Associated Banc-Corp (ASB) Risk Analysis

209 Followers

Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Associated Banc-Corp disclosed 67 risk factors in its most recent earnings report. Associated Banc-Corp reported the most risks in the “Finance & Corporate” category.

Risk Overview Q4, 2025

Risk Distribution

46% Finance & Corporate

22% Legal & Regulatory

12% Macro & Political

7% Tech & Innovation

7% Ability to Sell

4% Production

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2022

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Associated Banc-Corp Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q4, 2025

Main Risk Category

Finance & Corporate

With 31 Risks

Finance & Corporate

With 31 Risks

Number of Disclosed Risks

-3

From last report

S&P 500 Average: 31

-3

From last report

S&P 500 Average: 31

Recent Changes

3Risks added

6Risks removed

7Risks changed

Since Dec 2025

3Risks added

6Risks removed

7Risks changed

Since Dec 2025

Number of Risk Changed

From last report

S&P 500 Average: 3

From last report

S&P 500 Average: 3

See the risk highlights of Associated Banc-Corp in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 67

Finance & Corporate

Total Risks: 31/67 (46%)Below Sector Average

Share Price & Shareholder Rights4 | 6.0%

Share Price & Shareholder Rights - Risk 1

An investment in our common stock is not an insured deposit.

Our common stock is not a bank deposit and, therefore, is not insured against loss by the FDIC, any other DIF, or by any other public or private entity. An investment in our common stock is inherently risky for the reasons described in this "Risk Factors" section and elsewhere in this report and is subject to the same market forces that affect the price of common stock in any company. As a result, if you acquire our common stock, you may lose some or all of your investment. General Risk Factors

Share Price & Shareholder Rights - Risk 2

Our articles of incorporation, bylaws, and certain banking laws may have an anti-takeover effect.

Provisions of our articles of incorporation and bylaws, and federal banking laws, including regulatory approval requirements, could make it more difficult for a third party to acquire us, even if doing so would be perceived to be beneficial to our shareholders. The combination of these provisions may prohibit a non-negotiated merger or other business combination, which, in turn, could adversely affect the market price of our common stock.

Share Price & Shareholder Rights - Risk 3

Common stock is equity and is subordinate to our existing and future indebtedness and preferred stock and effectively subordinated to all the indebtedness and other non-common equity claims against our subsidiaries.

Shares of the common stock are equity interests in us and do not constitute indebtedness. As such, shares of the common stock will rank junior to all of our indebtedness and to other non-equity claims against us and our assets available to satisfy claims against us, including our liquidation. Holders of our common stock are subject to prior dividend and liquidation rights of holders of our outstanding preferred stock. Our board of directors is authorized to issue additional classes or series of preferred stock without any action on the part of the holders of our common stock, and we are permitted to incur additional debt. Upon liquidation, lenders and holders of our debt securities and preferred stock would receive distributions of our available assets prior to holders of our common stock. Furthermore, our right to participate in a distribution of assets upon any of our subsidiaries' liquidation or reorganization is subject to the prior claims of that subsidiary's creditors, including holders of any preferred stock of that subsidiary.

Share Price & Shareholder Rights - Risk 4

The price of our securities can be volatile.

Price volatility may make it more difficult for you to sell your securities when you want and at prices you find attractive. Our securities prices can fluctuate widely in response to a variety of factors including, among other things: - actual or anticipated variations in quarterly results of operations or financial condition;- operating results and stock price performance of other companies that investors deem comparable to us;- news reports relating to trends, concerns, and other issues in the financial services industry;- perceptions in the marketplace regarding us and/or our competitors;- new technology used or services offered by competitors;- significant acquisitions or business combinations, strategic partnerships, joint ventures, or capital commitments by or involving us or our competitors;- failure to integrate acquisitions or realize anticipated benefits from acquisitions;- changes in government regulations;- changes in international trade policy and any resulting disputes or reprisals;- geopolitical conditions, such as acts or threats of terrorism or military conflicts; and - recommendations by securities analysts. General market fluctuations, industry factors, and general economic and political conditions and events, such as economic slowdowns or recessions, interest rate changes, or credit loss trends, could cause our securities prices to decrease regardless of our operating results.

Accounting & Financial Operations5 | 7.5%

Accounting & Financial Operations - Risk 1

We may reduce or eliminate dividends on our common stock.

Although we have historically paid a quarterly cash dividend to the holders of our common stock, holders of our common stock are not entitled to receive dividends. Downturns in the domestic and global economies could cause our board of directors to consider, among other things, the elimination of dividends paid on our common stock. This could adversely affect the market price of our common stock. Furthermore, as a bank holding company, our ability to pay dividends is subject to the guidelines of the Federal Reserve regarding capital adequacy and dividends. Dividends may be limited as a result of safety and soundness considerations.

Accounting & Financial Operations - Risk 2

Our internal controls may be ineffective.

Management regularly reviews and updates our internal controls, disclosure controls and procedures, and corporate governance policies and procedures. Any system of controls, however well-designed and operated, is based in part on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the controls are met. Any failure or circumvention of our controls and procedures or failure to comply with regulations related to controls and procedures could have a material adverse effect on our business, results of operations, and financial condition.

Accounting & Financial Operations - Risk 3

Changes in our accounting policies or in accounting standards could materially affect how we report our financial results.

Our accounting policies are fundamental to understanding our financial results and condition. Some of these policies require the use of estimates and assumptions that may affect the value of our assets or liabilities and financial results. Some of our accounting policies are critical because they require management to make difficult, subjective and complex judgments about matters that are inherently uncertain and because it is likely that materially different amounts would be reported under different conditions or using different assumptions. If such estimates or assumptions underlying our financial statements are incorrect, we may experience material losses. From time to time, the FASB and the SEC change the financial accounting and reporting standards or the interpretation of those standards that govern the preparation of our external financial statements. These changes are beyond our control, can be hard to predict and could materially impact how we report our results of operations and financial condition. We could be required to apply a new or revised standard retroactively, resulting in our restating prior period financial statements in material amounts.

Accounting & Financial Operations - Risk 4

Impairment of investment securities, goodwill, other intangible assets, or DTAs could require charges to earnings, which could result in a negative impact on our results of operations.

In assessing whether the impairment of investment securities is related to a deterioration in credit factors, management considers the length of time and extent to which the fair value has been less than cost, the financial condition and near-term prospects of the issuer, and the intent and ability to retain our investment in the security for a period of time sufficient to allow for any anticipated recovery in fair value in the near term. Under current accounting standards, goodwill is not amortized but, instead, is subject to impairment tests on at least an annual basis or more frequently if an event occurs or circumstances change that reduce the fair value of a reporting unit below its carrying amount. A decline in our stock price or occurrence of a triggering event following any of our quarterly earnings releases and prior to the filing of the periodic report for that period could, under certain circumstances, cause us to perform a goodwill impairment test and result in an impairment charge being recorded for that period which was not reflected in such earnings release. During 2025, the annual impairment test conducted in May, using a qualitative assessment, indicated that the estimated fair value of all of the Corporation's reporting units exceeded the carrying value. In the event that we conclude in a future assessment that all or a portion of our goodwill may be impaired, a non-cash charge for the amount of such impairment would be recorded to earnings. Such a charge would have no impact on tangible capital. At December 31, 2025, we had goodwill of $1.1 billion, which represents approximately 22% of stockholders' equity. In assessing the realizability of DTAs, management considers whether it is more likely than not that some portion or all of the DTAs will not be realized. Assessing the need for, or the sufficiency of, a valuation allowance requires management to evaluate all available evidence, both negative and positive, including the recent trend of quarterly earnings. Positive evidence necessary to overcome the negative evidence includes whether future taxable income in sufficient amounts and character within the carryback and carryforward periods is available under the tax law, including the use of tax planning strategies. When negative evidence (e.g., cumulative losses in recent years, history of operating loss or tax credit carryforwards expiring unused) exists, more positive evidence than negative evidence will be necessary. The impact of each of these impairment matters could have a material adverse effect on our business, results of operations, and financial condition.

Accounting & Financial Operations - Risk 5

We rely on dividends from our subsidiaries for most of our cash flow.

The Parent Company is a separate and distinct legal entity from its banking and other subsidiaries. A substantial portion of the Parent Company's cash flow comes from dividends from its subsidiaries. These dividends are the principal source of funds to pay dividends on the Parent Company's common and preferred stock, and to pay interest and principal on the Parent Company's debt. Various federal and/or applicable state laws and regulations limit the amount of dividends that the Bank and certain of our nonbanking subsidiaries may pay to us. Our right to participate in a distribution of assets upon a subsidiary's liquidation or reorganization is subject to the prior claims of the subsidiary's creditors. In the event the Bank subsidiary is unable to pay dividends to us, we may not be able to service debt, pay obligations, or pay dividends on our common and preferred stock. The inability to receive dividends from the Bank would have a material adverse effect on our business, financial condition, and results of operations. Operational Risks

Debt & Financing16 | 23.9%

Debt & Financing - Risk 1

Changes in interest rates could reduce the value of our investment securities holdings which would increase our accumulated other comprehensive loss and thereby negatively impact stockholders' equity.

The Corporation maintains an investment portfolio consisting of high-quality liquid fixed-income securities. The total carrying value of the AFS securities portfolio was $5.4 billion as of December 31, 2025, and the estimated duration of the aggregate portfolio was approximately 3.2 years. The nature of fixed-income securities is such that changes in market interest rates impact the value of these assets.

Debt & Financing - Risk 2

The impact of interest rates on our mortgage banking business can have a significant impact on revenues.

Changes in interest rates can impact our mortgage-related revenues. A decline in mortgage rates generally increases the demand for mortgage loans as borrowers refinance, but generally leads to accelerated payoffs. Conversely, in a constant or increasing rate environment, we would expect fewer loans to be refinanced and a decline in payoffs. Although we use models to assess the impact of interest rates on mortgage-related revenues, the estimates of revenues produced by these models are dependent on estimates and assumptions of future loan demand, prepayment speeds and other factors which may differ from actual subsequent experience.

Debt & Financing - Risk 3

Our allowance for credit losses on loans may be insufficient.

