Visa (V) shareholders pressed on AI deepfake and CSAM risk disclosure

Rhea-AI Filing Summary

Bowyer Research is urging Visa shareholders to vote FOR Proposal 7 at Visa’s 2026 annual meeting. The proposal, submitted on behalf of the Oklahoma Tobacco Settlement Endowment Trust, asks Visa to publish a report on how it manages risks that its products could be used to pay for AI‑generated deepfake sexual content, particularly involving child exploitation.

The materials argue that payment networks face growing scrutiny from regulators, law enforcement and advocacy groups over deepfakes, non‑consensual intimate imagery and AI‑generated child sexual abuse material. They highlight prior controversy around adult‑content platforms, emerging enforcement against deepfake sites, and an unsettled legal landscape for synthetic CSAM. Citing crisis‑impact studies, the filer outlines hypothetical scenarios in which a reputational scandal could cut Visa’s market value by roughly 25–35% and significantly pressure earnings.

The notice points to Visa’s past decision to cut ties with Pornhub and to recent shareholder activity at Apple as precedents, and contends that enhanced governance and disclosure on AI‑related exploitation risks would help protect Visa’s brand and long‑term shareholder value.

Notice of Exempt Solicitation

Pursuant to Rule 14a-103 | January 9, 2026

Name of Registrant: Visa, Inc.

Name of person relying on exemption: Bowyer Research

Address of person relying on exemption: P.O. Box 120, McKeesport, PA 15135

Written materials are submitted pursuant to Rule 14a-6(g) (1) promulgated under the Securities Exchange Act of 1934. Filer of this notice does not beneficially own more than $5 million of securities in the Registrant company. Submission is not required of this filer under the terms of the Rule but is made voluntarily in the interest of public disclosure and consideration of these important issues.

 

Visa, Inc. (V)

Closing Loopholes on AI-Driven Child Exploitation: Vote YES on Proposal 7

Contact: Gerald Bowyer | jerrybowyer@bowyerresearch.com

Bowyer Research urges shareholders to vote FOR Proposal No. 7, submitted on behalf of the Oklahoma Tobacco Settlement Endowment Trust, at Visa’s 2026 annual meeting of shareholders.¹ This proposal requests Visa to report on the company’s risk management strategies regarding the use of Visa products in facilitating the sale of deepfake content, particularly child exploitation. The business case is straightforward: unmanaged exposure to this risk not only contributes to exploitation, but threatens brand equity, invites regulatory and legal scrutiny, and can impair long‑term shareholder value.

¹ https://s29.q4cdn.com/385744025/files/doc_downloads/2025/PRO014524_WO80_Visa_DEF-14A_WORKIVA_CourtesyPDF.pdf

1) Visa’s public controversies over deepfake/NCII payments

A bipartisan coalition of U.S. state attorneys general recently called on² major payment platforms, including Visa, to take stronger action to identify and remove payment authorization for deepfake NCII tools and content. Their letters explicitly ask³ how payment companies “currently work to identify and remove payment authorization for deepfake NCII tools and content” and to commit to further action to avoid being complicit in creation or spread of such content. These requests reflect growing public concern that payment networks can be used to monetize AI‑driven sexual exploitation.

Regulatory and industry commentary has also flagged deepfakes as an emerging financial‑crime vector, underscoring the need for proactive controls in payments. FinCEN has warned⁴ of a rise in deepfake identity fraud that enables criminals to circumvent bank controls, and sector analyses describe⁵ deepfakes as a cross‑border fraud accelerant.

These concerns are not theoretical. Investigative reporting and whistleblower allegations have placed payment networks, including Visa, under scrutiny⁶ for processing funds connected to platforms where abusive content has been documented, intensifying public pressure on payments firms to demonstrate credible controls.

2) Relevant class action and enforcement context

Litigation risk around platforms carrying sexual exploitation content has been real and material. Visa and Mastercard halted⁷ certain processing relationships with Pornhub and its advertising arm following court rulings and public controversy, illustrating how payment companies can be drawn⁸ into litigation narratives even when not the content host, including Visa in 2022.

