Repay Holdings Corp (RPAY) Business
This page reproduces the company's own Item 1 Business text from the linked SEC filing. It is filer text, not grepcent analysis, scoring, or investment advice.
Informational only - not investment advice. See Disclaimer.
Item 1. Business
Organizational Structure and Corporate Information
Repay Holdings Corporation was incorporated as a Delaware corporation on July 11, 2019 in connection with the closing of a transaction (the “Business Combination”) pursuant to which Thunder Bridge Acquisition Ltd., a special purpose acquisition company organized under the laws of the Cayman Islands (“Thunder Bridge”), (a) domesticated into a Delaware corporation and changed its name to “Repay Holdings Corporation” and (b) consummated the merger of a wholly owned subsidiary with and into Hawk Parent Holdings, LLC, a Delaware limited liability company (“Hawk Parent”).
Unless otherwise noted or unless the context otherwise requires, the terms “we”, “us”, “Repay” and the “Company” and similar references refer (1) before the Business Combination, to Hawk Parent and its consolidated subsidiaries and (2) from and after the Business Combination, to Repay Holdings Corporation and its consolidated subsidiaries. Unless otherwise noted or unless the context otherwise requires, “Thunder Bridge” refers to Thunder Bridge Acquisition. Ltd. prior to the consummation of the Business Combination.
We are headquartered in Atlanta, Georgia. Our legacy business was founded as M & A Ventures, LLC, a Georgia limited liability company doing business as REPAY: Realtime Electronic Payments (“REPAY LLC”), in 2006. Hawk Parent was formed in 2016 in connection with the acquisition of a majority interest in the successor entity of REPAY LLC and its subsidiaries.
Business Overview
We are a leading payments technology company. We provide integrated payment processing solutions to industry-oriented vertical markets in which businesses or other organizations have specific transaction processing needs. We refer to these markets as “vertical markets” or “verticals.”
We are a payments innovator, differentiated by our proprietary, integrated payment technology platform and our ability to reduce the complexity of electronic payments for businesses. We intend to continue to strategically target verticals where we believe our ability to tailor payment solutions to our clients’ needs, our deep knowledge of our vertical markets and the embedded nature of our integrated payment solutions will drive solid growth by attracting new clients and fostering long-term client relationships.
Our top 10 clients, with an average tenure of approximately seven years, contributed approximately 19% and 20% of total gross profit during the years ended December 31, 2025 and 2024, respectively.
Our leading competitive position and differentiated solutions have enabled us to realize unique advantages in growing and strategically important segments of the payments market. We provide payment processing solutions to clients primarily operating in the personal loans, automotive loans, receivables management, and business-to-business verticals. Our payment processing solutions enable consumers and businesses in these verticals to make payments using electronic payment methods, rather than cash or check, which have historically been the primary methods of payment in these verticals. We believe that a growing number of consumers and businesses prefer the convenience and efficiency of paying with cards and other electronic methods and that we are poised to benefit as these verticals continue to shift from cash and check to electronic payments. The personal loans vertical is predominately characterized by installment loans, which are typically utilized by consumers to finance everyday expenses. The automotive loans vertical includes a diversified client base across the entire credit spectrum. Our receivables management vertical relates to consumer debt collections, which typically enter the receivables management process due to delinquency on credit card bills or as a result of major life events, such as job loss or major medical issues. The business-to-business vertical relates to transactions occurring between a wide variety of enterprise clients, many of which operate in the automotive, field services, healthcare, homeowner association (“HOA”) management, hospitality and media industries, as well as educational institutions and governments and municipalities.
Our go-to-market strategy combines direct sales with integrations with key software providers in our target verticals. The integration of our technology with key software providers in the verticals that we serve, including loan management systems, dealer management systems (“DMS”), collection management systems, and enterprise resource planning software systems, allows us to embed our omni-channel payment processing technology into our clients’ critical workflow software and ensure seamless operation of our solutions within our clients’ enterprise management systems. We refer to these software providers as our “software integration partners.” An integration allows our sales force to readily access new client opportunities or respond to inbound leads because, in many cases, a business will prefer, or in some cases only consider, a payments provider
4
that has already integrated or is able to integrate its solutions with the business’ primary enterprise management system. We have successfully integrated our technology solutions with numerous, widely-used enterprise management systems in the verticals that we serve, which makes our platform a more compelling choice for the businesses that use them. Moreover, our relationships with our software integration partners help us to develop deep industry knowledge regarding trends in client needs. Our integrated model fosters long-term relationships with our clients, which supports our volume retention rates that we believe are above industry averages. As of December 31, 2025, we maintained approximately 294 integrations with various software providers.
Segments
We report our financial results based on two reportable segments, Consumer Payments and Business Payments. For additional information on our segments, see Note 15. Segments to our consolidated financial statements and “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”
Consumer Payments
Our Consumer Payments segment provides payment processing solutions (including debit and credit card processing, Automated Clearing House (“ACH”) processing and other electronic payment acceptance solutions, as well as our loan disbursement product) that enable our clients to collect payments and disburse funds to consumers and includes our clearing and settlement solutions (“RCS”) offering. RCS is our proprietary clearing and settlement platform through which we market customizable payment processing programs to other independent sales organization (“ISOs”) and payment facilitators. The strategic vertical markets served by our Consumer Payments segment primarily include personal loans, automotive loans, receivables management, credit unions, mortgage servicing, consumer healthcare and diversified retail. Our Consumer Payments segment represented approximately 85% of our total revenue after any intersegment eliminations for the year ended December 31, 2025.
