Good day, and welcome to the Equifax Fourth Quarter 2017 Earnings Call. Today's conference is being recorded. And at this time, I'd like to turn the conference over to Jeff Dodge. Please go ahead.

Thanks, and good morning, everyone. Welcome to today's conference call. I'm Jeff Dodge with Investor Relations. And with me today are Paulino Barros, Chief Executive Officer; John Gamble, Chief Financial Officer; and Trevor Burns, Investor Relations. Today's call is being recorded. An archive of the recording will be available later today in the Investor Relations section in the About Equifax tab of our website at www.equifax.com. During this call, we will be making certain forward-looking statements to help you understand Equifax and its business environment. These statements involve a number of risks, uncertainties and other factors that could cause actual results to differ materially from our expectations. Certain risk factors inherent in our business are set forth in filings with the SEC, including our 2017 Form 10-K and subsequent filings. Also, we will be referring to certain non-GAAP financial measures, including adjusted EPS attributable to Equifax and adjusted EBITDA, which will be adjusted for certain items that affect the comparability of the underlying operational performance. For the fourth quarter of 2017, adjusted EPS attributable to Equifax excludes, among other things, acquisition-related amortization expense; certain costs related to the cybersecurity incident, including costs to investigate and remediate the cybersecurity incident; legal and professional services; a contingent liability for cost associated with providing free credit file monitoring and identity theft protection services to consumers; and the income tax effects of stock awards recognized upon vesting or settlement and in the recently enacted U.S. Tax Cuts and Jobs Act of 2017. Adjusted EBITDA is defined as net income attributable to Equifax adding back interest expense, net of interest income; depreciation and amortization; income tax expense and also excluding certain onetime items, including the cost related to the cybersecurity incident. These non-GAAP measures are detailed in reconciliation tables, which are included with our earnings release and are also posted on our website. Now, I'd like to turn it over to Paulino.

Thank you, Jeff, and good morning, everyone. Yesterday, we provided an update on the cybersecurity incident that occurred last year. Let me provide now some perspective. In conjunction with the forensic investigation completed last fall by Mandiant, we concluded that the attack that was predominantly focused on selling Social Security numbers. So, we worked with Mandiant and defined a reasonable and sound methodology that use names and Social Security numbers as the key data elements to identify persons impacted. As we continued to analyze the data, we were able to identify approximately 2.4 million consumers, whose names and partial driver's license information were stolen, but who were not in the previously identified population. The information was partial because in the vast majority of cases, it did not include home addresses, state of issuance, date of issuance and/or expiration dates. They were not identified using the original methodology as their Social Security number was not stolen. We use proprietary company records that the attacker did not steal and engaged the resources of external data provider in order to identify these consumers. Additional details on this can be found in yesterday's press release and in our 10-K. Ever since September 7, we have taken and will continue to take steps to reach out and assist consumers and our customers. Transparency and open communication has been the cornerstone of our efforts following the disclosure. It is with this commitment in mind that we are actively reaching out and we will be offering those additional consumers identity theft protection and file monitoring services at no cost today. In the 4 months since our third quarter earnings release, we have made substantial progress in the four critical areas of focus I highlighted. I would like to thank our 10,000-plus employees around the world for their…

Thank you, Paulino, and good morning, everyone. As before, I will generally be referring to the financial results else from continuing operations represented on a GAAP basis. For 2017, additional items excluded from our non-GAAP results are the onetime cost related to the cybersecurity incident and the onetime benefit related to the U.S. Tax Cuts and Jobs Act of 2017. We'll provide details on these two items so you can consider them in your analysis. In total, in 2017, we incurred nonrecurring costs related to the cybersecurity incident of $164 million. These have been partially offset by insurance recoveries of $50 million resulting in a net nonrecurring charge of $114 million. The $113 million of gross costs were generally for legal, cyber forensic investigations and other professional services related to the investigation of the incident or nonrecurring actions to improve security. $51 million in accrued and incurred gross expenses related to the TrustedID Premier service we offered free to all U.S. citizens. This represents our estimate of costs to service individuals using the service today. The above costs are offset by $50 million of insurance recoveries for costs incurred to date and for which we have received the cash. We have $125 million of cybersecurity insurance under our E&L policy. We continue to expect to make claims to fully utilize the policy. In 4Q 2017, the net nonrecurring costs related to the cybersecurity incident were $27 million. This reflected $77 million in gross cost, principally legal and other professional services related to the investigation of the incident or actions to improve security, offset by the $50 million of insurance recoveries, $15 million of which was received in 2017. The $77 million in gross cost were consistent with the guidance we provided in November. In 4Q 2017, we had $48 million…

