CORPORATEGOVERNANCE BoardOversight RiskOversight PayPaloperatesinmorethan200marketsgloballyinarapidlyevolvingenvironmentcharacterizedbyaheightened regulatoryfocusonallaspectsofthepaymentsindustry.Accordingly,ourbusinessissubjecttotherisksinherentinthe paymentsindustrygenerally.Asoundriskmanagementandoversightprogramiscriticaltothesuccessfuloperationofour PRO businessandtheprotectionofourCompany,customers,employeesandotherstakeholders.Managementisresponsible for assessingandmanagingriskandviewsitasatoppriority.TheBoardisresponsibleforoverallriskassessmentand XY S managementoversightandexecutesitsresponsibilityasagroupandthroughitscommittees,whichreportatleast T A quarterly to the full Board. The Board and its Committees consult with external advisors, including outside counsel, TEMENT consultants,auditorsandindustryexperts,to helpensurethattheyarewellinformedabouttherisksandopportunities pertinentto the Company. In addition to their ongoing oversight responsibilities,throughout 2022, the Board and its committeesregularly reviewed anddiscussedwithmanagementtheimplicationsofgeopoliticalinstability(includingtheRussiaandUkraineconflict), supplychainshortages,higherinflationandrisinginterestrates,macroeconomicuncertaintyandthecontinuedimpactof theCOVID-19pandemic.Aspartofthesereviews,theBoardconsideredmanagementsongoingstrategiesandinitiatives to respondtoandmitigatetheadverseeffectsofgeopoliticalinstability,macroeconomicconditionsandthecontinued effects of the pandemic. ARCCommittee TheARCCommitteeisprimarilyresponsiblefortheoversightoftheCompanysriskframeworkandreportstothefullBoard onthefollowingmattersonaregularbasis: Financial and Audit Risk: Meets with the independentauditor, Chief Financial Officer, Chief AccountingOfficer and other membersofthemanagementteamquarterlyandasneeded,includinginexecutivesessions,toreviewthefollowing: • quality and integrity of the Companys financial statementsand reports; • accountingandfinancialreportingpractices; • disclosurecontrolsandprocedures; • audit of the Companysfinancialstatements; • selection, qualifications, independenceand performanceof the independentauditors;and • effect of regulatory and accountinginitiatives and applicationof new accountingstandards. Enterprise-WideRiskandCompliance:PeriodicallyreviewsandapprovestheframeworkfortheERCMProgramandother keyrisk managementpolicies.MeetswiththeChiefRiskandComplianceOfficer,quarterlyandasneeded,includingin executivesessions,toreviewanddiscussthefollowing: • the Companysoverallriskframeworkandriskappetiteframework,includingpoliciesandpracticesestablishedby managementtoidentify,assess,measureandmanagekeycurrentandemergingrisksfacingtheCompany,including regulatoryandfinancialcrimescompliance,technology(includingcybersecurity,informationsecurityandprivacy), operational,portfolio, capital, strategic, extended enterprise,third-party and reputational risks; • compliancerisks,thelevelofcompliancerisk,managementactionsonsignificantcompliancemattersandreports concerningtheCompanyscompliancewithapplicablelawsandregulations;and • periodicreportsfromtheChiefRiskandComplianceOfficerandothermembersofmanagementregardingongoing enhancementsto,andoveralleffectivenessof,theCompanysriskmanagementprogram,includingactionstakenby managementtoaddressrisks,theprogressofkeyriskinitiativesandtheimplementationofriskmanagement enhancements. Internal Audit: Meets with the Vice President,Internal Audit, quarterly and as needed, including in executive sessions, to discusstheperformanceoftheCompanysinternalauditfunctionandtheindependentauditor.Reviewsandapprovesthe annualrisk-basedauditplanandanysignificantchangestosuchplan. LegalandRegulatory:MeetswiththeGeneralCounselandtheChiefRiskandComplianceOfficer,quarterlyandas needed,includinginexecutivesessions,toreviewsignificantlegal,regulatoryorcompliancemattersthatcouldhavea material impactonourfinancialstatements,businessorcompliancepolicies. CompensationCommittee TheCompensationCommitteeisprimarilyresponsibleforthefollowingareasandreportstothefullBoardonthesematters onaregularbasis: • overseesandreviewstherisksassociatedwithourcompensationpolicies,plansandprograms; • overseesregulatorycompliancewithrespecttocompensationmatters; •2023ProxyStatement 27