² https://www.naag.org/wp-content/uploads/2025/08/LTRS-Combined-Payment-and-Seach-Platform-FINAL.pdf

³ https://www.paymentsdive.com/news/ags-attack-deepfake-porn-payments-apple-visa-paypal-google/758827/

⁴ https://www.dwt.com/blogs/financial-services-law-advisor/2024/11/fincen-warns-banks-deepfake-fraud-threat-is-rising

⁵ https://www.visaacceptance.com/en-us/blog/article/2025/fraud-trends-shaping-the-future-of-payments.html

⁶ https://www.usatoday.com/story/money/2025/01/24/visa-mastercard-illegal-onlyfans-abuse/77932811007/

⁷ https://finance.yahoo.com/news/mastercard-stop-processing-payments-pornhub-195112440.html

⁸ https://www.paymentsdive.com/news/visa-mastercard-pornhub-trafficjunky-lawsuit-court-ruling-react/628967/

Municipal and state enforcement has also targeted deepfake porn operators. In 2025, the San Francisco City Attorney secured⁹ a settlement and a permanent injunction against a deepfake “nudes” website operator, highlighting a widening enforcement perimeter around AI‑generated sexual exploitation and the platforms that monetize it.

While case particulars differ, the common investor takeaway is clear: payment networks’ exposure to unlawful or non‑consensual content invites¹⁰ reputational harm and litigation risk that can spill over to networks facilitating funds flow.

How Hidden Link Services Process Payments for AI-Generated Child Exploitation

Despite growing legal and platform scrutiny, “hidden link” services, particularly on the dark web, continue to process payments for AI-generated CSAM, relying on anonymity and covert payment channels.

●Law enforcement investigations have documented offenders¹¹ using generative AI to produce synthetic CSAM, then distributing it via dark web forums that offer guides and tutorials on creation, sharing, and monetization. These forums often include instructions on payment mechanisms and direct links to accept credit cards or cryptocurrency, illustrating¹² a clear pipeline from AI creation to paid access. 

●In February 2025, Europol’s Operation Cumberland uncovered¹³ a hidden-paywall platform distributing exclusively AI-generated child sexual abuse content. The operation resulted in 25 arrests. Importantly, users paid via symbolic online payments to access the site: an explicit example of payment processing structures operating in defiance of both legal and ethical norms. 

⁹ https://www.cbsnews.com/sanfrancisco/news/san-francisco-deepfake-porn-lawsuit-settlement-briver-llc-shutdown/

¹⁰ https://www.paymentsdive.com/news/visa-mastercard-pornhub-trafficjunky-lawsuit-court-ruling-react/628967/

¹¹ https://www.dhs.gov/sites/default/files/2024-09/24_0920_k2p_genai-bulletin.pdf

¹² https://pulitzercenter.org/resource/how-we-investigated-epidemic-ai-generated-child-sexual-abuse-material-internet

¹³ https://www.cbsnews.com/news/ai-generated-child-sexual-abuse-content-bust-europol-operation-cumberland/

●The Department of Homeland Security’s GenAI bulletin¹⁴ highlights that offenders employ generative AI to create CSAM and share it through dark web channels using obscured payment systems, including cash-out services and hidden merchant links, to evade detection. 

These findings confirm that payment networks remain integral to the distribution infrastructure of AI-generated CSAM, even when cloaked. Visa’s current compliance framework appears to overlook (or at the very least, underweight) these “hidden link” scenarios.

Without explicit governance and transparency, Visa is at risk of facilitating exploitation through dark net monetization channels, regardless of explicit legality.

Responding to Visa’s Statement of Opposition

In its statement of opposition, Visa asserts that its existing prohibition on illegal activity sufficiently addresses the concerns raised in Proposal No. 7. While we acknowledge the company’s commitment to compliance, this position overlooks a critical reality: AI-generated child sexual abuse material (CSAM) and non-consensual deepfake imagery occupy a rapidly evolving¹⁵ legal grey area.

Currently, federal law criminalizes certain AI-created CSAM that appears to depict real minors, but it does not explicitly prohibit synthetic CSAM depicting non-existent children. Enforcement often relies on obscenity statutes (18 U.S.C. §1466A), which have faced constitutional challenges, and at least one district court has dismissed charges under these provisions, underscoring the unsettled¹⁶ legal landscape (Wisconsin case, 2024). At the state level, while 45 states have enacted¹⁷ laws addressing AI-generated CSAM, five states and the District of Columbia still lack explicit coverage, leaving exploitable gaps in enforcement.

¹⁴ https://www.dhs.gov/sites/default/files/2024-09/24_0920_k2p_genai-bulletin.pdf

¹⁵https://www.ag.ky.gov/Press%20Release%20Attachments/LTR%20TO%20PAYMENT%20PLATFORM S _FINAL%20%2847%29.pdf

¹⁶ https://law.justia.com/cases/federal/appellate-courts/ca5/19-40319/19-40319-2020-02-14.html

¹⁷ https://enoughabuse.org/get-vocal/laws-by-state/

Recent legislation, such as the Take It Down Act¹⁸ (2025), targets non-consensual deepfake intimate imagery, but its focus is on takedown¹⁹ obligations rather than preventive measures or payment processing oversight.²⁰ Advocacy groups and legal scholars have emphasized²¹ that many statutes fail to address synthetic CSAM comprehensively, creating loopholes for actors monetizing exploitative content through payment networks.