Thanks, John. We have made a lot of progress in the quarter addressing our commitment to consumers, customers, partners and regulators. The business units are executing well and our center of excellence providing strong support to all our efforts. However, there's still more work ahead of us and regaining our credibility with our constituencies, including our shareholders. The DNA of this company is underpinned with both, a deep commitment to strong ethical principles and values and a strong focus on execution. As I have mapped with our employees throughout the world, I sense a great level of enthusiasm and commitment to move this company forward with a heightened level of focus on protecting and safeguarding all of the consumer and commercial information we store and manage. And with that, operator, we will now open it up for questions.

Operator, I realize that the formal part of our presentation has been a bit longer than usual. We will stay past the 9:30 stop that we would normally do, but I doubt that we will be able to get through the queue, and so I want to apologize in advance to those who were not able to get their questions out, but we will be available later today by phone. So, with that operator, could you activate the Q&A session please.

[Operator Instructions] We'll take our first from Toni Kaplan, Morgan Stanley.

Hi, this is Jeff Goldstein on for Toni. Thanks for taking my questions. Just now that we're almost 6 months since the breach, can you talk about how your conversations with customers have been evolving? Are the customer audits continuing? Or have you been more successful in converting new business? Do you think these audits are going to end soon? And on that topic, do you think any permanent share shift has occurred at this point?

Our conversation continues to be very positive in this sense, as I explained the last quarter, coming from the emotional perspective to a more rational perspective. As you could imagine, we have been there in several hundreds of customers, talking to them about what happened, what caused, how it can help them actually to improve. Actually, the conversation runs about how we can improve their security system to be update in the areas that we're doing in improving our relationship. We have two customers that have a higher level of requirements for us to achieve, but it's not the majority of the customers. The most affected area in the company is the USIS; followed by Workforce Solution; and then, of course, GCS because the consumers, since we are not advertising anymore, we're not getting new consumers, and least in international. So, we haven't seen any specific share shift in the B2B side of the business. Of course, we have seen a degradation of the GCS consumer base, but nonmajor share shifting has happened so far. And as we continue to demonstrate our ability to understand and invest in our projects for the customers, the more closer they get to us and to the point they're now returning to acquire new services and products that we have.

We did talk about the impact of the cybersecurity incident on revenue, obviously, in the third and fourth quarters, and we said there'd be a continuing impact in the first quarter. So that as those impacts are now transitioning over 6 to 7 months, clearly, you're seeing some movement in revenue because of the fact that we are seeing an impact to us, right? But again, as Paulino said, we think the progress is very good with our customers in terms of our conversations.

That's helpful. Thank you. And then just within USIS in the quarter, revenue growth was only down modestly, but margins were down 260 basis points. So, I was just wondering if were there more operating investments this quarter maybe in light of the breach? Or is there just anything else to call out there to explain that margin decline with revenue growth only down modestly? Thanks.

Really nothing specific, right? Obviously, the revenue at USIS is relatively rich. Mix shift can also affect it in the quarter. Our plans would have been built around assuming continued growth in USIS. So, since that didn't occur, we did have some elevated expense levels in the fourth quarter. And then, therefore, with the lower levels of revenue, we saw a bigger impact on margins than you saw in the third quarter. But nothing specific beyond that.

Thanks a lot.

We'll take our next question from Brett Huff, Stephens.

