team of experts and is designed to operate in alignment with global regulatory requirements. The program deploys multiple layers of controls, including embedding security into our technology investments, designed to identify, protect, detect, respond to and recover from information security and cybersecurity incidents. Those controls are measured and monitored by a combination of subject matter experts and a security operations center with integrated cyber detection, response and recovery capabilities. The TRIS program includes our Enterprise Incident Response Program, which manages information security incidents involving compromises of sensitive information, and our Cyber Crisis Response Plan, which provides a documented framework for handling high-severity security incidents and facilitates coordination across multiple parts of the Company to manage response efforts. We also routinely perform simulations and drills at both a technical and management level, and our colleagues receive annual cybersecurity awareness training.
In addition, we incorporate reviews by our Internal Audit Group and external expertise in our TRIS program, including an independent third-party assessment of our cybersecurity measures and controls and a third-party cyber maturity assessment of our TRIS program against the Cyber Risk Institute Profile standards for the financial sector. We also invest in threat intelligence, collaborate with our peers in areas of threat intelligence, vulnerability management, incident response and drills, and are active participants in industry and government forums.
Cybersecurity risks related to third parties are managed as part of our Third Party Management Policy, which sets forth the procurement, risk management and contracting framework for managing third-party relationships commensurate with their risk and complexity. Our Third Party Lifecycle Management (TLM) program sets guidelines for identifying, measuring, monitoring, and reporting the risks associated with third parties through the life cycle of the relationships, which includes planning, due diligence and third-party selection, contracting, ongoing monitoring and termination. Our TLM program includes the identification of third parties with risks related to information security. Third parties that access, process, collect, share, create, store, transmit or destroy our information or have access to our systems may have additional security requirements depending on the levels of risk, such as enhanced risk assessments and monitoring, and additional contractual controls.
While we do not believe that our business strategy, results of operations or financial condition have been materially adversely affected by any cybersecurity incidents, cybersecurity threats are pervasive and, similar to other global financial institutions, we, as well as our customers, colleagues, regulators, service providers and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of cyber attacks. We continue to assess the risks and changes in the cyber environment, invest in enhancements to our cybersecurity capabilities, and engage in industry and government forums to promote advancements in our cybersecurity capabilities, as well as the broader financial services cybersecurity ecosystem. For more information on risks to us from cybersecurity threats, see “A major information or cybersecurity incident or an increase in fraudulent activity could lead to reputational damage to our brand and material legal, regulatory and financial exposure, and could reduce the use and acceptance of our products and services.” under “Risk Factors.”
Under our cybersecurity governance framework, our Board and our Risk Committee are primarily responsible for overseeing and governing the development, implementation and maintenance of our TRIS program, with the Board designating our Risk Committee to provide oversight and governance of technology and cybersecurity risks. Our Board receives an update on cybersecurity at least once a year from our CISO or their designee. Our Risk Committee receives reports on cybersecurity at least twice a year, including in at least one joint meeting with our Audit and Compliance Committee, and our Board and these committees all receive ad hoc updates as needed. In addition, our Risk Committee annually approves our TRIS program.
We have multiple internal management committees that are responsible for the oversight of cybersecurity risk. Our Operational Risk Management Committee (ORMC), chaired by our Chief Operational Risk Officer, provides oversight and governance for our information security risk management activities, including those related to cybersecurity. This includes efforts to identify, measure, manage, monitor and report information security risks associated with our information and information systems and potential impacts to the American Express brand. The ORMC escalates risks to our Enterprise Risk Management Committee (ERMC), chaired by our Chief Risk Officer, or our Board based on the escalation criteria provided in our enterprise-wide risk appetite framework. Members of management with cybersecurity oversight responsibilities are informed about cybersecurity risks and incidents through a number of channels, including periodic and annual reports, with the annual report also provided to our Risk Committee, the ORMC and ERMC.
Our CISO leads the strategy, engineering and operations of cybersecurity across the Company and is responsible for providing annual updates to our Board, the ERMC and the ORMC on our TRIS program, as well as ad hoc updates on information security and cybersecurity matters. Our current CISO has held a series of roles in telecommunications, networking and information security at American Express, including promotion to the CISO role in 2013 and the addition of responsibility for technology risk management in 2023. Prior to joining American Express, our current CISO served in a variety of technology leadership roles at a public pharmaceutical and biotechnology company for 14 years. Our CISO reports to the Chief Information Officer, information about whom is included in “Information About Our Executive Officers” under “Business.”