All borrowers have the potential to default, and our remedies in the event of such default (such as seizure and/or sale of collateral, legal actions, and guarantees) may not fully satisfy the debt owed to us. We maintain an ACLL, which is a reserve established through a provision for credit losses charged to expense, that represents management's best estimate of probable credit losses over the life of the loan within the existing portfolio of loans. The ACLL, in the judgment of management, is necessary to reserve for estimated credit losses and risks inherent in the loan portfolio. The level of the ACLL reflects management's continuing evaluation of industry concentrations; specific credit risks; loan loss experience; current loan portfolio quality; present economic, political, and regulatory conditions; and unidentified losses inherent in the current loan portfolio. The determination of the appropriate level of the ACLL inherently involves a high degree of subjectivity and requires us to make significant estimates of current credit risks using existing qualitative and quantitative information, all of which may undergo material changes. Changes in economic conditions affecting borrowers, new information regarding existing loans, identification of additional problem loans, and other factors, both within and outside of our control, may require an increase in the ACLL. Bank regulatory agencies periodically review our ACLL and may require an increase in the provision for credit losses or the recognition of additional loan charge offs, based on judgments different than those of management. An increase in the ACLL would result in a decrease in net income, and possibly risk-based capital, and could have a material adverse effect on our financial condition and results of operations.

Debt & Financing - Risk 4

CRE lending may expose us to increased lending risks.

Our policy generally has been to originate CRE loans primarily in the states in which the Bank operates. At December 31, 2025, CRE loans, including owner occupied, investor, and real estate construction loans, totaled $8.4 billion, or 27%, of our total loan portfolio and 183% of total risk-based capital. CRE loans generally involve a greater degree of credit risk than residential mortgage loans because they typically have larger balances and are more affected by adverse conditions in the economy. Because payments on loans secured by CRE depend upon the successful operation and management of the properties and the businesses that operate from within them, repayment of such loans can be affected by factors outside the borrower's control, such as adverse conditions in the real estate market or the economy or changes in government regulation. Although CRE markets have shown signs of stabilization since 2024, the federal banking agencies have issued guidance on the sound risk management practices regarding CRE lending and regulatory scrutiny may increase depending on the concentration in CRE lending and changing economic conditions for the CRE markets. Our failure to adequately maintain appropriate risk management policies, procedures and controls could adversely affect our ability to increase this portfolio and could result in an increased rate of delinquencies in, and increased losses from, this portfolio as well as enhanced regulatory scrutiny and regulatory expectations for increased capital. At December 31, 2025, nonaccrual CRE loans totaled $8.7 million, or less than 1% of our total portfolio of CRE loans.

Debt & Financing - Risk 5

Failure to appropriately administer or manage our investment management and asset servicing businesses properly could put the related earnings at risk.

Revenues from our investment management and asset servicing businesses are significant to our earnings. Generating returns that satisfy clients in a variety of asset classes is important to maintaining existing business and attracting new business. Administering or managing assets in accordance with the terms of governing documents and applicable laws is also important to client satisfaction. Failure in either of the foregoing areas can expose us to liability, and result in a decrease in our revenues and earnings.

Debt & Financing - Risk 6

Impairment of our access to liquidity could affect our ability to meet our obligations.

The Corporation requires liquidity to meet its deposit and debt obligations as they come due. Access to liquidity could be impaired by an inability to access the capital markets or unforeseen outflows of deposits. Risk factors that could impair our ability to access capital markets include a downturn in our Midwest markets, difficult credit markets, credit rating downgrades, or regulatory actions against the Corporation. The Corporation's access to deposits can be impacted by the liquidity needs of our customers as a substantial portion of the Corporation's liabilities are demand while a substantial portion of the Corporation's assets are loans that cannot be sold in the same timeframe. Historically, the Corporation has been able to meet its cash flow needs as necessary. If a sufficiently large number of depositors sought to withdraw their deposits for whatever reason, the Corporation may be unable to obtain the necessary funding at favorable terms.

Debt & Financing - Risk 7

The proportion of our deposit account balances that exceed FDIC insurance limits may expose the Bank to enhanced liquidity risk in times of financial distress.

In the aftermath of the significant bank failures that occurred in 2023, the federal banking agencies have enhanced their scrutiny of banks' liquidity risk management. In the event of financial distress, uninsured depositors historically have been more likely to withdraw their deposits. The Corporation had approximately $17.0 billion of uninsured deposits at December 31, 2025. Estimated uninsured and uncollateralized deposits, excluding intercompany deposits, were $9.4 billion or 26.5% of total deposits at December 31, 2025. The ease and speed of the electronic withdrawals may accelerate this process. If a significant portion of our deposits were to be withdrawn within a short period such that additional sources of funding would be required to meet withdrawal demands, the Corporation may be unable to obtain funding at favorable terms, which may have an adverse effect on our net interest margin. Our ability to attract depositors during a time of actual or perceived distress or instability in the marketplace may be limited. Further, interest rates paid for borrowings generally exceed the interest rates paid on deposits. Because our AFS investment securities lose value when interest rates rise, after-tax proceeds resulting from the sale of such assets may be diminished during periods when interest rates are elevated. Under such circumstances, we may be required to access funding from sources such as the Federal Reserve's discount window and the FHLB system in order to manage our liquidity risk. For additional information regarding uninsured deposits and liquidity, see sections Deposits and Customer Funding and Liquidity of Part II, Item 7, Management's Discussion and Analysis of Financial Condition and Results of Operations.

Debt & Financing - Risk 8

Adverse changes to our credit ratings could limit our access to funding and increase our borrowing costs.

Credit ratings are subject to review by rating agencies, which consider a number of factors, including our financial strength, performance, prospects and operations as well as factors not under our control. Other factors that influence our credit ratings include changes to the rating agencies' methodologies for our industry or certain security types; the rating agencies' assessment of the general operating environment for financial services companies; our relative positions in the markets in which we compete; our various risk exposures and risk management policies and activities; pending litigation and other contingencies; our reputation; our liquidity position, diversity of funding sources and funding costs; the current and expected level and volatility of our earnings; our capital position and capital management practices; our corporate governance; current or future regulatory and legislative initiatives; and the agencies' views on whether the U.S. government would provide meaningful support to the Corporation or its subsidiaries in a crisis. Rating agencies could make adjustments to our credit ratings at any time, and there can be no assurance that they will maintain our ratings at current levels or that downgrades will not occur. In August 2023, Moody's and S&P Global Ratings each downgraded our long-term issuer credit ratings, and the ratings remained unchanged as of December 31, 2025. Any additional downgrade in our credit ratings could potentially adversely affect the cost and other terms upon which we are able to borrow or obtain funding, increase our cost of capital and/or limit our access to capital markets. Credit rating downgrades or negative watch warnings could negatively impact our reputation and the perception of the Corporation by lenders, investors and other third parties, which could impair our ability to compete in certain markets or engage in certain transactions. In particular, holders of deposits which exceed FDIC insurance limits may perceive such a downgrade or warning negatively and withdraw all or a portion of such deposits. While certain aspects of a credit rating downgrade are quantifiable, the impact that such a downgrade would have on our liquidity, business and results of operations in future periods is inherently uncertain and would depend on a number of interrelated factors, including, among other things, the magnitude of the downgrade, the rating relative to peers, the rating assigned by the relevant agency pre-downgrade, individual client behavior and future mitigating actions we might take.

Debt & Financing - Risk 9

We are subject to interest rate risk.

Our earnings and cash flows are largely dependent upon our net interest income. Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions and policies of various governmental and regulatory agencies and, in particular, the Federal Reserve. Changes in monetary policy, including changes in interest rates, could influence not only the interest we receive on loans and investments and the amount of interest we pay on deposits and borrowings, but such changes could affect (i) our ability to originate loans and obtain deposits; (ii) the fair value of our financial assets and liabilities; and (iii) the average duration of our mortgage portfolio and other interest-earning assets. As of January 28, 2026, the date of the FOMC's most recent meeting, the target range for the federal funds rate was 3.50% to 3.75%, which is down from the peak of 5.25% to 5.50% prior to the FOMC meeting in September 2024. Despite direct pressure from the President and the anticipated change in the Chair of the Federal Reserve, it remains uncertain whether the FOMC will further reduce the target range for the federal funds rate to stimulate economic activity and promote job growth or leave the rate at its current level for an additional period of time. Earnings could be adversely affected if the interest rates received on loans and other investments fall more quickly than the interest rates paid on deposits and other borrowings. The Corporation's interest rate risk profile is such that, generally, a higher yield curve adds to income while a lower yield curve has a negative impact on earnings. Our most significant interest rate risk may result from timing differences in the maturity and re-pricing characteristics of assets and liabilities, changes in the shape of the yield curve, and the potential exercise of explicit or embedded options. Although management believes it has implemented effective asset and liability management strategies, including the use of derivatives as hedging instruments, to reduce the effects of changes in interest rates on our results of operations, any substantial, unexpected, prolonged change in market interest rates could have a material adverse effect on our financial condition and results of operations, and any related economic impact, especially domestically and in the regions in which we operate, may adversely affect our asset quality, deposit levels, loan demand and results of operations. Our interest rate risk modeling techniques and assumptions may not fully predict or capture the impact of actual interest rate changes on our balance sheet.

Debt & Financing - Risk 10

Lack of system integrity or credit quality related to funds settlement could result in a financial loss.

We settle funds on behalf of financial institutions, other businesses and consumers and receive funds from clients, card issuers, payment networks and consumers on a daily basis for a variety of transaction types. Transactions we facilitate include wire transfers, debit card, credit card and electronic bill payment transactions, supporting consumers, financial institutions and other businesses. These payment activities rely upon the technology infrastructure that facilitates the verification of activity with counterparties and the facilitation of the payment. If the continuity of operations or integrity of processing were compromised, it could result in a financial loss to us. We may issue credit to consumers, financial institutions or other businesses as part of the funds settlement. A default on this credit by a counterparty could result in a financial loss to us.

Debt & Financing - Risk 11

Changed

Changes in interest rates could reduce the value of our residential mortgage-related securities and MSRs, which could negatively affect our earnings.

