Financial Information

PART II

Item 8. Financial Statements and Supplementary Data.

MARRIOTT INTERNATIONAL, INC.
NOTES TO CONSOLIDATED FINANCIAL STATEMENTS

7. COMMITMENTS AND CONTINGENCIES

Guarantees

We issue guarantees to certain lenders and hotel owners, chiefly to obtain long-term management contracts. The guarantees generally have a stated maximum funding amount and a term of three to ten years. The terms of guarantees to lenders generally require us to fund if cash flows from hotel operations are inadequate to cover annual debt service or to repay the loan at maturity. The terms of the guarantees to hotel owners generally require us to fund if the hotels do not attain specified levels of operating profit. Guarantee fundings to lenders and hotel owners are generally recoverable out of future hotel cash flows and/or proceeds from the sale of hotels. We also enter into project completion guarantees with certain lenders in conjunction with hotels that we or our joint venture partners are building.

We present the maximum potential amount of our future guarantee fundings and the carrying amount of our liability for our debt service, operating profit, and other guarantees (excluding contingent purchase obligations) for which we are the primary obligor at year-end 2018 in the following table:

Our liability at year-end 2018 for guarantees for which we are the primary obligor is reflected in our Balance Sheets as $23 million of “Accrued expenses and other” and $96 million of “Other noncurrent liabilities.”

Our guarantees listed in the preceding table include $3 million of debt service guarantees, $32 million of operating profit guarantees, and $2 million of other guarantees that will not be in effect until the underlying properties open and we begin to operate the properties or certain other events occur.

In conjunction with financing obtained for specific projects or properties owned by us or joint ventures in which we are a party, we may provide industry standard indemnifications to the lender for loss, liability, or damage occurring as a result of the actions of the other joint venture owner or our own actions.

Contingent Purchase Obligation

Sheraton Grand Chicago. We granted the owner a one-time right, exercisable in 2022, to require us to purchase the leasehold interest in the land and the hotel for $300 million in cash (the “put option”). If the owner exercises the put option, we have the option to purchase, at the same time the put transaction closes, the underlying fee simple interest in the land for an additional $200 million in cash. We accounted for the put option as a guarantee, and our recorded liability at year-end 2018 was $57 million.

We concluded that the entity that owns the Sheraton Grand Chicago hotel is a variable interest entity. We did not consolidate the entity because we do not have the power to direct the activities that most significantly impact the entity’s economic performance. Our maximum exposure to loss related to the entity is equal to the difference between the purchase price and the fair value of the hotel at the time that the put option is exercised, plus the maximum funding amount of an operating profit guarantee that we provided for the hotel.

Commitments

At year-end 2018, we had the following commitments outstanding, which are not recorded on our Balance Sheets:

• We had a right and, under certain circumstances, an obligation to acquire our joint venture partner’s remaining interests in two joint ventures at a price based on the performance of the ventures. In the 2019 first quarter, we accelerated our option to acquire our partner’s interests. We expect to account for the transaction primarily as an acquisition of brand and contract assets.
  
• Investment commitments totaling up to $11 million of equity for non-controlling interests in real estate and travel technology-related entities. We expect to invest up to $3 million in 2019 and $6 million thereafter. We do not expect to fund the remaining commitments.
  
• Various loan commitments totaling $14 million, of which we expect to fund $5 million in 2019 and $5 million thereafter. We do not expect to fund the remaining commitments.
  
• Various commitments to purchase information technology hardware, software, accounting, finance, and maintenance services in the normal course of business, primarily for programs and services for which we are reimbursed by third-party owners, totaling $286 million. We expect to purchase goods and services subject to these commitments as follows: $153 million in 2019, $78 million in 2020, $38 million in 2021, and $17 million thereafter.
  
• Several commitments aggregating $33 million, which we do not expect to fund.

Letters of Credit

At year-end 2018, we had $136 million of letters of credit outstanding (all outside the Credit Facility, as defined in Footnote 10. Long-Term Debt), most of which were for our self-insurance programs. Surety bonds issued as of year-end 2018 totaled $152 million, most of which state governments requested in connection with our self-insurance programs.

Data Security Incident

Description of Event

On November 30, 2018, we announced a data security incident involving unauthorized access to the Starwood reservations database (the “Data Security Incident”). Working with leading security experts, we determined that there was unauthorized access to the Starwood network since 2014 and that an unauthorized party had copied information from the Starwood reservations database and taken steps towards removing it. While our forensic review of the incident is now complete, certain data analytics work continues. We have completed the planned phase out of the operation of the Starwood reservations database, effective as of the end of 2018.

Expenses and Insurance Recoveries

In 2018, we recorded $28 million of expenses related to the Data Security Incident, partially offset by $25 million of accrued insurance recoveries, which we recorded in either the “Reimbursed expenses” or “Merger-related costs and charges” captions of our Income Statements. Expenses primarily included costs to investigate the Data Security Incident and customer care costs. We recognize insurance recoveries when they are probable of receipt and present them in our Income Statements in the same caption as the related loss, up to the amount of loss.

Litigation, Claims, and Government Investigations

To date, approximately 100 putative class action lawsuits have been filed by consumers and others against us in U.S. federal, U.S. state and Canadian courts related to the Data Security Incident. The plaintiffs in these cases, who purport to represent various classes of consumers, generally claim to have been harmed by alleged actions and/or omissions by the Company in connection with the Data Security Incident and assert a variety of common law and statutory claims seeking monetary damages, injunctive relief and other related relief. On February 6, 2019, the U.S. Judicial Panel on Multidistrict Litigation (MDL) issued an order consolidating the U.S. cases filed to that date and transferring them all to the U.S. District Court for the District of Maryland. A putative class action lawsuit was filed against us and certain of our current officers and directors on December 1, 2018 in the U.S. District Court for the Eastern District of New York alleging violations of the federal securities laws in connection with statements regarding our cybersecurity systems and controls. The complaint seeks certification of a class of affected persons and unspecified monetary damages, costs and attorneys’ fees. This case is also covered by the MDL order. A shareholder derivative complaint was also filed against the Company and each of the members of our Board of Directors on February 26, 2019 in the U.S. District Court for the Southern District of New York alleging, among other claims, breach of fiduciary duty, corporate waste, mismanagement and violations of the federal securities laws. This case has not yet been consolidated as part of the MDL proceeding. We dispute the allegations in the complaints described above and intend to defend vigorously against such claims.

In addition, numerous U.S. federal, U.S. state and foreign governmental authorities are investigating, or otherwise seeking information and/or documents related to, the Data Security Incident and related matters, including Attorneys General offices from all 50 states and the District of Columbia, the Federal Trade Commission, the Securities and Exchange Commission, certain committees of the U.S. Senate and House of Representatives, the Information Commissioner’s Office in the United Kingdom (“ICO”) as lead supervisory authority in the European Economic Area, and regulatory authorities in other jurisdictions, including Germany. Following the Data Security Incident, the ICO notified us that it had opened an investigation into the Company’s online privacy policy and related practices. This investigation is separate from the ICO’s investigation related to the Data Security Incident.

While we believe it is reasonably possible that we may incur losses associated with the above described proceedings and investigations, it is not possible to estimate the amount of loss or range of loss, if any, that might result from adverse judgments, settlements, fines, penalties or other resolution of these proceedings and investigations based on the early stage of these proceedings and investigations, the absence of specific allegations as to alleged damages, the uncertainty as to the certification of a class or classes and the size of any certified class, if applicable, and the lack of resolution of significant factual and legal issues.