For more information on our risk governance structure, see “Risk Management — Governance” and “Risk Management —Operational Risk Management Process” under “MD&A.”
Our principal executive offices are in a 2.2 million square foot building located in lower Manhattan on land leased from the Battery Park City Authority for a term expiring in 2069. We have an approximately 49 percent ownership interest in the building and an affiliate of Brookfield Financial Properties owns the remaining approximately 51 percent interest in the building. We also lease space in the building from Brookfield’s affiliate.
Other owned or leased principal locations include American Express offices in Phoenix, Arizona, Sunrise, Florida, Gurgaon and Bangalore, India, Manila, Philippines, Brighton, England, Tokyo, Japan, Kuala Lumpur, Malaysia, Rome, Italy and Sydney, Australia; the American Express data centers in Phoenix, Arizona and Greensboro, North Carolina; the headquarters for AENB in Sandy, Utah; the headquarters for American Express Services Europe Limited in London, England; the headquarters for American Express Europe, S.A. in Madrid, Spain; the headquarters for Amex Bank of Canada and Amex Canada Inc. in Toronto, Ontario, Canada; and the headquarters for American Express Company (Mexico) S.A. de C.V. in Mexico City, Mexico. We also lease and operate multiple lounges as a benefit for our Card Members, including in major U.S. and global hub airports.
ITEM 3. LEGAL PROCEEDINGS
Refer to Note 12 to the “Consolidated Financial Statements,” which is incorporated herein by reference.
ITEM 5. MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES
(a)Our common stock trades principally on The New York Stock Exchange under the trading symbol AXP. As of December 31, 2023, we had 17,300 common shareholders of record. You can find dividend information concerning our common stock in the Consolidated Statements of Shareholders’ Equity in the “Consolidated Financial Statements.” For information on dividend restrictions, see “Supervision and Regulation — Dividends and Other Capital Distributions” under “Business” and Note 22 to the “Consolidated Financial Statements.” You can find information on securities authorized for issuance under our equity compensation plans under the caption “Executive Compensation — Equity Compensation Plans” to be contained in our definitive 2024 proxy statement for our Annual Meeting of Shareholders, which is scheduled to be held on May 6, 2024. The information to be found under such caption is incorporated herein by reference. Our definitive 2024 proxy statement for our Annual Meeting of Shareholders is expected to be filed with the SEC in March 2024 (and, in any event, not later than 120 days after the close of our most recently completed fiscal year).
Stock Performance Graph
The information contained in this Stock Performance Graph section shall not be deemed to be “soliciting material” or “filed” or incorporated by reference in future filings with the SEC, or subject to the liabilities of Section 18 of the Exchange Act, except to the extent that we specifically incorporate it by reference into a document filed under the Securities Act or the Exchange Act.
The following graph compares the cumulative total shareholder return on our common shares with the total return on the S&P 500 Index and the S&P Financial Index for the last five years. It shows the growth of a $100 investment on December 31, 2018, including the reinvestment of all dividends.
The table below sets forth the information with respect to purchases of our common stock made by or on behalf of us during the three months ended December 31, 2023.
Total Number of Shares Purchased
Average Price Paid Per
Share (c)
Total Number of Shares
Purchased as Part of
Publicly Announced Plans
or Programs(d)
Maximum Number of Shares that May Yet Be Purchased Under the Plans or Programs
October 1-31, 2023
Repurchase program(a)
1,056,705
$
143.46
1,056,705
103,744,000
Employee transactions(b)
14,403
$
142.55
N/A
N/A
November 1-30, 2023
Repurchase program(a)
3,923,088
$
158.36
3,923,088
99,820,912
Employee transactions(b)
—
$
—
N/A
N/A
December 1-31, 2023
Repurchase program(a)
740,155
$
171.63
740,155
99,080,757
Employee transactions(b)
—
$
—
N/A
N/A
Total
Repurchase program(a)
5,719,948
$
157.33
5,719,948
99,080,757
Employee transactions(b)
14,403
$
142.55
N/A
N/A
(a)On March 8, 2023, the Board of Directors authorized the repurchase of up to 120 million common shares from time to time, subject to market conditions and in accordance with our capital plans. This authorization replaced the prior repurchase authorization. See “Consolidated Capital Resources and Liquidity” under “MD&A” for additional information regarding share repurchases.
