Bank of America (BAC) Risk Analysis

30,542 Followers

Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Bank of America disclosed 30 risk factors in its most recent earnings report. Bank of America reported the most risks in the “Finance & Corporate” category.

Risk Overview Q3, 2025

Risk Distribution

40% Finance & Corporate

23% Macro & Political

17% Legal & Regulatory

10% Tech & Innovation

7% Ability to Sell

3% Production

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2022

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Bank of America Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2025

Main Risk Category

Finance & Corporate

With 12 Risks

Finance & Corporate

With 12 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 32

No changes from last report

S&P 500 Average: 32

Recent Changes

1Risks added

0Risks removed

0Risks changed

Since Sep 2025

1Risks added

0Risks removed

0Risks changed

Since Sep 2025

Number of Risk Changed

No changes from last report

S&P 500 Average: 1

No changes from last report

S&P 500 Average: 1

See the risk highlights of Bank of America in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 30

Finance & Corporate

Total Risks: 12/30 (40%)Below Sector Average

Accounting & Financial Operations2 | 6.7%

Accounting & Financial Operations - Risk 1

Changes in accounting standards or assumptions in applying accounting policies could adversely affect us.

Accounting policies and methods are fundamental to how we record and report our financial condition and results of operations. Some of these policies require the use of estimates and assumptions that may affect the reported value of our assets or liabilities and results of operations and are critical because they require management to make difficult, subjective and complex judgments about matters that are inherently uncertain. If assumptions, estimates or judgments are erroneously applied, we could be required to correct and restate prior-period financial statements. Accounting standard-setters and those who interpret the accounting standards, including the SEC, banking regulators and our independent registered public accounting firm may also amend or even reverse their previous interpretations or positions on how various standards should be applied. These changes may be difficult to predict and could impact the preparation and reporting of our financial statements, including the application of new or revised standards retrospectively, resulting in unexpected losses, revisions to prior-period financial statements and other adverse impacts to us, including legal and regulatory risk.

Accounting & Financial Operations - Risk 2

If asset values decline, we may incur losses and negative impacts, including to capital and liquidity requirements.

We have a large portfolio of financial instruments, including loans and loan commitments, securities financing agreements, asset-backed secured financings, derivative assets and liabilities, debt securities, marketable equity securities and certain other assets and liabilities that we measure at fair value and are subject to valuation and impairment assessments. We determine these values based on applicable accounting guidance, which, for financial instruments measured at fair value, requires an entity to base fair value on exit price and to maximize the use of observable inputs and minimize the use of unobservable inputs in fair value measurements. The fair values of these financial instruments include adjustments for market liquidity, credit quality, funding impact on certain derivatives and other transaction-specific factors, where appropriate. Gains or losses on these instruments can have a direct impact on our results of operations, unless we have effectively mitigated the risk of our exposures. Increases in interest rates may cause decreases in residential mortgage loan originations and could impact the origination of corporate debt. In addition, increases in interest rates or changes in spreads may continue to adversely impact the fair value of our debt securities and, accordingly, for debt securities classified as available-for-sale (AFS), adversely affect accumulated other comprehensive income and, thus, our capital levels. Increases in interest rates or changes in spreads could also adversely impact our regulatory liquidity position and requirements, which include eligible AFS debt securities and held-to-maturity (HTM) debt securities. As our liquidity is dependent on the fair value of these assets, increases in market interest rates and/or wider spreads, have adversely impacted and may continue to adversely impact the fair value of debt securities, adversely affecting liquidity levels. Fair values may be impacted by declining values of the underlying assets or the prices at which observable market transactions occur and the continued availability of these transactions or indices. The financial strength of counterparties, with whom we have economically hedged some of our exposure to these assets, also will affect the fair value of these assets. Sudden declines and volatility in the prices of assets may curtail or eliminate trading activities in these assets, which may make it difficult to sell, hedge or value these assets. The inability to sell or effectively hedge assets reduces our ability to limit losses in such positions, and the difficulty in valuing assets may increase our risk-weighted assets (RWA), which requires us to maintain additional capital and increases our funding costs. Values of AUM also impact revenues in our wealth management and related advisory businesses for asset-based management and performance fees. Declines in values of AUM can result in lower fees earned for managing such assets.

Debt & Financing7 | 23.3%

Debt & Financing - Risk 1

Our derivatives businesses may expose us to unexpected risks, which may result in losses and adversely affect liquidity.

We are party to a large number of derivatives transactions that may expose us to unexpected market, credit and operational risks that could cause us to suffer unexpected losses. Fluctuations in asset values or rates or an unanticipated credit event, including unforeseen circumstances that may cause previously uncorrelated factors to become correlated, may lead to losses resulting from risks not taken into account or anticipated in the development, structuring or pricing of a derivative instrument. Certain derivative contracts and other trading agreements provide that upon the occurrence of certain specified events, such as a change to our or our affiliates’ credit ratings, we may be required to provide additional collateral or take other remedial actions, and we could experience increased difficulty obtaining funding or hedging risks. In some cases our counterparties may have the right to terminate or otherwise diminish our rights under these contracts or agreements upon the occurrence of such events. We are also a member of various CCPs, which results in credit risk exposure to those CCPs. In the event that one or more members of a CCP defaults on their obligations, we may be required to pay a portion of any losses incurred by such CCP. A CCP may also, at its discretion, modify the margin we are required to post, which could mean unexpected and increased funding costs and exposure to that CCP. As a clearing member, we are exposed to the risk of non-performance by our clients for which we clear transactions, which may not be covered by available collateral. Also, default by a significant market participant may result in further risk and potential losses.

Debt & Financing - Risk 2

Our concentrations of credit risk could adversely affect our credit losses, results of operations and financial condition.

We may be subject to concentrations of credit risk because of a common characteristic or common sensitivity to economic, financial, public health or business developments. Concentrations of credit risk may reside in a particular industry, geography, product, asset class, counterparty or within any pool of exposures with a common risk characteristic. A deterioration in the financial condition or prospects of a particular industry, geographic location, product or asset class, or a failure or downgrade of, or default by, any particular entity or group of entities could negatively affect our businesses, and it is possible our limits and credit monitoring exposure controls will not function as anticipated. We execute a high volume of transactions and have significant credit concentrations with respect to the financial services industry, predominantly comprised of broker-dealers, commercial banks, investment banks, insurance companies, mutual funds, hedge funds, CCPs and other institutional clients. Financial services institutions and other counterparties are inter-related because of trading, funding, clearing or other relationships. Defaults by one or more counterparties, or market uncertainty about the financial stability of one or more financial services institutions, or the financial services industry generally, could lead to market-wide liquidity disruptions, losses, defaults and related disputes and litigation. Our credit risk may also be heightened by market risk when the collateral held by us cannot be liquidated or is liquidated at prices not sufficient to recover the full amount of the loan or derivatives exposure, which may occur from events that impact the value of the collateral, such as a sudden change in asset price or fraud. Disputes with obligors as to the valuation of collateral could increase with significant market stress, volatility or illiquidity, and we could suffer losses if we are unable to realize the fair value of the collateral or manage declines in the value of collateral. Also, our counterparty credit risk can increase if margin posted by counterparties is insufficient to cover exposures and elevated counterparty exposure is accompanied by the counterparty’s likelihood of default. We have concentrations of credit risk, including with respect to our consumer real estate and consumer credit card exposure, as well as our commercial real estate and asset managers and funds portfolios, which represent a significant percentage of our overall credit portfolio. Declining home price valuations and demand where we have large concentrations could result in increased servicing advances and expenses, defaults, delinquencies or credit losses. The impacts of earthquakes, as well as climate change, such as rising average global temperatures and sea levels, and the increasing frequency and severity of extreme weather events and natural disasters, including droughts, floods, wildfires and hurricanes, could negatively impact collateral, the valuations of home or commercial real estate or our clients’ ability and/or willingness to pay fees, outstanding loans or afford new products. This could also cause insurability risk and/or increased insurance costs to clients. Economic weaknesses, particularly from increases in inflation or sustained elevated inflation, adverse business conditions, market disruptions, adverse economic or market events, rising interest or capitalization rates, declining asset prices, greater volatility in areas where we have concentrated credit risk or deterioration in real estate values or household incomes may cause us to experience higher credit losses in our portfolios or write down the value of certain assets. We could also experience continued and long-term negative impacts to our commercial credit exposure and an increase in credit losses within those industries that may be permanently impacted by a change in consumer preferences or other industry disruptions. We also enter into transactions with sovereign nations, U.S. states and municipalities. Uncertain economic or political conditions or policies, such as economic sanctions or increased tariffs, disruptions to capital markets, currency fluctuations, changes in commodity prices and social instability, could adversely impact the operating budgets or credit ratings of government entities and expose us to credit and liquidity risk. Liquidity disruptions in the financial markets may result in our inability to sell, syndicate or realize the value of our positions, increasing concentrations, which could increase RWA and the credit and market risk associated with our positions, and increase operational and litigation costs.

Debt & Financing - Risk 3

Bank of America Corporation’s liquidity and financial condition, and the ability to pay dividends and obligations, could be adversely affected in the event of a resolution.

Bank of America Corporation, our parent holding company, is required to submit a plan to the FDIC and Federal Reserve every two years describing its resolution strategy under the U.S. Bankruptcy Code in the event of material financial distress or failure. Bank of America Corporation’s preferred resolution strategy is a “single point of entry” strategy, whereby only the parent holding company would file for bankruptcy under the U.S. Bankruptcy Code. Certain key operating subsidiaries would be provided with sufficient capital and liquidity to operate through severe stress and to enable such subsidiaries to continue operating or be wound down in a solvent manner following a bankruptcy of the parent holding company. Bank of America Corporation has entered into intercompany arrangements resulting in the contribution of most of its capital and liquidity to key subsidiaries. Pursuant to these arrangements, if Bank of America Corporation’s liquidity resources deteriorate so severely that resolution becomes imminent, it will no longer be able to draw liquidity from its key subsidiaries and will be required to contribute its remaining financial assets to a wholly-owned holding company subsidiary. This could adversely affect our liquidity and financial condition, including the ability to meet our payment obligations, and our ability to pay dividends and/or repurchase our common stock. If the FDIC and Federal Reserve jointly determine that Bank of America Corporation’s resolution plan is not credible, they could impose more stringent capital or liquidity requirements or restrictions on our growth, activities or operations. We could also be required to take certain actions that could impose operating costs and result in the divestiture of assets or restructuring of businesses and subsidiaries. When a G-SIB such as Bank of America Corporation is in default or danger of default, the FDIC may be appointed receiver to conduct an orderly liquidation, and could, among other things, invoke the orderly liquidation authority, instead of the U.S. Bankruptcy Code, if the Secretary of the Treasury makes certain financial distress and systemic risk determinations. Also, the FDIC could replace Bank of America Corporation with a bridge holding company, which could continue operations and result in an orderly resolution of the underlying bank, but whose equity would be held solely for the benefit of our creditors. The FDIC’s “single point of entry” strategy may result in our security holders suffering greater losses than would have been the case under a bankruptcy proceeding or a different resolution strategy. If the Corporation is resolved under the U.S. Bankruptcy Code or the FDIC’s orderly liquidation authority, third-party creditors of our subsidiaries may receive significant or full recoveries on their claims, while security holders of Bank of America Corporation could face significant or complete losses.