The Corporation earns revenue from the fees it receives for originating mortgage loans and for servicing mortgage loans. When rates rise, the demand for mortgage loans tends to fall, reducing the revenue the Corporation receives from loan originations. At the same time, revenue from MSRs can increase through increases in fair value. When rates fall, mortgage originations tend to increase and the value of MSRs tends to decline, with some offsetting revenue effect. Even though the origination of mortgage loans can act as a natural hedge, the hedge is not perfect, either in amount or timing. For example, the negative effect on revenue from a decrease in the fair value of MSRs is immediate, but any offsetting revenue benefit from more originations and the MSRs relating to the new loans would be recognized during the month of origination. It is possible that even if interest rates were to fall, mortgage originations may fall or any increase in mortgage originations may not be enough to offset the decrease in the MSRs value caused by the lower rates. The Corporation typically uses derivatives and other instruments to hedge its mortgage banking interest rate risk. The Corporation generally does not hedge all of its risks and the fact that hedges are used does not mean they will be successful. Hedging is a complex process, requiring sophisticated models and constant monitoring. The Corporation could incur significant losses from its hedging activities. There may be periods where the Corporation elects not to use derivatives and other instruments to hedge mortgage banking interest rate risk, which could cause the Corporation to incur substantial losses.

Debt & Financing - Risk 12

There may be future sales or other dilution of our equity, which may adversely affect the market price of our securities.

We are not restricted from issuing additional securities, including preferred stock, common stock and securities that are convertible into or exchangeable for, or that represent the right to receive, common stock. The issuance of additional shares of common stock or the issuance of convertible securities would dilute the ownership interest of our existing common shareholders. The market price of our common stock could decline as a result of an equity offering, as well as other sales of a large block of shares of our common stock or similar securities in the market after an equity offering, or the perception that such sales could occur. Both we and our regulators perform a variety of analyses of our assets, including the preparation of stress case scenarios, and as a result of those assessments we could determine, or our regulators could require us, to raise additional capital.

Debt & Financing - Risk 13

We may experience unanticipated losses as a result of residential mortgage loan repurchase or reimbursement obligations under agreements with secondary market purchasers.

We may be required to repurchase residential mortgage loans, or to reimburse the purchaser for losses with respect to residential mortgage loans, which have been sold to secondary market purchasers in the event there are breaches of certain representations and warranties contained within the sales agreements, such as representations and warranties related to credit information, loan documentation, collateral and insurability. Consequently, we are exposed to credit risk, and potentially funding risk, associated with sold loans. As a result, we have established reserves in our consolidated financial statements for potential losses related to the residential mortgage loans we have sold. The adequacy of the reserves and the ultimate amount of losses incurred will depend on, among other things, the actual future mortgage loan performance, the actual level of future repurchase and reimbursement requests, the actual success rate of claimants, actual recoveries on the collateral and macroeconomic conditions. Due to uncertainties relating to these factors, there can be no assurance that the reserves we establish will be adequate or that the total amount of losses incurred will not have a material adverse effect on our financial condition or results of operations.

Debt & Financing - Risk 14

The Bank is periodically examined for mortgage-related issues, including mortgage loan and default services, fair lending, and mortgage banking.

Federal and state banking agencies closely examine the mortgage and mortgage servicing activities of depository financial institutions. Should any of these regulators have serious concerns with respect to our mortgage or mortgage servicing activities in this regard, the regulators' response to such concerns could result in material adverse effects on our growth strategy and profitability.

Debt & Financing - Risk 15

The failures of several larger banks in 2023 triggered volatility in the banking sector and resulted in agency rulemaking activities and changes in agency policies and priorities that have subjected midsize and larger financial institutions, including the Corporation and the Bank, to enhanced government regulation and supervision.

After the significant bank failures that occurred in 2023, the federal banking agencies enhanced their scrutiny of the banks' risk management practices, including liquidity risk management. The agencies concluded that a significant contributing factor to the failures of such institutions was the concentration of uninsured deposits, coupled with inadequate prudential regulation and supervision of regional banking organizations, poor management and inadequate risk management practices. Continued regulatory concern over possible future bank failures may lead to further governmental initiatives intended to prevent future bank failures and stem significant deposit outflows from the banking sector, including (i) legislation aimed at preventing similar future bank runs and failures and stabilizing confidence in the banking sector over the long term, (ii) agency rulemaking to modify and enhance relevant regulatory requirements, specifically with respect to liquidity risk management, deposit concentrations, capital adequacy, stress testing and contingency planning, and safe and sound banking practices, and (iii) enhancement of the agencies' supervision and examination policies and priorities. The prospects and timing of these regulatory changes under the current Administration and Congress are unclear. See Capital Requirements section under Part I, Item 1, Business - Supervision and Regulation for additional discussion of this topic.

Debt & Financing - Risk 16

Consumers may decide not to use banks to complete their financial transactions.

Technology and other changes are allowing parties to complete financial transactions through alternative methods that historically have involved banks. For example, consumers can now maintain funds that would have historically been held as bank deposits in brokerage accounts, mutual funds or general-purpose reloadable prepaid cards. Consumers can complete transactions, such as paying bills and/or transferring funds directly without the assistance of banks. Transactions utilizing digital assets, including cryptocurrencies, stablecoins and other similar assets, have increased substantially over the course of the last several years. For example, the enactment of the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 (GENIUS Act) provides a legal framework for stablecoins to be issued in the United States, which may allow new and existing competitors to compete for funds that may have otherwise been deposited with banks, such as the Bank. Certain characteristics of digital asset transactions, such as the speed with which such transactions can be conducted, the ability to transact without the involvement of regulated intermediaries, the ability to engage in transactions across multiple jurisdictions, and the anonymous nature of the transactions, are appealing to certain consumers notwithstanding the various risks posed by such transactions as illustrated by the current and ongoing market volatility. Accordingly, digital asset service providers, which at present are not subject to supervision and regulation comparable to that which is faced by banking organizations and other financial institutions, have become active competitors for our customers' banking business. The current Administration, through executive actions and public announcements, has established a more relaxed regulatory framework for cryptocurrencies, digital assets and financial technology firms, and created a more favorable environment for those asset classes and firms. The process of eliminating banks as intermediaries, known as disintermediation, could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. On October 22, 2024, the CFPB adopted a final rule regarding personal financial data rights that is designed to promote "open banking." The final rule requires, among other things, that data providers, including any financial institution, make available to consumers and certain authorized third parties upon request certain covered transaction, account and payment information. However, in August 2025, the CFPB issued an advanced notice of proposed rulemaking to reconsider its final rule and, in October 2025, a district court issued a preliminary injunction preventing the CFPB from enforcing the final rule until the CFPB has completed its reconsideration of the rule. A final rule, if implemented, could lead to greater competition for products and services among banks and nonbanks alike. The loss of these revenue streams and the lower cost of deposits as a source of funds could have a material adverse effect on our financial condition and results of operations.

Corporate Activity and Growth6 | 9.0%

Corporate Activity and Growth - Risk 1

Our financial condition and results of operations could be negatively affected if we fail to grow or fail to manage our growth effectively.

Our business strategy includes significant growth plans. We intend to continue pursuing a profitable growth strategy. Our prospects must be considered in light of the risks, expenses and difficulties frequently encountered by financial institutions in significant growth stages of development. Sustainable growth requires that we manage our risks by balancing loan and deposit growth at acceptable levels of risk, maintaining adequate liquidity and capital, hiring and retaining qualified employees, successfully managing the costs and implementation risks with respect to strategic projects and initiatives, and integrating acquisition targets and managing the costs. We may not be able to expand our market presence in our existing markets or successfully enter new markets, and any such expansion may adversely affect our results of operations. Failure to manage our growth effectively could have a material adverse effect on our business, future prospects, financial condition or results of operations and could adversely affect our ability to successfully implement our business strategy. If we grow more slowly than anticipated, our operating results could be materially adversely affected.

Corporate Activity and Growth - Risk 2

Acquisitions may be delayed, impeded, or prohibited due to regulatory issues.

Acquisitions by the Corporation, particularly those of financial institutions such as our proposed acquisition of American National, are subject to approval by a variety of federal and state regulatory agencies. Regulatory approvals could be delayed, impeded, restrictively conditioned or denied due to existing or new regulatory issues the Corporation has, or may have, with regulatory agencies, including, without limitation, issues related to BSA compliance, CRA issues, fair lending laws, fair housing laws, consumer protection laws, unfair, deceptive, or abusive acts or practices regulations, and other similar laws and regulations. We may fail to pursue, evaluate or complete strategic and competitively significant acquisition opportunities as a result of our inability, or perceived or anticipated inability, to obtain regulatory approvals in a timely manner, under reasonable conditions or at all. The regulatory approvals may contain conditions on the completion of the merger that adversely affect our business following the closing, or which are not anticipated or cannot be met. Difficulties associated with potential acquisitions that may result from these factors could have a material adverse impact on our business, and, in turn, our financial condition and results of operations. The standards by which bank and financial institution acquisitions will be evaluated may be subject to change. In 2024, the FDIC, the OCC and the DOJ announced changes to their bank merger review processes but, in May 2025, both the OCC and FDIC rescinded their 2024 policy statements, reinstating the guidance that was in effect prior to 2024. The DOJ withdrew from the 1995 Bank Merger Guidelines and announced that it would consider bank mergers under its 2023 Merger Guidelines, which includes a brief bank merger addendum. Any enhanced regulatory scrutiny of bank mergers and acquisitions and revision of the framework for merger application review may adversely affect the marketplace for such transactions, could result in our acquisitions in future periods being delayed, impeded or restricted in certain respects and result in new rules that possibly limit the size of financial institutions we may be able to acquire in the future and alter the terms for such transactions.

Corporate Activity and Growth - Risk 3

We may be adversely affected by risks associated with potential and completed acquisitions.