Good morning. Thanks for taking my questions. Two, one big picture, and then one just sort of making sure we understand the numbers. Regarding sort of the numbers on USIS or the overall USIS business, some of your competitors were growing sort of mid-to-high single digits. You guys said were down minus 2%. Maybe it would have been 4% or 5% ex the breach. There's still a delta there between, I think, where your peers are and where you guys are in terms of growth. You mentioned you don't see any permanent share shift. Is the delta between those two numbers, the normalized number for you and sort of the peers, is that just a temporary delay? Or is that how we should continue to understand that, that revenue hasn't disappeared, it's just delayed? Is that right?

So, in terms of the impact of the cyber incident, again, we're not talking about revenue impacts that will have lasted 6 to 7 months. I wouldn't consider that delayed. That's revenue that has been lost. So, that's how I think you should consider that revenue. In terms of comparing us, the 4% to 5% growth, again, the model we have had prior to this, and I'm not reestablishing the model here, but I'm using it as a reference point. The prior model we had for USIS was somewhere between 5% and 7%. So, to the extent taking these effects into account and excluding them, obviously, and adjusting for mortgage, if we're somewhere near 5% given the environment we're in right now and the effects of the cybersecurity incident that might be difficult to measure, I don't think 4% to 5% is that bad.

Okay. And then the second question is just on the cost. I want to make sure I understand. You're spending money, and then determining kind of which ones are going to be ongoing and which ones sort of taper. Once you determine the expenses that are going to be going, that's when you roll it into, including that cost in your pro forma EPS. Is that, am I hearing that right?

That's correct. So, in terms of when something is going to be considered nonrecurring, we're measuring it against specific project definition. So, the project has to be defined and agreed upfront and generally, some type of deployment or implementation. And when that occurs or in some cases, elimination. A significant part of the spending is around elimination of systems, not the addition of new. And when those projects are completed and then put into service and stable, then we make them ongoing. And it's only the cost of getting them into service and stable that we will exclude and consider nonrecurring.

Great. Thanks for the clarifications.

We'll go next to Gary Bisbee, Royal Bank of Canada.

Yes, thanks. Let me just follow up on that last one, can you give us any kind of an estimate what the increase would be in the ongoing expense once all the stuff you're - the projects you just referenced that will be excluded now go into - once the things are turned on? I mean, should we think that's another step-up in 2019? Or is it just too hard to know at this point?

So, we gave you a specific number for 2018. I can't give you a number beyond 2018. But in general, I think the way we think about it is to the extent we're successful, a reasonable portion of what we're doing results in system simplification. And since that's the case, the simplification should actually help drive IT costs down. Now there will be some increased costs for data security over time that will continue to escalate as we go forward. We expect that to be permanent. It was happening even before the cybersecurity incident. But a significant portion of the expenditure is around simplification, which that simplification will also hopefully drive lower IT costs in the future. If you look at our total IT cost as a percent of revenue, we spend at a healthy rate today. So, there's opportunity there.

Okay, great. And then just thinking about revenue, I guess, a two-part question. I think you said that the bookings trends improved somewhat during the quarter. Can we get some more color on that and what's happening there? And then can you help us frame - when bookings do sort of normalize at some point, how long does it take to ramp back up to the type of growth you would have been at? I mean, it strikes me if you lose a lot of the bookings momentum for 6 to 12 months, that there's another probably 12 months after that to sort of refill the pipeline and whatnot, and so it would be a slow build back. Is that right? Thank you.

So, I think the first part of your question is effectively how do we determine the value that we're indicating for the impact of the cybersecurity incident on revenue. And basically, the way we do that is we take a look at transactions that we could see had a reasonable likelihood of executing. And then we know a reasonable rate where those would have converted in the past and when that rate is substantially lower than we would have normally seen looking forward, we would attribute that to the cybersecurity incident. And that's how we did it. It's the same thing we did in the third quarter. Looking forward in terms of looking at 2018, we've given guidance for USIS for 2018. So, the best thing I can point you at is the guidance we've given for 2018. And as we move through the year, we'll talk more about how we're seeing the revenue performance progress. And then we'll talk more about how we're seeing new product deployments occur, which we've done historically. So, I think you'll be able to get a view based on those discussions as we go forward.