Debt & Financing - Risk 4

Bank of America Corporation is a holding company, is dependent on its subsidiaries for liquidity and may be restricted from transferring funds from subsidiaries.

Bank of America Corporation, as the parent company, is a separate and distinct legal entity from our bank and nonbank subsidiaries. We evaluate and manage liquidity on a legal entity basis. Legal entity liquidity is an important consideration as there are legal, regulatory, contractual and other limitations on our ability to utilize liquidity from one legal entity to satisfy the liquidity requirements of another, including the parent company, which could result in adverse liquidity events. The parent company depends on dividends, distributions, loans and other payments from our bank and nonbank subsidiaries to fund dividend payments on our preferred stock and common stock and to fund all payments on our other obligations, including debt obligations. Any inability of our subsidiaries to transfer funds, pay dividends or make payments to us may adversely affect our cash flow, liquidity and financial condition. Many of our subsidiaries, including our bank and broker-dealer subsidiaries, are subject to laws that restrict dividend payments, or authorize regulatory bodies to block or reduce the flow of funds from those subsidiaries to the parent company or other subsidiaries. Our bank and broker-dealer subsidiaries are subject to restrictions on their ability to lend or transact with affiliates, minimum regulatory capital and liquidity requirements and restrictions on their ability to use funds deposited with them in bank or brokerage accounts to fund their businesses. Intercompany arrangements we entered into in connection with our resolution planning submissions could restrict the amount of funding available to the parent company from our subsidiaries under certain adverse conditions. Additional restrictions on transactions with certain related parties, increased capital and liquidity requirements and additional limitations on the use of funds on deposit in bank or brokerage accounts, as well as lower earnings, can reduce the amount of funds available to meet the obligations of the parent company and may require the parent company to provide additional funding to such subsidiaries. Regulatory action that requires additional liquidity at each of our subsidiaries could impede access to funds we need to pay our obligations or pay dividends. In addition, our right to participate in a distribution of assets upon a subsidiary’s liquidation or reorganization is subject to prior claims of the subsidiary’s creditors.

Debt & Financing - Risk 5

Reduction in our credit ratings could limit our access to funding or the capital markets, increase borrowing costs or trigger additional collateral or funding requirements.

Our borrowing costs and ability to raise funds are directly impacted by our credit ratings. Credit ratings are also important to investors, clients or counterparties when we compete in certain markets and seek to engage in certain transactions, including over-the-counter (OTC) derivatives. Our credit ratings are subject to ongoing review by rating agencies, which consider a number of financial and nonfinancial factors, including our franchise, financial strength, performance and prospects, management, governance, risk management practices, capital adequacy, asset quality and operations, among other criteria, as well as factors not under our control, such as regulatory developments, the macroeconomic and geopolitical environment and changes to rating methodologies. Rating agencies could adjust our credit ratings at any time and there can be no assurance as to whether or when a downgrade could occur. Any reduction could result in a wider credit spread and negatively affect our access to credit markets, the related cost of funds, our businesses and certain trading revenues, particularly in those businesses where counterparty creditworthiness is critical. If the short-term credit ratings of our parent company, bank or broker-dealer subsidiaries were downgraded, we may experience loss of access to short-term funding sources such as repo financing, and/or incur increased cost of funds and increased collateral requirements. Under the terms of certain OTC derivative contracts and other trading agreements, if our or our subsidiaries’ credit ratings are downgraded, the counterparties may require additional collateral or terminate these contracts or agreements. While certain potential impacts are contractual and quantifiable, the full consequences of a credit rating downgrade are inherently uncertain and depend upon numerous dynamic, complex and inter-related factors and assumptions, including the relationship between long-term and short-term credit ratings and the behaviors of clients, investors and counterparties.

Debt & Financing - Risk 6

Changes in the structure of and relationship among the GSEs could adversely impact our business.

We rely on the GSEs to guarantee or purchase certain mortgage loans that meet their conforming loan requirements. During 2024, we sold approximately $1.5 billion of loans to GSEs, primarily Freddie Mac (FHLMC). FHLMC and Fannie Mae are currently in conservatorship, with the Federal Housing Finance Agency acting as conservator. While there have been periodic proposals to remove or exit the GSEs from conservatorship and eliminate the perceived “implicit guarantee” associated with the GSEs, none have been successful. We cannot predict the future prospects of the GSEs, including the timing of any recapitalization or release from conservatorship, or any legislative or rulemaking proposals regarding the GSEs’ status in the housing market. If the GSEs take a reduced role in the marketplace, including by limiting the mortgage products they offer, we could be required to seek alternative funding sources, retain additional loans on our balance sheet, secure funding through the Federal Home Loan Bank system, or securitize the loans through Private Label Securitization, which could increase our cost of funds related to the origination of new mortgage loans, increase credit risk and/or impact our capacity to originate new mortgage loans. These developments could adversely affect our securities portfolios, capital levels, liquidity and results of operations.

Debt & Financing - Risk 7

Failure to satisfy our obligations as servicer for residential mortgage securitizations, loans owned by other entities and other related losses could adversely impact our reputation, servicing costs or results of operations.

We service mortgage loans on behalf of third-party securitization vehicles and other investors. If a material breach of our obligations as servicer or master servicer is committed, we may be subject to termination if the breach is not cured timely following notice, which could cause us to lose servicing income. We may also have liability for any failure by us or a third party, as a servicer or master servicer to adhere to or perform the required servicing obligation in accordance with the terms of the servicing agreements that result in impairment or loss to the loans’ owner. If any such breach was found to have occurred, it may harm our reputation, increase our servicing costs or losses due to potential indemnification obligations, result in litigation or regulatory action or adversely impact our results of operations. Also, foreclosures may result in costs, litigation or losses due to irregularities in the underlying documentation, or if the validity of a foreclosure action is challenged by a borrower or overturned by a court because of errors or deficiencies in the foreclosure process. We may also incur costs or losses relating to delays or alleged deficiencies in processing documents necessary to comply with state law governing foreclosure.

Corporate Activity and Growth3 | 10.0%

Corporate Activity and Growth - Risk 1

Our risk management framework may not be effective in mitigating risk and reducing the potential for losses.

Our risk management framework is designed to minimize our risk and loss. We seek to effectively and consistently identify, measure, monitor, report and control the risk types to which we are subject, including the seven key risk types we face. Risks also may span across multiple key risk types, including cybersecurity risk, climate risk, legal risk and concentration risk. While we employ a broad and diversified set of controls and risk mitigation techniques, including modeling and forecasting, hedging strategies and techniques seeking to balance our ability to profit from trading positions with our exposure to potential losses, we are inherently limited by our ability to identify and measure all risks, including emerging and unknown risks, anticipate the timing and impact of risks, apply effective hedging strategies, make correct assumptions, manage and aggregate data correctly and efficiently, identify changes in markets or client behaviors not historically reflected and develop risk management models and forecasts to assess and control risk. Our risk management depends on our ability to consistently execute all elements of our risk management program, develop and maintain a culture of managing risk well throughout the Corporation and manage third-party risks, including providers of products and services, to allow for effective risk management and help confirm that risks are appropriately considered, evaluated and responded to timely. Uncertain economic and geopolitical conditions, widespread health emergencies and pandemics, heightened legislative and regulatory scrutiny of and change within the financial services industry, the pace of technological changes, including AI (such as machine learning and generative AI) and quantum computing, accounting, tax and market developments, the failure of employees, representatives and third parties to comply with our policies and Risk Framework and the overall complexity of our operations, among other developments, have in the past and may in the future, result in a heightened level of risk, including operational, reputational and compliance risk. Failure to manage evolving risks or properly anticipate, escalate, manage, control or mitigate risks could result in additional legal, regulatory and reputational risk, losses and adversely affect our results of operations.

Corporate Activity and Growth - Risk 2

We could suffer operational, reputational and financial harm if our models fail to properly anticipate and manage risk.

We use models enterprise-wide, including to forecast losses, project revenue and expenses, assess and control our operations and financial condition, assist in capital planning, manage liquidity and measure, forecast and assess capital and liquidity requirements for credit, market, operational and strategic risks. Under our Enterprise Model Risk Policy, Model Risk Management is required to perform end-to-end model oversight, including independent validation before initial use, implementation monitoring, ongoing monitoring reviews through outcomes analysis and benchmarking, and periodic revalidation. However, models are subject to inherent limitations from simplifying assumptions, uncertainty regarding economic and financial outcomes, and emerging risks, including from applications that rely on AI. Our models may not be sufficiently predictive of future results, such as due to limited historical patterns, extreme or unanticipated market movements or clients’ behavior and liquidity, especially during severe market downturns or stress events (e.g., geopolitical or pandemic events), which could limit their effectiveness and require timely recalibration. The models that we use to assess and control our market risk exposures also reflect assumptions about the degree of correlation among prices of various asset classes or other market indicators, which may not be representative of the next downturn and would magnify the limitations inherent in using historical data to manage risk. Market conditions in recent years have involved unprecedented dislocations and highlight the limitations inherent in using historical data to manage risk. Our models may also be adversely impacted by human error and may not be effective if we fail to properly oversee, regularly review and detect their flaws during our review and monitoring processes, they contain biases, erroneous data, assumptions, valuations, formulas or algorithms, or our applications running the models do not perform as expected. Regardless of the steps we take to design effective controls, governance, monitoring and testing, and implement new technology and automated processes, we could suffer operational, reputational and financial harm, including funding or liquidity shortfalls, and adverse business decisions and regulatory risk if models fail to properly anticipate and manage risks.

Corporate Activity and Growth - Risk 3

Our inability to adapt our business strategies, products and services could harm our business.