As part of our growth strategy, from time to time we evaluate merger and acquisition opportunities and conduct due diligence activities related to possible transactions with other financial institutions and financial services companies, including our proposed acquisition of American National Corporation. As a result, negotiations may take place and future mergers or acquisitions involving cash, debt, or equity securities may occur at any time. We seek merger or acquisition partners that are culturally similar, have experienced management, and possess either significant market presence or have potential for improved profitability through financial management, economies of scale, or expanded services. Acquiring other banks, businesses, or branches involves potential adverse impact to our financial results and various other risks commonly associated with acquisitions, including, among other things: - incurring time and expense associated with identifying and evaluating potential acquisitions and negotiating potential transactions, and with integrating acquired businesses, resulting in the diversion of resources from the operation of our existing businesses;- difficulty in estimating the value of target companies or assets and in evaluating credit, operations, management, and market risks associated with those companies or assets;- payment of a premium over book and market values that may dilute our tangible book value and earnings per share in the short and long term;- potential exposure to unknown or contingent liabilities of the target company, including, without limitation, liabilities for litigation, regulatory and compliance issues;- exposure to potential asset quality issues of the target company;- there may be volatility in reported income as goodwill impairment losses could occur irregularly and in varying amounts;- difficulties, inefficiencies or cost overruns associated with the integration of the operations, personnel, technologies, services, and products of acquired companies with ours;- inability to realize the expected revenue increases, cost savings, increases in geographic or product presence, and/or other projected benefits;- potential disruption to our business;- the possible loss of key employees and customers of the target company; and - potential changes in banking or tax laws or regulations that may affect the target company. Acquisitions involve operational risks and uncertainties, and acquired companies may have unknown or contingent liabilities, exposure to unexpected asset quality problems that require write-downs or write-offs (as well as restructuring and impairment or other charges), difficulty retaining key employees and customers and other issues that could negatively affect our business. We may not be able to realize any projected cost savings, synergies or other benefits associated with any such acquisition we complete. Acquisitions typically involve the payment of a premium over book and market values and, therefore, some dilution of our tangible book value and net income per common share may occur in connection with any future transaction. Failure to successfully integrate the entities we acquire into our existing operations could increase our operating costs significantly and have a material adverse effect on our business, financial condition, and results of operations. We face significant competition from other financial services institutions, some of which may have greater financial resources than we do, when considering acquisition opportunities. Accordingly, attractive opportunities may not be available to us and there can be no assurance that we will be successful in identifying or completing future acquisitions.

Corporate Activity and Growth - Risk 4

Added

We may not be able to successfully integrate American National or to realize the anticipated benefits of the acquisition.

Upon consummation of the acquisition of American National, we will begin the process of integrating its business with ours. A successful integration will depend substantially on the Corporation's ability to consolidate operations, corporate cultures,systems and procedures and to eliminate redundancies and costs. We may not be able to combine our business with the business of American National without encountering difficulties that could adversely affect our ability to maintain relationships with existing clients, customers, depositors and employees, such as: - the loss of key employees;- the disruption of operations and business;- inability to maintain and increase competitive presence;- loan and deposit attrition, customer loss and revenue loss;- possible inconsistencies in standards, control procedures and policies;- additional costs or unexpected problems with operations, personnel, technology and credit;- inconsistencies in standards, controls, procedures and policies; and/or - problems with the assimilation of new operations, system, sites or personnel, which could divert resources from regular banking operations. Any disruption to the businesses could cause customers to remove their accounts and move their business to a competing financial institution. Integration efforts between the two companies may also divert management attention and resources. Additionally, general market and economic conditions or governmental actions affecting the financial industry generally may inhibit our successful integration of American National. Further, we entered into the merger agreement to acquire American National with the expectation that the acquisition will result in various benefits including, among other things, benefits relating to enhanced revenues, a strengthened market position for the combined company, cross selling opportunities, technological efficiencies, cost savings and operating efficiencies. Achieving the anticipated benefits of the transactions contemplated by the merger agreement is subject to a number of uncertainties, including whether we integrate American National in an efficient, effective and timely manner, and general competitive factors in the marketplace. Failure to achieve these anticipated benefits on the anticipated timeframe, or at all, could result in a reduction in the price of our common stock as well as in increased costs, decreases in the amount of expected revenues and diversion of management's time and energy and could materially and adversely affect our business, financial condition and operating results. Additionally, upon consummation of the transactions contemplated by the merger agreement, we will make fair value estimates of certain assets and liabilities in recording the acquisition. Actual values of these assets and liabilities could differ from our estimates, which could result in our not achieving the anticipated benefits of the transaction. Finally, any cost savings that are realized may be offset by losses in revenues or other charges to earnings. Legal, Regulatory, Compliance and Reputational Risks

Corporate Activity and Growth - Risk 5

From time to time, the Corporation engages in acquisitions, including acquisitions of depository institutions. The integration of core systems and processes for such transactions often occurs after the closing, which may create elevated risk of cyber incidents.

The Corporation may be subject to the data risks and cybersecurity vulnerabilities of the acquired company until the Corporation has sufficient time to fully integrate the acquiree's customers and operations. Although the Corporation endeavors to conduct comprehensive due diligence of cybersecurity policies, procedures and controls of our acquisition counterparties, and the Corporation endeavors to maintain adequate policies, procedures, controls and information security protocols to facilitate a successful integration, there can be no assurance that such measures, controls and protocols are sufficient to withstand a cyber-attack or other security breach with respect to the companies we acquire, particularly during the period of time between closing and final integration.

Corporate Activity and Growth - Risk 6

The potential for business interruption exists throughout our organization.

Integral to our performance is the continued efficacy of our technical systems, operational infrastructure, relationships with third parties and the vast array of associates and key executives in our day-to-day and ongoing operations. Failure by any or all of these resources subjects us to risks that may vary in size, scale and scope. This includes, but is not limited to, operational or technical failures, ineffectiveness or exposure due to interruption in third party support, problems arising from systems conversions, as well as the loss of key individuals or failure on the part of key individuals to perform properly. Although management has established policies and procedures to address such failures, the occurrence of any such event could have a material adverse effect on our business, which, in turn, could have a material adverse effect on our financial condition and results of operations.

Legal & Regulatory

Total Risks: 15/67 (22%)Above Sector Average

Regulation6 | 9.0%

Regulation - Risk 1

The CFPB has reshaped the consumer financial laws through rulemaking and enforcement of the prohibitions against unfair, deceptive and abusive business practices. Compliance with such initiatives may impact the business operations of depository institutions offering consumer financial products or services, including the Bank.

The CFPB has broad rulemaking authority to administer and carry out federal consumer financial protection laws. In previous years, the CFPB has initiated enforcement actions against a variety of bank and non-bank market participants with respect to a number of consumer financial products and services that have resulted in those participants expending significant time, money and resources to adjust to the initiatives being pursued by the CFPB. Past CFPB enforcement actions may serve as precedent for how the CFPB interprets and enforces consumer protection laws, including practices or acts that are deemed to be unfair, deceptive or abusive, with respect to all supervised institutions, which may result in the imposition of higher standards of compliance with such laws. With the change in Administration, there have been, and likely will continue to be, changes in the funding, leadership and staff of the CFPB. This turnover has led to changes in agency policies, tactics and interpretations. The current Administration and Congress have sought, and may continue to seek, to limit the scope and reach of the CFPB's authority. The extent and timing of any such changes and any resulting impact on our business and financial results cannot be predicted at this time. It is also unclear whether these changes will be reversed, either by the courts or by a later Administration.

Regulation - Risk 2

Changes in requirements relating to the standard of conduct for broker-dealers under applicable federal and state law may adversely affect our business.

The SEC's Regulation Best Interest establishes a new standard of conduct for a broker-dealer to act in the best interest of a retail customer when making a recommendation of any securities transaction or investment strategy involving securities to such customer. The regulation required us to review and modify our compliance activities, including our policies, procedures, and controls, which caused us to incur additional costs. State laws that impose a fiduciary duty may require monitoring, as well as require that we undertake additional compliance measures. The Bank's insurance agency subsidiary is subject to regulation and supervision in the various states in which it operates. The administration by the SEC of Regulation Best Interest, as well as any new state laws that impose a fiduciary duty, may negatively impact our results of operations, as well as increase costs associated with legal, compliance, operations, and information technology.

Regulation - Risk 3

The Bank faces risks related to the adoption of future legislation and potential changes in federal regulatory agency leadership, policies, and priorities.

As a result of the 2024 Presidential and Congressional elections, Republicans are currently able to set the policy agenda both legislatively and in the regulatory agencies that have rulemaking and supervisory authority over the financial services industry generally and the Bank. The Republican Party holds slim majorities in each of the Senate and the House of Representatives. Accordingly, the prospects for the enactment of major banking reform legislation under the current Congress are unclear at this time and could change as a result of the Congressional mid-term elections in 2026. The turnover of the current Administration has resulted in changes in the leadership and senior staffs of the regulatory agencies and the Treasury Department. These changes have impacted the rulemaking, supervision, examination and enforcement priorities and policies of the agencies, including the reversal of a number of final and proposed rules and policy statements promulgated under the prior Administration. The potential impact of any changes in agency personnel, policies and priorities on the financial services sector, including the Bank, remain uncertain. It is possible the expected changes in regulation do not occur or are reversed by a subsequent Administration.

Regulation - Risk 4

We are subject to extensive government regulation and supervision.

We are subject to extensive federal and applicable state regulation and supervision, primarily through the Bank and certain nonbank subsidiaries. Banking regulations are primarily intended to protect depositors' funds, federal deposit insurance funds, and the banking system as a whole, not shareholders. These regulations affect our lending practices, capital structure, investment practices, dividend policy, and growth, among other things. Congress and federal regulatory agencies continually review banking laws, regulations, and policies for possible changes, and changes are expected to continue under the current Administration. Changes to statutes, regulations, or regulatory policies, including changes in interpretation or implementation of statutes, regulations, or policies, could affect us in substantial and unpredictable ways. Such changes could subject us to additional costs, limit the types of financial services and products we may offer, and/or increase the ability of nonbanks to offer competing financial services and products, among other things. Failure to comply with laws, regulations, or policies could result in sanctions by regulatory agencies, civil money penalties, and/or reputation damage, which could have a material adverse effect on our business, financial condition, and results of operations. While we have policies and procedures designed to prevent these types of violations, there can be no assurance that such violations will not occur.

Regulation - Risk 5

We are subject to certain industry standards regarding our credit card-related services. Failure to meet those standards may significantly impact our ability to offer these services.

We are subject to the PCI-DSS, issued by the Payment Card Industry Security Standards Council. PCI-DSS contains compliance guidelines with regard to our security surrounding the physical and electronic storage, processing and transmission of cardholder data. Compliance with PCI-DSS and implementing related procedures, technology and information security measures requires significant resources and ongoing attention. Costs and potential problems and interruptions associated with the implementation of new or upgraded systems and technology, such as those necessary to achieve compliance with PCI-DSS or with maintenance or adequate support of existing systems could disrupt or reduce the efficiency of our operations. Any material interruptions or failures in our payment-related systems or third parties that we rely upon could have a material adverse effect on our business, results of operations and financial condition. If there are amendments to PCI-DSS, the cost of compliance could increase, and we may suffer loss of critical data and interruptions or delays in our operations as a result. If we or our service providers are unable to comply with the standards imposed by PCI-DSS, we may be subject to fines and restrictions on our ability to offer certain services, which could materially and adversely affect our business.