Alright, thank you.

We'll go next to Andrew Jeffrey, SunTrust.

Hi guys, good morning. Thanks for taking the questions. I guess, I'm trying to ascertain, Paulino, you talked about a few growth initiatives where you're really focused and enthusiastic. I'm thinking about in the U.S. this year, fraud, ID, enhanced marketing offerings, et cetera. Can you just comment on sort of where we are in terms of NPI, vitality or momentum and how much the long-term effect, if any, disruption in the strong NPI growth that we've seen over the last few years informs the structural growth opportunity for Equifax, recognizing that vintages build on each other? I just wonder how much of a disruption we've seen in the new product initiative growth drivers.

Paulino is going to address the specifics. But just to remember what we've said historically, right, is that we do expect to see deferral in the NPI pipeline as we go into 2018 because, obviously, we are taking a significant amount of resource and focusing it on IT and data security. So, you will see some of that, and it will result in a lengthening of the time period it takes us to develop and deploy new products. But I think Paulino can talk about it more.

Yes. If you look at the numbers that we achieved in 2017, right, the number of products that we have in the pipeline and the number of products that we launched. Our cycle is usually 18 months, right - 12 to 18 months to launch a product. [Indiscernible] the digital products more and the network products. Fortunately, we will enter 2018 with 107 new products in the pipeline, which will help us in the next 18 to 24 months. As we mentioned before, as we learn in this process, right, it takes that long first to fix the issues and to improve to a different level what we have here in the company. So, as John mentioned, we are moving some of the resources that we have to make sure that we improve our security and IT, as we mentioned. Now we still have part of it that we will continue to work in new products. And we continue to work in acquisitions. We continue to be looking for new opportunities. Again, John mentioned correctly. And as we've said last time, we are taking resources and initially were used to NPI towards making sure that we execute and do it right and fast on the IT and security areas.

Long, long term to a private question. To the extent we're successful as we simplify the systems based on the investments we're making, then that should also be beneficial to new products, as we pointed out. But again, that's after you're completed.

And have you seen any disruption Rest of World, recognizing that international markets were less impacted by the breach? Or is some of the initiatives, exporting Cambrian and so forth, are those relatively uninterrupted?

Definitely, customer base. But if you - at the end of the day, Canada has been a very small impact. U.K. has been growing. Europe has been growing. Spain, a very important growth for us last year. Adopting, maybe because they're kind of one phase behind the U.S. launching new products and we're trying to expand one of the efforts that has been made in this company for years now is to expand our global platform, which has helped us significantly. Like, if products change, Cambrian and eventually, we will take InstaTouch outside of the U.S. So, to a lesser extent, we see that. But also important is the fact that a lot of the NPI that is driven by - that are driven by international are local as well. So, we have seen significant - actually, international continues to be one of the engines of this company for growth because they're NPI-based programs.

Thank you.

We'll go next to David Togut, Evercore ISI.

Thank you, good morning. You indicated that the negative impact of the breach receded throughout the quarter, both in USCIS and Workforce Solutions. I'm wondering, as you look at the linearity of the quarter, particularly in USCIS, did you actually return to growth in that business in the month of December?

Yes. We don't break things really down by month in terms of our public disclosures. But again, the reason we said that we saw improvement as we went through the quarter in terms of the performance of those businesses related to the cybersecurity incident is, we began to deliver at a better pace versus the forecast that we've had for ourselves in areas that were impacted by the cybersecurity incident. So, we saw a lessening of the impact that we have expected as we moved through the quarter.

Understood. And then in terms of WS, you've indicated that you continue to have conversations with governments to restart that business a bit. Can you flesh out how those conversations are going? And are there any milestones we can track from our perspective to know how you're progressing in EWS as you go through 2018?

Are you referring to Workforce Solutions?

Yes, Workforce Solutions.