(b)Includes: (i) shares surrendered by holders of employee stock options who exercised options (granted under our incentive compensation plans) in satisfaction of the exercise price and/or tax withholding obligation of such holders and (ii) restricted shares withheld (under the terms of grants under our incentive compensation plans) to offset tax withholding obligations that occur upon vesting and release of restricted shares. Our incentive compensation plans provide that the value of the shares delivered or attested to, or withheld, be based on the price of our common stock on the date the relevant transaction occurs.
(c)The average price paid per share does not reflect costs and taxes associated with the purchase of shares.
(d)Share purchases under publicly announced programs are made pursuant to open market purchases, plans intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) under the Exchange Act, privately negotiated transactions or other purchases, including block trades, accelerated share repurchase programs or any combination of such methods as market conditions warrant and at prices we deem appropriate.
ITEM 7. MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (MD&A)
EXECUTIVE OVERVIEW
BUSINESS INTRODUCTION
We are a globally integrated payments company with four reportable operating segments: U.S. Consumer Services (USCS), Commercial Services (CS), International Card Services (ICS) and Global Merchant and Network Services (GMNS). Corporate functions and certain other businesses and operations are included in Corporate & Other.
Our range of products and services includes:
•Credit card, charge card, banking and other payment and financing products
•Merchant acquisition and processing, servicing and settlement, and point-of-sale marketing and information products and services for merchants
•Network services
•Other fee services, including fraud prevention services and the design and operation of customer loyalty programs
•Expense management products and services
•Travel and lifestyle services
Our various products and services are offered globally to diverse customer groups, including consumers, small businesses, mid-sized companies and large corporations. These products and services are offered through various channels, including mobile and online applications, affiliate marketing, customer referral programs, third-party service providers and business partners, direct mail, telephone, in-house sales teams and direct response advertising.
The following types of revenue are generated from our various products and services:
•Discount revenue, our largest revenue source, represents the amount we earn and retain from the merchant payable for facilitating transactions between Card Members and merchants on payment products issued by American Express. The amount of fees charged for accepting our cards as payment, or merchant discount, varies with, among other factors, the industry in which the merchant conducts business, the merchant’s overall American Express-related transaction volume, the method of payment, the settlement terms with the merchant, the method of submission of transactions and, in certain instances, the geographic scope for the card acceptance agreement between the merchant and us (e.g., local or global) and the transaction amount. In some instances, an additional flat transaction fee is assessed as part of the merchant discount, and additional fees may be charged such as a variable fee for “non-swiped” card transactions or for transactions using cards issued outside the United States at merchants located in the United States;
•Interest income, principally represents interest earned on outstanding loan balances;
•Net card fees, represent revenue earned from annual card membership fees, which vary based on the type of card and the number of cards for each account;
•Service fees and other revenue, primarily represent service fees earned from merchants and other customers, travel commissions and fees, Card Member delinquency fees, foreign currency-related fees charged to Card Members, and income (losses) from our investments in which we have significant influence; and
•Processed revenue, primarily represents revenues related to network partnership agreements, comprising royalties, fees and amounts earned for facilitating transactions on cards issued by network partners.
Refer to the “Glossary of Selected Terminology” below for the definitions of certain key terms and related information appearing within this Form 10-K.
NON-GAAP MEASURES
We prepare our Consolidated Financial Statements in accordance with accounting principles generally accepted in the United States of America (GAAP). However, certain information included within this report constitutes non-GAAP financial measures. Our calculations of non-GAAP financial measures may differ from the calculations of similarly titled measures by other companies.