Regulation - Risk 6

Added

Non-compliance with the USA PATRIOT Act, BSA or other laws and regulations could result in fines or sanctions.

The USA PATRIOT Act and the BSA require financial institutions to develop risk-based compliance programs designed to prevent financial institutions from being used for money laundering, the funding of terrorist activities or other illicit finance activities. If such activities are detected, financial institutions are obligated to file suspicious activity reports with FinCEN. The BSA and its implementing regulations require covered financial institutions to establish procedures for identifying and verifying the identity of customers seeking to open new accounts. Failure to comply with the BSA and its implementing regulations could result in fines or sanctions. An increasing number of banking institutions have received large fines for non-compliance with the BSA and its implementing regulations. Although we have developed policies and procedures designed to assist in compliance with these laws and regulations, no assurance can be given that these policies and procedures will be effective in preventing violations of these laws and regulations.

Litigation & Legal Liabilities3 | 4.5%

Litigation & Legal Liabilities - Risk 1

Changed

We may be a defendant in a variety of litigation and other actions, which may have a material adverse effect on our financial condition and results of operations.

We may be involved from time to time in a variety of litigation arising out of our business. Our insurance may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation. Should the ultimate judgments or settlements in any litigation exceed our insurance coverage, they could have a material adverse effect on our financial condition and results of operations for any period. We may not be able to obtain appropriate types or levels of insurance in the future, nor may we be able to obtain adequate replacement policies with acceptable terms, if at all.

Litigation & Legal Liabilities - Risk 2

Ethics or conflict of interest issues could damage our reputation.

We have established a Code of Business Conduct and Ethics and Related Party Transaction Policies and Procedures to address the ethical conduct of business and to avoid potential conflicts of interest. Any system of controls, however well-designed and operated, is based, in part, on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the system are met. Any failure or circumvention of our related controls and procedures or failure to comply with the established Code of Business Conduct and Ethics and Related Party Transaction Policies and Procedures could have a material adverse effect on our reputation, business, results of operations, and/or financial condition.

Litigation & Legal Liabilities - Risk 3

We are subject to claims and litigation pertaining to fiduciary responsibility.

From time to time, customers make claims and take legal action pertaining to the performance of our fiduciary responsibilities. Whether customer claims and legal action related to the performance of our fiduciary responsibilities are founded or unfounded, if such claims and legal actions are not resolved in a manner favorable to us, they may result in significant financial liability and/or adversely affect the market perception of us and our products and services, as well as impact customer demand for those products and services. Any financial liability or reputation damage could have a material adverse effect on our business, which, in turn, could have a material adverse effect on our financial condition and results of operations.

Taxation & Government Incentives3 | 4.5%

Taxation & Government Incentives - Risk 1

We are subject to examinations and challenges by tax authorities.

We are subject to federal and applicable state income tax regulations. Income tax regulations are often complex and require interpretation. Changes in income tax regulations could negatively impact our results of operations. In the normal course of business, we are routinely subject to examinations and challenges from federal and applicable state tax authorities regarding the amount of taxes due in connection with investments we have made and the businesses in which we have engaged. Recently, federal and state taxing authorities have become increasingly aggressive in challenging tax positions taken by financial institutions. These tax positions may relate to tax compliance, sales and use, franchise, gross receipts, payroll, property and income tax issues, including tax base, apportionment and tax credit planning. The challenges made by tax authorities may result in adjustments to the timing or amount of taxable income or deductions or the allocation of income among tax jurisdictions. If any such challenges are made and are not resolved in our favor, they could have a material adverse effect on our financial condition and results of operations.

Taxation & Government Incentives - Risk 2

Changed

Fee revenues from overdraft protection programs constitute a significant portion of our noninterest income and may become subject to increased supervisory scrutiny.

Revenues derived from transaction fees associated with overdraft protection programs offered to our customers represent a significant portion of our noninterest income. In 2025, the Corporation collected approximately $16.1 million in overdraft transaction fees. Members of Congress and previous leadership of the CFPB and OCC have expressed a heightened interest in bank overdraft protection programs. In 2023 and 2024, the CFPB brought enforcement actions against a number of financial institutions for overdraft practices that the CFPB alleged to be unlawful and ordered each of these institutions to pay a substantial civil money penalty in addition to customer restitution. The CFPB found that these institutions engaged in unlawful overdraft practices by, among other things, systematically and repeatedly charging fees to customers with insufficient funds in their accounts, imposing overdraft fees without adequate disclosures, charging overdraft fees without proper consent, and misleading customers about the terms and costs of overdraft coverage. The CFPB under the prior Administration published guidance and engaged in rulemaking that imposed limitations on overdraft fees and NSF fees, which were rescinded or repealed in 2025. In response to this congressional and regulatory scrutiny, and in response to supervision and enforcement of overdraft protection practices, certain banking organizations have modified their overdraft protection programs, including by discontinuing the imposition of overdraft transaction fees. In 2022, the Corporation eliminated NSF fees, overdraft protection transfer fees, and continuous overdraft fees and reduced the daily limit of overdraft fee occurrences from four to two. We may further modify our overdraft program and practices in response to competitive pressures, supervisory guidance and observable trends from public enforcement actions.

Taxation & Government Incentives - Risk 3

Changes in the federal, state, or local tax laws may negatively impact our financial performance.

We are subject to changes in tax law that could increase our effective tax rates. These law changes may be retroactive to previous periods and as a result could negatively affect our current and future financial performance. For example, legislation enacted in 2017 resulted in a reduction in our federal corporate tax rate from 35% in 2017 to 21% in 2018, which had a favorable impact on our earnings and capital generation abilities. However, this legislation enacted limitations on certain deductions, such as the deduction of FDIC deposit insurance premiums, which partially offset the anticipated increase in net earnings from the lower tax rate. The current Administration may further reduce the federal corporate tax rate, but the extent and timing of any tax reform, as well as any corresponding effect on our business and financial results, are uncertain at this time. On the other hand, any increase in the corporate tax rate or surcharges that may be adopted by Congress would adversely affect our results of operations in future periods. The Bank's customers experienced and likely will continue to experience varying effects from both the individual and business tax provisions of the Tax Act. Certain provisions of the Tax Act were extended by the One Big Beautiful Bill Act. Future changes in tax law and such effects, whether positive or negative, may have a corresponding impact on our business and the economy as a whole.

Environmental / Social3 | 4.5%

Environmental / Social - Risk 1

Information security risks for financial institutions like us continue to increase in part because of new technologies, the increased use of the internet and telecommunications technologies (including mobile devices and cloud computing) to conduct financial and other business transactions, political activism, and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists and others.

We rely on computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business. Operational risk related to cyber-attacks is increasing as cyber-attacks evolve and have a greater and more pervasive economic impact. In addition to cyber-attacks or other security breaches involving the theft, loss, destruction, gathering, monitoring, dissemination, misappropriation, misuse, alteration, or unauthorized disclosure of or unauthorized access to sensitive and confidential information (including personal information), hackers have engaged in attacks against large financial institutions, designed to disrupt key business services, such as customer-facing web sites. Critical infrastructure sectors, including financial services, increasingly have been the targets of cyber-attacks, including attacks emanating from foreign countries. Cyber-attacks involving large financial institutions, including distributed denial of service attacks designed to disrupt external customer-facing services, cyber-attacks carried out by terrorists, nation states, nation-state supported actors, organized criminal groups or "hacktivists", and ransomware attacks designed to deny organizations access to key internal resources or systems or other critical data, as well as targeted social engineering and phishing email and text message attacks designed to allow unauthorized persons to obtain access to an institution's information systems and data or that of its customers, are becoming more common and increasingly sophisticated. Cyber-attacks continue to evolve and become more pervasive throughout the financial services sector. In particular, there has been an observed increase in the number of distributed denial of service and ransomware attacks against the financial sector, for which the increase is believed to be partially attributable to politically motivated attacks as well as financial demands coupled with extortion. Further, threat actors continue to exploit publicly known software vulnerabilities and weak authentication controls used by large numbers of banking organizations in order to conduct malicious cyber activities. These types of attacks have resulted in increased supply chain and third-party risk. Such cybersecurity threats may see their frequency increased, and effectiveness enhanced, by the use of AI. Because the methods of cyber-attacks change frequently or, in some cases, are not recognized until launch, we are not able to anticipate or implement effective preventive measures against all possible security breaches and the probability of a successful attack cannot be predicted. Although we employ detection and response mechanisms designed to contain and mitigate security incidents, early detection may be thwarted by persistent sophisticated attacks and malware designed to avoid detection. We face risks related to cyber-attacks and other security breaches in connection with card transactions that typically involve the transmission of sensitive information (including personal information) regarding our customers through various third parties. Some of these parties have in the past been the target of security breaches and cyber-attacks, and because the transactions involve third parties and environments that we do not control or secure, future security breaches or cyber-attacks affecting any of these third parties could impact us, and in some cases we may have exposure and suffer losses for breaches or attacks relating to them. We rely on numerous other third-party service providers to conduct other aspects of our business operations and face similar risks relating to them. We cannot be sure that such third-party information security protocols are sufficient to withstand a cyber-attack or other security breach. Cybersecurity risks for financial institutions have evolved as a result of the increased interconnectedness of operating environments and the use of new technologies, devices and delivery channels to transmit data and conduct financial transactions. The adoption of new products, services and delivery channels contribute to a more complex operating environment, which enhances operational risk and presents the potential for additional structural vulnerabilities. As such, a single cyber-attack is now able to compromise hundreds of organizations and affect a significant number of consumers. The adoption of hybrid and remote work environments in the past several years presents institutions with additional cybersecurity vulnerabilities and risks. The Corporation endeavors to regularly evaluate its systems and controls and implement upgrades as necessary. The additional cost to the Corporation of our cybersecurity monitoring and protection systems and controls includes the cost of hardware and software, third party technology providers, consulting and forensic testing firms, insurance premium costs and legal fees and the incremental cost of our personnel who focus a substantial portion of their responsibilities on cybersecurity. Any attempted or successful cyber-attack or other security breach involving the theft, loss, destruction, gathering, monitoring, dissemination, misappropriation, misuse, alteration, or unauthorized disclosure of or unauthorized access to sensitive or confidential client or customer information (including personal information), confidential and proprietary information relating to our bank and operations, unauthorized access to our information systems or networks or that of our third-party service providers, or unauthorized access to other data that compromises our ability to function could severely damage our reputation, erode confidence in the security of our systems and networks, products and services, expose us to the risk of litigation and liability, disrupt our operations and have a material adverse effect on our business. Any attempted or successful cyber-attack may subject the Corporation to regulatory investigations, litigation (including class action litigation) or enforcement, or require the payment of regulatory fines or penalties or undertaking costly remediation efforts with respect to third parties affected by a cybersecurity incident, all or any of which could adversely affect the Corporation's business, financial condition or results of operations and damage its reputation. Finally, we cannot guarantee that any costs and liabilities incurred in relation to an attack or incident will be covered by our existing insurance policies or that applicable insurance will be available to us in the future on economically reasonable terms or at all.