We rely on a diversified mix of businesses that deliver a broad range of financial products and services through multiple distribution channels. Our success depends on our and our third-party providers’ ability to timely change or adapt our business strategies, products and services and their respective features, including available payment processing services and technology, such as AI and machine learning, to rapidly evolving industry standards and consumer preferences. Our strategies could be further impacted by macroeconomic stress, widespread health emergencies or pandemics, cyberattacks, and military conflicts or other significant geopolitical events. Widespread adoption and rapid evolution of, as well as developments in the regulatory landscape relating to emerging technologies, including analytic capabilities, AI (including machine learning and generative AI), automated decision-making, self-service digital trading platforms and automated trading markets, internet services, and digital assets, such as central bank digital currencies, cryptocurrencies (including stablecoins), tokens and other cryptoassets that utilize distributed ledger technology (DLT), as well as payment, clearing and settlement processes that use DLT, create additional strategic risks, could negatively impact our ability to compete and require substantial expenditures to the extent we were to modify or adapt our existing products and services. As new technologies evolve and mature, our businesses and results of operations could be adversely impacted, including as a result of new competitors to the payments and trading ecosystems and increased volatility in deposits and/or significant long-term reduction in deposits (i.e., financial disintermediation). Also, we may not be as timely or successful in assessing the competitive landscape and developing or introducing new products and services, integrating new products or services into our existing offerings, responding, managing or adapting to changes in consumer behavior, preferences, spending, investing and/or saving habits, achieving market acceptance of our products and services, reducing costs in response to pressures to deliver products and services at lower prices or sufficiently developing and maintaining clients. Further, our businesses may be negatively impacted if we, or our third-party providers, do not timely development and apply emerging technologies, like AI and quantum computing, or if our initiatives in these areas are deficient or fail. Our or our third-party providers’ inability or resistance to timely innovate or adapt operations, products and services to evolving regulatory and market environments, industry standards and consumer preferences could result in service disruptions, harm our business and adversely affect our results of operations and reputation.

Macro & Political

Total Risks: 7/30 (23%)Above Sector Average

Economy & Political Environment3 | 10.0%

Economy & Political Environment - Risk 1

Economic or market disruptions and insufficient credit loss reserves may result in a higher provision for credit losses.

A number of our products expose us to credit risk, including loans, letters of credit, derivatives, debt securities, trading account assets and assets held-for-sale. Deterioration in the financial condition of our consumer and commercial borrowers, counterparties or underlying collateral could adversely affect our results of operations and financial condition. Our credit portfolios may be impacted by U.S. and global macroeconomic and market conditions, events and disruptions, including declines in GDP, consumer spending or property values, asset price corrections, increasing consumer and corporate leverage, increases in corporate bond spreads, government shutdowns or policies such as tax changes, changes in international trade policy including tariff rates, rising or elevated unemployment levels, elevated inflation or cost of living expenses, fluctuations in foreign exchange or interest rates, as well as the emergence of widespread health emergencies or pandemics, extreme weather events and the impacts of climate change, including acute and/or chronic extreme weather events and efforts to transition to a low-carbon economy. Significant economic or market stresses and disruptions typically have a negative impact on the business environment and financial markets, which could impact the underlying credit quality of our borrowers, counterparties and assets. Property value declines or asset price corrections could increase the risk of borrowers or counterparties defaulting or becoming delinquent in their obligations to us, and could decrease the value of the collateral we hold, which could increase credit losses. Credit risk could also be magnified by lending to leveraged borrowers or declining asset prices, including property or collateral values, unrelated to macroeconomic stress. Simultaneous drawdowns on lines of credit and/or an increase in a borrower’s leverage in a weakening economic environment, or otherwise, could result in deterioration in our credit portfolio, should borrowers be unable to fulfill competing financial obligations. Increased delinquency and default rates could adversely affect our credit portfolios and increase charge-offs and provisions for credit losses. A recessionary environment and/or a rise in unemployment could adversely impact the ability of our consumer and/or commercial borrowers or counterparties to meet their financial obligations and negatively impact our credit portfolio. Consumers have been and may continue to be negatively impacted by inflation and/or a higher cost of living, resulting in drawdowns of savings or increases in household debt. Elevated interest rates, which have increased debt servicing costs for some businesses and households, may adversely impact credit quality, particularly in a recessionary environment. Certain sectors also remain at risk (e.g., commercial real estate, particularly office) as a result of shifts in demand and tight financial and credit conditions. Globally, conditions of slow growth or recession could further contribute to weaker credit conditions. If the macroeconomic environment or certain sectors worsen, our credit portfolio, net charge-offs, provision and allowance for credit losses could be adversely impacted. We establish an allowance for credit losses, which includes the allowance for loan and lease losses and the reserve for unfunded lending commitments, based on management's best estimate of lifetime expected credit losses (ECL) inherent in our relevant financial assets. The process to determine the allowance for credit losses uses models and assumptions that require us to make difficult and complex judgments that are often interrelated, including forecasting how borrowers or counterparties may perform in changing economic conditions. The ability of our borrowers or counterparties to repay their obligations may be impacted by changes in future economic conditions, which in turn could impact the accuracy of our loss forecasts and allowance estimates. There is also the possibility that we have failed or will fail to accurately identify the appropriate economic indicators or accurately estimate their impacts to our borrowers or counterparties, which could impact the accuracy of our loss forecasts and allowance estimates. If the models, estimates and assumptions we use to establish reserves or the judgments we make in extending credit to our borrowers or counterparties, which are more sensitive due to the current uncertain macroeconomic and geopolitical environment, prove inaccurate in predicting future events, we may suffer losses in excess of our ECL. In addition, changes to external factors can negatively impact our recognition of credit losses in our portfolios and allowance for credit losses. The allowance for credit losses is our best estimate of ECL, but there is no guarantee that it will be sufficient to address credit losses, particularly if the economic outlook deteriorates significantly, quickly or unexpectedly. As circumstances change, we may increase our allowance, which would reduce earnings. If economic conditions worsen, impacting our consumer and commercial borrowers, counterparties or underlying collateral, and credit losses are unexpectedly worse, we may increase our provision for credit losses, which could adversely affect our results of operations and financial condition.

Economy & Political Environment - Risk 2

We may be adversely affected by weaknesses in the U.S. housing market.

During 2024, the U.S. housing market continued to be impacted by higher mortgage rates, including 30-year fixed-rate mortgages that more than doubled from 2021, and higher home prices (in varying degrees among markets) that have negatively impacted housing affordability and the demand for many of our products. Also, our mortgage loan production volume is generally influenced by the rate of growth in residential mortgage debt outstanding and the size of the residential mortgage market, both of which have slowed due to higher interest rates and reduced affordability. A deeper downturn in the condition of the U.S. housing market could result in significant write-downs of asset values in several asset classes, notably mortgage-backed securities (MBS). If the U.S. housing market were to further weaken, the value of real estate could decline, which could result in increased credit losses and delinquent servicing expenses, negatively affect our representations and warranties exposures, and adversely affect our results of operations and financial condition.

Economy & Political Environment - Risk 3

We may be adversely affected by the financial markets, fiscal, monetary, and regulatory policies, and economic conditions.

General economic, political, social and health conditions in the U.S. and abroad affect financial markets and our businesses. In particular, global markets may be affected by the level and volatility of interest rates, availability and market conditions of financing, changes in gross domestic product (GDP), economic growth or its sustainability, inflation, supply chain disruptions, consumer spending, employment levels, labor shortages, challenging labor market conditions, wage stagnation, federal government shutdowns, energy prices, home prices, commercial property values, bankruptcies and a default by a significant market participant or class of counterparties, including companies in emerging markets. Global markets also may be affected by adverse developments impacting the U.S. or global banking industry, including bank failures, the failure of nonbank financial institutions and liquidity concerns, fluctuations or other significant changes in both debt and equity capital markets and currencies, the transition of benchmark rates to alternative reference rates, the impact of the volatility of digital assets on the broader market, the rate of growth of global trade and commerce, trade policies, the availability and cost of capital and credit, disruption of communication, transportation or energy infrastructure, recessionary fears, investor sentiment and the U.S. and global election cycles, including stated, perceived or actual changes to policy and the geopolitical environment. Global markets, including energy and commodity markets, may also be adversely affected by the current or anticipated impact of climate change, acute and/or chronic extreme weather events or natural disasters, the emergence of widespread health emergencies or pandemics, cyberattacks, military conflicts, terrorism, or other geopolitical events. Market fluctuations may impact our margin requirements and liquidity. Any sudden or prolonged market downturn, as a result of the above factors or otherwise, could result in a decline in net interest income and noninterest income and adversely affect our results of operations and financial condition, including capital and liquidity levels. Elevated inflation and interest rate levels, monetary tightening by central banks, and geopolitical developments, including the Russia/Ukraine conflict and the conflicts in the Middle East, have adversely impacted and could continue to adversely impact financial markets and macroeconomic conditions, as well as result in additional market volatility and disruptions and recessionary risk. Global uncertainties regarding fiscal and monetary policies present economic challenges. High and rising debt levels in the U.S. and globally may contribute to interest rate volatility, which may constrain governments’ fiscal policies, potentially resulting in adverse economic outcomes. Actions taken by the Federal Reserve or central banks in other jurisdictions, including changes in target rates, balance sheet management and lending facilities, are beyond our control and difficult to predict, particularly regarding inflation, due to the uncertainty of inflationary paths. This can affect interest rates and the value of financial instruments and other assets, such as debt securities, and impact our borrowers and potentially increase delinquency rates and may also raise government debt levels, adversely affect businesses and household incomes, adversely impact the banking sector generally, and increase uncertainty surrounding monetary policy. Monetary policy has contributed to and may continue to result in elevated market interest rates and a flat and/or inverted yield curve. Any increases in policy rates, as a response to inflation persistently above central bank targets, changes to fiscal or trade policies, or otherwise, could result in higher market interest rates. Elevated or rising interest rates may continue to result in volatility of equity and other markets, and volatility of the U.S. dollar, which could impact investor risk appetite and our borrowers, potentially increasing delinquency rates. Financial market volatility could also result from uncertainty about the timing and extent of any additional rate cuts by the Federal Reserve in response to moderating inflation and/or weakening economic conditions. Any future change in monetary policy by the Federal Reserve, in an effort to stimulate the economy or otherwise, resulting in lower interest rates would typically result in lower revenue through lower net interest income, which could adversely affect our results of operations. Also, changes to existing U.S. laws and regulatory policies and evolving priorities, including those related to financial regulation, taxation, international trade, fiscal policy, climate change (including efforts to transition to a low-carbon economy) and healthcare, may adversely impact U.S. or global economic activity and our clients’, our counterparties’ and our earnings and operations. Globally, although many central banks have begun to remove monetary restriction, policy rates in many countries remain at elevated levels. While higher interest rates have generally had a positive impact on our net interest income, they have negatively impacted and could continue to negatively impact investment securities, deposits, loan demand and funding costs. In addition to higher interest rates, wider credit spreads can negatively impact capital and/or liquidity by reducing the value of debt securities. High and rising federal debt levels, investor concerns about the U.S. fiscal trajectory, changes to fiscal policy and uncertainty about the U.S. budget process could lead to lower investor appetite for U.S. debt securities, higher interest rates and financial market volatility, potentially impacting broader economic activity. Further, if the U.S. government’s debt ceiling limit is not raised timely, the ramifications may result in market volatility, ratings downgrades and limit fiscal policy responses to recessionary conditions. This could have a negative and potentially severe impact on the U.S. and world economy and financial and capital markets, including higher interest rates, higher volatility, lower asset values, lower liquidity, downgrades to U.S. debt, and a weakened U.S. dollar. Changes to international trade and investment policies by the U.S. or other countries, and the uncertainty about potential changes, could negatively impact financial markets globally. Significant increases in tariff rates, either broadly applied or targeted at specific goods or trading partners, including Canada, Latin America and the People’s Republic of China (China), could adversely impact economic conditions and/or result in higher inflation, which could result in financial market volatility as markets adjust to the incremental cost of doing business and/or new business models to reduce the impacts, as well as adversely impact asset prices. Also, escalation of tensions between the U.S. and China, including tariff increases, could lead to further U.S. measures that adversely affect financial markets, disrupt world trade and commerce and lead to trade retaliation, including through the use of counter tariffs, foreign exchange measures or the large-scale sale of U.S. Treasury bonds. Any restrictions on the activities of businesses, could also negatively affect financial markets. These developments could adversely affect our businesses, clients, including demand for our products and services, our market-making activities, our and our clients’ securities and derivatives portfolios, including the risk of lower re-investment rates in those portfolios, our level of charge-offs and provision for credit losses, the carrying value of our deferred tax assets, our capital levels, our liquidity and our results of operations.