Business Payments
Our Business Payments segment provides payment processing solutions (including accounts payable automation, debit and credit card processing, virtual credit card processing, ACH processing and other electronic payment acceptance solutions) that enable our clients to collect or send payments to other businesses. The strategic vertical markets served within our Business Payments segment primarily include retail automotive, education, field services, governments and municipalities, healthcare, media, HOA management and hospitality. Our Business Payments segment represented approximately 15% of our total revenue after any intersegment eliminations for the year ended December 31, 2025.
Growth Strategies
We intend to drive future growth in the following ways:
Increase Penetration in Existing Verticals
We expect to grow by continuing to provide innovative payment solutions and client support to our existing clients as well as new clients in the verticals that we currently serve. For new clients, we intend to continue to focus a significant portion of our sales efforts on large enterprise clients. In addition, our business model allows us to benefit from the growth of our clients and software integration partners. As our clients’ payment volumes and transactions increase, our revenues increase as a result of the fees we charge for processing these payments. Many of the vertical markets in which we compete are continuing to shift from legacy payment mediums — primarily cash and check — to electronic forms of payment. We expect to benefit from this trend as our clients increasingly opt to process payments via the electronic forms of payment in which we specialize.
New Vertical Expansion
We also expect that we will find attractive growth potential in certain verticals in which we currently have limited operations or do not operate. Though we offer highly customized payment solutions to our clients, our core technology platform is comprehensive and can be utilized to penetrate other strategic vertical markets.
Strengthen and Extend Our Solution Portfolio through Continued Innovation
As we further integrate our solution into our clients’ workflows, we will look to continue to innovate on our solution set and broaden our suite of services. Our continued investment in our technology capabilities (including our RCS platform) positions us to provide value-added services and emerging payment solutions that will address the evolving needs of our clients
5
as they seek to best serve their customers. The ability to serve clients across verticals and to be integrated across various software platforms enables us to better understand the needs of clients across verticals and to scale our innovative solutions to a broad segment of the market.
Continue to Drive Operational Efficiencies
As we continue to grow, we expect to become a more significant partner to our sponsor banks, third party processors and other key vendor relationships, which we expect will give us greater leverage as we expand our contractual relationships with them. We plan to continue to drive operating leverage in our personnel expenditures through increased automation and process improvements, as we believe that, in general, we can process larger payment volumes without significant increases to our personnel and operating expenses.
Strategic Acquisitions
From January 1, 2016 through December 31, 2025, we have successfully acquired eleven businesses. Given the large size and attractive growth trends of our current addressable market, we are primarily focused on growing our business organically. However, we may selectively pursue strategic acquisitions as opportunities arise that meet our internal requirements for the use of capital and return on investment. Some of these opportunities may include those that enable us to acquire new capabilities that may be harder to develop in-house, gain entrance into new segments of the market, enter new markets, or consolidate our existing market.
Solutions
We provide our clients with comprehensive solutions, which can generally be categorized as follows:
•
Payment Acceptance
o
Debit and Credit Card Processing — Allows our clients to accept card payments. These payments can be made using any of our payment channels, as further described below.
o
ACH Processing — Our ACH processing capabilities allow our clients to send and accept traditional and same-day ACH transactions.
o
ECash — Through third party relationships, we can facilitate customers who want to make payments with cash by converting it into digital payments that are deposited with our clients.
o
Digital Wallet Services — Enables consumers to quickly and easily pay using payment data securely stored in the digital wallets of their mobile devices.
•
Accounts Payable Automation
o
Virtual Credit Card Processing — Our virtual credit card product offering enables our clients to automate their payables transactions by sending single-use virtual credit cards to their suppliers.
o
Enhanced ACH Processing — Provides the same functionality as our standard ACH processing capability, but with the added benefit of incremental transaction and reconciliation data.
•
Clearing and Settlement – Our RCS platform offers ISOs and payment facilitators clearing and settlement solutions for all major card brands.
•
Instant Funding — Our instant funding capabilities allow our clients to transfer funds directly to a consumer’s debit or prepaid card. We have created a proprietary process that decreases processing delays typically associated with traditional fund disbursements.
•
Communication Solutions — As an ancillary offering to our payment processing solutions, we provide clients document processing and mailing services, including document printing, billing statements, image printing, and check printing.
6
The above payment acceptance and funding methods are processed through our proprietary payment channels:
•
Web-based
o
Virtual Terminal — A terminal that provides virtual payment access for processing of ACH or card transactions.
o
Hosted Payment Page — A client-branded terminal that enables ACH and card transaction processing.
o
Online Client Portal — A consumer-facing, client-specific website that gives a client’s customer the ability to pay online and view account information anywhere, anytime. A Repay hosted website may be stand alone or integrated with any other software application.
•
Mobile Application — We provide clients the ability to accept payments via a mobile application on a customized, white-label basis.
•
Text-to-Pay — Allows a business’ customer to pay with a simple text message after receiving an SMS alert that reminds such customer when payments are due.
•
Interactive Voice Response (“IVR”) — A secure and flexible option to pay over the phone, 24 hours a day, 7 days a week, via a 1-800 number with bilingual capabilities.
•
Point of Sale (“POS”) — We provide payment acceptance at brick-and-mortar locations through POS equipment that requires a client’s customer to provide a card.