Yes, Again, I think that we have - especially for the verification side, we have several government agencies that use our services, right? It's definitely a very sensitive area, and we have to move with a lot of caution and to make sure that we regain the trust and confidence of these customers. We have been working on that. Rudy Ploder and myself have been at those customers, talking to them, explaining to them, offering for them to comment and see what we have implemented to audit our process as well to make sure that we can rebuild our trust with this segment of the industry.

It's important to keep in mind, as we've mentioned, Verification Services performed well in the quarter. And as we've indicated, we expect it to continue to perform very well. So, Verification Services, which is the engine of growth and margin in that business and continues to perform well. We continue to add contributors to the database. So, we're quite happy with the performance of Verification Services as we look into 2018 and move through the year. We did indicate that for the first quarter, you'll see EWS to be a little weaker than the full year number. But overall, Verification Services is performing well.

Understood. Quick final one. You're indicating GCS will likely return to growth in 2019. What underlies that conviction?

Yes. In terms of specific guidance beyond 2018, we're not going to give specific guidance beyond 2018.

Thank you very much.

We'll go next to George Mihalos with Cowen and Company.

Good morning. This is Allison Jordan in for George. Thank you for taking my question. John, I know you laid out increased costs related to IT and data security when you detailed guidance. Can you help us think about how we should model corporate expense line in 2018 and the growth there?

In terms of the specific line item itself, most of those areas that I indicated had increased costs will impact the corporate line. So that's where you should model them. And also, the insurance cost, most of that cost will hit the corporate line. So, we should model that as well, but beyond that, no, nothing specific. We did also indicate obviously in the discussion that bonus accruals were down, so those should increase. So, all of those items should affect your corporate line. But in terms of specific guidance on corporate, we don't provide guidance by line item.

Okay. Thank you. That’s helpful. And then just one quick follow-up. Online Information Solutions exited the year basically flat in terms of revenue growth. It seems like that business is poised to return to growth. Can you help us think about the outlook for OIS in 2018?

Yes. Again, so we gave guidance for the USIS in total. So, the specific line item guidance, we don't really provide.

Okay, thank you.

We'll go next to Manav Patnaik with Barclays.

Thank you, good morning guys. My first question is just more around the future of the direct consumer segment. Maybe can you just give us a sense of how many people actually signed on to the free TrustedID product you're providing and maybe how well it's running? Because personally, the experience here hasn't been too great. I mean, I guess, compared to at least the experience in TransUnion. Once we all signed onto, I don't think we've heard at all from TrustedID. So, I was just curious how that's performing. And do you guys actually think of speeding up the marketing spend in the second half of the year?

So, in terms of TrustedID, we think the performance, at this point, has been relatively good, right? We believe the call center support has been very good, and we're not hearing, at this point, that there are significant issues around TrustedID. To the extent you have specific issues with TrustedID, obviously, we are very interested in hearing what they are because we work to address them. We continue to invest in the service and to try to make it better because, obviously, the people that signed up deserve to have the best service we can possibly provide. Can you give me your second question again?

Well, just the number of people that signed on for it and how should we think of the future of that segment. Like, how much do you spend on it?

So, you're referring to GCS specifically?

Yes.

So, in terms of the total number of people that have enrolled in TrustedID, that's not a number we disclose. In terms of GCS, I think as Paulino mentioned, for this year, we're not going to be advertising in the U.S. consumer segment in the first half of the year. And we indicated that the amount of advertising for the full year is expected to be relatively low. But in terms of specific plans for the segment, in general, I think that's something we're still working. And then we'll give you updates on that as we move through the year and make those determinations.

Okay, fair enough.

Our focus will be to launch the Lock & Alert service, right, to make sure that we deliver in our commitment at November last and make sure that the consumers have a great level of service in that area.

Got it. And then just my second question is more, I think in the 10-K, you mentioned you're making a lot of strategic changes to your executive leadership team. I was just hoping you could give us a little bit more detail on what you've moved around and what's going on there?