Relying solely on current legality in such a rapidly developing area is not responsible risk mitigation. The reputational and financial damage from public associations with exploitative content does not wait for statutes to catch up. Consumer trust and brand equity are eroded by perception alone, regardless of whether a transaction technically violates existing law. Visa demonstrated leadership when it cut ties with Pornhub amid allegations of unlawful content; applying similar foresight now, before the next wave of scrutiny, would protect shareholder value and reinforce Visa’s reputation as a trusted global payments leader.

Proposal No. 7 does not ask Visa to police the internet. It asks for clear governance and disclosure on how the company is addressing emerging risks tied to AI-driven exploitation. This is a forward-looking, value-protective measure, not an operational burden.

3) Combatting CSAM *is* a matter of shareholder concern.

Recent shareholder engagement at Apple demonstrates that mainstream issuers are being asked to report on policies and trade‑offs involving CSAM‑related technologies. The American Family Association (AFA) and Bowyer Research sponsored a proposal requesting a transparency report on Apple’s decisions regarding CSAM‑identifying software. The SEC denied²² Apple’s “ordinary business” exclusion and allowed the proposal to proceed, confirming that such matters transcend ordinary business and merit shareholder consideration.

¹⁸ https://www.congress.gov/bill/119th-congress/senate-bill/146

¹⁹ https://washingtonstatestandard.com/briefs/washington-ag-joins-push-to-stop-spread-of-deepfake-pornography-online/

²⁰ https://www.paymentsdive.com/news/ags-attack-deepfake-porn-payments-apple-visa-paypal-google/758827/

²¹ https://www.vice.com/en/article/visa-suspends-pornhub-advertising/

²² https://www.sec.gov/files/corpfin/no-action/14a-8/afaapple1225-14a8.pdf

Public advocacy²³ around Apple’s 2025 ballot further underscores that ethical AI, CSAM safeguards, and disclosure are now established topics for shareholder resolutions and corporate governance dialogue.²⁴

The parallel is instructive for Visa: investors are already pressing²⁵ global brands to document governance, risk management, and mitigation plans for AI‑related harms in consumer‑facing ecosystems. In our view, payments networks warrant at least equivalent transparency, given their central role in monetization flows.

4) How Reputational Controversies Impede Brand Growth

Using commonly applied FactSet workflows, screening peers with prior controversy/litigation headlines and conducting event‑study windows, investors ²⁶can observe that heightened public scrutiny tied to sexual‑exploitation allegations tends to coincide with near‑term spread widening, volatility expansion, and drawdowns among exposed names, while longer‑term effects include higher disclosure and compliance costs. Although individual outcomes vary by fact pattern, this directionally corroborates broader risk‑management research that reputational damage can be swift, costly, and value‑eroding. (For external context, Aon’s Global Risk Management Survey ranks damage to reputation/brand among top enterprise risks; sector commentary ties AI‑enabled deception, including deepfakes, to accelerated reputational shocks.) Evaluations using FactSet data further illustrate this point.

How Much Do Reputational/Crisis Shocks Hurt Brand Value?

·SenateSHJ Crisis Index
An analysis²⁷ of 300 major crises globally revealed that companies suffer an average 35.2% decline in share price at the onset of a reputational crisis, while earnings per share (EPS) drop 68.6%, with the full recovery taking an average of 427 days.  

²³ https://adflegal.org/press-release/adf-shareholder-coalition-allies-set-agenda-apples-annual-shareholder-meeting/

²⁴ https://www.marketscreener.com/quote/stock/APPLE-INC-4849/news/Apple-Inc-Receives-a-Shareholder-Proposal-from-American-Family-Association-48737664/

²⁵ https://www.sec.gov/files/corpfin/no-action/14a-8/afaapple1225-14a8.pdf

²⁶ https://www.aon.com/en/insights/reports/global-risk-management-survey/damage-to-reputation-or-brand-a-critical-risk

²⁷ https://apac.prca.global/corporate-crises-cost-big-new-hard-hitting-data-reveals-financial-impact-of-reputation-disasters/

·Aon 2025 Global Cyber Risk Report
Among 1,414 cyber events²⁸ studied, 56 incidents triggered reputational harm, with affected companies experiencing²⁹ an average 27% drop in shareholder value following those disclosures. 

Financial Estimates: How Much Does CSAM/Deepfake Risk Hurt VISA?