Sales and Distribution
Our sales effort primarily consists of two strategies: first, our direct sales representatives, who focus on each of our core verticals, and second, our software integration partners, which enable the direct sales force to more effectively access new client opportunities and respond to inbound leads.
Direct Sales Representatives
Our sales representatives are generally organized by vertical market and account size. Direct sales representatives work with our clients and software integration partners to understand our clients’ desired payment solutions and then communicate those desires to our product and technology teams, who build a customized suite of products and payment channels tailored to our clients’ specific needs. We also maintain a sales support team that supports the onboarding process.
Software Integration Partners
As of December 31, 2025, we were integrated with approximately 294 software partners that are providers of our clients’ primary enterprise management systems. Our integrations are intended to ensure seamless delivery of our full suite of payment processing capabilities to our clients. These integrations are also a critical part of our marketing strategy, as many clients would prefer to award their payments business to payments processors who have worked to integrate their solutions into the client’s enterprise management systems.
Operations
We believe that we have developed an effective operations system, including our proprietary onboarding, compliance and client oversight processes, which is structured to enhance the performance of our platform and support our clients.
Client and Transaction Risk Management
We target clients that we identify as low-risk through the development of underwriting policies and transaction management procedures to manage approval of new accounts and to establish ongoing monitoring of client accounts. Effective risk management aids us in minimizing client losses, such as those relating to chargebacks or similar rejected transactions, and avoiding fraud for the mutual benefit of our clients, our sponsor banks and ourselves.
Proprietary Compliance Management System. We have developed proprietary onboarding, compliance, and client oversight processes, of which our Compliance Management System (“CMS”) is a part. Our CMS, originally developed in
7
conjunction with the Third Party Payment Processors Association, focuses on four main components — board and management oversight, a compliance program with written policies and procedures and employee training and monitoring, responsiveness to consumer complaints and annual compliance audits from an independent third party — and is inclusive of the Electronic Transaction Association guidelines on underwriting and risk.
Client Onboarding. We believe we maintain rigorous underwriting standards. Prospective clients submit applications to our credit underwriting department, which performs verification and credit-related checks on all applicants. Each client is assigned a risk profile based on sponsor bank requirements, as well as additional criteria specified by us. Our sponsor banks periodically review and approve of our underwriting policies to ensure compliance with applicable law, regulations and payment network rules. Upon approval, the ongoing risk level of a client is monitored and adjusted on a monthly basis based on additional data relating to such client.
Client Monitoring. Each client’s file is assigned one of three risk levels (low, medium or high) corresponding to several client behaviors. We review and adjust these risk levels on a monthly basis and additionally subject them to more in-depth quarterly reviews. We also engage third parties and rely on internal reporting to identify and monitor credit/fraud risk. We generate client-specific reports that compile daily and historical transactions, which may include average ticket, transaction volume, refund and chargeback levels and authorization history, which we utilize in order to identify suspicious processing activity. We review these reports on a daily basis and suspend any irregular processing activity, which is subject to review, remediation and, as appropriate, suspension of either an individual or batch of transactions or a particular client, as applicable.
Investigation and Loss Prevention. If a client exceeds the parameters established by our underwriting and/or risk management team or we determine that a client has violated the payment network rules or the terms of its service agreement with us, one of our team members will identify and document the incident. We then review the incident to determine the actions taken or that we can take to reduce our exposure to loss and the exposure of our client to liability. As a part of this process, we may request additional transaction information, withhold or divert funds, verify delivery of merchandise or, in some circumstances, deactivate the client account, include the client on the Network Match List to notify our industry of the client’s behavior or take legal action against the client.
Collateral. We require some of our clients to establish cash or non-cash collateral reserves, which may include certificates of deposit, letters of credit, rolling merchant reserves or upfront cash. This collateral is utilized in order to offset potential credit or fraud risk liability that we may incur. We attempt to hold such collateral reserves for as long as we are exposed to a loss resulting from a client’s payment processing activity.
Chargebacks. The payment networks permit the reversal of a money transfer, a chargeback, up to six months (or in rare cases, a longer time frame) after the later of the date the transaction is processed or the delivery of the product or service to the cardholder. If the client incurring the chargeback is unable to fund the refund to the card-issuing bank, we are required to do so by the rules of the payment networks and our contractual arrangements with our sponsor banks. During the year ended December 31, 2025, our chargeback rate was less than 1% of our payment volume.
Security, Disaster Recovery, and Back-up Systems
We maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of the payment information and other sensitive data that we process. Our security controls are aligned with recognized industry standards and include administrative, technical and physical safeguards. We regularly scan, patch, update and monitor our networks, systems, applications, and malware defenses to address evolving security threats. All employees and contractors are required to complete security awareness training at the time of hire and at least annually thereafter.
We routinely engage independent third parties to audit our compliance with applicable security and regulatory frameworks, including the Payment Card Industry Data Security Standard (“PCI DSS”), Service Organization Control reports (“SOC1 Type II,” “SOC2 Type II”), and the Health Insurance Portability and Accountability Act (“HIPAA”), where applicable. In addition, we engage independent third-party firms to conduct internal and external penetration testing to identify security vulnerabilities and assess risks of unauthorized access. Identified findings are evaluated and remediated based on risk severity and business impact.
Sensitive cardholder and client data stored in our databases is protected using industry-standard encryption technologies, and access to such data is restricted based on job responsibilities and the principle of least privilege. We employ centralized logging, monitoring and alerting mechanisms to detect and respond to anomalous or unauthorized activity. Our third-party risk management practices include risk-based assessments of vendors that may access, process or store sensitive data on our behalf.