International Operations1 | 3.3%

International Operations - Risk 1

We are subject to numerous political, economic, market, reputational, operational, compliance, legal, regulatory and other risks in the jurisdictions in which we operate.

We do business throughout the world, including in emerging markets. Economic or geopolitical stress in one or more countries could have a negative impact regionally or globally, resulting in, among other things, market volatility, reduced market value and economic output. Our liquidity and credit risk could be adversely impacted by, and our businesses and revenues derived from non-U.S. jurisdictions are subject to, risk of loss from financial, social or judicial instability, economic sanctions, changes in government leadership, including from electoral outcomes or otherwise, changes in governmental or central bank policies, expropriation, nationalization and/or confiscation of assets, price controls, high inflation, natural disasters, the emergence of widespread health emergencies or pandemics, capital controls, currency re-denomination risk from a country exiting the EU or otherwise, currency fluctuations, foreign exchange controls or movements (caused by devaluation or de-pegging), unfavorable political and diplomatic developments, oil price fluctuations and changes in legislation. These risks are especially elevated in emerging markets. Political and economic interactions between the U.S. and important trading partners, including China, but also more broadly across the EU, Latin America and Canada, may result in sanctions, further tariff increases or other restrictive actions on cross-border trade, investment and transfer of data and information technology. Such actions, which may also include actions taken against other countries to enforce trade restrictions, could reduce trade volumes, result in further supply chain disruptions, increase costs for producers, and adversely affect our businesses and revenues, as well as our clients and counterparties, including their credit quality. Slowing growth, recessionary conditions, adverse geopolitical conditions and political or civil unrest, foreign trade competition, labor shortages, wage pressures and elevated inflation in certain countries pose challenges, including from volatility in financial markets. Foreign exchange rates against the U.S. dollar remain uncertain and potentially volatile, and depreciation could increase our financial risks with clients that deal in non-U.S. currencies but have U.S. dollar-denominated debt. We invest or trade in the securities of corporations and governments located in non-U.S. jurisdictions, including emerging markets. Revenues from the trading of non-U.S. securities may be subject to negative fluctuations as a result of the above factors. Furthermore, the impact of these fluctuations could be magnified because non-U.S. trading markets, particularly in emerging markets, are generally smaller, less liquid and more volatile than U.S. trading markets. Risks in one nation can limit our opportunities for portfolio growth and negatively affect our operations in other nations, including our U.S. operations. Market and economic disruptions may affect consumer confidence levels and spending, corporate investment and job creation, bankruptcy rates, levels of incurrence and default on consumer and corporate debt, economic growth rates and asset values, among other factors. Elevated government debt levels raise the risk of volatility, significant valuation changes and political tensions regarding fiscal policy or defaults on or devaluation of sovereign debt, all of which could expose us to substantial losses. Financial markets have been and may continue to be sensitive to government budget processes and changes to fiscal policy, as well as any resulting political turmoil. Our non-U.S. businesses are also subject to extensive regulation by governments, securities exchanges and regulators, central banks and other regulatory bodies. In many countries, the laws and regulations applicable to the financial services and securities industries are less predictable, prone to change and uncertainty, and regularly evolving. Significant resources are spent on determining, understanding and monitoring foreign LRRs, some with less predictable legal and regulatory frameworks, as well as managing our relationships with multiple regulators in various jurisdictions. Our inability to remain in compliance with local laws and manage our relationships with regulators could result in increased expenses, changes to our organizational structure and adversely affect our businesses, reputation and results of operations in that market. We are also subject to complex and extensive U.S. and non-U.S. LRRs, which subject us to costs and risks relating to bribery and corruption, know-your-customer requirements, anti-money laundering, embargo programs and economic sanctions, which can vary by jurisdiction and require implementation of complex operational capabilities and compliance programs. Non-compliance, including improper implementation, and/or violations could result in an increase in operational and compliance costs, and enforcement actions and civil and criminal penalties against us and individual employees. The increasing speed and novel ways in which funds circulate could make it more challenging to track the movement of funds and heighten financial crimes risk. Compliance with these evolving regulatory regimes and legal requirements depends on our ability to improve and/or evolve our processes, controls, surveillance, detection and reporting and analytic capabilities and could be adversely impacted by operational failures. In the U.S., the political uncertainty around the federal government’s debt ceiling, a growing federal budget deficit and government debt levels could create the possibility of U.S. government defaults on its debt and/or further downgrades to its credit ratings, and prolonged government shutdowns, which could weaken the U.S. dollar, cause market volatility, negatively impact the global economy and banking system and adversely affect our financial condition, including our liquidity. Also, changes in fiscal, monetary, regulatory, trade and/or foreign policy, labor shortages, wage pressures, supply chain disruptions and higher inflation, could increase our compliance costs and adversely affect our business operations, organizational structure and results of operations. Emerging market currency values and monetary policy settings are particularly sensitive to such changes in U.S. monetary policy. Also, elevated or rising U.S. interest rate levels or high tariff rates, could result in additional currency volatility and recessionary conditions in a number of non-U.S. markets. We are also subject to geopolitical risks, including economic sanctions, acts or threats of international or domestic terrorism, including responses by the U.S. or other governments thereto, corporate espionage, increased state-sponsored cyberattacks or campaigns, civil unrest and/or military conflicts, including the escalation of tensions between China and Taiwan, which could adversely affect business, market trade and general economic conditions abroad and in the U.S. The Russia/Ukraine conflict and the conflicts in the Middle East have magnified such risks and resulted in regional instability, and adverse developments in or expansion of these conflicts could negatively impact commodity and other financial markets, as well as economic conditions. Widening regional conflicts resulting in the involvement of neighboring countries and/or North Atlantic Treaty Organization member countries and/or military conflicts in other areas of the world could result in additional economic disruptions, financial market volatility, higher inflation and changes to asset valuations, which could disrupt our operations and adversely affect our results of operations.

Natural and Human Disruptions1 | 3.3%

Natural and Human Disruptions - Risk 1

Our operations, businesses and clients could be adversely affected by the impacts related to climate change.

Climate change and related environmental sustainability matters present short-, medium- and long-term risks. The physical risks include an increase in the frequency and severity of extreme weather events and natural disasters, including floods, wildfires, hurricanes and tornados, and chronic longer-term shifts such as rising average global temperatures and sea levels. Such disasters and effects could adversely impact our facilities, employees and clients’ ability to repay outstanding loans, disrupt the operations of us and our clients or third parties, cause supply chain or distribution network disruptions, damage collateral and/or result in market volatility, rapid deposit outflows or drawdowns of credit facilities, the deterioration of the value of collateral or insurance shortfalls. There is also increasing risk related to the transition to a low-carbon economy. Changes in consumer preferences or financial condition of our clients and counterparties, market pressures, advancements in technology and additional legislation, regulatory, compliance and legal requirements could alter our strategic planning and the scope of our existing businesses, limit our ability to pursue certain business activities and offer certain products and services, amplify credit and market risks, negatively impact asset values, require capital expenditures and changes in technology and markets, including supply chain and insurance availability and cost, increase expenses and adversely impact our capital requirements and results of operations. Particularly, there is a global regulatory focus on climate change and existing and pending disclosure requirements in various jurisdictions, with jurisdictional divergence, which is expected to impact our legal, compliance and public disclosure risks and costs. Our climate change strategies, policies, and disclosures, which may evolve over time, our ability to achieve our climate-related goals and targets and/or the environmental or climate impacts attributable to our products, services or transactions may impact legal and compliance risk and could result in reputational harm as a result of negative public sentiment, regulatory scrutiny, litigation and reduced investor and stakeholder confidence. Due to divergent views of stakeholders, we are at increased risk that any action, or lack thereof, by us concerning our response to climate change will be perceived negatively by some stakeholders, which could adversely impact our reputation and businesses. Our ability to meet our climate-related goals and targets, including our goal to achieve certain greenhouse gas (GHG) emissions targets by 2030 and net zero GHG emissions in our financing activities, operations and supply chain before 2050, is subject to risks and uncertainties, many of which are outside of our control, such as technological advances, clearly defined roadmaps for industry sectors, public policies and better emissions data reporting, and ongoing engagement with clients, suppliers, investors, government officials and other stakeholders. Due to the evolving nature of climate-related risks, which are expected to increase over time, it is difficult to predict, identify, monitor and effectively mitigate climate-related risks and uncertainties. Furthermore, there are and will continue to be challenges related to the availability, quality and disclosure of climate-related data, including data obtained from third parties, which may result in legal, compliance and/or reputational harm.

Capital Markets2 | 6.7%

Capital Markets - Risk 1

Increased market volatility and adverse changes in financial or capital market conditions may increase our market risk.