Using these studies as analogues, we can use FactSet data to reasonably extrapolate the potential financial drag Visa may face if exposed in an AI-related sexual content controversy:

●Scenario A: Deepfake/CSAM payment processing scandal 

○Short-term market value hit: ~30–35% share price drop 

■Applied to Visa’s ~$450 billion market cap → $135–158 billion in lost value 

○Earnings stress: ~65–70% decline in quarterly EPS 

○Recovery timeline: ~1–1.5 years to return to pre-crisis levels 

●Scenario B: Cyber-like reputational event tied to payments 

○Market cap loss: ~25–30% reduction 

○Magnitude range: $112–135 billion marker decline 

○Recovery period: >1 year 

●Operational & Compliance Overhang: 

○Additional 5–10% erosion in annual revenues or margins via higher compliance, litigation reserves, PR/spend, and program maintenance. 

²⁸ https://aon.mediaroom.com/2025-06-17-Aons-2025-Global-Cyber-Risk-Report-Reveals-Reputation-Risk-Events-Can-Reduce-Shareholder-Value-by-27-percent

²⁹ https://www.stocktitan.net/news/AON/aon-s-2025-global-cyber-risk-report-reveals-reputation-risk-events-sbkho7dwjs85.html

Summary Table of Loss Ranges (compiled using FactSet data)

Scenario	Share Price Impact	Market Cap Loss	EPS/Revenue Pressure	Recovery Period
Deepfake/CSAM scandal	30–35%	$135–158 B	65–70% EPS drop	12–18 months
Cyber/reputational incident	25–30%	$112–135 B	5–10% revenue drag	~12 months

Implications for Shareholders

These quantified precedents highlight the magnitude of reputational shocks linked to content moderation or its failure. Even more modest outcomes (e.g., a 25% share price decline) represent a financial erosion of over $100 billion, alongside significant second-order costs (regulatory, consumer trust, and compliance overhead).

5) Visa’s prior leadership precedent: cutting ties with Pornhub

Visa has previously demonstrated³⁰ decisive leadership when confronted with credible evidence of sexual exploitation risks, including suspending³¹ acceptance on Pornhub’s user‑generated content sites (2020) and later suspending³² TrafficJunky advertising transactions following an adverse court ruling regarding MindGeek’s operations (2022). In public statements, Visa emphasized zero tolerance for unlawful activity on its network. These actions were widely covered and applauded³³ by child‑safety advocates.

³⁰ https://www.vice.com/en/article/visa-suspends-pornhub-advertising/

³¹ https://finance.yahoo.com/news/mastercard-stop-processing-payments-pornhub-195112440.html

³² https://www.paymentsdive.com/news/visa-mastercard-pornhub-trafficjunky-lawsuit-court-ruling-react/628967/

³³ https://endsexualexploitation.org/articles/statement-visa-and-mastercard-cut-ties-with-pornhub/

Proposal No. 7 simply asks Visa to apply similar rigor and transparency to the next generation of risks, AI‑generated deepfakes and NCII/CSAM, by clarifying how policies, monitoring, and enforcement are evolving to keep harmful actors out of the network.

6) Why a “FOR” vote is warranted on Proposal 7

Regulatory trajectory: Bipartisan AG letters³⁴ specifically naming Visa show regulators expect action from payment platforms on deepfake NCII. Proactive disclosure reduces³⁵ surprise risk and helps align Visa’s controls with rising expectations.

Litigation and enforcement signals: Recent court decisions and settlements in adjacent contexts³⁶ (Pornhub, deepfake site shutdowns) demonstrate real legal exposure when payments are linked³⁷ to exploitative content. Enhanced governance and disclosure are cost‑effective risk mitigants.

●Peer benchmark: Apple’s SEC outcome³⁸ affirms that CSAM/deepfake governance is squarely a shareholder matter, not excludable “ordinary business.” Visa can lead with clarity rather than react under duress. 

●Brand and value preservation: External risk literature and investor analysis³⁹ (including FactSet‑based event studies) indicate reputational shocks carry measurable financial drag, from incremental compliance and PR costs to potential revenue impacts and multiple compression, making transparency a shareholder value imperative. 

●Existing capabilities: Visa already invests heavily⁴⁰ in AI‑enabled fraud defenses, preventing tens of billions in fraud annually, which positions the company to extend controls to new AI‑facilitated harms and to explain those efforts to shareholders. 