8
We maintain a dedicated security team responsible for continuous security monitoring and incident response. This team develops, maintains, tests and validates our incident response plan, which is designed to support timely detection, containment, investigation, remediation and recovery from security incidents, including coordination with internal stakeholders and external parties, as appropriate.
Disaster recovery and business continuity capabilities are built into our primary payment gateway through redundant hardware, software and data storage hosted across two geographically distinct cloud regions. Our primary cloud region is configured for near-real-time replication to a secondary region, enabling operations to be redirected in the event of a system failure, outage or degradation. Disaster recovery procedures are tested at least annually to assess system effectiveness, staff readiness and operational resilience.
We perform regular backups of critical systems and data and maintain documented restoration procedures. Backup restoration testing is performed quarterly to validate data integrity, recovery processes and system availability.
While we believe our security, disaster recovery and backup systems are designed to reduce the risk of security incidents, service disruptions and data loss, no system can provide absolute assurance. We continue to evaluate and enhance our controls in response to changes in technology, the threat landscape, regulatory requirements and business operations.
Third Party Processors and Sponsor Banks
We partner with institutions in the payment chain to provide authorization, settlement and funding services in connection with our clients’ transactions. These institutions include third party processors and sponsor banks, who sit between us, acting as the merchant acquirer or payment processor, and the payment networks, such as Visa and MasterCard. These processors and vendors in turn have agreements with the payment networks, which permit them to route transaction information through their networks in exchange for fees.
When we facilitate a transaction as a merchant acquirer, we utilize third party processors primarily for authorization such as Global Payments, Inc. Under such processing arrangements, the third-party processors and vendors receive processing fees, which are typically based on the number of transactions processed.
In order for us to process and settle transactions for our clients, we have entered into sponsorship agreements with banks that are members of the payment networks. We are required to register with the payment networks through these bank partners because we, as a payment processor, are not a “member bank” as defined by the major payment networks. Our member bank partners sponsor our adherence to the rules and standards of the payment networks and enable us to route transactions under the sponsor banks’ control and identification numbers (for example, known as BIN for Visa and ICA for MasterCard) across the card and ACH networks to authorize and clear transactions. Our relationships with multiple sponsor banks give us the flexibility to shift payment volumes between them, which is designed to help us to secure more competitive pricing for our clients and to maintain redundancy.
When we facilitate a client’s payment to its suppliers or vendors, we typically utilize the services of third party program managers, such as Wex Inc., who have arrangements with banks to operate card issuance programs. Under such arrangements, the program manager and issuing bank retain a portion of the interchange generated by each transaction. Under the applicable contractual arrangements, our clients are generally required to prefund these payments. Because we are not a licensed money transmitter, we have entered into custodial agreements with banks or other financial institutions who will hold our clients’ funds in trust.
See “Risk Factors — Risks Related to Our Business — We rely on other service and technology providers. If such providers fail in or discontinue providing their services or technology to us, our ability to provide services to clients may be interrupted, and, as a result, our business, financial condition and results of operations could be adversely impacted.” in Part I, Item 1A of this Annual Report on Form 10-K for further discussion of our arrangements with certain service providers.
Competitive Conditions and Market Trends
We compete with a variety of payment processing companies that have different business models, go-to-market strategies and technical capabilities. In our Consumer Payments segment, our primary competitors include ACI Worldwide, Payliace, Paymentus, PayNearMe, PayScout and TabaPay. We also compete in our Consumer Payments segment against many traditional merchant acquirers, such as financial institutions, affiliates of financial institutions and payment processing companies, including Bank of America Merchant Services, Elavon (a subsidiary of U.S. Bancorp), Wells Fargo Merchant Services, Global Payments, WorldPay and Fiserv. In our Business Payments segment, our primary competitors include AvidXchange, Edenred Pay (a division of Edenred), Corpay, Paya (a division of Nuvei Corporation) and Fortis. We believe
9
the most significant competitive factors in the markets in which we compete are: (1) economics, including fees charged to merchants and commission payouts to software integration partners; (2) product offering, including emerging technologies and development by other participants in the payments ecosystem; (3) service, including product functionality, value-added solutions and strong client support for both clients and software integration partners; and (4) reliability, including a strong reputation for quality service and trusted software integration partners. Our competitors include large and well-established companies, including banks, credit card providers, technology and ecommerce companies and traditional retailers, many of which are larger than we are, have a dominant and secure position in the markets in which they operate or offer other products and services to consumers and clients which we do not offer. Moreover, we compete against all forms of payments, including credit cards, bank transfers, and traditional payment methods, such as cash and check.
We believe there is a significant digital shift in our industry. Many of the vertical markets in which we compete are continuing to shift from legacy payment methods — primarily cash and check — to electronic forms of payment. We expect to benefit from this trend as our clients increasingly adopt and expand the use of electronic payment solutions in which we specialize.
We have experienced in the past, and may continue to experience, seasonal fluctuations in our revenues as a result of consumer spending patterns. Revenues during the first quarter of the calendar year tend to increase in comparison to the remaining three quarters of the calendar year on a same store basis. This increase is due to consumers’ receipt of tax refunds and the increases in repayment activity levels that follow. We have also experienced in the past, and may continue to experience, cyclical fluctuations in our revenues as a result of our clients that focus on political advertising within our media vertical. Revenues from these clients is cyclical because it is connected to U.S. election advertising spending which tends to increase significantly during periods which include congressional mid-term elections and presidential elections.