Our liquidity, competitive position, business, results of operations and financial condition are affected by market risks such as changes in interest and currency exchange rates, fluctuations in equity, commodity and futures prices, trading volumes and prices of securitized products, the implied volatility of interest rates and credit spreads and other economic and business factors. These market risks may adversely affect, among other things, the value of our securities, including our on- and off-balance sheet securities, trading assets and other financial instruments, the cost of debt capital and our access to credit markets, the value of assets under management (AUM), fee income relating to AUM, client allocation of capital among investment alternatives, the volume of client activity in our trading operations, investment banking, underwriting and other capital market fees and the general profitability and risk level of the transactions in which we engage and our competitiveness with respect to deposit pricing. The value of certain of our assets is sensitive to changes in market interest rates and/or spreads. If the Federal Reserve or a non-U.S. central bank changes or signals a change in monetary policy, market interest rates or credit spreads could be affected, which could adversely impact the value of such assets. Changes to fiscal policy, including expansion of U.S. federal deficit spending and resultant debt issuance, could also affect market interest rates. If interest rates decrease, our results of operations could be negatively impacted, including future revenue and earnings growth. Our models and strategies to assess and control our market risk exposures are subject to inherent limitations. In times of market stress or other unforeseen circumstances, previously uncorrelated indicators may become correlated. Such changes to the relationship between market parameters may limit the effectiveness of our hedging strategies and cause us to incur significant losses. Changes in correlation can be exacerbated where market participants use risk or trading models with assumptions or algorithms similar to ours. In these and other cases, it may be difficult to reduce our risk positions due to activity of other market participants or widespread market dislocations, including circumstances where asset values are declining significantly or no market exists. Where we own securities that do not have an established liquid trading market or are otherwise subject to restrictions on sale or hedging, or where the degree of accessible liquidity declines significantly, we may not be able to reduce our positions and risks associated with such holdings, so we may suffer larger than expected losses when adverse price movements take place. This risk can be exacerbated where we hold a position that is large relative to the available liquidity.

Capital Markets - Risk 2

If we are unable to access the capital markets, have prolonged net deposits outflows, or our borrowing costs increase, our liquidity and competitive position will be negatively affected.

Liquidity is essential to our businesses. We fund our assets primarily with globally sourced deposits in our bank entities, as well as secured and unsecured liabilities transacted in the capital markets. We rely on certain secured funding sources, such as repo markets, which are typically short-term and credit-sensitive. We also engage in asset securitization transactions, including with the government-sponsored enterprises (GSEs), to help fund a portion of our consumer lending activities. Our liquidity could be adversely affected by any inability to access the capital markets, illiquidity or volatility in the capital markets, the decrease in value of eligible collateral or increased collateral requirements (including as a result of credit concerns for short-term borrowing), changes to our relationships with our funding providers based on real or perceived changes in our risk profile, prolonged federal government shutdowns, or uncertainties regarding the impact of GSE privatization, should it occur. Also, our liquidity or cost of funds may be negatively impacted by the unwillingness or inability of the Federal Reserve to act as lender of last resort, unexpected simultaneous draws on lines of credit or deposits, slower client payment rates, restricted access to the assets of prime brokerage clients, the withdrawal of or failure to attract client deposits or invested funds (e.g., from attrition driven by clients seeking higher yielding deposits or securities products, desiring to utilize an alternative financial institution perceived to be safer, changing spending behavior due to inflation, decline in the economy or other drivers resulting in an increased need for cash), increased regulatory liquidity, capital and margin requirements for our U.S. or international banks and their nonbank subsidiaries, which could result in the inability to transfer liquidity internally, changes in patterns of intraday liquidity usage resulting from a counterparty or technology failure or other idiosyncratic event or failure, the default by a significant market participant or third party (including clearing agents, custodians, central banks or central counterparty clearinghouses (CCPs)) or the inability to sell assets due to illiquid markets (e.g., no market exists or market saturation). These factors may increase our borrowing costs and negatively impact our liquidity. Several of these factors may arise due to circumstances beyond our control, such as general market volatility, disruption, shock or stress, stress in sovereign debt markets, the emergence of widespread health emergencies or pandemics and geopolitical events and/or turmoil (including military conflicts, such as the Russia/Ukraine conflict and the conflicts in the Middle East, or any potential escalation of such conflicts). Federal Reserve policy decisions (including fluctuations in interest rates or Federal Reserve balance sheet composition), negative views or loss of confidence about us or the financial services industry generally or due to a specific news event (e.g., regional bank failures), changes in the regulatory environment or governmental fiscal or monetary policies, actions by credit rating agencies or an operational problem that affects third parties or us. The impact of these potentially sudden events, whether within our control or not, could include an inability to sell assets or redeem investments, unforeseen outflows of cash, the need to draw on liquidity facilities, the reduction of financing balances and the loss of equity secured funding, debt repurchases to support the secondary market or meet client requests, the need for additional funding for commitments and contingencies and unexpected collateral calls, among other things, the result of which could be increased costs, a liquidity shortfall and/or impact on our liquidity coverage ratio. Our liquidity and cost of funds may be impacted by our reputation risk, investor behavior and confidence, debt market disruption, firm specific concerns or prevailing market conditions, including changes in interest and currency exchange rates, significant fluctuations in equity and futures prices, lower trading volumes and prices of securitized products and our credit spreads. Increases in interest rates and our credit spreads can increase the cost of our funding and result in mark-to-market or credit valuation adjustment exposures. Changes in our credit spreads are market driven and may be influenced by market perceptions of our creditworthiness, including changes in our credit ratings or changes in broader financial market and macroeconomic conditions. Changes to interest rates and our credit spreads occur continuously and may be unpredictable and highly volatile. We may also experience net interest margin compression from offering higher than expected deposit rates in order to attract and maintain deposits. Concentrations within our funding profile, such as maturities, currencies or counterparties, can also reduce our funding efficiency.

Legal & Regulatory

Total Risks: 5/30 (17%)Below Sector Average

Regulation3 | 10.0%

Regulation - Risk 1

Added

There are no material changes from the risk factors set forth under Part 1, Item 1A. Risk Factors of the Corporation’s 2024 Annual Report on Form 10-K.

Regulation - Risk 2

We are highly regulated and subject to evolving government legislation and regulations and certain settlements, orders and agreements with government authorities from time to time.

We are highly regulated and subject to evolving and comprehensive regulation under federal and state laws in the U.S. and the laws of the various foreign jurisdictions in which we operate. These laws and regulations significantly affect and have the potential to increase our compliance costs, restrict the scope of our existing businesses, require changes to our employment practices, business strategies and controls and procedures, limit our ability to pursue certain business opportunities, including the products and services we offer, reduce certain fees and rates and/or make our products and services more expensive for our clients. We are also required to file various financial and nonfinancial regulatory reports to comply with LRRs in the jurisdictions in which we operate, which results in additional compliance and operational risk. We continue to adjust our business and operations, legal entity structure, systems, disclosure, policies, procedures, processes, controls and governance, including with regard to capital and liquidity management, risk management and data management, in an effort to comply with LRRs, and evolving expectations, guidance and interpretation by regulatory authorities, including the Department of Treasury (including the Internal Revenue Service (IRS) and OFAC), Financial Crimes Enforcement Network, Federal Reserve, OCC, CFPB, Financial Stability Oversight Council, FDIC, Department of Labor, SEC and CFTC in the U.S., foreign regulators, other government authorities and self-regulatory organizations. Further, we expect to become subject to future LRRs, including beyond those currently proposed, adopted or contemplated in the U.S. or abroad, and evolving interpretations of existing and future LRRs, which may include policies and rulemaking related to FDIC assessments, loss allocations between financial institutions and clients regarding the use of our products and services, including electronic payments, emerging technologies, such as the development and use of AI (including machine learning and generative AI), cybersecurity and data, employment practices and further climate and environmental risk management and sustainability reporting and disclosure, including emissions. The cumulative effect of all of the current and possible future legislation and regulations, as well as related interpretations, on our litigation and regulatory exposure, businesses, operations, including our ability to compete, and profitability remains uncertain and necessitates that we make certain assumptions with respect to the scope and requirements of existing, prospective and proposed LRRs in our business planning and strategies. If these assumptions prove incorrect, we could be subject to increased regulatory, legal and compliance risks and costs, and potential reputational harm. Also, regulatory initiatives in the U.S. and abroad may overlap, and non-U.S. regulations and initiatives may be inconsistent or conflict with current or proposed U.S. regulations or with each other, which could lead to compliance risks and higher costs. Our regulators’ prudential and supervisory authority gives them broad power and discretion to direct our actions, and they have assumed an active oversight, inspection and investigatory role across the financial services industry. Regulatory focus is not limited to LRRs applicable to the financial services industry, but includes other significant LRRs that apply across industries and jurisdictions, including those related to anti-money laundering, anti-bribery, anti-corruption know-your-customer requirements, embargo programs and economic sanctions. We are also subject to LRRs in the U.S. and abroad, including the GDPR and CCPA, and a number of additional jurisdictions enacting or considering similar laws or amendments to existing laws, regarding privacy and the disclosure, collection, use, sharing and safeguarding of personally identifiable information, including our employees, clients, suppliers, counterparties and other third parties, the violation of which could result in litigation, regulatory fines, enforcement actions and operational loss. Also, we are and will continue to be subject to new and evolving data privacy laws in the U.S. and abroad, which could result in additional costs of compliance, litigation, regulatory fines and enforcement actions. There remains complexity and uncertainty, including potential suspension or prohibition, regarding data transfer because of concerns over compliance with LRRs for cross-border flows and transfers of personal data from the European Economic Area (EEA) to the U.S. and other jurisdictions outside of the EEA, resulting from judicial and regulatory guidance. Other jurisdictions, including China and India, have commenced consultation efforts or enacted new legislation or regulations to establish standards for personal data transfers. If cross-border personal data transfers are suspended or restricted or we are required to implement distinct processes for each jurisdiction’s standards, this could result in operational disruptions to our businesses, additional costs, increased enforcement activity, new contract negotiations with third parties, and/or modification of such data management. As part of their enforcement authority, our regulators and other government authorities have the authority to, among other things, conduct investigations and assess significant civil or criminal monetary fines, penalties or restitution, issue cease and desist orders, suspend or withdraw licenses and authorizations, initiate injunctive action, apply regulatory sanctions or cause us to enter into consent orders. The amounts paid by us and other financial institutions to settle proceedings or investigations have, in some instances, been substantial and may increase. In some cases, governmental authorities have required criminal pleas or other extraordinary terms as part of such resolutions, which could have significant consequences, including reputational harm, loss of clients, restrictions on the ability to access capital markets, and the inability to operate certain businesses or offer certain products. Our responses to regulators and other government authorities have been and may continue to be time-consuming and expensive and divert management attention from our business. The outcome of any matter, which may last years, may be difficult to predict or estimate. The terms of settlements, orders and agreements that we have entered into with government entities and regulatory authorities have also imposed, or could impose, significant operational and compliance costs on us with respect to enhancements to our procedures and controls, losses with respect to fraudulent transactions perpetrated against our clients, expansion of our risk and control functions within our lines of business, investment in technology and the hiring of significant numbers of additional risk, control and compliance personnel. For example, in December 2024, the OCC issued a Consent Order against BANA relating to certain aspects of BANA’s BSA, anti-money laundering and economic sanctions compliance programs, and we continue to respond to requests for information about similar aspects of such programs from other regulators. If we fail to meet the requirements of the regulatory settlements, orders or agreements to which we are subject, or, more generally, fail to maintain risk and control procedures and processes that meet the heightened standards established by our regulators and other government authorities, we could be required to enter into further settlements, orders or agreements and pay additional fines, penalties or judgments, or accept material regulatory restrictions on our businesses. Improper actions, behaviors or practices by us, our employees or representatives that are illegal, unethical or contrary to our core values, including the handling of fiduciary obligations, conflicts of interest and the misuse of confidential information, could harm us, our shareholders or clients or damage the integrity of the financial markets, and are subject to increasing regulatory scrutiny across jurisdictions. The complexity of the regulatory and enforcement regimes in the U.S., coupled with the global scope of our operations and the regulatory environment worldwide, also means that a single event or practice or a series of related events or practices may give rise to a significant number of overlapping investigations and regulatory proceedings, either by multiple federal and state agencies in the U.S. or by multiple regulators and other governmental entities in different jurisdictions. Actions by other members of the financial services industry related to business activities in which we participate may result in investigations by regulators or other government authorities. While we believe that we have an appropriate approach to developing and implementing risk management and compliance programs, compliance risks will continue to exist, particularly as we anticipate and adapt to new and evolving LRRs and evolving interpretations, and potential misconduct by bad actors globally. We also rely upon third parties who may expose us to compliance and legal risk. Future legislative or regulatory actions, and any required changes to our business or operations or strategy, or those of third parties upon whom we rely, resulting from such developments and actions could result in a significant loss of revenue, impose additional compliance and other costs or otherwise reduce our profitability, limit the products and services that we offer or our ability to pursue certain businesses and business opportunities, require us to dispose of certain businesses or assets, affect the value of assets held, require changes in training, testing, governance, controls and procedures and compensation practices, require us to increase prices and therefore reduce demand for our products, or otherwise adversely affect our businesses.