Environmental / Social - Risk 2

Changed

Compliance with the rapidly evolving federal and state laws relating to the handling of information about individuals involves significant expenditure and resources, and any failure by us or our service providers to comply may result in significant liability, negative publicity, and/or an erosion of trust, which could materially adversely affect our business, results of operations, and financial condition.

We and our service providers are subject to a number of U.S. federal, state, and local laws and regulations, industry standards and other requirements relating to consumer privacy and data protection. For more information, see "Privacy, Data Protection, and Cybersecurity" in the Item 1, Business section above. Both to comply with applicable existing law and to prepare for potential expansions in laws requiring protection of personal information, we must endeavor to maintain adequate privacy and security measures, which require significant investments in resources and ongoing attention. We send marketing messages via email and occasionally make telephone calls and/or send SMS text messages to customers. The actual or perceived improper emailing of marketing communications, calling of customer phones and/or sending of text messages may subject us to potential risks, including liabilities or claims relating to consumer protection laws such as the TCPA and the CAN-SPAM Act. Numerous class-action suits under federal and state laws have been filed in recent years against companies who conduct telemarketing and/or SMS texting programs, and any future such litigation against us could be costly and time-consuming to defend. In particular, the TCPA imposes significant restrictions on the ability to make telephone calls or send text messages to mobile telephone numbers without the prior consent of the person being contacted. Federal or state regulatory authorities or private litigants may claim that the notices and disclosures we provide, form of consents we obtain or our outreach practices are not adequate or violate applicable law. This may in the future result in civil claims against us. Claims that we have violated the TCPA could be costly to litigate, whether or not they have merit, and could expose us to substantial statutory damages or costly settlements. While we strive to ensure that all of our marketing communications comply with the requirements set forth in the CAN-SPAM Act, any violations could result in the FTC seeking civil penalties against us. Moreover, we are considered a both a "furnisher" of consumer report information and a "user" of consumer reports provided by consumer reporting agencies under the FCRA. Our failure to satisfy the obligations under the FCRA, as applicable, may expose us to supervisory scrutiny or litigation, each of which could have a material adverse effect on our financial condition and results of operations. Our obligations related to privacy and security are quickly changing in an increasingly stringent fashion and may be subject to differing applications and interpretations, which may be inconsistent or in conflict among jurisdictions. Preparing for and complying with these obligations requires us to devote significant resources and may necessitate changes to our business practices. We enter into agreements with third parties regarding our collection, sharing, use, storage and other processing of personal information and publish public privacy policies and make other public statements about our privacy and security practices. Although we endeavor to comply with our privacy and security obligations, we may at times fail to do so or may be perceived to have failed to do so, including due to the errors or omissions of our personnel and third parties upon which we rely. Any failure or perceived failure by us to comply with laws, regulations and other requirements relating to the privacy, security and handling of information could result in legal claims or proceedings (including class actions), regulatory investigations, enforcement actions, claims, fines, judgments, awards, penalties or sanctions. We could incur significant costs in investigating and defending such claims and, if found liable, pay significant damages or fines or be required to make changes to our business. These proceedings and any subsequent adverse outcomes may subject us to significant negative publicity and an erosion of trust. If any of these events were to occur, our business, results of operations, and financial condition could be materially adversely affected.

Environmental / Social - Risk 3

We are subject to environmental liability risk associated with lending activities.

A significant portion of our loan portfolio is secured by real property. During the ordinary course of business, we may foreclose on and take title to properties securing certain loans. In doing so, there is a risk that hazardous or toxic substances could be found on these properties. If hazardous or toxic substances are found, we may be liable for remediation costs, as well as for personal injury and property damage. Environmental laws may require us to incur substantial expenses which may materially reduce the affected property's value or limit our ability to use or sell the affected property. Future laws or more stringent interpretations or enforcement policies with respect to existing laws may increase our exposure to environmental liability. Although we have policies and procedures to perform an environmental review before lending against or initiating any foreclosure action on real property, these reviews may not be sufficient to detect all potential environmental hazards. The remediation costs and any other financial liabilities associated with an environmental hazard could have a material adverse effect on our financial condition and results of operations. Liquidity and Interest Rate Risks

Macro & Political

Total Risks: 8/67 (12%)Above Sector Average

Economy & Political Environment5 | 7.5%

Economy & Political Environment - Risk 1

The earnings of financial services companies are significantly affected by general business and economic conditions.

Our operations and profitability are impacted by general business and economic conditions in the United States and abroad. These conditions include short-term and long-term interest rates, inflation, money supply, political issues, ramifications of conflicts including the Russia-Ukraine conflict, Israeli-Palestinian conflict and other conflicts and government turmoil in the Middle East, Europe and Latin America, legislative and regulatory changes, fluctuations in both debt and equity capital markets, broad trends in industry and finance, the strength of the United States economy, and uncertainty in financial markets globally, all of which are beyond our control. A deterioration in economic conditions, including those arising from government shutdowns, defaults, anticipated defaults or rating agency downgrades of sovereign debt (including debt of the U.S.), or increases in unemployment, could result in an increase in loan delinquencies and NPAs, decreases in loan collateral values, and a decrease in demand for our products and services, among other things, any of which could have a material adverse impact on our financial condition and results of operations.

Economy & Political Environment - Risk 2

Our profitability depends significantly on economic conditions in the states within which we do business.

Our success depends on the general economic conditions of the local markets in which we operate, particularly Wisconsin, Illinois, and Minnesota. Local economic conditions have a significant impact on the demand for our products and services, as well as the ability of our customers to repay loans, on the value of the collateral securing loans, and the stability of our deposit funding sources. A significant decline in general local economic conditions caused by inflation, recession, unemployment, changes in securities markets, changes in housing market prices, or other factors could have a material adverse effect on our financial condition and results of operations.

Economy & Political Environment - Risk 3

Significant changes to the size, structure, powers and operations of the federal government may cause economic disruptions that could, in turn, adversely impact our business, results of operations and financial condition.

The current Administration continues to implement significant changes to the size and scope of the federal government and reform its operations to achieve stated goals that include reducing the federal budget deficit and national debt, improving the efficiency of government operations, and promoting innovation and economic growth. To date, these efforts have been carried out through a mix of executive actions aimed at eliminating or modifying federal agency and federal program funding, reducing the size of the federal workforce, reducing or altering the scope of activities conducted by, and possibly eliminating, various federal agencies and bureaus, and encouraging the use of AI and other advanced technologies within the public and private sectors. These changes, if implemented and taken as a whole, may have varied effects on the economy that are difficult to predict. For instance, the delivery of government services and the distribution of federal program funds and benefits may be disrupted or, in some cases, eliminated as a result of fraud investigations, funding cuts or recasting of federal agency mandates. Further, a substantial reduction of the federal workforce could adversely affect regional and local economies, both directly and indirectly, in geographies with significant concentrations of federal employees and contractors. It is possible that such comprehensive changes to the federal government may be materially adverse to the regional and local economies where we conduct business and to our customers, which, in turn, could be materially adverse to our business, financial condition and results of operations.

Economy & Political Environment - Risk 4

Fiscal challenges facing the U.S. government could negatively impact financial markets which in turn could have an adverse effect on our financial position or results of operations.

Federal budget deficit concerns and the potential for political conflict over legislation to fund U.S. government operations and raise the U.S. government's debt limit may increase the possibility of a default by the U.S. government on its debt obligations,related credit-rating downgrades, or an economic recession in the United States. Many of our investment securities are issued by the U.S. government and government agencies and sponsored entities. As a result of uncertain domestic political conditions, including potential future federal government shutdowns, the possibility of the federal government defaulting on its obligations for a period of time due to debt ceiling limitations or other unresolved political issues, investments in financial instruments issued or guaranteed by the federal government pose liquidity risks. In connection with prior political disputes over U.S. fiscal and budgetary issues leading to the U.S. government shutdown in 2011, S&P lowered its long-term sovereign credit rating on the U.S. from AAA to AA+. In part due to repeated debt-limit political standoffs and last-minute resolutions, in 2023 Fitch downgraded the U.S. long-term foreign-currency issuer default rating to AA+ from AAA and in 2025 Moody's downgraded the U.S. long-term issuer and senior unsecured ratings to Aa1 from Aaa. A further downgrade, or a downgrade by other rating agencies, as well as sovereign debt issues facing the governments of other countries, could have a material adverse impact on financial markets and economic conditions in the U.S. and worldwide.

Economy & Political Environment - Risk 5

Changes and instability in economic conditions, geopolitical matters and financial markets, including a contraction of economic activity, could adversely impact our business, results of operations and financial condition.