Acquisitions
Our historical acquisition activity has allowed us to access new markets, expand our presence in existing markets, acquire industry talent, broaden our product suite, and supplement organic growth. Our current acquisition strategy focuses on integrated payments companies serving attractive vertical markets and opportunities to broaden our product offerings. From January 1, 2016 through December 31, 2025, we have completed eleven acquisitions, which are described below. These acquisitions were of payment companies and are representative of the acquisitions we envision consummating in the future.
Sigma Acquisition
Effective as of January 1, 2016, we acquired substantially all of the assets of Sigma Payment Solutions, Inc. (“Sigma”). Sigma was an electronic payment solutions provider to the automotive finance industry. The transaction marked our expansion into the automotive finance space. We have benefited greatly from Sigma’s deep integrations with automotive finance software platforms, or DMS.
PaidSuite Acquisition
On September 28, 2017, we acquired substantially all of the assets of PaidSuite, Inc. and PaidMD, LLC (collectively, “PaidSuite”). PaidSuite was an electronic payment solutions provider to the receivable management industry. The transaction accelerated our growth into the receivable management space via client and software integration partner relationships.
Paymaxx Acquisition
On December 15, 2017, we acquired substantially all of the assets of Paymaxx Pro, LLC (“Paymaxx”). The acquisition of Paymaxx has been highly complementary to our earlier acquisition of Sigma and has bolstered our position in the automotive finance market. As part of the acquisition, we acquired increased distribution capabilities in the form of an internal sales force and numerous DMS integrations.
TriSource Acquisition
On August 14, 2019, we acquired all of the equity interests of TriSource Solutions, LLC (“TriSource”). Since 2012, we have used TriSource as one of our primary third-party processors for settlement solutions when we facilitate transactions as a merchant acquirer. The acquisition of TriSource has provided further control over our transaction processing ecosystem and accelerated product delivery capabilities. We now generally refer to our clearing and settlement product offerings as RCS.
10
APS Acquisition
On October 14, 2019, we acquired substantially all of the assets of American Payment Services of Coeur D’Alene, LLC, North American Payment Solutions LLC, and North American Payment Solutions Inc. (collectively, “APS”). The acquisition of APS meaningfully expanded our addressable market by enabling us to access the business-to-business vertical.
Ventanex Acquisition
On February 10, 2020, we acquired all of the equity interests of CDT Technologies, LTD. d/b/a Ventanex (“Ventanex”). The acquisition of Ventanex accelerated our entry into the mortgage and healthcare payments verticals.
cPayPlus Acquisition
On July 23, 2020, we acquired all of the equity interest of cPayPlus, LLC (“cPayPlus”). The acquisition of cPayPlus further expanded our business-to-business automation and payment offering to include accounts payable automation and payment solutions for both existing and prospective clients across all business lines.
CPS Acquisition
On November 2, 2020, we acquired all of the equity interests of CPS Payment Services, LLC, Media Payments, LLC, and Custom Payment Systems, LLC (collectively, “CPS”). The acquisition of CPS enhanced our business-to-business accounts payable automation offerings and introduced our solutions to new verticals including education, government, and media sectors.
BillingTree Acquisition
On June 15, 2021, we acquired all of the equity interests of BT Intermediate, LLC (together with its subsidiaries, “BillingTree”). The acquisition of BillingTree further expanded our position in the healthcare, credit union, and receivable management industries and significantly enhanced our scale and our client diversification.
Kontrol Acquisition
On June 22, 2021, we acquired substantially all of the assets of Kontrol LLC (“Kontrol”). The acquisition of Kontrol grew our accounts payable automation business and enabled us to leverage our existing B2B technology infrastructure to optimize processing costs.
Payix Acquisition
On December 29, 2021, we acquired Payix Holdings Incorporated (together with its subsidiary, “Payix”). The acquisition of Payix expanded our position in the personal and automotive finance markets, as well as accelerated our expansion in the buy now, pay later (“BNPL”) market, and provided further access to software integrations with leading loan management systems and DMS integrations.
Government Regulation
We operate in an increasingly complex and ever evolving legal and regulatory environment. Our and our clients’ businesses are subject to a variety of federal, state and local laws and regulations, as well as the rules and standards of the payment networks that we utilize to provide our electronic payment services. While in some cases payment processors such as Repay are not directly regulated by governmental agencies, because of the rules and regulations enacted at the state and federal level that affect our clients and sponsor banks, we have developed and continually evaluate and update our compliance models to keep up with the rapid evolution of the legal and regulatory regime our clients and sponsor banks face. We are also subject to legal and regulatory requirements which govern the use, storage and distribution of the information we collect from our clients and accountholders while processing transactions.
Dodd-Frank Act
The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Dodd-Frank Act”) and its related rules and regulations have resulted in significant changes to the regulation of the financial services industry, including the electronic payment industry. Under the Dodd-Frank Act, debit interchange transaction fees that a card issuer receives and are established by a payment card network for an electronic debit transaction are regulated by the Board of Governors of the Federal Reserve System (the “Federal Reserve”). The Dodd-Frank Act and the Federal Reserve’s implementing regulations require that such interchange fees be “reasonable and proportional” to the cost incurred by the issuer in processing the transactions. Federal
11
Reserve regulations implementing this “reasonable and proportional” requirement have capped debit interchange rates for card issuers operating in the United States with assets of $10 billion or more. In addition, the regulations contain certain prohibitions on card brand network exclusivity and merchant routing restrictions of debit card transactions. As a result of the Dodd-Frank Act, merchants are also allowed to set minimum dollar amounts (within certain parameters) for the acceptance of a credit card, and they are allowed to provide discounts or incentives to entice consumers to pay with an alternative payment method, such as cash, checks or debit cards.