Regulation - Risk 3

U.S. federal banking agencies may require increased capital and liquidity levels, which could adversely impact the Corporation.

We are subject to U.S. capital and liquidity regulations. These rules, among other things, establish minimum ratios relating to capital for different categories of assets and exposures to qualify as a well-capitalized institution. As a G-SIB, we are also required to hold additional capital buffers, including a G-SIB surcharge, a SCB and a countercyclical buffer, which are reassessed at least annually. Also, we are subject to regulatory liquidity requirements, including the Liquidity Coverage Ratio and the Net Stable Funding Ratio. If any of our subsidiary insured depository institutions fail to maintain “well capitalized” status under the applicable regulatory capital rules, the Federal Reserve will require us to agree to bring the insured depository institution back to well-capitalized status, which may include restrictions on our activities, such as our ability to pay dividends and/or repurchase our common stock. If we were to fail to enter into or comply with such an agreement, the Federal Reserve may impose more severe restrictions on our activities, including requiring us to cease and desist activities otherwise permitted. From time to time regulators may change regulatory capital requirements, including total loss-absorbing capacity (TLAC) and long-term debt requirements, change how regulatory capital or RWA is calculated, or increase liquidity requirements. These components of our capital and liquidity ratios could also be impacted by economic disruptions or other events that may cause an increase in our balance sheet, RWA or leverage exposures, which could increase the amounts of regulatory capital or liquidity we are required to hold. In 2023, U.S. banking regulators issued notices of proposed rulemaking to revise the measurement of RWA and the G-SIB surcharge calculation, both of which may be re-proposed. Also, in 2023, U.S. banking regulators issued proposed changes to the long-term debt requirements for TLAC, which may impact eligibility of certain debt instruments, and in 2024, the Federal Reserve separately confirmed it is considering changes to existing, as well as new, liquidity requirements. The timing and composition of any such proposals or re-proposals remain uncertain due to various factors, including changes of leadership positions in the U.S. bank regulatory agencies. Our ability to pay dividends or repurchase common stock depends, in part, on our ability to maintain regulatory capital levels above minimum requirements plus buffers. If increases occur in our SCB, G-SIB surcharge or countercyclical capital buffer, our dividends and common stock repurchases, could decrease. For example, in 2024, our SCB increased by 70 bps to 3.2 percent and our G-SIB surcharge increased 50 bps to 3.0 percent. Our G-SIB surcharge is expected to increase to 3.5 percent from 3.0 percent in 2027, and could further increase in the future. The Federal Reserve could also limit or prohibit capital actions (e.g., impacts to dividends and common stock repurchases) as a result of economic disruptions or events. Extensive regulatory evaluation of our capital planning practices by the Federal Reserve includes stress testing on parts of our business using hypothetical economic scenarios prepared by the Federal Reserve. Those scenarios may affect our CCAR stress test results, which may impact our SCB level and require us to hold additional capital. In 2024, the Federal Reserve announced that it intends to propose potential changes to bank stress tests, which could impact our SCB. Changes to and compliance with the regulatory capital and liquidity requirements may impact our operations by requiring us to liquidate assets, increase borrowings, issue additional securities, reduce common stock repurchases or dividends, limit compensation practices, cease or alter certain operations, pricing strategies and business activities or hold highly liquid assets, adversely affecting our results of operations.

Litigation & Legal Liabilities1 | 3.3%

Litigation & Legal Liabilities - Risk 1

We are subject to significant financial and reputational risks from potential liability arising from lawsuits and regulatory and government action.

We face significant legal risks in our business, with a high volume of claims against us and other financial institutions, including conduct related to various products, services and markets. The amount of damages, penalties and fines that private litigants, including clients and other counterparties, and regulators seek from us and other financial institutions continues to be significant and unpredictable. U.S. regulators and government agencies regularly pursue enforcement claims and litigation against financial institutions, including us, for alleged violations of law and client harm, including under the Financial Institutions Reform, Recovery, and Enforcement Act, the federal securities laws, the False Claims Act, fair lending laws and regulations (including the Equal Credit Opportunity Act and the Fair Housing Act), the FCPA, the BSA, regulations issued by OFAC, Home Mortgage Disclosure Act, antitrust laws, and consumer protection laws and regulations related to products and services such as overdraft and sales practices, including prohibitions on unfair, deceptive, and/or abusive acts and practices (UDAAP) under the Consumer Financial Protection Act and the Federal Trade Commission Act, and EFTA, as well as other enforcement action taken by prudential regulators with respect to safety, soundness and appropriateness of our business practices. Such claims may carry significant penalties, restitution and, in certain cases, treble damages, and the ultimate resolution of regulatory inquiries, investigations and other proceedings which we are subject to from time-to-time is difficult to predict. In particular, we are the subject of litigation regarding our processing of electronic payments through the Zelle network, our efforts to detect, prevent and address fraud perpetrated against our clients and/or the handling of fraud-related disputes, which could result in fines, judgments and/or settlements, and adversely affect our businesses and strategies due to the treatment of loss allocations between clients and us, all of which could also adversely impact other similar products and services. Further, in addition to the consent order referenced above regarding BSA/anti-money laundering and economic sanctions compliance programs, we have entered into orders or settlements with certain government agencies regarding the rates paid on uninvested cash in brokerage and investment advisory accounts that is swept into interest-paying bank deposits, credit card sales and marketing practices and representment fee practices and our participation in implementing COVID-19-related government relief measures and other federal and state government assistance programs, including the processing of unemployment benefits for California and certain other states. We are subject to, or could become subject to, related litigation or investigations by other regulators with respect to the conduct that gave rise to these orders, or the orders or investigations we become subject to in the future, which may result in judgments and/or settlements. We and our regulators have an increased focus on information security. This includes cybersecurity incidents perpetrated against us, our clients, providers of products and services, counterparties and other third parties, the collection, use and sharing of data, and safeguarding of personally identifiable information and corporate data, as well as the development, implementation, use and management of emerging technologies, including AI, which have resulted in, and will likely continue to result in, related litigation or government enforcement, including with regard to compliance with U.S. and global LRRs, and could subject us to fines, judgments and/or settlements and involve reputational losses. We expect to also face increasing scrutiny regarding sustainability-related policies, goals, targets and disclosure, which could result in litigation, regulatory investigations and actions and reputational harm. Misconduct, or the perception of misconduct, by our employees and representatives, including conflicts of interest, unethical, fraudulent, improper or illegal conduct, the failure to fulfill fiduciary obligations, unfair, deceptive, abusive or discriminatory business practices, or violations of policies, procedures or LRRs, including conduct that affects compliance with books and records requirements, have resulted and could result in further litigation and/or government investigations and enforcement actions, and cause significant reputational harm. The global environment of extensive investigations, regulation, regulatory compliance burdens, litigation and regulatory enforcement, combined with uncertainty related to the continually evolving regulatory environment, have affected and are likely to continue to affect operational and compliance costs and risks, including the adaptation of business strategies, the limitation or cessation of our ability or feasibility to continue providing certain products and services and our employment practices. Lawsuits and regulatory actions have resulted in and will likely continue to result in judgments, orders, settlements, penalties and fines adverse to us, in amounts that may be significant or unpredictable, and in some cases, exceed the amount of reserves established. Litigation and investigation costs, substantial legal liability or significant regulatory or government action against us could adversely affect our businesses, financial condition, including liquidity, and results of operations, and/or cause significant reputational harm.

Taxation & Government Incentives1 | 3.3%

Taxation & Government Incentives - Risk 1

We may be adversely affected by changes in U.S. and non-U.S. tax laws and regulations.