(Millions, except percentages, per share amounts and where indicated)
2023
2022
2021
2023 vs. 2022
2022 vs. 2021
Selected Income Statement Data
Total revenues net of interest expense
$
60,515
$
52,862
$
42,380
$
7,653
14
%
$
10,482
25
%
Provisions for credit losses
4,923
2,182
(1,419)
2,741
#
3,601
#
Total expenses
45,079
41,095
33,110
3,984
10
7,985
24
Pretax income
10,513
9,585
10,689
928
10
(1,104)
(10)
Income tax provision
2,139
2,071
2,629
68
3
(558)
(21)
Net income
8,374
7,514
8,060
860
11
(546)
(7)
Earnings per common share — diluted (a)
$
11.21
$
9.85
$
10.02
$
1.36
14
%
$
(0.17)
(2)
%
Selected Balance Sheet Data
Cash and cash equivalents
$
46,596
$
33,914
$
22,028
$
12,682
37
%
$
11,886
54
%
Card Member receivables
60,411
57,613
53,645
2,798
5
3,968
7
Card Member loans
125,995
107,964
88,562
18,031
17
19,402
22
Customer deposits
129,144
110,239
84,382
18,905
17
25,857
31
Long-term debt
$
47,866
$
42,573
$
38,675
$
5,293
12
%
$
3,898
10
%
Common Share Statistics (b)
Cash dividends declared per common share
$
2.40
$
2.08
$
1.72
$
0.32
15
%
$
0.36
21
%
Average common shares outstanding:
Basic
735
751
789
(16)
(2)
%
(38)
(5)
%
Diluted
736
752
790
(16)
(2)
%
(38)
(5)
%
Selected Metrics and Ratios
Network volumes (Billions)
$
1,680.1
$
1,552.8
$
1,284.2
$
127
8
%
$
269
21
%
Billed business (Billions)
$
1,459.6
$
1,338.3
$
1,089.8
$
121
9
%
$
249
23
%
Card Member loans and receivables
Net write-off rate — principal, interest and fees (c)
2.0
%
1.0
%
0.8
%
Net write-off rate — principal only - consumer and small business (c)(d)
1.8
%
0.9
%
0.7
%
30+ days past due as a % of total - consumer and small business (e)
1.3
%
1.1
%
0.7
%
Effective tax rate
20.3
%
21.6
%
24.6
%
Return on average equity (f)
31.5
%
32.3
%
33.7
%
Common Equity Tier 1
10.5
%
10.3
%
10.5
%
# Denotes a variance of 100 percent or more
(a)Represents net income, less (i) earnings allocated to participating share awards of $64 million, $57 million and $56 million for the years ended December 31, 2023, 2022 and 2021, respectively, (ii) dividends on preferred shares of $58 million, $57 million and $71 million for the years ended December 31, 2023, 2022 and 2021, respectively, and (iii) equity-related adjustments of $16 million related to the redemption of preferred shares for the year ended December 31, 2021. Refer to Note 16 and Note 21 to the “Consolidated Financial Statements” for further details on preferred shares and earnings per common share (EPS), respectively.
(b)Our common stock trades principally on The New York Stock Exchange under the trading symbol AXP.
(c)We present a net write-off rate based on principal losses only (i.e., excluding interest and/or fees) to be consistent with industry convention. In addition, as our practice is to include uncollectible interest and/or fees as part of our total provision for credit losses, a net write-off rate including principal, interest and/or fees is also presented.
(d)A net write-off rate based on principal losses only is not available for corporate receivables due to system constraints.
(e)For corporate receivables, delinquency data is tracked based on days past billing status rather than days past due. Refer to Table 12 for 90+ days past billing metrics for corporate receivables.
(f)Return on average equity (ROE) is calculated by dividing (i) net income for the period by (ii) average shareholders’ equity for the period.
Our results for the year reflect the engagement and loyalty of our customers, the success of the investments we have made to refresh and expand our product offerings and our focus on effective risk management and expense discipline. The successful execution of our growth strategy, along with the strength of our premium customer base and differentiated business model, drove net income of $8.4 billion, or $11.21 per share, compared with net income of $7.5 billion, or $9.85 per share, a year ago.
Billed business, the most significant driver of our financial results, increased 9 percent year-over-year. Billed business growth was particularly strong in the first quarter, in part reflecting the negative impacts of the Omicron variant in the prior year, with a softer spend environment towards the end of the year. Goods & Services (G&S) spend increased 6 percent year-over-year. T&E spend grew by 19 percent on a full-year basis, reflecting ongoing demand from our premium customers, while airline spend growth slowed sequentially in the fourth quarter. USCS billed business grew by 10 percent year-over-year, with the largest portion of this growth coming from our Millennial and Gen-Z Card Members. ICS billed business grew by 17 percent year-over-year, driven by continued growth in spend across all regions and customer types outside the United States. CS billed business grew by 3 percent on a year-over-year basis, reflecting the continued modest growth from U.S. SME Card Members and decelerating growth for U.S. large and global corporate clients.