I think you're referring to the inclusion of the seasonal reporting to me. So, this happened actually in the third quarter since - actually, a couple weeks after I arrived here. We have made a few changes at that time, which included the separation of the chief information security office from the - under the IT and reporting directly to the CEO. And also creating the chief transformation office area to make sure that we address all the issues related to the cybersecurity incident and respond to the cybersecurity incident with a focus to let the business units to continue to be focused on the business side and creating one area that can provide support for the cybersecurity incident, resources and actions.

Yes. And I think in Paulino's prepared remarks, right, there was a substantial amount of discussion around the specific governance structures that have been created, including risk office, tech committee and other areas, that strengthen governance around security, as well as drive culture around security more than just technology. So that is a fair amount of detail there.

Okay. Thanks guys.

We'll go next to George Tong, Goldman Sachs.

Hi, thanks, good morning. Paulino, I'd like to dig deeper into the revenue impact from the breach. Can you elaborate on whether prior new business deferrals have translated into revenues at this point and how the breach impact on revenue will play out as you move through 2018?

As I mentioned on the transcript, right, our performance - third quarter was tough because there was a lot of negative energy around and unknowns around. And as we move to fourth quarter, there were - we have more time to prepare and to be able to reach out to customers and work with them, explaining what happened, how it worked and the actions that we put in place in order to remediate and build the future. We have seen - as we mentioned earlier, we have seen a lesser impact at the end of the fourth quarter. As we continue to work with the customers and demonstrate to them our improved [indiscernible] and the fact that, actually, we are raising the standards of what we want to operate, which is a - was very well welcomed by the financial institutions area. We are, of course, coming from cybersecurity incident. So therefore, we're being very careful on how we forecast our numbers to make sure that we don't break our tradition to be very close to execution reality, like we have been in the last 12 years.

Got it, okay. And I guess the earlier question, how you expect the breach impact on revenues to play out as you move through 2018, is that mainly a first half headwind that you expect, and then it fully dissipates by the second half?

I don't think it will be that black and white.

I think we'll just have to tell you as we move through the year, right? We're certainly expecting an impact. Our planning would assume that it will be greater in the first half than the second half. But obviously, as we move through the year, we'll just try to keep you updated because it's obviously a fluid situation. But we are making progress.

Yes.

Got it. And then, John, you indicated that you expect $200 million in net IT legal and professional fees that are onetime in nature. Can you flesh out your expectation for ongoing costs related to the breach and how you expect EBITDA margins - adjusted EBITDA margins to trend as you move through the year?

So, in terms of specific trending on March, we gave first quarter guidance and full-year guidance. And in my prepared remarks, we did talk a bit about the expenses we expected to incur in 2018 specifically related to security, and then also that we expected to incur specifically related to insurance. And that was in the prepared remarks. So, I think that detail is there, so you should be able to use that in your estimates.

Right. Well, I guess, the question was around when you expect the ongoing costs to be essentially executed. When do you expect your investments to be made as you move through the year? Is it going to be front-end loaded or back-end loaded as you make your ongoing investments?

I'd say the ongoing investments are going to occur over the year., but in terms of the exact timing of when individual activities will get executed, I can't give you an estimate on that.

Okay, got. Thank you.

We'll go next to Shlomo Rosenbaum, Stifel.

Hi, thank you for taking my questions. I want to ask a little bit about GCS. There was talk about not marketing in the first half of 2018. It sounds like there will be marketing direct-to-consumer in the second half of 2018. At the same time, there's kind of a discussion of strategically trying to figure out what to do with that business. Can you give us just a little bit more color on that? Is the thought to when the 12 months of free monitoring is up, to go ahead and offer something for that’s a paid subscription? Or is there just a thought of migrating this to a different provider? Or can you just give us some thoughts on that?

Yes. Look, and it's a very - I certainly understand the reason for the question. And at this point in time, I think we just need to go back to the comments we made in the prepared remarks, which is we'll be able to - we'll give you more detail on how we're going to move ahead with the GCS business as we move through the year. But what we've indicated is that no advertising or marketing spend in the first half. We expected limited for the full year so that would indicate limited for the second half, and that's the way the planning base is built. But we'll - as we move through this year, we'll provide you with more information should anything change and as we get more specifics around that business, okay?