Our success depends, to a certain extent, upon global, domestic and local economic and political conditions, as well as governmental monetary policies. Conditions such as changes in interest rates, money supply, levels of employment and other factors beyond our control may have a negative impact on economic activity. Any contraction of economic activity, including an economic recession, may adversely affect our asset quality, deposit levels and loan demand and, therefore, our earnings. In particular, interest rates are highly sensitive to many factors that are beyond our control, including global, domestic and local economic conditions and the policies of various governmental and regulatory agencies and, specifically, the Federal Reserve. Throughout 2022 and 2023, the FOMC raised the target range for the federal funds rate on eleven separate occasions, citing factors including the hardships caused by the ongoing Russia-Ukraine conflict, continued global supply chain disruptions and imbalances, and increased inflationary pressure. In the third and fourth quarters of 2024, however, the FOMC pivoted and lowered the federal funds rate from 5.50% to 4.50% based principally on reduced levels of inflation and labor market factors. The FOMC continued to lower the federal funds rate several times in 2025, with the federal funds rate reaching a target range of 3.50% to 3.75% at the FOMC's December 10, 2025 meeting. The FOMC maintained these rates at its January 28, 2026 meeting. As of December 31, 2025, various economic indicators suggested that real GDP had expanded solidly throughout 2025. The unemployment rate had increased, on net, but remained low relative to historic norms. Consumer price inflation, as measured by the 12-month change in the price index for personal consumption expenditures, decreased compared to its peak level in 2023, approaching the Federal Reserve's two percent inflation objective. The U.S. economy had strong GDP growth, loosening of tight labor markets and slowed inflation in 2025. While this positive growth may continue in 2026, external factors such as stricter immigration policies, tariffs, and other trade policies, sanctions, geopolitical tensions, high unemployment, civil unrest, and other political or trade-related policies affecting domestic and global markets may cause greater economic uncertainty. Such conditions may adversely affect our asset quality, deposit levels, loan demand and results of operations. As a result of the economic and geopolitical factors discussed above, financial institutions face heightened credit risk, among other forms of risk. Of note, because we have a significant amount of real estate loans, decreases in real estate values could adversely affect the value of property used as collateral, which, in turn, can adversely affect the value of our loan and investment portfolios. Adverse economic developments, specifically including inflation-related impacts, may have a negative effect on the ability of our borrowers to make timely repayments of their loans or to finance future home purchases. The outlook for CRE is dependent on the economic environment and how major subsectors respond to the interest rate environment and continued higher prices for commodities, goods and services. Credit performance over the medium- and long-term is susceptible to economic and market forces and therefore forecasts remain uncertain; however, some degree of instability in the CRE markets is expected in the coming quarters as loans continue to be refinanced in markets with higher vacancy rates.

Natural and Human Disruptions2 | 3.0%

Natural and Human Disruptions - Risk 1

Added

Climate-related risks could adversely affect our business and performance, including indirectly through impacts on our customers.

There continues to be a concern, including on the part of certain state regulators, regarding climate change and its impacts. Climate change could manifest as a financial risk to us either through changes in the physical climate or from the process of transitioning to a low-carbon economy. Both physical risks and transition risks associated with climate change could have negative impacts on the financial condition or creditworthiness of our customers, and on its exposure to those customers. Physical risks include the increased frequency or severity of acute weather events, such as floods, wildfires and tropical cyclones, and chronic shifts in the climate, such as persistent changes in precipitation levels, rising sea levels, or increases in average ambient temperature. Transition risks arise from societal adjustment to a low-carbon economy, such as changes in public policy, adoption of new technologies or changes in consumer preferences toward low-carbon goods and services. These risks could also be influenced by changes in the physical climate. Concerns over the anticipated and unanticipated impacts of climate change (including physical risk and transition risk) have led and may continue to lead to governmental efforts to mitigate those impacts. The Corporation may be compelled to change or cease some of its business or operational practices or to incur additional capital, compliance, and other costs because of climate- or environmental-driven changes in applicable law or supervisory expectations or due to related political, social, market, or similar pressure. The Corporation and its customers may face cost increases, asset value reductions, operating process changes, and other issues. In addition, the Corporation could face reductions in creditworthiness on the part of some customers or in the value of asset securing loans. The Corporation's efforts to take these risks into account in making lending and other decisions may not be effective in protecting it from the negative impact of new laws and regulations or changes in consumer or business behavior. Further, there is increased scrutiny of climate change-related and other ESG-related policies, goals and disclosures. The Corporation's stakeholders may disagree with these policies and goals, or conversely, believe that these policies and goals are insufficient, which may lead to a decrease in demand for our products and services or damage our reputation. For example, certain federal and state laws and regulations relating to climate or other ESG issues may include provisions that conflict with other laws and regulations, which may increase our costs or limit our ability to conduct business in certain jurisdictions In particular, there is an increasing number of state-level anti-ESG initiatives in the United States that may conflict with other regulatory requirements or our various stakeholders' expectations. Such divergent, sometimes conflicting, views on such matters increase the risk that any action or lack thereof by the Corporation on such matters will be perceived negatively by some stakeholders. The Corporation may also incur additional costs and require additional resources as it evolves its strategy, practices and related disclosures with respect to these matters. In addition, there are and will continue to be challenges related to capturing, verifying, analyzing and disclosing climate-related data that is subject to measurement uncertainties.

Natural and Human Disruptions - Risk 2

Severe weather, natural disasters, public health issues, civil unrest, acts of war or terrorism, and other external events could significantly impact our ability to conduct business.

Such events could affect the stability of our deposit base, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, adversely impact our employee base, cause significant property damage, result in loss of revenue, and/or cause us to incur additional expenses. Climate change and other environmental and social pressures are expected to increase the intensity and frequency of certain events, as well as contribute to chronic changes (such as changes to meteorological or hydrological patterns) that may adversely impact our operations. Although management has established disaster recovery policies and procedures, there is no guarantee these will be successful, and the occurrence of any such event could have a material adverse effect on our business, which, in turn, could have a material adverse effect on our financial condition and results of operations. Strategic and External Risks

Capital Markets1 | 1.5%

Capital Markets - Risk 1

Changes in U.S. trade policies, including the imposition of tariffs and retaliatory tariffs, may adversely impact our business, financial condition, and results of operations.

The Trump Administration, during its second term beginning 2025, imposed tariffs against goods imported from U.S. trading partners, including Canada, Mexico and China. The tariffs have resulted in threats of retaliatory tariffs against U.S. goods, discussions with the countries which have delayed many of the U.S. imposed tariffs while discussions with each trading partner continue and litigation in the U.S. courts. Tariffs and trade restrictions may cause the prices of our customers' products to increase, which could reduce demand for such products, or reduce our customers' margins, and adversely impact their revenues, financial results, and ability to service debt. This in turn could adversely affect our financial condition and results of operations. To the extent changes in the political environment have a negative impact on us or on the markets in which we operate our business, our results of operations and financial condition could be materially and adversely impacted in the future. At this time, it remains unclear what the U.S. government or foreign governments will or will not do in response to additional tariffs that may be imposed or international trade agreements and policies.

Tech & Innovation

Total Risks: 5/67 (7%)Above Sector Average

Cyber Security1 | 1.5%

Cyber Security - Risk 1

Changed

Unauthorized disclosure of sensitive or confidential client or customer information (including personal information), whether through a cyber-attack, other breach of our computer systems or otherwise, could severely harm our business.

In the normal course of our business, we collect, share, use, store and otherwise process sensitive and confidential client and customer information, including personal information, on our behalf and on behalf of other third parties. Despite the security measures we have in place, our facilities, systems and networks may be vulnerable to cyber-attacks, security breaches, acts of vandalism, theft, computer viruses, malware, ransomware, denial of service attacks, phishing or other social engineering attacks, credential stuffing, account takeovers, misplaced or lost data, programming and/or human errors, software or hardware failures, or other similar events.

Technology4 | 6.0%

Technology - Risk 1

Changed

We rely heavily on communications and information systems and networks to conduct our business. Any failures or disruptions to our third parties' communications and information systems and networks could materially and adversely affect our business.

Our business is dependent on our and third parties' information technology systems and networks. Any failure, interruption, or breach in security or operational integrity of our or our third-party service providers' communications and information systems or networks, including those caused by a cyber-attack, could result in failures or disruptions in our customer relationship management, general ledger, deposit, loan, and other systems. Our computer, communications, data processing, networks, backup, business continuity or other operating, information or technology systems and networks, including those that we outsource to providers, may fail to operate properly or become disabled, overloaded or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could have a negative effect on our ability to conduct our business activities. While we have policies and procedures designed to prevent or limit the effect of the failure, interruption, or security breach of our or our third parties' communications and information systems and networks, we cannot completely ensure that any such failures, interruptions, or security breaches will not occur, nor can we ensure that our prevention procedures and information security program will function as designed and planned. Our business interruption insurance may be inadequate to compensate us for all losses that may occur as a result of any system, network or operational failure or disruption. The occurrence of any failures, interruptions, or security breaches of our or our third-party service providers' communications and information systems and networks, including those caused by a cyber-attack, could damage our reputation, result in a loss of customer business, subject us to additional regulatory scrutiny, or expose us to civil litigation and possible financial liability, any of which could have a material adverse effect on our financial condition and results of operations.

Technology - Risk 2

Changed

The use of AI in connection with our business and operations contains inherent risks that may expose us to material harm and any actual or perceived failure to comply with evolving regulatory frameworks around the development and use of AI could adversely affect our business, results of operations, and financial condition.

Our business increasingly relies on AI, machine learning and automated decision making to improve our services and our customers' experience. The regulatory framework around the development and use of these emerging technologies is rapidly evolving, and many federal, state and foreign government bodies and agencies have introduced and/or are currently considering additional laws and regulations. The implementation standards and enforcement practices are likely to remain uncertain for the foreseeable future, and we cannot yet determine the impact future laws, regulations, standards, or perception of their requirements may have on our business. If any of our employees or service providers use any third-party AI-powered software in connection with our business or the services they provide to us, it may lead to the inadvertent disclosure or incorporation of our confidential information into publicly available training sets, which may impact our ability to realize the benefit of, or adequately maintain, protect and enforce our intellectual property or confidential information, harming our competitive position and business. Any output created by us using AI tools may not be subject to copyright protection, which may adversely affect our intellectual property rights in, or ability to commercialize or use, any such content. If we do not have sufficient rights to use the data or other material or content on which our AI solutions rely, or if we experience cybersecurity incidents in connection with our use of AI, we may incur liability through the violation of applicable laws and regulations, such as fair lending laws and regulations, third-party intellectual property, privacy or other rights, or contracts to which we are a party. We may not be able to sufficiently mitigate or detect any of the foregoing limitations or risks given our and other market participants' lack of experience with using AI, the pace of technological change, and rapid adoption of AI by our business partners and competitors. This exposes us to potential damage to our reputation, adverse impacts on our business operations, and violation of legal and regulatory obligations. Any of the foregoing, together with developing guidance and/or decisions in this area, may affect our use of AI and our ability to provide and improve our services, require additional compliance measures and changes to our operations and processes, and result in increased compliance costs and potential increases in civil claims against us. Any actual or perceived failure to comply with evolving regulatory frameworks around the development and use of AI, machine learning and automated decision making or to address any ethical, reputational, technical, operational, legal, competitive or regulatory issues could adversely affect our business, results of operations, and financial condition.