Total revenues net of interest expense increased 14 percent year-over-year, reflecting growth in all our revenue lines. The growth in billed business drove a 9 percent increase in Discount revenue, our largest revenue line. Net card fees increased 20 percent year-over-year, reflecting the high levels of new card acquisition and Card Member retention, as well as our cycle of product refreshes. Service fees and other revenues increased 11 percent year-over-year, driven in part by higher travel-related revenues. Net interest income increased 33 percent versus the prior year, primarily reflecting growth in our revolving loan balances, which moderated over the course of the year, as well as net yield expansion versus the prior year.
Total loans and Card Member receivables increased 13 percent year-over-year, as our Card Members continue to spend and rebuild balances. Provisions for credit losses increased, primarily driven by higher net write-offs and a higher net reserve build in the current year, reflecting the growth in total loans and higher delinquencies. Net write-off and delinquency rates remained best-in-class, supported by our premium global customer base, our strong focus on risk management and disciplined growth strategy.
Card Member rewards, Card Member services and Business development expenses are generally correlated to volumes or are variable based on usage and increased year-over-year primarily due to the growth in billed business and higher usage of travel-related benefits. Marketing expense decreased 4 percent year-over-year, primarily driven by lower levels of spend on customer acquisition. Operating expenses increased 8 percent year-over-year, primarily driven by higher compensation expense and technology costs to support business growth. We remain focused on driving marketing and operating expense efficiencies, while continuing to increase investments in our growth strategy.
During the year, we maintained our capital ratios within our current target range of 10 to 11 percent and returned $5.3 billion of capital to our shareholders in the form of share repurchases and common stock dividends. We plan to continue to return to shareholders the excess capital we generate while managing our CET1 capital ratio within our target range and supporting balance sheet growth. We also expect to increase the regular quarterly dividend on common shares outstanding by 17 percent beginning with the first quarter 2024 dividend declaration. Our robust capital, funding and liquidity positions provide us with significant flexibility to maintain a strong balance sheet.
On January 16, 2024, we announced that we signed an agreement to sell fraud prevention solutions provider Accertify Inc., a wholly owned subsidiary we acquired in 2010, and whose operations are reported within the GMNS segment. The transaction is subject to customary closing conditions and is expected to close in the second quarter of 2024. Upon closing, we expect to recognize a sizeable pre-tax gain, which will be recorded as a reduction to Other expense and is expected to be substantially reinvested back into our business.
Our performance continues to give us confidence in our business model and while we recognize the uncertainty of the geopolitical and macroeconomic environment, we remain committed to executing on our strategy to deliver sustainable and profitable long-term growth.
See “Supervision and Regulation” under “Business” for information on legislative and regulatory changes that could have a material adverse effect on our results of operations and financial condition and “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements” for information on potential impacts of macroeconomic, geopolitical and competitive conditions and certain litigation and regulatory matters on our business.
The discussions in the “Consolidated Results of Operations” and “Business Segment Results of Operations” provide commentary on the variances for the year ended December 31, 2023 compared to the year ended December 31, 2022, as presented in the accompanying tables. For a discussion of the financial condition and results of operations for 2022 compared to 2021, please refer to Part II, Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2022, filed with the SEC on February 10, 2023.
TABLE 2: TOTAL REVENUES NET OF INTEREST EXPENSE SUMMARY
Years Ended December 31,
Change
Change
(Millions, except percentages)
2023
2022
2021
2023 vs. 2022
2022 vs. 2021
Discount revenue
$
33,416
$
30,739
$
24,563
$
2,677
9
%
$
6,176
25
%
Net card fees
7,255
6,070
5,195
1,185
20
875
17
Service fees and other revenue
5,005
4,521
3,316
484
11
1,205
36
Processed revenue
1,705
1,637
1,556
68
4
81
5
Total non-interest revenues
47,381
42,967
34,630
4,414
10
8,337
24
Total interest income
19,983
12,658
9,033
7,325
58
3,625
40
Total interest expense
6,849
2,763
1,283
4,086
#
1,480
#
Net interest income
13,134
9,895
7,750
3,239
33
2,145
28
Total revenues net of interest expense
$
60,515
$
52,862
$
42,380
$
7,653
14
%
$
10,482
25
%
# Denotes a variance of 100 percent or more
TOTAL REVENUES NET OF INTEREST EXPENSE
Discount revenue increased, primarily driven by an increase in billed business of 9 percent. See Tables 5 and 6 for more details on billed business performance.