The Dodd-Frank Act also created the Consumer Financial Protection Bureau (the “CFPB”), which was vested with rulemaking authority over consumer protection laws, including the authority to regulate consumer financial products in the United States, including consumer credit, deposit, payment, and similar products. The CFPB may also have authority over us as a provider of services to regulated financial institutions in connection with consumer financial products. Any new rules or regulations implemented by the CFPB, and other similar regulatory agencies in other jurisdictions, or pursuant to the Dodd-Frank Act that are applicable to us or our clients’ businesses, or any adverse changes thereto, could increase our cost of doing business or limit our current offerings of integrated payment solutions. The scope, priorities and level of activity of the CFPB may vary over time due to legal, funding, policy and administrative factors. In addition, state attorneys general may have authority to enforce certain consumer protection provisions, including those under the Dodd-Frank Act, independent of federal regulatory activity.
Privacy and Information Security Regulations
We provide services that may be subject to various state and federal data privacy and information security laws and regulations. Relevant federal data privacy and information security laws include the Gramm-Leach-Bliley Act of 1999, which (along with its implementing regulations) restricts certain collection, processing, storage, use and disclosure of personal information, requires notice to individuals of privacy practices and provides individuals with certain rights to prevent the use and disclosure of certain nonpublic or otherwise legally protected information. These rules also impose requirements for the safeguarding and proper destruction of personal information through the issuance of data security standards or guidelines. Our business may also be subject to the Fair Credit Reporting Act of 1970, as amended by the Fair and Accurate Credit Transactions Act of 2003, which regulates the use and reporting of consumer credit information and imposes disclosure requirements on entities who take adverse action based on information obtained from credit reporting agencies. All fifty states have enacted data breach notification laws requiring businesses that experience a security breach of their computer databases that contain personal information to notify affected individuals, consumer reporting agencies and governmental agencies. In addition, there are state laws that restrict the ability to collect and utilize certain types of personal information, such as Social Security and driver’s license numbers, and impose secure disposal requirements for personal data. Certain state laws mandate businesses to implement reasonable data security measures. In addition, various states have recently enacted laws concerning privacy, data protection and information security. These laws commonly require businesses to disclose their data collection and usage practices, provide consumers with access to their personal data, and offer mechanisms to limit certain data processing activities. Additionally, many of these laws impose obligations for safeguarding personal information and establish enforcement mechanisms, including penalties for non-compliance. As state regulations vary and are frequently updated, we are required to continually monitor and adapt to these legal requirements to ensure compliance across the jurisdictions in which we operate.
Health Insurance Portability and Accountability Act & Health Information Technology for Economic and Clinical Health Act
HIPAA and its related rules and regulations establish policies and procedures for maintaining the privacy and security of individually identifiable health information (“Protected Health Information”). The Health Information Technology for Economic and Clinical Health Act and its related rules and regulations extended the privacy and security provisions of HIPAA to “Business Associates” of “Covered Entities” (each as defined by HIPAA).
Some of our clients are Covered Entities. In providing certain services for our Covered Entity clients, we may receive, maintain, and transmit Protected Health Information on their behalf, and we may be a Business Associate. To the extent we are a Business Associate, we are subject to HIPAA rules and regulations regarding privacy and security of Protected Health Information. In connection with certain services, we may enter into Business Associate Agreements with our Covered Entity clients, requiring compliance with HIPAA rules and regulations, and defining permissible uses and disclosures of Protected Health Information.
Anti-Money Laundering and Counter-Terrorism Regulation
Our business is subject to U.S. federal anti-money laundering laws and regulations. We are also subject to certain economic and trade sanctions programs that are administered by Office of Foreign Assets Control (“OFAC”) that prohibit or restrict transactions to or from (or transactions dealing with) narcotics traffickers, terrorists, terrorist organizations, certain
12
individuals, specified countries, their governments and, in certain circumstances, their nationals. Similar anti-money laundering, counter-terrorist financing and proceeds of crime laws apply to movements of currency and payments through electronic transactions and to dealings with persons specified on lists maintained by organizations similar to OFAC in several other countries and which may impose specific data retention obligations or prohibitions on intermediaries in the payment process. We have developed and continue to enhance compliance programs and policies to monitor and address related legal and regulatory requirements and developments.
Unfair or Deceptive Acts or Practices
We and many of our clients are subject to Section 5 of the Federal Trade Commission Act prohibiting unfair or deceptive acts or practices and various state laws similar in scope and subject matter thereto. In addition, laws prohibiting these activities and other laws, rules and or regulations, including the Telemarketing Sales Rule, may directly impact the activities of certain of our clients, and in some cases may subject us, as the client’s payment processor or provider of certain services, to investigations, fees, fines and disgorgement of funds if we are deemed to have aided and abetted or otherwise provided the means and instrumentalities to facilitate the illegal or improper activities of a client through our services. Various federal and state regulatory enforcement agencies, including the Federal Trade Commission (“FTC”) and the states attorneys general, have authority to take action against payment processors who violate such laws, rules and regulations. To the extent we are processing payments or providing services for a client suspected of violating such laws, rules and regulations, we may face enforcement actions and, as a result, incur losses and liabilities that may adversely affect our business.