Okay. And then as a follow-up, just in terms of the revenue in the quarter. It was actually - it did not decline that much. And I was wondering if your partners and resellers had a big bump in the fourth quarter, due to the cybersecurity breach. So, although your own direct-to-consumer business suffered from churn, but those that you're selling data to actually had a benefit from that, and they're purchasing it from you.

So not so much - the biggest benefit we got, obviously, in the quarter was really ID Watchdog, right, so the purchase of ID Watchdog. We got the full effect of the revenue from that purchase in the fourth quarter, so that was certainly beneficial. And then also, we've seen relatively good performance in Canada related to - in our GCS business in Canada, so you saw some benefit there. And those were two significant drivers. We also - this is the quarter in which we lapped our - the change in contract with Credit Karma. So that was a benefit to us in the period simply because we lapped the contract period year-on-year. So, I'd say those are the three things that probably affected GCS outside of the U.S. consumer business more than anything else.

Alright, thank you very much.

We'll go next to Tim McHugh, William Blair.

Just a follow-up a little on the - or consumer business. Can you talk about the margins? I guess I think your comment was they'd be down a couple hundred basis points, which, I guess, given the revenue weakness, is understandable. But you also talked about minimal advertising expense. So, can you kind of walk through the puts and takes with that? And just trying to understand, as you do start advertising, how to think about the margins of the business.

Yes. So, I think you kind of just did the puts and takes, right? So, obviously, we had a reasonable revenue decline. And then the most significant offset was related to the fact that we didn't have - that the marketing expense was obviously substantially declined for the worldwide. There was some marketing expense outside the U.S., but very minimal. So, and those were really the most substantial puts and takes regarding the margins of the business report. Tech spend was up a little bit because we're investing in Lock & Alert and TrustedID deployments, which would be incremental, too, which you'd normally see in that business because those are both - those both won't generate any revenue. But that - those are the general puts and takes that you see in that business right now.

Okay. And then just, I guess, two smaller ones. One, can you talk at all about the Mercury acquisition? I guess how big is it? And a little more information about it. And then on the tax rate, I guess, can you talk through - I thought it would be probably a little lower. But what are the puts and takes there, as well as - not to add a [indiscernible] on that, but the adjusted tax rate has typically been lower than the GAAP tax rate. I guess I assume the 27% was more the GAAP number, but can you talk about that at all? Thanks.

Okay. So, Mercury, it's a relatively small business, right, in Australia. I don't think we specifically disclosed the revenue size. But it's a relatively small business, and it's generally related to the onboarding, employee services, employee onboarding and assisting companies in onboarding and new employees. So, it's somewhat consistent with the types of business we would have in our Workforce Solutions business in the U.S. It's also consistent with the type of business we would have in Australia. You might want to say more.

Correct, yes. Well, actually, it just happened when I was doing this in Australia, we're finishing up the process. And it's a very unique, small business, a tuck-in, that we had in the area of employment side. We believe that this can help us in the future in the area to implement or to deploy our Workforce Solutions - The Work Number in Australia as well. This was a strategic move, a very unique company, very well positioned in Australia that we thought it was going to be of strategic value for us in the future.

In terms of tax rate. So, the 27% communicated is a little higher than you expected. So, there are still a fair number of the application of the Tax Act outside of the U.S., and certain circumstances are still unclear. So as those items are resolved, there's an opportunity for our tax rate to adjust. I would guess that based on the open items that are out there, if it's going to adjust, it would probably adjust down. But that's still not sure. But - so if it looks a little higher than you would expect, then I think it's probably driven by the fact that there's a fair number of uncertainties around the treatment of some specific tax items outside the U.S. As those become more clear, we can get more specific on the tax rate.

And then just is that a GAAP, is that the GAAP rate? Or is that the adjusted rate after we take into account kind how you apply taxes to the add-backs?

I think that should be approximately our GAAP and adjusted rate. They should be similar.

Okay. Thanks.

We'll go next to Kevin McVeigh, Deutsche Bank.