³⁴ https://www.naag.org/wp-content/uploads/2025/08/LTRS-Combined-Payment-and-Seach-Platform-FINAL.pdf

³⁵ https://www.paymentsdive.com/news/ags-attack-deepfake-porn-payments-apple-visa-paypal-google/758827/

³⁶ https://www.paymentsdive.com/news/visa-mastercard-pornhub-trafficjunky-lawsuit-court-ruling-react/628967/

³⁷ https://www.cbsnews.com/sanfrancisco/news/san-francisco-deepfake-porn-lawsuit-settlement-briver-llc-shutdown/

³⁸ https://www.sec.gov/files/corpfin/no-action/14a-8/afaapple1225-14a8.pdf

³⁹ https://www.aon.com/en/insights/reports/global-risk-management-survey/damage-to-reputation-or-brand-a-critical-risk

⁴⁰ https://www.cnbc.com/2024/07/26/ai-and-machine-learning-helped-visa-combat-40-billion-in-fraud-activity.html

7) Conclusion

For the reasons above, we urge shareholders to vote FOR Proposal No. 7. The proposal asks for prudent, investor‑oriented disclosure and board oversight on a fast‑moving risk where payments networks are under increasing scrutiny. A “FOR” vote supports Visa’s brand leadership, regulatory readiness, and long‑term value protection, ensuring the company applies the same principled stance it demonstrated in prior actions (e.g., Pornhub) to the evolving challenges of AI‑generated sexual exploitation.

The foregoing information may be disseminated to shareholders via telephone, U.S. mail, e-mail, certain websites and certain social media venues, and should not be construed as investment advice or as a solicitation of authority to vote your proxy. The cost of disseminating the foregoing information to shareholders is being borne entirely by the filers.

The information contained herein has been prepared from sources believed reliable but is not guaranteed by us as to its timeliness or accuracy and is not a complete summary or statement of all available data. This piece is for informational purposes and should not be construed as a research report. Bowyer Research is not able to vote your proxies, nor does this communication contemplate such an event. Proxy cards will not be accepted by us. Please do not send your proxy to us. To vote your proxy, please follow the instructions on your proxy card.

For questions, please contact Gerald Bowyer, president of Bowyer Research, via email at jerrybowyer@bowyerresearch.com.

FAQ

What is Proposal 7 at Visa’s 2026 annual meeting as described in this PX14A6G filing for V?

Proposal 7 asks Visa to produce a report on its risk management strategies for preventing the use of Visa products in transactions involving AI‑generated deepfake content, with a focus on child sexual exploitation. The report would explain governance, monitoring and enforcement practices around these emerging risks.

Who filed this notice of exempt solicitation regarding Visa (V) and what are they recommending?

Bowyer Research filed the notice of exempt solicitation. It supports a shareholder proposal submitted on behalf of the Oklahoma Tobacco Settlement Endowment Trust and urges shareholders to vote FOR Proposal 7 at Visa’s 2026 annual meeting.

Why does the filer believe AI deepfake and CSAM risks are important for Visa shareholders?

The filer states that unmanaged exposure to AI‑driven deepfakes and child sexual abuse material can damage Visa’s brand, invite regulatory and legal scrutiny, and impair long‑term shareholder value. They cite warnings from regulators and law enforcement about deepfakes, investigations into AI‑generated CSAM, and prior controversies involving payment processing for exploitative content.

How does the filing describe the potential financial impact of a deepfake or CSAM scandal on Visa?

Using external crisis and cyber‑risk studies as analogues, the materials outline hypothetical scenarios in which a deepfake or CSAM‑related scandal could coincide with a 30–35% share price decline and an estimated $135–158 billion reduction in Visa’s market capitalization, with additional earnings and revenue pressure over a recovery period of roughly one year or more.

What precedents does the filing cite to support shareholder oversight of CSAM and deepfake issues at Visa?

The materials reference prior shareholder activity at Apple on CSAM‑related technologies, noting that the SEC allowed that proposal to proceed, and they highlight Visa’s past decisions to suspend certain payment relationships with Pornhub and related advertising platforms. The filer argues these examples show that CSAM and deepfake governance is a legitimate shareholder concern and that Visa has previously taken strong actions in adjacent contexts.

Does Proposal 7 ask Visa to police all online content?

No. The filing emphasizes that Proposal 7 does not ask Visa to police the internet. Instead, it requests clearer governance and disclosure about how Visa is addressing emerging AI‑driven exploitation risks in relation to its own payment network.

How does the filer link AI fraud controls to Visa’s ability to address deepfake exploitation risk?

The materials note that Visa already invests heavily in AI‑enabled fraud defenses, which are described as helping to prevent tens of billions in fraud annually. The filer argues that these capabilities position Visa to extend and explain its controls to cover AI‑facilitated harms such as deepfake and CSAM monetization.