In addition, the Dodd-Frank Act gave the CFPB broad authority to prohibit “unfair, deceptive or abusive acts or practices” (“UDAAP”) in connection with the provision of consumer financial products and services. The CFPB has previously extended certain UDAAP-related provisions of the Dodd-Frank Act to directly apply to payment processors.
Indirect Regulatory Requirements
Certain of our clients and our sponsor banks are financial institutions that are directly subject to various regulations and compliance obligations issued by the CFPB, the Federal Reserve, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration and other agencies responsible for regulating financial institutions, which includes state financial institution regulators. While these regulatory requirements and compliance obligations do not apply directly to us, many of these requirements materially affect the services we provide to our clients and us overall. The financial institution regulators have imposed requirements on regulated financial institutions to manage their third-party service providers. Among other things, these requirements include performing appropriate due diligence when selecting third-party service providers; evaluating the risk management, information security, and information management systems of third-party service providers; imposing contractual protections in agreements with third-party service providers (such as performance measures, audit and remediation rights, indemnification, compliance requirements, confidentiality and information security obligations, insurance requirements and limits on liability); and conducting ongoing monitoring, diligence and audit of the performance of third-party service providers. Accommodating these requirements applicable to our clients impose additional costs and risks in connection with our relationships with financial institutions. We expect to expend significant resources on an ongoing basis in an effort to assist our clients in meeting their legal requirements.
Additionally, our clients, particularly those in the personal loans, automotive loans and receivables management verticals, are subject to various federal, state and local laws and regulations that impose restrictions and requirements on their businesses. For personal lenders and automotive lenders, these laws and regulations could include limitations on interest rates and fees, maximum loan amounts and the number of simultaneous or consecutive loans, imposition of required waiting periods between loans, loan extensions and refinancing, requiring payment schedules (including maximum and minimum loan durations) or repayment plans for borrowers claiming inability to repay loans, mandating disclosures, security for loans, licensing requirements and, in certain jurisdictions, database reporting and loan utilization information. For receivables management companies, these laws and regulations could include laws and regulations (including the federal Fair Debt Collection Practices Act (“FDCPA”) and comparable state laws) regarding the time, place and manner of communications with consumers regarding debt collection and prohibitions or limitations on certain debt collection practices. Lastly, some of our clients are subject to various state laws and regulations that prohibit or restrict the imposition of a surcharge or convenience fee in connection with their customers’ use of a payment card or other form of electronic payment.
Payment Network Rules and Standards
Payment networks, such as Visa, MasterCard, Discover and American Express, establish their own rules and standards that allocate liabilities and responsibilities among the payment networks and their participants. These rules and standards, including the Payment Card Industry Data Security Standards, govern a variety of areas, including how consumers and customers may use their cards, whether (and the terms under which) convenience fees or surcharges may be imposed in
13
connection with the use of their cards, the security features of cards, security standards for processing, data security and allocation of liability for certain acts or omissions, including liability in the event of a data breach. The payment networks may change these rules and standards from time to time as they may determine in their sole discretion and with or without advance notice to their participants. These changes may be made for any number of reasons, including as a result of changes in the regulatory environment, to maintain or attract new participants, or to serve the strategic initiatives of the networks, and may impose additional costs and expenses on or be disadvantageous to certain participants. Participants are subject to audit by the payment networks to ensure compliance with applicable rules and standards. The networks may fine, penalize or suspend the registration of participants for certain acts or omissions or the failure of the participants to comply with applicable rules and standards.
In order for us to process and settle transactions for our clients, we have entered into sponsorship agreements with banks that are members of the payment networks. We are required to register with the payment networks through these bank partners because we, as a payment processor, are not a “member bank” as defined by the major payment networks’ rules and standards governing access to those networks. Our bank partners sponsor our adherence to the rules and standards of the payment networks and enable us to route transactions under the sponsor banks’ control and identification numbers (known as BIN for Visa and ICA for MasterCard) across the card and ACH networks to authorize and clear transactions. Payment network rules restrict us from performing funds settlement and require that merchant settlement funds be in the possession of the member bank until the merchant is funded. These restrictions place the settlement assets and liabilities under the control of the member bank.
Our sponsorship agreements give our sponsor banks substantial discretion in approving certain aspects of our business practices, including our solicitation, application and qualification procedures for clients and the terms of our agreements with clients, and provide them with the right to audit our compliance with the payment network rules and guidelines. We are also subject to network operating rules and guidelines promulgated by the National Automated Clearing House Association (“NACHA”) relating to payment transactions we process using the Automated Clearing House Network. Like the payment networks, NACHA may update its operating rules and guidelines at any time, which can require us to take more costly compliance measures or to develop more complex monitoring systems. Similarly, our ACH sponsor banks have the right to audit our compliance with NACHA’s rules and guidelines, and are given wide discretion to approve certain aspects of our business practices and terms of our agreements with ACH clients.