Great. Thanks. You made a couple of comments about expanding into the rental market as part of real estate. And just if I heard right, just no benefit from trended data. Can you just talk about those two items a little bit more?

Yes. And I'm sorry, just on the last question. So, there are adjustments. Obviously, the tax effects of the sale of the execution of employee stock options, et cetera, those benefits, we don't take in our non-GAAP rate, which do affect GAAP, right. So, my apologies for missing that in the last answer. So, can you ask your question again?

Yes, of course. The market opportunity for the rental market, be on mortgage in real estate. And then if I heard right, it sounded like you're lapping the benefit of trended data on the mortgage side. Are we through that at this point? Or just any thoughts on that as well.

Let me just kill off the second one real quick. So trended data, yes. So trended data, we launched trended data a year ago in August, right? So, for fourth quarter, there was no trended data in 2016 or 2017 in mortgage.

Yes, on the rental side, we actually expanded this vertical. Given our success and understanding of the mortgage side, we expanded - we call this vertical no housing, which includes both, mortgage and rental, which provides a great opportunity. We have very little penetration in this market, and we have already made some strides towards it. We brought some experts in the area to work with us, and we believe there is a great opportunity for us to expand in the future.

Got it. And then, John, any thoughts on when you return to buybacks?

No specific guidance at this point in time. Right now, what we're focused on is executing the plan that Paulino laid out and the IT and security actions that we discussed.

Thank you.

We'll go next to Bill Warmington, Wells Fargo.

Good morning everyone. You mentioned that the negative revenue impact from the cyber breach improved throughout Q4. Has that trend continued throughout Q1?

Yes. Certainly, we're not going to talk really specifically about Q1 at this point, right? And again, just to make sure I was clear in what I said, right, it was - what we said is the impact expected from the cyber breach in the specific business lessened as we moved through the quarter, right? So, it's a statement relative to our own expectation.

Right, right. Okay. And then a follow-up question. Are you seeing a return of the project-related revenue, specifically the revenue that had been put off as a result of the cyber security audits?

Yes. So, I think Paulino addressed this a little bit earlier, right, which is as we move through and we work with, with varying customers through the process that they have to make sure that they're comfortable with the cyber IT and data security actions we're taking. As we complete those reviews with a given customer, then we see that the process changes, and then our ability to sell discrete projects, as well as new products improves. And as we make progress with our customer base through that process, and we are making progress, then we see the opportunities to continue to sell new products. And then also, those discrete projects improves with time, and we are seeing that occur.

Yes. And like I mentioned at the beginning, the more rational that we get about the process and the more that we make progresses within our remediation and investment program in IT and security-related areas, the more we expect this progress to continue. But at this time, it's not a trend.

Okay. Excellent. Thank you for the insights.

Thank you.

We'll take our final question from Andrew Steinerman, JPMorgan.

Hi, John. Before you were talking, you mentioned you are going to formally restate at least part of the long-term algorithm about USIS. And I look at Page 30 of the 10-K and I see the multiyear algorithm stated and somewhat revised, 6% to 8% organic plus 1% to 2% revenue growth. And then the language that I think is revived is EPS growing faster than revenue growth over time due to operational leverage and financial leverage. Obviously, the old goal was 10% to 13%. So, my question is, now post-breach, is there a different view about operating leverage? And I just want to make sure since it's in the 10-K that 6% to 8% organic growth for medium term is being restated today as the goal.

Okay. We're - Andrew, we're looking for that.

Page 30 of the 10-K.

Sorry - we're - how about we just - and I apologize here. We're not able to find where you're seeing that.

Over the long term, it starts. It's under business environment and company outlook. It's the second paragraph.

Andrew, we don't see it here, so we'll have to take it off-line. So, we're not sure what you're referring to, okay? So, we'll maybe ...

Okay. Thank you.

Okay. Thank you.

And at this time, I'd like to turn it back to Jeff Dodge for closing remarks.

Okay. I'd like to thank everybody for their time and their interest. And with that, operator, we'll terminate the call.