Technology - Risk 3

We depend on the accuracy and completeness of information furnished by and on behalf of our customers and counterparties.

In deciding whether to extend credit or enter into other transactions, we rely on information furnished by or on behalf of customers and counterparties, including financial statements, credit reports, and other financial information. We may rely on representations of those customers, counterparties, or other third parties, such as independent auditors, as to the accuracy and completeness of that information. Reliance on inaccurate or misleading financial statements, credit reports, or other financial information could cause us to enter into unfavorable transactions, which could have a material adverse effect on our financial condition and results of operations.

Technology - Risk 4

Failure to keep pace with technological change could adversely affect our business.

The financial services industry is continually undergoing rapid technological change with frequent introductions of new technology-driven products and services, including, for example, the growing use of AI, machine learning and automated decision making, as well as blockchain technology to provide alternative high speed payment systems. The effective use of technology increases efficiency and enables financial institutions to better serve customers and to reduce costs. Our future success depends, in part, upon our ability to address the needs of our customers by using technology to provide products and services that will satisfy customer demands, as well as to create additional efficiencies in our operations. Many of our competitors have substantially greater resources to invest in technological improvements. We may not be able to effectively implement new technology-driven products and services or be successful in marketing these products and services to our customers. Failure to successfully keep pace with technological change affecting the financial services industry could have a material adverse impact on our business and, in turn, our financial condition and results of operations.

Ability to Sell

Total Risks: 5/67 (7%)Above Sector Average

Competition1 | 1.5%

Competition - Risk 1

We operate in a highly competitive industry and market area.

We face substantial competition in all areas of our operations from a variety of different competitors, both within and beyond our principal markets, many of which are larger and may have more financial resources. Such competitors primarily include national, regional, and internet banks within the various markets in which we operate. We face competition from many other types of financial institutions, including, without limitation, savings and loans, credit unions, finance companies, brokerage firms, insurance companies, fintech companies, including those related to digital currencies or cryptocurrencies, and other financial intermediaries. The financial services industry could become even more competitive as a result of legislative and regulatory changes and continued consolidation. In recent years, the OCC has accepted applications from financial technology companies to become special purpose national banks. These and similar developments at the state level are likely to result in even greater competition within all areas of our operations. As customer preferences and expectations continue to evolve, technology has lowered barriers to entry and made it possible for nonbanks to offer products and services traditionally provided by banks, such as automatic transfer and automatic payment systems. Technology firms are engaging in joint ventures with banks to provide and/or expand financial service offerings with a technological sophistication and breadth of marketing that smaller institutions do not have. Many of our competitors have fewer regulatory constraints and may have lower cost structures. Due to their size, many competitors may be able to achieve economies of scale and, as a result, may offer a broader range of products and services as well as better pricing for those products and services than we can. Our ability to compete successfully depends on a number of factors, including, among other things: - the ability to develop, maintain, and build upon long-term customer relationships based on top quality service, high ethical standards, and safe, sound assets;- the ability to expand our market position;- the scope, relevance, and pricing of products and services offered to meet customer needs and demands;- the rate at which we introduce new products and services relative to our competitors;- customer satisfaction with our level of service; and - industry and general economic trends. Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect our growth and profitability, which, in turn, could have a material adverse effect on our financial condition and results of operations.

Sales & Marketing3 | 4.5%

Sales & Marketing - Risk 1

New lines of business or new products and services may subject us to additional risk.

From time to time, we may implement new lines of business or offer new products and services within existing lines of business. There are substantial risks and uncertainties associated with these efforts, particularly in instances where the markets are not fully developed. In developing and marketing new lines of business and/or new products and services, we may invest significant time and resources. Initial timetables for the introduction and development of new lines of business and/or new products or services may not be achieved, and price and profitability targets may not prove feasible. External factors, such as competitive alternatives and shifting market preferences, may impact the successful implementation of a new line of business and/or a new product or service. Furthermore, strategic planning remains important as we adopt innovative products, services, and processes in response to the evolving demands for financial services and the entrance of new competitors, such as out-of-market banks and financial technology firms. Any new line of business and/or new product or service could have a significant impact on the effectiveness of our system of internal controls, so we must responsibly innovate in a manner that is consistent with sound risk management and is aligned with the Bank's overall business strategies. Failure to successfully manage these risks in the development and implementation of new lines of business and/or new products or services could have a material adverse effect on our business, results of operations and financial condition.

Sales & Marketing - Risk 2

We face significant operational risks due to the high volume and the high dollar value nature of transactions we process.

We operate in many different businesses in diverse markets and rely on the ability of our employees and systems to process transactions. Operational risk is the risk of loss resulting from our operations, including but not limited to, the risk of fraud by employees or persons outside the Corporation, the execution of unauthorized transactions, errors relating to transaction processing and technology, breaches of our internal control systems or failures of those of our suppliers or counterparties, compliance failures, cyber-attacks or other security breaches, technology failures, or unforeseen problems encountered while implementing new computer systems or upgrades to existing systems, business continuation and disaster recovery issues, and other external events. In recent periods, the OCC has observed an increased incidence of check fraud, wire fraud, peer-to-peer payment fraud, and the use of AI technology to facilitate the perpetration of social engineering and impersonation schemes and identity theft. Insurance coverage may not be available for such losses, or where available, such losses may exceed insurance limits. This risk of loss includes the potential legal actions that could arise as a result of an operational deficiency or as a result of noncompliance with applicable regulatory standards, adverse business decisions or their implementation, and customer attrition due to potential negative publicity. The occurrence of any of these events could cause us to suffer financial loss, face regulatory action and suffer damage to our reputation.

Sales & Marketing - Risk 3

We are subject to lending concentration risks.

As of December 31, 2025, 65% of our loan portfolio consisted of commercial and industrial, real estate construction, and CRE loans (collectively, "commercial loans"). Commercial loans are generally viewed as having more inherent risk of default than residential mortgage loans or other consumer loans. Further, the commercial loan balance per borrower is typically larger than that for residential mortgage loans and other consumer loans, implying higher potential losses on an individual loan basis. Because our loan portfolio contains a number of commercial loans with significant balances, the deterioration of one or a few of these loans could cause a significant increase in nonaccrual loans, which could have a material adverse effect on our financial condition and results of operations.

Brand / Reputation1 | 1.5%

Brand / Reputation - Risk 1

Negative publicity could damage our reputation.

Reputation risk, or the risk to our earnings and capital from negative public opinion, is inherent in our business. Negative public opinion could adversely affect our ability to keep and attract customers and expose us to adverse legal and regulatory consequences. Negative public opinion could result from our actual or alleged conduct in any number of activities, including lending or foreclosure practices, corporate governance, regulatory compliance, mergers and acquisitions, and disclosure, sharing or inadequate protection of customer information, and from actions taken by government regulators and community organizations in response to that conduct. Because we conduct most of our business under the "Associated Bank" brand, negative public opinion about one business could affect our other businesses. The speed with which information spreads through news, social media and other sources, including on the internet, means that negative information about the Corporation can rapidly have a broadly adverse impact on its reputation. This is true whether or not the information is accurate. Once information has gone viral, it can be difficult to counter it effectively, either by correcting inaccuracies or communicating remedial steps taken for actual issues. The potential impact of negative information going viral and the ease with which customers transact means that material reputational harm can result from a single discrete or isolated incident.

Production

Total Risks: 3/67 (4%)Below Sector Average

Employment / Personnel2 | 3.0%

Employment / Personnel - Risk 1

Loss of key colleagues may disrupt relationships with certain customers.

Our business is primarily relationship-driven in that many of our key colleagues have extensive customer relationships. Loss of a key colleague with such customer relationships may lead to the loss of business if the customers were to follow that colleague to a competitor or otherwise choose to transition to another financial services provider. While we believe our relationship with our key personnel is good, we cannot guarantee that all of our key personnel will remain with our organization. Loss of such key personnel could result in the loss of some of our customers.

Employment / Personnel - Risk 2

We may not be able to attract and retain skilled people.

Our success depends, in large part, on our ability to attract and retain skilled people. Competition for the best people in most activities engaged in by us can be intense, and we may not be able to hire sufficiently skilled people or to retain them. The unexpected loss of services of one or more of our key personnel could have a material adverse impact on our business because of their skills, knowledge of our markets, years of industry experience, and the difficulty of promptly finding qualified replacement personnel.

Supply Chain1 | 1.5%

Supply Chain - Risk 1

We are dependent upon third parties for certain information system, data management and processing services, and to provide key components of our business infrastructure.

We outsource certain information system and data management and processing functions to third-party service providers to compete in a rapidly evolving financial marketplace. We may outsource to certain foreign-based service providers in the future. These third-party service providers are sources of operational and informational security risk to us, including risks associated with operational errors, information system interruptions or breaches, and unauthorized disclosures of sensitive or confidential client or customer information, including personal information. Any service relationships that we may have with foreign-based service providers would present additional risks, including, for example, country risk (e.g., risks relating to economic, social, and political conditions within the service provider's home country that may inhibit the ability of the service provider to provide us with services) and compliance risk (e.g., risks arising from the cross-border flow of information and services and the potential applicability of foreign laws and regulations). Concentration among larger third-party service providers servicing large segments of the banking industry can potentially affect wide segments of the financial industry. If third-party service providers encounter any of these issues, or if we have difficulty communicating with them, we could be exposed to disruption of operations, loss of service or connectivity to customers, reputational damage, and litigation risk that could have a material adverse effect on our results of operations or our business. Third-party service providers provide key components of our business infrastructure, such as internet connections, network access and core application processing. While we have selected these third-party service providers in accordance with supervisory requirements, we do not control their actions. The actions of these third parties, including as a result of their not providing us their services for any reason or their performing their services poorly, could adversely affect our ability to deliver products and services to our customers and otherwise to conduct our business. Replacing these third-party service providers could entail significant delay and expense.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.