Net card fees increased, primarily driven by growth in our premium card portfolios. See Table 5 for more details on proprietary cards-in-force and average fee per card.
Service fees and other revenue increased, primarily driven by foreign exchange related revenues associated with Card Member cross-currency spending and growth in delinquency fees.
Processed revenue increased, primarily driven by an increase in network partner volumes, partially offset by a decrease in volumes associated with the decommission of one of our alternative payment solutions. See Tables 5 and 6 for more details on processed volume performance.
Interest income increased, primarily driven by higher interest rates and growth in revolving loan balances.
Interest expense increased, primarily driven by higher interest rates paid on customer deposits.
Reserve build (release) — Other receivables (a)(c)
5
(3)
(60)
8
#
57
95
Total
204
41
(191)
163
#
232
#
Total provisions for credit losses
$
4,923
$
2,182
$
(1,419)
$
2,741
# %
$
3,601
# %
# Denotes a variance of 100 percent or more
(a)Refer to the “Glossary of Selected Terminology” below for a definition of reserve build (release).
(b)Relates to Other loans of $7.1 billion, $5.4 billion and $2.9 billion less reserves of $126 million, $59 million and $52 million, as of December 31, 2023, 2022 and 2021, respectively.
(c)Relates to Other receivables included in Other assets on the Consolidated Balance Sheets of $3.7 billion, $3.1 billion and $2.7 billion, less reserves of $27 million, $22 million and $25 million as of December 31, 2023, 2022 and 2021, respectively.
PROVISIONS FOR CREDIT LOSSES
Card Member loans provision for credit losses increased, primarily due to higher net write-offs and a higher reserve build in the current year. The reserve build in the current year was primarily driven by an increase in loans outstanding and higher delinquencies. The reserve build in the prior year was primarily driven by an increase in loans outstanding, higher delinquencies and deterioration in the macroeconomic outlook at that time, partially offset by a reduction in COVID-19 pandemic-driven reserves.
Card Member receivables provision for credit losses increased, primarily due to higher net write-offs, partially offset by a reserve release in the current year versus a reserve build in the prior year. The reserve release in the current year was primarily driven by lower delinquencies, partially offset by an increase in receivables outstanding. The reserve build in the prior year was primarily driven by higher delinquencies and an increase in receivables outstanding.
Other provisions for credit losses increased, primarily due to higher net write-offs and a higher reserve build in the current year. The reserve build in the current year was primarily driven by an increase in non-card loans outstanding. The reserve build in the prior year was primarily driven by an increase in non-card loans outstanding, partially offset by improved credit performance.
Card Member rewards expense increased, primarily driven by increases in Membership Rewards and cash back rewards expenses, collectively, of $680 million and cobrand rewards expense of $685 million, all of which were primarily driven by higher billed business. The increase in Membership Rewards expense was also driven by a larger proportion of spend in categories that earn higher levels of rewards, partially offset by lower redemption costs and changes in expected redemption behaviors associated with certain products.
The Membership Rewards Ultimate Redemption Rate (URR) for current program participants was 96 percent (rounded down) at both December 31, 2023 and 2022.
Business development expense increased, primarily due to increased partner payments driven by higher contractual rates and network volumes.
Card Member services expense increased, primarily due to higher usage of travel-related benefits.
Marketing expense decreased, primarily reflecting lower levels of spending on customer acquisitions.
Salaries and employee benefits expense increased, primarily driven by higher compensation costs reflecting the continued investment in our colleagues to support business growth and changes in the value of deferred compensation.
Other, net expenses increased, primarily driven by higher technology costs, foreign exchange losses related to the devaluation of the Argentine peso, a reserve associated with a merchant exposure for Card Member purchases and the FDIC special assessment described in “Supervision and Regulation — Other Banking Regulations” under “Business”, all of which were partially offset by lower net losses on Amex Ventures investments and lower professional services expenses.
INCOME TAXES
The effective tax rate was 20.3 percent and 21.6 percent for 2023 and 2022, respectively. The reduction in the effective tax rate primarily reflected changes in the geographic mix of income. The tax rates in both years reflected discrete tax benefits related to the resolution of prior-year tax items.