We could be adversely affected if U.S. and foreign governmental authorities further change tax laws, including changes to the Tax Cuts and Jobs Act of 2017 and Inflation Reduction Act of 2022. Also, new guidelines issued by the Organization for Economic Cooperation and Development (OECD), which are currently being enacted into law in some OECD countries in which we operate, are expected to impose a 15 percent global minimum tax on a country-by-country basis. Any implementation of and/or change in U.S. and foreign tax laws and regulations or interpretations of current or future tax laws and regulations could materially adversely affect our effective tax rate, tax liabilities and results of operations. U.S. and foreign tax laws are complex and our judgments, interpretations or applications of such tax laws could differ from that of the relevant governmental authority. This could result in additional tax liabilities and interest, penalties, the reduction of certain tax benefits and/or the requirement to make adjustments to amounts recorded, which could be material. Also, we have U.K. net deferred tax assets (DTA) which consist primarily of net operating losses that are expected to be realized in a U.K. subsidiary over an extended number of years. Adverse developments with respect to tax laws or to other material factors, such as prolonged worsening of international capital markets or changes in the ability of our U.K. subsidiary to conduct business in the markets outside the U.K., could lead our management to reassess and/or change its current conclusion that no valuation allowance is necessary with respect to our U.K. net DTA.

Tech & Innovation

Total Risks: 3/30 (10%)Above Sector Average

Cyber Security2 | 6.7%

Cyber Security - Risk 1

The Corporation and third parties with whom we interact and/or on whom we rely, are subject to cybersecurity incidents, information and security breaches, and technology failures that have and in the future could adversely affect our ability to conduct our businesses, result in the alteration, unavailability, misuse, destruction or disclosure of information, damage our reputation, increase our regulatory and legal risks, result in additional costs or financial losses and/or otherwise adversely impact our businesses and results of operations.

Our business is highly dependent on the security, controls and efficacy of our information systems, and the information systems of our clients, third parties, the financial services industry and financial data aggregators with whom we interact, on whom we rely or who have access to our clients’ personal or account information. We rely on effective access management and the secure collection, processing, maintenance, use, transmission, storage, dissemination and disposition of information in our and our third parties’ information systems. Our cybersecurity risk and exposure remains heightened because of, among other things, our prominent size and scale, high-profile brand, geographic footprint and international presence and role in the financial services industry and the broader economy. The proliferation of third-party financial data aggregators and emerging technologies, including AI (such as machine learning and generative AI) and robotics, increases our cybersecurity risks and exposure, including by making fraud detection and authentication more difficult. We, our employees, customers, regulators and third parties are ongoing targets of an increasing number of cybersecurity threats and cyberattacks. The tactics, techniques and procedures used in cyberattacks are pervasive, sophisticated, evolving and designed to evade security measures, including computer viruses, malicious or destructive code (such as ransomware), social engineering (including phishing, vishing and smishing), real and virtual impersonation, denial of service or information or other security breach tactics that have and in the future are likely to result in disruptions to our businesses and operations and the loss of funds, including from attempts to defraud us and/or our customers, and impact the confidentiality, integrity or availability of our information, including intellectual property, or the personal and/or confidential information of our employees, clients and third parties. Cyberattacks are carried out on a worldwide scale and by a growing number of actors, including organized crime groups, hackers, terrorist organizations, extremist parties, hostile foreign governments and their proxies, state-sponsored actors, activists, disgruntled employees and other persons or entities, including for corporate espionage. Cybersecurity threats and the tactics, techniques and procedures used in cyberattacks change, develop and evolve rapidly and continuously, including from growth in third-party services that facilitate or carry out cyberattacks and from emerging technologies, such as AI (including machine learning and generative AI) and quantum computing, which may be used to enhance the tactics, techniques and procedures described above and facilitate new cyber threats. Despite substantial efforts to protect the integrity and resilience of our information systems and implement controls, processes, policies, employee training and other protective measures, we cannot anticipate and detect all cybersecurity threats and incidents and/or develop or implement effective preventive or defensive measures designed to prevent, respond to or mitigate all cybersecurity threats and incidents. Internal access management or other technology failures could impact the confidentiality, integrity or availability of data and information. Our vulnerability increases if employees fail to exercise sound judgment and vigilance when targeted with social engineering or other cyberattacks increases our vulnerability. Our risk from and exposure to cybersecurity threats and incidents, information and security breaches and technology failures continues to increase due to the acceptance and use of digital banking and other digital products and services, including mobile banking products, and reliance on remote access tools and other technology, which have increased our reliance on virtual or digital interactions and a growing number of access points to our information systems that must be secured, and results in greater amounts of information being available for access. Greater demand on our information systems and security tools and processes will likely continue. We also face significant third-party technology, cybersecurity and operational risks relating to the large number of clients and third parties with whom we do business, the financial services industry, upon whom we rely to facilitate or enable our business activities or upon whom our clients rely, including the secure collection, processing, maintenance, use, sharing, dissemination and disposition of client and other sensitive information, providers of products and services, financial counterparties, financial data aggregators, financial intermediaries, such as clearing agents, exchanges and clearing houses, regulators, federal and state governments, providers of outsourced software, services and infrastructure, such as internet access, cloud service providers and electrical power, and retailers for whom we process transactions. Such third-party information systems extend beyond our security and control systems, and such third parties have varying levels of security and cybersecurity resources, expertise, safeguards, controls and capabilities. Threat actors may actively seek to exploit third-party security and cybersecurity weaknesses, and the relationships of our third parties with us may increase the risk that they are targeted by the same threats we face, and such third parties may be less prepared for such threats. Also, we are at risk from critical third-party information security and open-source or proprietary software defects and vulnerabilities. We must rely on our third parties to adequately detect and promptly report cybersecurity incidents. Their failure could adversely affect our ability to report or respond to cybersecurity incidents effectively or timely. Due to increasing consolidation, interdependence and complexity of financial entities and technology and information systems, a cybersecurity threat or incident, information or security breach or technology failure that significantly exposes, degrades, destroys, renders unavailable or compromises the information systems or information of one or more financial entities or third parties could adversely impact us and increase the risk of operational failure and loss, as disparate information systems need to be integrated, often on an accelerated basis. Similarly, any cybersecurity threat or incident, information or security breach or technology failure that significantly exposes, degrades, destroys, renders unavailable or compromises our information systems or information could adversely impact third parties and the critical infrastructure of the financial services industry, thereby creating additional risk for us. Cybersecurity incidents or information or security breaches could persist for an extended period of time prior to detection, and it often takes additional time to determine the scope, extent, amount and type of impact, including the information altered, destroyed, accessed or otherwise compromised, following which the measures to recover and restore to a business-as-usual state may be difficult to assess and require notification to our clients, government officials and regulators. We have spent and expect to continue to spend significant resources to modify and enhance our protective measures and our capabilities to respond and recover, investigate and remediate software and network defects and vulnerabilities, and defend against, detect and respond to cybersecurity threats and incidents, whether to us, third parties, the industry or businesses generally. While we and our third parties have experienced cybersecurity incidents, information and security breaches and technology failures, as well as adverse impacts from such events, including as described in this risk factor, we have not experienced material losses or other material consequences relating to cybersecurity incidents, information or security breaches or technology failures, whether directed at us or our third parties. However, we expect to continue to experience such events and impacts ourself and at our third parties with increased frequency and severity due to the evolving threat environment, and there can be no assurance that future cybersecurity incidents, information and security breaches and technology failures, including as a result of cybersecurity incidents, information and security breaches and technology failures experienced by our third parties, will not have a material adverse impact on us, including our businesses, results of operations and financial condition. Future cybersecurity incidents, information or security breaches or technology failures suffered by us or our third parties could result in disruption to our day-to-day business activities and an inability to effect transactions, execute trades, service our clients, safeguard information, manage our exposure to risk, expand our businesses, detect and prevent fraudulent or unauthorized transactions, including transactions impacting our clients, maintain information systems access and business operations and client services, in the U.S. and/or globally. Also, we could experience the loss of clients and business opportunities, the withdrawal of client deposits, the misappropriation, alteration or destruction of our or our third parties’ intellectual property or confidential information, the unauthorized access to or temporary or permanent loss or theft of information, including of our employees and clients, significant lost revenue, increased risk of fraudulent transactions, losses and claims brought by third parties, violations of applicable privacy, cybersecurity and other LRRs, litigation exposure, economic sanctions, enforcement actions, government fines, penalties or intervention and other negative consequences. Although we maintain cyber insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate. In the case of any cybersecurity incident, information or security breach or technology failure arising from third-party systems impacting us, any third-party indemnification may not be applicable or sufficient to address the impact of such cybersecurity incidents, information or security breaches or technology failures, including monetary losses of the Corporation. The occurrence of any of the events described above could adversely impact our businesses, results of operations, liquidity and financial condition, and cause reputational harm, whether such events are actual or perceived.

Cyber Security - Risk 2

A failure in or breach of our operations or information systems, or those of third parties or the financial services industry, could cause disruptions, adversely impact our businesses, results of operations and financial condition, and cause legal or reputational harm.