Other Regulation
We are subject to U.S. federal and state unclaimed or abandoned property (escheat) laws, which require us to turn over to certain government authorities the property of others we hold that has been unclaimed for a specified period of time, such as account balances that are due to a software integration partner or client following discontinuation of its relationship with us. The Housing Assistance Tax Act of 2008 requires certain merchant acquiring entities and third-party settlement organizations to provide information returns for each calendar year with respect to payments made in settlement of electronic payment transactions and third-party payment network transactions occurring in that calendar year. Reportable transactions are also subject to backup withholding requirements. We are also subject to the Telephone Consumer Protection Act (“TCPA”) and various state laws to the extent we place telephone calls and text messages to or on behalf of our customers. The TCPA imposes restrictions on, among other things, the use of automated telephone dialing systems, prerecorded voice messages and unsolicited faxes.
The foregoing is not an exhaustive list of the laws and regulations to which we are subject and the regulatory framework governing our business is changing continuously. See “Risk Factors — Risks Related to Our Business” in Part I, Item 1A of this Annual Report on Form 10-K.
Intellectual Property
Certain of our products and services are based on proprietary software and related payment systems solutions. We rely on a combination of copyright, trademark, and trade secret laws, as well as employee and third-party non-disclosure, confidentiality, and other contractual arrangements to establish, maintain, and enforce our intellectual property rights in our technology, including with respect to our proprietary rights related to our products and services. In addition, we license technology from third parties that is integrated into some of our solutions.
We own a number of registered service marks, including REPAY® and REPAY REALTIME ELECTRONIC PAYMENTS®, and we have other pending applications. We also own a number of domain names, including www.repay.com. For additional information regarding some of the risks relating to our intellectual property see “Risk Factors — Risks Related to Our Business — We may not be able to successfully manage our intellectual property and are subject to infringement claims.” in Part I, Item 1A of this Annual Report on Form 10-K.
14
Human Capital
Our employees are a critical component of our success. As of December 31, 2025, we employed approximately 486 full-time employees throughout the U.S. We have 4 office locations with an employee presence and have a remote employee presence throughout the U.S. None of our employees are represented by a labor union or covered by a collective bargaining agreement.
We strive to create and maintain a special culture at REPAY that focuses on our values of excellence, passion, integrity, respect, innovation, and positive attitude. Our strong emphasis on culture is intended to empower our employees to make decisions and develop themselves personally and professionally. One of our priorities is to maintain and enhance our culture as we grow and bring on new team members.
We participate in an annual employee engagement and feedback survey which allows all full-time employees to anonymously give us feedback on our workplace culture, employee programs, and more. In 2025, 88% of participants responded that REPAY is a great place to work. Our employees’ feedback from the annual surveys have allowed us to be certified as a Great Place to Work® for the last nine consecutive years. We take employee feedback seriously and share the results of the survey, along with an action plan of how we can continue to improve, with all employees.
Attracting, developing, and retaining top talent is a priority at REPAY and we have a dedicated human resources team that focuses on these initiatives. To ensure we stay competitive in the talent market, we strive to make it clear to our employees that we value and appreciate them, and reward high performance. We foster a culture of rewards and recognition and incentivize our employees with opportunities for growth within the company. New employees are welcomed through our new hire onboarding experience, which consists of a comprehensive equipment package, welcome gift packages, an onboarding plan with consistent communication, human resources orientation, and formalized 30-60-90 day check-ins with their manager, ensures our new hires have the support they need. Additionally, new hire spotlights are socialized in companywide channels to ensure new team members are introduced to the Company and receive a warm welcome and every one of our new employees has the opportunity to meet with our CEO for a “coffee chat” within their first month of employment.
REPAY’s leadership empowers each team member to make a difference and stretch to their fullest potential. Our dedication to frequent, transparent communication is shown with company-wide meetings where our leaders share Company vision and encourage employees to ask questions. Several departments across the Company hold annual training summits where team members have an opportunity to collaborate with fellow colleagues, participate in department-specific training and further enhance their skillsets. We also believe it is important to celebrate exceptional employees so we provide multiple opportunities for performance-based awards and peer-to-peer recognition. We value diverse backgrounds, perspectives and experiences, and we are committed to providing an inclusive environment where all individuals are respected. We continue to develop formal career pathing, allowing us to create a roadmap for an individual’s career progression within the organization. Our compensation strategy gives us competitive advantages by offering competitive salaries, bonus potential and employee ownership opportunities for a meaningful portion of our employees through equity incentive grants.
We recognize the importance of giving back to the communities in which we live. Participating in community outreach initiatives and volunteer opportunities is extremely important to our employees and has become an integral part of our corporate culture. Throughout the year, we provide multiple ways for team members to volunteer and positively impact the surrounding communities.
We offer a comprehensive benefits package, which goes into effect on a person’s first day of employment, including 100% coverage of employee healthcare premiums and several benefits at no cost to our employees, including health insurance, life insurance, short-term disability insurance, telehealth, mental health and work-life balance resources. We perform a thorough review of our benefits package annually. Among other benefits, we continue to offer an Employee Stock Purchase Plan (“ESPP”). The ESPP is highly valued because it gives our employees the opportunity to become shareholders in REPAY at a discounted price. The financial future of our employees is important to us, which is why we have a generous 401(k)-employer match and performance-based bonus program. To promote personal and professional growth, we encourage our employees to pursue ongoing training and career development opportunities, and we provide tuition assistance and reimbursement for certain pre-approved continuing education programs and professional certifications.
Available Information
We maintain a website at www.repay.com, through which you may access our public filings free of charge as soon as reasonably practicable after they are electronically filed with, or furnished to, the Securities and Exchange Commission (“SEC”). Information contained on our website is not a part of this Annual Report on Form 10-K and the inclusion of our website address in this report is an inactive textual reference only.