Operational risk exposure exists throughout our organization, including risks arising from our operations and information systems, which comprise the hardware, software, infrastructure, backup systems and other technology that we own or use to collect, process, maintain, use, share, transmit or dispose of information, including personal and/or confidential employee, client and third-party information, which are integral to the performance of our businesses. Our extensive interactions with, and reliance on, third parties and the financial services industry, including the processing and reporting of a large number of complex transactions at increasing speeds in many currencies and jurisdictions create additional operational risk to us. Our operations and information systems and components thereof, and those of our third parties, have been, and in the future will likely be, ineffective or fail to operate properly or become disabled or damaged as a result of a number of factors, including events that may be wholly or partially beyond our or such third party’s control. Such events have adversely affected, and in the future could adversely affect, physical site access of our operations, the safeguarding of information and our ability to process transactions, provide services to our clients and perform other operations, including reporting and decision-making. Short-term or prolonged disruptions to our or our third parties’ critical business operations and client services are possible, such as due to computer, telecommunications, network, utility, electronic or physical infrastructure outages, including from abuse or failure of our electronic trading and algorithmic platforms, significant unplanned increases in client transactions, fraudulent transactions, cyberattacks, aging information systems, newly introduced or identified vulnerabilities or defects in key hardware and software, failure of or defects in infrastructure or manual processes, technology project implementation challenges and supply chain disruptions. Operational disruptions and prolonged operational outages could also result from events arising from natural disasters, including acute and chronic weather events, such as wildfires, tornadoes, hurricanes and floods, some of which are happening with more frequency and severity, and earthquakes, as well as local or larger scale political or social matters, including civil unrest, terrorist acts and military conflict. We continue to have greater reliance on our and our third parties’ remote access tools and technology, and employees’ personal systems and increased data utilization and dependence upon our information systems to operate our businesses, including from evolving client preferences, which has led to increased reliance on digital banking and other digital services provided by our businesses. Effective management of our business continuity increasingly depends on the security, reliability and adequacy of such systems. We also rely on our employees, representatives and third parties in our day-to-day operations, who may, due to illness, unavailability, the emergence of widespread health emergencies or pandemics, human error, misconduct (including errors in judgment, malice, fraud or illegal activity), malfeasance or a failure, breach or misuse of information systems, cause disruptions to our organization and expose us to operational losses, regulatory risk and reputational harm. Our and our third parties’ inability to properly introduce, deploy and manage operational or technology changes and continuously alter, improve and automate processes and systems, including related controls, such as regarding internal financial and governance processes, existing products and services, and new product innovations and technology, could also result in additional operational, information security, reputational and regulatory risk, including from the use of artificial intelligence (AI), such as machine learning and generative AI. Regardless of the measures we have taken to implement training, procedures, controls, backup systems and other safeguards to support our operations and bolster our operational resilience, our ability to conduct business may be adversely affected by significant failures or disruptions to us or to third parties with whom we interact or upon whom we rely, including localized or systemic cyber events or other technology incidents that result in outages or unavailability of information systems, part or all of the internet, cloud services and/or the financial services industry infrastructure (including funds transfers, electronic trading and algorithmic platforms and critical banking activities), which could be exacerbated by the concentration of third-party service providers or third-party models, including AI, and result in systemic operational impact across the financial services industry or beyond. Our ability to implement backup systems and other safeguards with respect to third-party systems and the financial services industry infrastructure is more limited than with respect to our systems. Weakness in and/or the inability to simplify and improve our and our third parties’ processes or controls could impact our ability to deliver products or services to our clients and expose us to regulatory, reputational and operational risks. There can be no assurance that our resiliency, business continuity, technology change and information security response plans will effectively mitigate our operational risks. Any backup systems or manual processes may not process data accurately and/or as quickly or effectively as our primary systems, and some data might not be available or backed up. Also, the speed in which we are able to remediate any failure or disruption of our operations and/or information systems may vary across jurisdictions. We regularly update the operational processes and information systems we rely on to support our operations and growth, including as part of our efforts to comply with all applicable LRRs globally. This updating entails significant costs and creates risks associated with implementing new or modified operational processes and information systems and integrating them with existing information systems, including business interruptions, failures or ineffectiveness. Increasing reliance on our information systems and frequency of natural disasters heighten our risk of operational loss. Any failure or disruption of our or our third parties’ operations or information systems resulting in disruption to our critical business operations and client services, a failure to identify or effectively respond to operational risks timely and/or a failure to continue to deliver our services through an operational failure or disruption could impact the confidentiality, integrity or availability of data and information, and expose us to various risks, including market abuse, fraud, financial losses and other costs, misappropriation and corruption, loss of trust or confidence in us and/or the financial services industry, client attrition, regulatory (e.g., LRR compliance), market, privacy and liquidity risk, adversely impact our results of operations and financial condition and cause legal, regulatory or reputational harm.

Technology1 | 3.3%

Technology - Risk 1

Failure to properly manage data may adversely affect our ability to manage compliance risk and business needs, and result in errors in our operations, reporting and decision-making, and non-compliance with LRRs.

We rely on our ability to manage and process data accurately, timely and completely, including capturing, transporting, aggregating, using, transmitting data externally, and retaining and protecting data appropriately. While we continually update our policies, programs, processes and practices and take steps to leverage emerging technologies, such as automation, AI and robotics, our data management processes may not be effective and are subject to weaknesses and failures, including human error, data limitations, process delays, system failure or failed controls. Failure to effectively manage data accurately, timely and completely may adversely impact its quality and reliability and our ability to manage current and emerging risks, produce accurate financial, nonfinancial, regulatory, operational, environmental and social reporting, detect or surveil potential misconduct or non-compliance with LRRs, and to manage our business needs, strategic decision-making, resolution strategy and operations. The failure to establish and maintain effective, efficient and controlled data management could adversely impact our development of products and client relationships and increase operational losses and regulatory and reputational risk.

Ability to Sell

Total Risks: 2/30 (7%)Below Sector Average

Competition1 | 3.3%

Competition - Risk 1

We face significant and increasing competition in the financial services industry.

We operate in a highly competitive environment and experience intense competition from local and global bank and nonbank financial institutions and new entrants in domestic and foreign markets. There is increasing pressure to provide products and services on more attractive terms, including lower fees, lower cost investment strategies and higher interest rates on deposits, which may impact our ability to effectively compete. Also, we may be disadvantaged from more stringent regulatory requirements applicable to us than to nonbank financial institutions or other actual or perceived competitors. The growth of and mergers among traditional financial services companies have increased competition. Emerging technologies and the growth of e-commerce have lowered geographic and monetary barriers of other financial institutions, made it easier for non-depository institutions to offer traditional banking products and services and allowed non-traditional financial service providers and technology companies to compete with traditional financial service companies in providing electronic and internet-based financial solutions and services, including electronic securities trading with low or no fees and commissions, marketplace lending, financial data aggregation and payment processing services, including real-time payment platforms. Further, clients may choose to conduct business with other market participants who engage in business or offer products in areas we deem speculative or risky as an alternative to traditional products. Increased competition may reduce our market share, net interest margin and revenues from our fee-based products and services and negatively affect our earnings, including by pressuring us to lower pricing, requiring additional investment to improve the quality and delivery of our technology and/or affecting our clients’ willingness to do business with us.

Brand / Reputation1 | 3.3%

Brand / Reputation - Risk 1

Damage to our reputation could harm our businesses, including our competitive position and business prospects.

Our ability to attract and retain clients, investors and employees is impacted by our reputation. Harm to our reputation can arise from various sources, including actual or perceived activities of our officers, directors, employees, other representatives, clients and third parties, including counterparties, such as fraud, misconduct and unethical behavior, adequacy of our ability to detect, prevent and/or respond to fraud perpetrated against our clients, and the handling of related disputes regarding the use of our products and services, including electronic payments, effectiveness of our internal controls, the fees charged to our clients, including overdraft and non-sufficient funds fees, compensation practices, lending practices, suitability or reasonableness of particular trading or investment strategies, the services offered to our clients, the reliability of our research and models and prohibiting clients from engaging in certain transactions. Our reputation may also be harmed by actual or perceived failure to deliver the products, standards of service and quality expected by our clients and the community, including the overstatement or mislabeling of the environmental benefits of our products, services or transactions, the failure to protect our clients and/or recognize and address client complaints, compliance failures, technology changes, the implementation, management and use of emerging technologies, including AI, the failure to maintain effective data management, cybersecurity incidents and information and security breaches affecting us and our employees, clients and third parties, which have occurred and which we expect to continue to occur with increased frequency and severity, prolonged or repeated system outages, our privacy policies, the unintended disclosure of or failure to safeguard personal, proprietary or confidential information, the breach of our fiduciary obligations, employment practices and the handling of widespread health emergencies or pandemics. Our reputation may also be harmed by litigation and/or regulatory matters and their outcomes, and/or criticism or challenges by third parties, relating to the topics discussed above or otherwise. Challenges and criticisms to our environmental and social practices and disclosures, and those of our clients and third parties, including from third parties, who may have diverging views regarding those practices and disclosures, may also harm our reputation. Increases in market interest rates have resulted in increased focus on asset and liability management, including HTM and AFS securities and related unrealized losses. Perceptions of our liquidity and financial condition, actions by the financial services industry generally, or by certain members or individuals in the industry may harm our reputation. Adverse publicity or negative information posted on social media by employees, the media or otherwise, whether or not factually correct, may trigger a loss of trust or confidence on the part of clients, counterparties, shareholders, investors, debt holders, market analysts, other relevant parties or regulators, adversely impacting our business prospects and results of operations. We are subject to complex and evolving LRRs and interpretations, including regarding fair lending activity, UDAAP, electronic funds transfers, know-your-customer requirements, data protection and privacy (including the GDPR and the CCPA), cross-border data movement and data localization, cybersecurity, the use and development of AI, data and technology and other matters, as well as evolving and expansive interpretations of these LRRs. Principles concerning the appropriate scope of consumer and commercial privacy vary considerably across jurisdictions, and regulatory and public expectations regarding the definition and scope of consumer and commercial privacy and data protection remains fluid. These laws may be interpreted and applied by various jurisdictions inconsistent with our current or future practices, or with one another. If personal, confidential or proprietary information of clients in our possession, or in the possession of third parties or financial data aggregators, is mishandled, misused or mismanaged, or if we do not timely or adequately address such information, we may face regulatory, legal and operational risks, which could adversely affect our reputation, financial condition and results of operations. We could suffer reputational harm if we fail to properly identify and manage potential conflicts of interest, the management of which has become increasingly complex as we expand our business activities through more numerous transactions, obligations and interests with and among our clients. The actual or perceived failure to adequately address conflicts of interest could affect the willingness of clients to use our products and services, or result in litigation or enforcement actions, which could adversely affect our business. Our actual or perceived failure to address these and other issues, such as operational risks, could give rise to reputational risk that could harm us and our business prospects, including the attraction and retention of clients and employees, and give rise to additional regulatory restrictions, legal risks and reputational harm, which could, among other consequences, increase the size and number of litigation claims and damages asserted or subject us to enforcement actions, fines and penalties, and cause us to incur related costs and expenses.

Production

Total Risks: 1/30 (3%)Below Sector Average

Employment / Personnel1 | 3.3%

Employment / Personnel - Risk 1

Our ability to attract, develop and retain qualified employees is critical to our success, business prospects and competitive position.

Our performance and competitive position is heavily dependent on the talents, development and efforts of highly skilled individuals. Competition for qualified personnel is intense from within and outside the financial services industry. Our competitors include global institutions and institutions subject to different compensation and hiring regulations than those imposed on us. Also, our ability to attract, develop and retain employees could be impacted by our reputation, professional and development opportunities, changes in regulation or enforcement practices, changes in workforce concerns, expectations, practices and preferences (including remote work), and increasing labor shortages and competition for labor, which could increase labor costs. We must provide market-level compensation to attract and retain qualified personnel. As a large financial and banking institution, we are and may become subject to additional limitations on compensation practices by the Federal Reserve, the OCC, the FDIC and other global regulators, which may not affect our competitors. Also, because a substantial portion of compensation paid to many of our employees is equity-based awards based on the value of our common stock, declines in our profitability or outlook could adversely affect the ability to attract and retain employees. If we are unable to continue to attract, develop and retain qualified individuals, our business prospects and competitive position could be adversely affected.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing