Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

Popular disclosed 63 risk factors in its most recent earnings report. Popular reported the most risks in the “Finance & Corporate” category.

Risk Overview Q4, 2023

Risk Distribution

49% Finance & Corporate

21% Macro & Political

10% Legal & Regulatory

8% Production

6% Tech & Innovation

6% Ability to Sell

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2020

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

Popular Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q4, 2023

Main Risk Category

Finance & Corporate

With 31 Risks

Finance & Corporate

With 31 Risks

Number of Disclosed Risks

+47

From last report

S&P 500 Average: 31

+47

From last report

S&P 500 Average: 31

Recent Changes

47Risks added

0Risks removed

0Risks changed

Since Dec 2023

47Risks added

0Risks removed

0Risks changed

Since Dec 2023

Number of Risk Changed

No changes from last report

S&P 500 Average: 3

No changes from last report

S&P 500 Average: 3

See the risk highlights of Popular in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 63

Finance & Corporate

Total Risks: 31/63 (49%)Below Sector Average

Accounting & Financial Operations10 | 15.9%

Accounting & Financial Operations - Risk 1

Added

adversely impacted us in the past and may adverselyimpact us in the future.

adversely impacted us in the past and may adversely impact us in the future. We have been, and will continue to be, impacted by global and local economic and market conditions, including weakness in the economy, disruptions and volatility in the financial markets, inflation, monetary and fiscal policies, public policy, geopolitical conflicts, business and consumer sentiment and unemployment. A significant portion of our business is concentrated in Puerto Rico,which accounted for approximately 77% of our assets and 81% of our deposits as of December 31, 2023 and 78% of our revenues for the year ended December 31, 2023. As a result, our financial condition and results of operations are highly dependent on the general trends of the Puerto Rico economy and other conditions affecting Puerto Rico consumers and businesses. The concentration of our operations in Puerto Rico exposes us to greater risks than other banking companies with a wider geographic base. Puerto Rico has faced significant economic and fiscal challenges in the past, including a severe recession that began in 2007 and persisted for over a decade and an acute fiscal crisis that led the Puerto Rico government to file for a form of federal bankruptcy protection in 2017. Puerto Rico's fiscal and economic challenges have in the past adversely affected our customers,resulting in higher delinquencies, charge-offs and increased losses for us. While Puerto Rico's economy has been gradually recovering and the Puerto Rico government emerged from bankruptcy in 2022, Puerto Rico still faces economic and fiscal challenges. Moreover, Puerto Rico has historically received a significant amount of federal funds through non-recurring appropriations, particularly to cover costs associated with its health insurance program, and Puerto Rico's recent economic recovery has been partially driven by significant federal disaster relief and stimulus funding. Therefore, the Puerto Rico economy is highly susceptible to changes in federal public policy towards Puerto Rico. Public policy changes that result in a reduction of federal funding for Puerto Rico, or in delays in the receipt of such funding, could significantly impact Puerto Rico's economy. A weakening of the Puerto Rico economy or other adverse economic conditions affecting Puerto Rico consumers and businesses could result in decreased demand for our products or services, deterioration in the credit quality of our customers, higher delinquencies, charge-offs or increased losses, all of which could adversely affect our financial condition and results of operations. We are also exposed to risks related to the state of the local economies of the other markets in which we do business,such as New York and Florida, and to the state of the global and U.S. economy and financial markets. Global financial markets have recently experienced periods of extraordinary disruption and volatility, exacerbated by geopolitical conflicts, the U.S. debt-ceiling situation, high levels of inflation and rapid increases in interest rates. Inflationary pressures increased certain of our expenses (including our personnel expenses) and adversely affected consumer sentiment. Central bank responses to inflationary pressures led to higher market interest rates and, in turn, lower activity levels across U.S. and global financial markets. These circumstances resulted in, and could continue to result in, reductions in the value of our investments. If these conditions persist or worsen, our results of operations, financial position and liquidity could be materially and adversely affected.

Accounting & Financial Operations - Risk 2

Added

Changesininterestratesandcreditspreadscanadverselyimpactourfinancialcondition,includingourinvestment

Changes in interest rates and credit spreads can adversely impact our financial condition, including our investment

Accounting & Financial Operations - Risk 3

Added

income may decrease.

We rely primarily on bank deposits as a low cost and stable source of funding for our lending activities and the operation of our business. Therefore, our funding costs are largely dependent on our ability to maintain and grow our deposits. As our competitors have raised the interest rates they pay on deposits, our funding costs have increased, as we have needed to increase the rates we pay to our depositors to avoid losing deposits and to procure new ones. Rising interest rates have also led customers to move their funds to alternative investments that pay higher interest rates. Additionally, periods of market stress or lack of market or customer confidence in financial institutions may result in a loss of customer deposits, especially to the extent those deposits are in excess of the FDIC-insured limit of $250,000. As of December 31, 2023, we had $14.6 billion of deposits (other than collateralized public funds, which represent public deposit balances from governmental entities in the U.S. and its territories, including Puerto Rico and the United States Virgin Islands, that are collateralized based on such jurisdictions' applicable collateral requirements) in excess of the FDIC-insured limit. As deposits decrease, we may need to rely on more expensive sources of funding. Furthermore, we have a significant amount of deposits from the Puerto Rico government, its instrumentalities and municipalities ($18.1 billion, or approximately 28% of our total deposits, as of December 31, 2023), and the amount of these deposits may fluctuate depending on the financial condition and liquidity of these entities, as well as on our ability to maintain these customer relationships. Under the terms of BPPR's deposit pricing agreement with Puerto Rico public sector, public fund deposit rates are market linked with a lag minus a specified spread. Therefore, as market rates rise, we are required to sequentially increase the rates we pay our public deposits. If we are unable to maintain or grow our deposits for any reason, we may be subject to paying higher funding costs and our net interest income may decrease.

Accounting & Financial Operations - Risk 4

incorrect or differ materially from actual results.

In preparing our financial statements pursuant to U.S. GAAP, we are required to make estimates and assumptions that are often based on subjective and complex judgments about matters that are inherently uncertain. For example, we use estimates and assumptions to determine our allowance for credit losses, our liability for contingent litigation losses, and the fair value of certain of our assets and liabilities, such as debt securities, loans held for sale, MSRs, intangible assets and deferred tax assets. If such estimates or assumptions are incorrect or differ materially from actual results, we could experience unexpected losses or other adverse impacts, some of which could be significant. For further information of other risks faced by Popular please refer to the MD&A section of this Form 10-K.

Accounting & Financial Operations - Risk 5

We could experience unexpectedlosses if the estimatesor assumptions we usein preparing our financialstatements are

We could experience unexpected losses if the estimates or assumptions we use in preparing our financial statements are

Accounting & Financial Operations - Risk 6

condition and results of operations.

As of December 31, 2023, we had approximately $804 million, $1 billion and $102 million, respectively, of goodwill, net deferred tax assets and amortizable intangible assets, including capitalized software costs, recorded on our balance sheet. Under GAAP, goodwill is tested for impairment at least annually and amortizable intangible assets are tested for impairment when events or changes in circumstances indicate the carrying value may not be recoverable. Factors that may be considered a change in circumstances, indicating that the carrying value of the goodwill or amortizable intangible assets may not be recoverable, include a decline in Popular's stock price related to a deterioration in global or local economic conditions, declines in our market capitalization, reduced future earnings estimates, and interest rate changes. The goodwill impairment evaluation process requires us to make estimates and assumptions with regards to the fair value of our reporting units. Actual values may differ significantly from these estimates. Such differences could result in future impairment of goodwill that would, in turn, negatively impact our results of operations and the reporting unit where the goodwill is recorded. The determination of whether a deferred tax asset is realizable is based on weighting all available evidence. The realization of deferred tax assets, including carryforwards and deductible temporary differences, depends upon the existence of sufficient taxable income of the same character during the carryback or carryforward period. The analysis considers all sources of taxable income available to realize the deferred tax asset, including the future reversal of existing taxable temporary differences,future taxable income exclusive of reversing temporary differences and carryforwards, taxable income in prior carryback years and tax-planning strategies. Changes in these factors may affect the realizability of our deferred tax assets in our Puerto Rico and U.S. operations. If our goodwill, deferred tax assets or amortizable intangible assets become impaired, we may be required to record a significant charge to earnings, which could adversely affect our financial condition and results of operations.

Accounting & Financial Operations - Risk 7

An impairmentof ourgoodwill, deferredtax assetsor amortizableintangible assetscould adverselyaffect ourfinancial

An impairment of our goodwill, deferred tax assets or amortizable intangible assets could adversely affect our financial

Accounting & Financial Operations - Risk 8

Added

Ourbusinessesarehighlyregulated,andthelawsandregulationsthatapplytoushaveasignificantimpactonour

Our businesses are highly regulated, and the laws and regulations that apply to us have a significant impact on our

Accounting & Financial Operations - Risk 9

Added

As a holding company, we depend on dividends and distributions from oursubsidiaries for liquidity.

As a holding company, we depend on dividends and distributions from our subsidiaries for liquidity. As a bank holding company, we depend primarily on dividends from our banking and other operating subsidiaries to fund our cash needs, including to capitalize our subsidiaries. Our banking subsidiaries, BPPR and PB, are limited by law in their ability to make dividend payments and other distributions to us based on their earnings, dividend history, and capital position. Based on its current financial condition, PB may not declare or pay a dividend without the prior approval of the Federal Reserve Board and the NYSDFS. A failure by our banking subsidiaries to generate sufficient income and free cash flow to make dividend payments to us may affect our ability to fund our cash needs, which could have a negative impact on our financial condition, liquidity, results of operation or capital position. Such failure could also affect our ability to pay dividends to our stockholders and to repurchase shares of our common stock. We have in the past suspended dividend payments on our common stock and preferred stock during times of economic uncertainty, and there can be no assurance that we will be able to continue to declare dividends to our stockholders in any future periods. An impact on the tangible capital levels of our operating subsidiaries, could also limit the amount of capital we may upstream to the holding company. Tangible capital levels have in the past been, and may in the future be, adversely affected by the impact of rapidly rising interest rates on investment securities in our available-for-sale portfolio. For a discussion of risks related to changes in interest rates, see "Changes in interest rates and credit spreads can adversely impact our financial condition, including our investment portfolio, since a significant portion of our business involves borrowing and lending money, and investing in financial instruments" in Item 1A of this Form 10-K. We also depend on dividends from our banking and other operating subsidiaries to pay debt service on outstanding debt and to repay maturing debt. Our ability to declare such dividends would be subject to regulatory requirements and could require the prior approval of the Federal Reserve Board.

Accounting & Financial Operations - Risk 10

Added

We aresubject toregulatory capitaladequacy requirements, andif wefail tomeet theserequirements ourbusiness and

We are subject to regulatory capital adequacy requirements, and if we fail to meet these requirements our business and

Debt & Financing7 | 11.1%

Debt & Financing - Risk 1

Added

liquidity and business, including by raising thecost of our obligations or affecting our abilityto borrow.

liquidity and business, including by raising the cost of our obligations or affecting our ability to borrow. We must maintain adequate liquidity and funding sources to support our operations, fund customer deposit withdrawals,repay borrowings and debt, comply with our financial obligations, fund planned capital distributions and meet regulatory requirements. The Corporation's most significant source of funds are bank deposits, including customer deposits and brokered deposits. In addition to deposits, sources of liquidity include secured borrowing arrangements, such as those with the Federal Reserve Bank of New York and the Federal Home Loan Bank of New York ("FHLBNY"), unpledged securities from our investment portfolio, the capital markets and proceeds from loan sales or securitizations. Popular's liquidity and ability to fund and operate its business could be materially adversely affected by a variety of conditions and factors, some of which are out of Popular's control. For example, market events or disruptions, such as periods of market stress and low investor confidence in financial institutions could result in deposit withdrawals, especially to the extent those deposits are in excess of the FDIC-insured limit of $250,000. As of December 31, 2023, we had $14.6 billion of deposits (other than collateralized public funds, which represent public deposit balances from governmental entities in the U.S. and its territories,including Puerto Rico and the United States Virgin Islands, that are collateralized based on such jurisdictions' applicable collateral requirements) in excess of the FDIC-insured limit. We may also suffer outflows of customer deposits due to competition from other banks or alternative investments. In addition, in periods of stress, we may not be able to access existing funding sources, access the capital markets or to sell or securitize loans or other assets, or to access such sources or to sell or securitize assets on favorable terms. In addition, actions by the rating agencies could raise the cost of our borrowings, since lower rated securities are usually required by the market to pay higher rates than obligations of higher credit quality. Our credit ratings were reduced substantially in 2009 and, although one of the three major rating agencies upgraded our senior unsecured rating back to "investment grade" during 2021, the remaining two rating agencies have not upgraded their current "non-investment grade" rating. The market for non-investment grade securities is much smaller and less liquid than for investment grade securities. If we were to attempt to issue preferred stock or debt securities into the capital markets, it is possible that there would not be sufficient demand to complete a transaction or that the cost could be substantially higher than for more highly rated securities. If Popular is unable to access the capital markets on favorable terms, our liquidity may be adversely affected. Changes in our ratings and capital levels could affect our relationships with some creditors and limit our access to funding. For example, having negative tangible capital may impact our ability to access some sources of wholesale funding. The Federal Housing Finance Agency restricts the FHLBNY from lending to members of the FHLBNY with negative tangible capital unless the member's primary banking regulator makes a written request to the FHLBNY to maintain access to borrowings. Both BPPR and PB have secured borrowing facilities with the FHLBNY and had outstanding exposures of $2.5 billion and $1.7 billion respectively as of December 31, 2023. Losing access to the FHLBNY borrowing facilities could adversely impact liquidity at the banking subsidiaries. Additionally, if BPPR or PB cease to be well-capitalized, the FDIA and regulations adopted thereunder would restrict their ability to accept brokered deposits and limit the rate of interest payable on deposits. Our banking subsidiaries also have recourse obligations under certain agreements with third parties, including servicing and custodial agreements, that include ratings covenants. Upon failure to maintain the required credit ratings, the third parties could have the right to require us to engage a substitute fund custodian and increase collateral levels securing recourse obligations. Collateral pledged by us to secure recourse obligations approximated $27.1 million on December 31, 2023. While management expects that we would be able to meet any additional collateral requirements if and when needed, the requirements to post collateral under certain agreements or the loss of custodian funds could reduce our liquidity resources and impact our results of operations.

Debt & Financing - Risk 2

Added

confidence. Furthermore, actions by the rating agenciesor decreases in our capital levels may have adverseeffects on our

confidence. Furthermore, actions by the rating agencies or decreases in our capital levels may have adverse effects on our

Debt & Financing - Risk 3

Added

Weare subjectto liquidityrisks arisingfrom marketevents ordisruptions andinstances oflowinvestor anddepositor

We are subject to liquidity risks arising from market events or disruptions and instances of low investor and depositor

Debt & Financing - Risk 4

Added

Defective and repurchased loans may harm our businessand financial condition.

Defective and repurchased loans may harm our business and financial condition. In connection with the sale and securitization of mortgage loans, we are required to make a variety of customary representations and warranties regarding Popular and the loans being sold or securitized. Our obligations with respect to these representations and warranties are generally outstanding for the life of the loan, and they relate to, among other things, compliance with laws and regulations, underwriting standards, the accuracy of information in the loan documents and loan file and the characteristics and enforceability of the loan. A loan that does not comply with the secondary market's requirements may take longer to sell, impact our ability to securitize the loans or pledge the loans as collateral for borrowings, or be unsalable or salable only at a significant discount. Moreover, if any such loan is sold before we detect non-compliance, we may be obligated to repurchase the loan and bear any associated loss directly, or we may be obligated to indemnify the purchaser against any loss. We seek to minimize repurchases and losses from defective loans by correcting flaws, if possible, and selling or re-selling such loans. However, if we were to suffer significant losses from defective and repurchased loans, our results of operations and financial condition could be materially impacted.

Debt & Financing - Risk 5

Added

Deterioration in thevalues of realproperties securing our commercial, mortgageloan and construction portfolioshave in

Deterioration in the values of real properties securing our commercial, mortgage loan and construction portfolios have in

Debt & Financing - Risk 6

Added

the past resulted, and may in the future result,in increased credit losses and harm our resultsof operations.

the past resulted, and may in the future result, in increased credit losses and harm our results of operations. As of December 31, 2023, approximately 55% of our loan portfolio consisted of loans secured by real estate collateral (comprised of 30% in commercial loans, 22% in residential mortgage loans and 3% in construction loans). The value of the collateral securing such loans is dependent upon economic conditions in the area in which the collateral is located. Weakness in the economy of some of the markets we serve has in the past resulted in significant declines in the value of the real properties securing our loan portfolio, leading to increased credit losses. If the value of the real estate properties securing our loan portfolio declines again in the future, we may be required to increase our provisions for loan losses and allowance for loan losses. Any such increase could have an adverse effect on our financial condition and results of operations. For more information on the credit quality of our construction,commercial and mortgage portfolio, see the Credit Risk section of the MD&A included in this Form 10-K.

Debt & Financing - Risk 7

Added

We are exposed toincreased credit risks and credit lossesto the extent our clients areconcentrated by industry segment

We are exposed to increased credit risks and credit losses to the extent our clients are concentrated by industry segment

Corporate Activity and Growth14 | 22.2%

Corporate Activity and Growth - Risk 1

Added

Negativechangesinthefinancialconditionofourclientshaveadverselyimpactedusinthepastandmayadversely

Negative changes in the financial condition of our clients have adversely impacted us in the past and may adversely

Corporate Activity and Growth - Risk 2

Added

portfolio,sinceasignificantportionofourbusiness involvesborrowingandlendingmoney,andinvesting infinancial

portfolio, since a significant portion of our business involves borrowing and lending money, and investing in financial

Corporate Activity and Growth - Risk 3

Added

Weareexposedtocreditriskfrommortgageloansthathavebeensoldorarebeingservicedsubjecttorecourse

We are exposed to credit risk from mortgage loans that have been sold or are being serviced subject to recourse

Corporate Activity and Growth - Risk 4

Added

arrangements.

Popular is generally at risk for mortgage loan defaults from the time it funds a loan until the time the loan is sold or securitized into a mortgage-backed security. However, we have retained part of the credit risk on sales of mortgage loans through recourse arrangements, and we also service certain mortgage loan portfolios with recourse. At December 31, 2023, we were exposed to credit risk with respect to $0.6 billion in residential mortgage loans sold or serviced subject to credit recourse provisions,consisting principally of loans associated with the Fannie Mae and Freddie Mac programs. Pursuant to such recourse provisions, we are required to repurchase the loan or reimburse the third-party investor for the incurred loss in the event of a customer default. The maximum potential amount of future payments that we would be required to make under the recourse arrangements in the event of nonperformance by the borrowers is equivalent to the total outstanding balance of the residential mortgage loans serviced with recourse and interest, if applicable. In the event of nonperformance by the borrower, we have rights to the underlying collateral securing the mortgage loan. During 2023, we repurchased approximately $2 million in mortgage loans subject to credit recourse provisions. As of December 31, 2023, our liability established to cover the estimated credit loss exposure related to loans sold or serviced with credit recourse amounted to $4 million. We may suffer losses on these loans if the proceeds from a foreclosure sale of the property underlying a defaulted mortgage loan are less than the outstanding principal balance of the loan plus any uncollected interest advanced and the costs of holding and disposing of the related property.

Corporate Activity and Growth - Risk 5

Added

If we areunable to maintainor grow ourdeposits, we maybe subject topaying higher funding costsand our netinterest

If we are unable to maintain or grow our deposits, we may be subject to paying higher funding costs and our net interest

Corporate Activity and Growth - Risk 6

Added

consequences that could have a material adverseeffect on our financial condition and resultsof operations.

consequences that could have a material adverse effect on our financial condition and results of operations. A significant portion of our operations are located in the Caribbean and Florida, a region susceptible to hurricanes,earthquakes and other similar events. In 2017, Puerto Rico, USVI and BVI were severely impacted by Hurricanes Irma and María,which resulted in significant disruption to our operations and adversely affected our clients in these markets, and in 2022, Hurricane Fiona impacted the southwest area of Puerto Rico, adversely affecting our customers in that region. Other types of unforeseen or catastrophic events, including pandemics, epidemics, man-made disasters, or acts of violence or war, or the fear that such events could occur, could also adversely impact our operations and financial results. For example, in 2020, the COVID-19 pandemic severely impacted global health, financial markets, consumer spending and global economic conditions, and caused significant disruption to businesses worldwide, including our business and those of our customers, service providers and suppliers. Future unforeseen or catastrophic events, including new pandemic events, and actions taken by governmental authorities and other third parties in response to such events, could again adversely affect our operations, cause economic and market disruption, adversely impact the ability of borrowers to timely repay their loans, or affect the value of any collateral held by us, any of which could have a material adverse effect on our business, financial condition or results of operations. The frequency, severity and impact of future unforeseen or catastrophic events is difficult to predict. While we maintain insurance against natural disasters and other unforeseen events, including coverage for business interruption, the insurance may not be sufficient to cover all of the damage from any such event, and there is no insurance against the disruption that a catastrophic event could produce to the markets that we serve and the potential negative impact to economic activity.

Corporate Activity and Growth - Risk 7

Added

Werelyonothercompaniestoprovidekeycomponentsofourbusinessinfrastructure,includingcertainofourcore

We rely on other companies to provide key components of our business infrastructure, including certain of our core

Corporate Activity and Growth - Risk 8

Added

financialtransactionprocessingandinformationtechnologyandsecurityservices,whichexposesustoanumberof

financial transaction processing and information technology and security services, which exposes us to a number of

Corporate Activity and Growth - Risk 9

Potential acquisitions of businesses orloan portfolios could increase someof the risks thatwe face, and maybe delayed

Potential acquisitions of businesses or loan portfolios could increase some of the risks that we face, and may be delayed

Corporate Activity and Growth - Risk 10

Added

business and operations.

We are subject to extensive and evolving regulation under U.S. federal, state and Puerto Rico laws that govern almost all aspects of our operations and limit the businesses in which we may be engaged, including regulation, supervision and examination by federal, state and foreign banking authorities. These laws and regulations have expanded significantly over an extended period of time and are primarily intended for the protection of consumers, borrowers and depositors. Compliance with these laws and regulations has resulted, and will continue to result, in significant costs. Additional laws and regulations may be enacted or adopted in the future that could significantly affect our powers,authority and operations and which could have a material adverse effect on our financial condition and results of operations. In particular, we could be adversely impacted by changes in laws and regulations, or changes in the application, interpretation or enforcement of laws and regulations, that proscribe or institute more stringent restrictions on certain financial services activities or impose new requirements relating to the impact of business activities on ESG concerns, the management of risks associated with those concerns and the offering of products intended to achieve ESG-related objectives. In addition, new laws or regulations could require significant system and process changes that require systems upgrades and could limit our ability to meet adoption timeframes or pursue our innovation roadmap. If we do not appropriately comply with current or future laws or regulations, we may be subject to fines, penalties or judgements, or to material regulatory restrictions on our business, which could also materially and adversely affect our financial condition and results of operations. In 2023, the federal banking regulators proposed revisions to the U.S. capital rules and new long-term debt requirements for banking organizations with $100 billion or more in assets. If finalized as proposed, the revisions to the capital rules and the new long-term debt requirements are expected to generally increase capital requirements and expenses, including interest and noninterest expense, for large banking organizations. In addition, during 2023, the federal banking regulators indicated that they are considering revisions to liquidity requirements applicable to banking organizations with $100 billion or more in light of the failures of three large banks in March and May 2023. Any such revisions could require large banks to change the size and composition of their liquidity portfolios, which could have adverse effects on net interest income and net interest margin. The pending and anticipated proposals reflect a trend of increasingly stringent regulatory requirements for banking organizations with assets of $100 billion or more, relative to smaller banking organizations, as well as less differentiation in the requirements applicable among banking organizations with $100 billion or more in assets. Although Popular currently has less than $100 billion in assets, actual, anticipated or potential changes in regulatory requirements for banking organizations with at least $100 billion in assets could result in Popular deciding not to pursue growth opportunities that would result in its assets approaching or exceeding that threshold, or if Popular's assets do exceed that threshold, a need for Popular to increase its regulatory capital,issue substantial amounts of long-term debt or incur other significant expenses in order to satisfy applicable regulatory requirements. Our participation (or lack of participation) in certain governmental programs, such as the Paycheck Protection Program ("PPP") enacted in response to the COVID-19 pandemic, also exposes us to increased legal and regulatory risks. We have also been and could continue to be exposed to adverse action for the violation of applicable legal requirements or the improper conduct of our employees in connection with such loans. For example, on January 24, 2023, Popular Bank consented to the imposition of an order from the Federal Reserve Board requiring it to pay a $2.3 million civil money penalty to settle certain findings arising from Popular Bank's approval of six Payment Protection Program loans.

Corporate Activity and Growth - Risk 11

delays inexecuting our plansto implement thetransformation project, maymaterially and adverselyaffect our business,

delays in executing our plans to implement the transformation project, may materially and adversely affect our business,

Corporate Activity and Growth - Risk 12

achievethegoalsofthetransformationproject,theinabilitytomaintainprojectexpenseswithincurrentestimatesor

achieve the goals of the transformation project, the inability to maintain project expenses within current estimates or

Corporate Activity and Growth - Risk 13

Added

Theresolutionofpendinglitigationandregulatoryproceedings,ifunfavorable,couldhavematerialadversefinancial

The resolution of pending litigation and regulatory proceedings, if unfavorable, could have material adverse financial

Corporate Activity and Growth - Risk 14

Added

operationalandcompliancecostsandrisks.Ifwe,andoursubsidiaries,affiliatesorthird-partyserviceproviders,are

operational and compliance costs and risks. If we, and our subsidiaries, affiliates or third-party service providers, are

Macro & Political

Total Risks: 13/63 (21%)Above Sector Average

Economy & Political Environment6 | 9.5%

Economy & Political Environment - Risk 1

financial condition, results of operations, orcause reputational harm.

financial condition, results of operations, or cause reputational harm. The Corporation has embarked on a broad-based multi-year, technological and business process transformation. Our technology and business transformation will be a significant priority for the Corporation over the next two years and beyond. We expect the expenses tied to this transformation project, which will continue through at least 2025, to result in an enhanced digital experience for our clients, as well as better technology and more efficient processes for our employees. To execute the transformation project, we plan to expand our digital capabilities, modernize our technology foundation,and implement agile and efficient business processes across the entire company. We may not succeed in executing the transformation project, may fail to properly estimate cost of the same, or may experience delays in executing our plans, which may in turn cause the Corporation to incur costs exceeding our current estimates or disrupt our operations, including our technological services to our customers, or fall short of our projected earnings targets driven by these efforts. To the extent that these disruptions persist over time and/or recur, this could negatively impact our competitive position, require additional expenditures, and/or harm our relationships with our customers and thus may materially and adversely affect our business, financial condition, results of operations, or cause reputational harm.

Economy & Political Environment - Risk 2

Added

Weakness inthe economy,particularly inPuerto Rico,where asignificant portionof ourbusiness isconcentrated, has

Weakness in the economy, particularly in Puerto Rico, where a significant portion of our business is concentrated, has

Economy & Political Environment - Risk 3

Added

financial condition will be adversely affected.

Under regulatory capital adequacy requirements, and other regulatory requirements, Popular and our banking subsidiaries must meet requirements that include quantitative measures of assets, liabilities and certain off-balance sheet items, subject to qualitative judgments by regulators regarding components, risk weightings and other factors. If we fail to meet these minimum capital requirements and other regulatory requirements, our business and financial condition will be materially and adversely affected. If a financial holding company fails to maintain well-capitalized status under the regulatory framework, or is deemed not well managed under regulatory exam procedures, or if it experiences certain regulatory violations, its status as a financial holding company and its related eligibility for a streamlined review process for acquisition proposals, and its ability to offer certain financial products, may be compromised and its financial condition and results of operations could be adversely affected. The failure of any depository institution subsidiary of a financial holding company to maintain well-capitalized or well-managed status could have similar consequences. In addition, federal regulators have proposed revisions to increase capital requirements for banking organizations with $100 billion or more in assets. If adopted, such standards may in the future affect us. See "Our businesses are highly regulated, and the laws and regulations that apply to us have a significant impact on our business and operations" in the Legal and Regulatory Risks section of Item 1A in this Form 10-K.

Economy & Political Environment - Risk 4

Added

andregulations,wecouldbeexposedtofines,sanctionsandpenalties,andotherregulatoryactions,aswellas

and regulations, we could be exposed to fines, sanctions and penalties, and other regulatory actions, as well as

Economy & Political Environment - Risk 5

Added

found tohave failedto complywith applicableeconomic andtrade sanctionsprograms andanti-money launderinglaws

found to have failed to comply with applicable economic and trade sanctions programs and anti-money laundering laws

Economy & Political Environment - Risk 6

Added

Complying with economic and trade sanctions programsand anti-money laundering laws and regulationscan increase our

Complying with economic and trade sanctions programs and anti-money laundering laws and regulations can increase our

Natural and Human Disruptions7 | 11.1%

Natural and Human Disruptions - Risk 1

affecting our business, financial condition andresults of operations.

affecting our business, financial condition and results of operations. To compete effectively, we need to constantly enhance and modify our products and services and introduce new products and services to attract and retain clients or to match products and services offered by our competitors, including technology companies and other nonbank firms that are engaged in providing similar products and services. Although the Evertec Business Acquisition Transaction eliminated certain provisions of a previous Master Services Agreement with Evertec that required us to use Evertec exclusively to develop and implement new or enhanced products and services, and is expected to improve Popular's ability to manage and control the development of the customer channels supported by the assets acquired as part of the Evertec Business Acquisition Transaction (the "Acquired Assets"), Popular expects that it will continue to depend on Evertec's technology services to operate and control current products and services and to implement future products and services, making our success dependent on Evertec's ability to timely complete and introduce these enhancements and new products and services in a cost-effective manner. Our ability to enhance our customer channels is also dependent on Evertec timely delivering the core application programming interfaces ("Core APIs") that meet BPPR's requirements, which Evertec has committed to develop under the MSA. The Core APIs are necessary for BPPR to connect future enhancements to the Acquired Assets to existing Evertec core applications. Some of our competitors rely on financial services technology and outsourcing companies that are much larger than Evertec, serve a greater number of clients than Evertec, and may have better technological capabilities and product offerings than Evertec. Furthermore, financial services technology companies typically make capital investments to develop and modify their product and service offerings to facilitate their customers' compliance with the extensive and evolving regulatory and industry requirements, and in most cases such costs are borne by the technology provider. Because of our contractual relationship with Evertec, and because Popular is the sole customer of certain of Evertec's services and products, we have in the past borne the full cost of such developments and modifications and may be required to do so in the future, subject to the terms of the MSA. Moreover, the terms, speed, scalability, and functionality of certain of Evertec's technology services are not competitive when compared to offerings from its competitors. Evertec's failure to sufficiently invest in and upscale its technology and services infrastructure to meet the rapidly changing technology demands of our industry may result in us being unable to meet customer expectations and attract or retain customers. Furthermore, Evertec's strategy and investments may also be refocused away from Popular towards other strategic initiatives as a result of the Evertec Business Acquisition Transaction. Any such impact could, in turn, reduce Popular's revenues, place us in a competitive disadvantage and significantly affect our business, financial condition and results of operations. While the closing of the Evertec Business Acquisition Transaction narrowed the scope of services which we are dependent on Evertec to obtain and released us from exclusivity restrictions that limited our ability to engage other third-party providers of financial technology services, it also resulted in extensions of certain existing commercial agreements with Evertec and,as a result, have prolonged the duration of our exposure to the risks presented by Evertec's technological capabilities and its failures to enhance its products and services and otherwise meet evolving demands. We may also be exposed to heightened business risks in connection with our dependency on Evertec with respect to BPPR's merchant acquiring business, which exclusivity was extended until 2035, and with respect to the ATH Network, which commitment BPPR extended until 2030, in light of the pace of technology changes and competition in the payments industry.

Natural and Human Disruptions - Risk 2

Added

Evertec, will be lengthy and complex.

Switching from one vendor of core bank processing and related technology and security services to one or more new vendors is a complex process that carries business and financial risks. The implementation cycle for such a transition can be lengthy and require significant financial and management resources from us. Such a transition can also expose us, and our clients,to increased costs (including conversion costs), business disruption, as well as operational and cybersecurity risks. Upon the transition of all or a portion of existing services provided by Evertec to a new financial services technology provider, either (i) at the end of the term of the Second Amended and Restated Master Services Agreement (the "MSA") and related agreements or (ii) earlier upon the termination of any service for convenience under the MSA, these transition risks could result in an adverse effect on our business, financial condition and results of operations. Although Evertec has agreed to provide certain transition assistance to us in connection with the termination of the MSA, we are ultimately dependent on their ability to provide those services in a responsive and competent manner. Furthermore, we may require transition assistance from Evertec beyond the term of the MSA, delaying and lengthening any transition process away from Evertec while increasing related costs. Under the MSA, we are able to terminate services for convenience with 180 days' prior notice. We expect to exercise during the term of the MSA the right to terminate certain services for convenience and to transition such services to other service providers prior to the expiration of the MSA, subject to complying with the revenue minimums contemplated in the MSA and certain other conditions. In practice, in order to switch to a new provider for a particular service, we will have to commence procuring and working on a transition process for such service significantly in advance of its termination and, in any case, much earlier than the automatic renewal notice date or the expiration date of the MSA, and such process may extend beyond the current term of the MSA. Furthermore, if we are unsuccessful or decide not to complete the transition after expending significant funds and management resources, it could also result in an adverse effect on our business, financial condition and results of operations.

Natural and Human Disruptions - Risk 3

Added

Climate change could have a material adverseimpact on our business operations and thatof our clients and customers.

Climate change could have a material adverse impact on our business operations and that of our clients and customers. Our business and the activities and operations of our clients and customers may be disrupted by global climate change. Potential physical risks from climate change include the increase in the frequency and severity of weather events, such as storms and hurricanes, and long-term shifts in climate patterns, such as sustained higher and lower temperatures, sea level rise, heat waves and droughts, among others. Our geographic concentration in localities, including Puerto Rico, the U.S.V.I., B.V.I. and Florida, particularly susceptible to risks arising from climate change, including severe hurricanes and sea level rise, heighten the threat we face from climate change. Additionally, the impact of climate change in the markets that we operate and in other global markets may have the effect of increasing the costs or reducing the availability of insurance needed for our business operations. Climate change may also create transitional risks resulting from a shift to a low-carbon economy. These transition risks may include changes in the legal and regulatory landscape, technology, consumer sentiment and preferences, and market demands that seek to mitigate the effects of climate change. Changes in the legal and regulatory landscape may additionally increase our compliance costs. These climate-driven changes could have a material adverse impact on asset values and on our business and financial performance and those of our clients and customers.

Natural and Human Disruptions - Risk 4

Added

impact us in the future.

A significant portion of our business involves lending money, which exposes us to credit risk and risk of loss if borrowers do not repay their loans, leases, credit cards or other credit obligations. The performance of these credit portfolios significantly affects our financial condition and results of operations. We have in the past been adversely affected by negative changes in the financial condition of our clients due to weakness in the Puerto Rico and U.S. economy. If the current economic environment were to deteriorate, more customers may have difficulty in repaying their credit obligations, which may result in higher levels of credit losses and reserves for credit losses.

Natural and Human Disruptions - Risk 5

Added

could cause substantial harm and have an adverseeffect on our business and results of operations.

could cause substantial harm and have an adverse effect on our business and results of operations. Cybersecurity risks for large financial institutions such as Popular have increased significantly in recent years in part because of the proliferation of new technologies, such as mobile banking, artificial intelligence and the ability to conduct instant financial transactions anywhere globally, growing geo-political threats, such as the ongoing wars in Ukraine and in the Gaza Strip,and the increased sophistication and activities of organized crime, hackers, terrorists, nation-states, hacktivists and other parties. In the ordinary course of business, we rely on electronic communications and information systems to conduct our operations and to transmit and store sensitive data. We employ a layered defensive approach that employs people, processes and technology to manage and maintain cybersecurity controls through a variety of preventative and detective tools that monitor, block, and provide alerts regarding suspicious activity and identify suspected advanced persistent threats. Notwithstanding our defensive measures and the significant resources we devote to protect the security of our systems, there is no assurance that all of our security measures will be effective at all times, especially as the threats from cyber-attacks are continuous and severe. The risk of a security breach due to a cyber-attack could increase in the future as we continue to expand our mobile banking and other internet-based product offerings, the use of the cloud for system development and hosting and internal use of internet-based products and applications. We continue to detect and identify attacks that are becoming more sophisticated and increasing in volume, as well as attackers that respond rapidly to changes in defensive countermeasures. The most significant cyber-attack risks that we or our critical service providers may face include, but are not limited to, e-fraud, denial-of-service (DDoS), ransomware, computer intrusion and the exploitation of software zero-day vulnerabilities that might result in disruption of services and in the exposure or loss of customer or proprietary data. Loss from e-fraud occurs when cybercriminals compromise our systems or the systems of our customers and extract funds from customer's credit cards or bank accounts, including through brute force, password spraying and credential stuffing attacks directed at gaining unauthorized access to individual accounts. Denial-of-service attacks intentionally disrupt the ability of legitimate users, including customers and employees, to access networks, websites and online resources. Computer intrusion attempts either direct or through social engineering (pretext calls), supply chain compromise, email, text or voice messages, including using brand impersonation (regularly referred to as phishing, vishing, smishing and quishing), have resulted in and may continue to result in the compromise of sensitive customer data, such as account numbers, credit cards and social security numbers, and could present significant reputational, legal and regulatory costs to Popular if successful. The emergence of new technologies such as artificial intelligence and quantum computing are further expected to exacerbate the risk of cyber-attacks. Our customer-facing platforms are also routinely attacked by threat actors aiming to gain unauthorized access to our clients' accounts. Popular has recently implemented certain defensive measures in response to brute force attacks on one of our platforms which resulted in certain of our customers log-in credentials and information being exposed. As a result, Popular notified,as required or otherwise deemed appropriate, customers identified as affected by the incident. We have to date not experienced material losses in connection with these attacks. Cyber-security risks have also been recently exacerbated by the discovery of zero-day vulnerabilities in widely distributed third party software, such as the vulnerability identified in the Apache log4j in December 2021 and in the MOVEit file transfer application in May 2023, which could affect Popular's or any of its service provider's systems. The increased use of remote access and third-party video conferencing solutions to enable work-from-home arrangements for employees and facilitate the use of digital channels by our customers, has also increased our exposure to cyber-attacks. In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by Popular's customers or employees. Recent events, including the wars in Ukraine and the Gaza Strip,have also illustrated increased geo-political factors and the risks related to supply-chain compromises and de-stabilizing activities linked to nation-state sponsored activity as an increasing trend to monitor actively. Risks and exposures related to cyber security attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats,including the rise in the use of cyber-attacks as geopolitical weapons. Although we are regularly targeted by unauthorized threat-actor activity, including denial-of-service attacks, we have not, to date, experienced any material losses as a result of cyber-attacks. A material compromise or circumvention of the security of our systems could have serious negative consequences for us,including significant disruption of our operations and those of our clients, customers and counterparties, misappropriation of confidential information of us or that of our clients, customers, counterparties or employees, or damage to computers or systems used by us or by our clients, customers and counterparties, and could result in violations of applicable privacy and other laws,financial loss to us or to our customers, loss of confidence in our security measures, customer dissatisfaction, significant litigation exposure and harm to our reputation, all of which could have a material adverse effect on us. For example, if personal, non-public,confidential or proprietary information in our possession were to be mishandled, misused or stolen, we could suffer significant regulatory consequences, reputational damage and financial loss. Such mishandling, misuse or misappropriation could include, for example, if such information were provided to parties who are not permitted to have the information, either by fault of our systems,by our employees or counterparties, or where such information is intercepted or otherwise inappropriately taken by our employees or third parties. The extent of a particular cyber-attack and the steps that we may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed. While such an investigation is ongoing, Popular may not necessarily know the full extent of the harm caused by the cyber-attack, and that damage may continue to spread. These factors may inhibit our ability to provide rapid, full and reliable information about the cyber-attack to our clients, customers, counterparties and regulators, as well as the public. Moreover, new regulations may require us to disclose information about a cybersecurity event before it has been resolved or fully investigated. Furthermore, it may not be clear how best to contain and remediate the potential harm caused by the cyber-attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Cyber-attacks could cause interruptions in our operations and result in the incurrence of significant costs, including those related to forensic analysis and legal counsel, each of which may be required to ascertain the extent of any potential harm to our customers, or employees, or damage to our information systems and any legal or regulatory obligations that may result therefrom. Any cyber incidents could also result in, among other things, increased regulatory scrutiny and adverse regulatory or civil litigation consequences. For a discussion of the guidance and rules that federal banking regulators have released or proposed regarding cybersecurity and cyber risk management standards, see "Regulation and Supervision" in Part I, Item 1 - Business, included in the Form 10-K for the year ended December 31, 2023. Any or all of the foregoing factors could further increase the impact of the incident and thereby the costs and consequences of a cyber-attack. We also rely on third parties for the performance of a significant portion of our information technology functions and the provision of information security, technology and business process services. As a result, a successful compromise or circumvention of the security of the systems of these third-party service providers could have serious negative consequences for us, including compromise of our systems, misappropriation of our confidential information or that of our clients, customers, counterparties or employees, or other negative implications identified above with respect to a cyber-attack on our systems, which could have a material adverse effect on us. Cyber-attacks at third-party service providers are also becoming increasingly common, and, as a result, cybersecurity risks relating to our vendors have increased. The most important of these third-party service providers for us is Evertec. Certain risks particular to Evertec and our dependence on third parties are discussed under "We rely on other companies to provide key components of our business infrastructure, including certain of our core financial transaction processing and information technology and security services, which exposes us to a number of operational risks that could have a material adverse effect on us" in the Operational Risks section of Item 1A in this Form 10-K. During 2021, we determined that, as a result of the widely reported breach of Accellion, Inc.'s File Transfer Appliance tool, which was being used at the time of such breach by a U.S.-based third-party advisory services vendor of Popular, personal information of certain Popular customers was compromised. During 2023,personal information of Popular customer data was compromised in a data breach incident that impacted MOVEit, the third-party file transfer platform used by one of our services providers. In both instances, Popular notified, as required or otherwise deemed appropriate, customers identified as affected by the incident. Although these incidents did not have a material effect on Popular or its financial condition, our networks and systems were not impacted, and our third-party service providers agreed to cover external remediation costs associated therewith, a compromise of the personal information of our customers maintained by third party vendors could result in significant regulatory consequences, reputational damage and financial loss to us.The success of our business depends in part on the continuing ability of these (and other) third parties to perform these functions and services in a timely and satisfactory manner, which performance could be disrupted or otherwise adversely affected due to failures or other information security events originating at the third parties or at the third parties' suppliers or vendors (so-called "fourth party risk"). We may not be able to effectively directly monitor or mitigate fourth-party risk, in particular as it relates to the use of common suppliers or vendors by the third parties that perform functions and services for us. As cyber threats continue to evolve, we expect to expend significant additional resources to continue to modify or enhance our layers of defense or to investigate and remediate additional information security vulnerabilities or incidents. System enhancements and updates also create risks associated with implementing new systems and integrating them with existing ones,including risks associated with supply chain compromises and the software development lifecycle of the systems used by us and our service providers. Due to the complexity and interconnectedness of information technology systems, the process of enhancing our layers of defense can itself create a risk of systems disruptions and security issues. In addition, addressing certain information security vulnerabilities, such as hardware-based vulnerabilities, may affect the performance of our information technology systems. The ability of our hardware and software providers to deliver patches and updates to mitigate vulnerabilities in a timely manner can introduce additional risks, particularly when a vulnerability is being actively exploited by threat actors. Moreover, our efforts to timely mitigate vulnerabilities and manage such risks, given the rise in number and urgency of required patches and third-party software,including "zero-day vulnerabilities", as well as the obsolescence in some of our hardware and software, may impact our day-to-day operations, the availability of our systems and delay the deployment of technology enhancements and innovation. The obsolescence in any of our hardware or software may limit our ability to mitigate vulnerabilities. If Popular's operational systems, or those of external parties on which Popular's businesses depend, are unable to meet the requirements of our businesses and operations or bank regulatory standards, or if they fail, have other significant shortcomings or are impacted by cyber-attacks, Popular could be materially and adversely affected.

Natural and Human Disruptions - Risk 6

Added

Unforeseen orcatastrophic events,includingextreme weatherevents andother naturaldisasters, man-madedisasters,

Unforeseen or catastrophic events, including extreme weather events and other natural disasters, man-made disasters,

Natural and Human Disruptions - Risk 7

Added

acts of violence orwar, or theemergence of pandemics or epidemics, couldcause a disruption in ouroperations or other

acts of violence or war, or the emergence of pandemics or epidemics, could cause a disruption in our operations or other

Legal & Regulatory

Total Risks: 6/63 (10%)Below Sector Average

Regulation4 | 6.3%

Regulation - Risk 1

Added

from departments and agencies of the U.S. and Puerto Ricogovernments, including those that investigate compliancewith

from departments and agencies of the U.S. and Puerto Rico governments, including those that investigate compliance with

Regulation - Risk 2

Added

U.S. sanctions and consumer protection laws and regulations, which mayexpose us to significant penalties and collateral

U.S. sanctions and consumer protection laws and regulations, which may expose us to significant penalties and collateral

Regulation - Risk 3

Added

consequences, and could result in higher compliancecosts or restrictions on our operations.

consequences, and could result in higher compliance costs or restrictions on our operations. We from time-to-time self-report compliance matters to, or receive requests for information from, departments and agencies of the U.S. and Puerto Rico governments, including with respect to compliance with consumer protection laws and regulations. For example, BPPR has in the past received requests for information, such as subpoenas and civil investigative demands from U.S. government regulators, including concerning add-ons on consumer products, real estate appraisals and residential and construction loans in Puerto Rico. BPPR has also self-identified and reported to applicable regulators compliance matters related to U.S. sanctions, as well as mortgage, credit reporting and other consumer lending practices. Incidents of this nature and investigations or examinations by governmental authorities have resulted in the past, and may in the future result, in judgments, settlements, fines, enforcement actions, penalties or other sanctions adverse to the Corporation,which could materially and adversely affect the Corporation's business, financial condition or results of operations, or cause serious reputational harm. Any such settlements or orders that we enter into, or that regulatory authorities impose on us could require enhancements to our procedures and controls and entail significant operational and compliance costs. Furthermore, issues or delays in satisfying the requirements of a regulatory settlement or action on a timely basis could result in additional penalties and enforcement actions, which could be significant. In connection with the resolution of regulatory proceedings, enforcement authorities may seek admissions of wrongdoing and, in some cases, criminal pleas, which could lead to increased exposure to private litigation,loss of clients or customers, and restrictions on offering certain products or services. In addition, responding to information-gathering requests, investigations and other regulatory proceedings, regardless of the ultimate outcome of the matter, could be time-consuming, expensive and divert management attention from our business. Financial services institutions such as Popular have been subject to heightened expectations and regulatory scrutiny in recent years. Our regulators' oversight is not limited to banking and financial services laws but extends to other significant laws such as those related to anti money laundering, anti-bribery and anti-corruption laws. Further, regulators in the performance of their supervisory and enforcement duties, have significant discretion and power to prevent or remedy what they deem to be unsafe and unsound practices or violations of laws by banks and bank holding companies. Therefore, the outcome of any investigative or enforcement action, which may take years and be material to Popular, may be difficult to predict or estimate.

Regulation - Risk 4

or prohibited due to regulatory constraints.

To the extent permitted by our applicable regulators, we may pursue strategic acquisition opportunities. Acquiring other businesses, however, involves various risks, including potential exposure to unknown or contingent liabilities of the target company,exposure to potential asset quality issues of the target company, potential disruption to our business, the possible loss of key employees and customers of the target company, and difficulty in estimating the value of the target company. If we pay a premium over book or market value in connection with an acquisition, some dilution of our tangible book value and net income per common share may occur in connection with any future transaction. Furthermore, failure to realize the expected revenue increases, cost savings, increases in geographic or product presence, or other projected benefits from an acquisition could have a material adverse effect on our business, financial condition and results of operations. Similarly, acquiring loan portfolios involves various risks. When acquiring loan portfolios, management makes assumptions and judgments about the collectability of the loans, including the creditworthiness of borrowers and the value of the real estate and other assets serving as collateral for the repayment of secured loans. In estimating the extent of the losses, we analyze the loan portfolio based on historical loss experience, volume and classification of loans, volume and trends in delinquencies and nonaccruals, local economic conditions, and other pertinent information. If our assumptions are incorrect,however, our actual losses could be higher than estimated and increased loss reserves may be required, which would negatively affect our results of operations. Finally, certain acquisitions by financial institutions, including us, are subject to approval by a variety of federal and state regulatory agencies. Regulatory approvals could be delayed, impeded, restrictively conditioned or denied. We may fail to pursue,evaluate or complete strategic and competitively significant acquisition opportunities as a result of our inability, or perceived or anticipated inability, to obtain regulatory approvals in a timely manner, under reasonable conditions or at all. Difficulties associated with potential acquisitions that may result from these factors could have a material adverse effect on our business, financial condition and results of operations.

Litigation & Legal Liabilities2 | 3.2%

Litigation & Legal Liabilities - Risk 1

Added

Weare fromtime totime subjectto informationrequests, investigationsand otherregulatory enforcementproceedings

We are from time to time subject to information requests, investigations and other regulatory enforcement proceedings

Litigation & Legal Liabilities - Risk 2

Added

governmental investigations.

As a federally regulated financial institution, we must comply with regulations and economic and trade sanctions and embargo programs administered by the Office of Foreign Assets Control ("OFAC") of the U.S. Treasury, as well as anti-money laundering laws and regulations, including those under the Bank Secrecy Act. Economic and trade sanctions regulations and programs administered by OFAC prohibit U.S.-based entities from entering into or facilitating unlicensed transactions with, for the benefit of, or in some cases involving the property and property interests of,persons, governments or countries designated by the U.S. government under one or more sanctions regimes, and also prohibit transactions that provide a benefit that is received in a country designated under one or more sanctions regimes. We are also subject to a variety of reporting and other requirements under the Bank Secrecy Act, including the requirement to file suspicious activity and currency transaction reports, that are designed to assist in the detection and prevention of money laundering, terrorist financing and other criminal activities. In addition, as a financial institution we are required to, among other things, identify our customers, adopt formal and comprehensive anti-money laundering programs, scrutinize or altogether prohibit certain transactions of special concern, and be prepared to respond to inquiries from U.S. law enforcement agencies concerning our customers and their transactions. Failure by the Corporation, its subsidiaries, affiliates or third-party service providers to comply with these laws and regulations could have serious legal and reputational consequences for the Corporation, including the possibility of regulatory enforcement or other legal action, including significant civil and criminal penalties. We also incur higher costs and face greater compliance risks in structuring and operating our businesses to comply with these requirements. The markets in which we operate heighten these costs and risks. We have established risk-based policies and procedures and employed software designed to assist us and our personnel in complying with these applicable laws and regulations. Even if the appropriate controls are in place, there can be no assurance that our policies and procedures will prevent us from blocking and rejecting all applicable transactions of our customers or our customers' customers that may involve a sanctioned person, government or country. Any failure to detect and prevent any such transaction could result in a violation of applicable laws and regulations and adversely affect our reputation, business, financial condition and results of operations. From time to time we have identified and voluntarily self-disclosed to OFAC transactions that were not timely identified,blocked or rejected by our policies, controls and procedures for screening transactions that might violate the regulations and economic and trade sanctions programs administered by OFAC. For example, during the second quarter of 2022, BPPR entered into a settlement agreement with OFAC with respect to certain transactions processed on behalf of two employees of the Government of Venezuela, in apparent violation of U.S. sanctions against Venezuela. Popular agreed to pay approximately $256,000 to settle the apparent violations, which had been self-disclosed to OFAC. There can be no assurances that any failure to comply with U.S. sanctions and embargoes, or with anti-money laundering laws and regulations, will not result in material fines,sanctions or other penalties being imposed on us. Furthermore, if the policies, controls, and procedures of one of the Corporation's third-party service providers, together with our third-party oversight of such providers, do not prevent it from violating applicable laws and regulations in transactions in which it engages, such violations could adversely affect its ability to provide services to us.

Production

Total Risks: 5/63 (8%)Below Sector Average

Manufacturing2 | 3.2%

Manufacturing - Risk 1

Added

operational risks that could have a materialadverse effect on us.

operational risks that could have a material adverse effect on us. Third parties provide key components of our business operations, such as data processing, information security, recording and monitoring transactions, online banking interfaces and services, Internet connections and network access. The most important of these third-party service providers for us is Evertec. Although the Evertec Business Acquisition Transaction narrowed the scope of services which we are dependent on Evertec to obtain and released us from exclusivity restrictions that limited our ability to engage other third-party providers of financial technology services, we are still dependent on Evertec for the provision of essential services to our business, including certain of our core financial transaction processing and information technology and security services. As a result, we are particularly exposed to the operational risks of Evertec, including those relating to a breakdown or failure of Evertec's systems or internal controls environment. Over the course of our relationship with Evertec, we have experienced interruptions and delays in key services provided by Evertec, as well as cyber events, as a result of system breakdowns,misconfigurations, human error, application obsolescence and dependency on shared infrastructure components, which have in certain cases also led to exposure of BPPR customer information. Our ability to cure legacy obsolescence in the hardware and software we procure from Evertec, as well as to effect the segregation of our shared infrastructure, is expected to be lengthy and complex, which exacerbates our exposure to resulting operational, including cybersecurity, risks. See "The transition to new financial services technology providers, and the replacement of services currently provided to us by Evertec, will be lengthy and complex" in the Operational Risks section of Item 1A in this Form 10-K below. While we select third-party vendors carefully and have increased our oversight of these relationships, we do not control the actions of our vendors. Any problems caused by these vendors, including those resulting from disruptions in the services provided, vulnerabilities in or breaches of the vendor's systems, failure of the vendor to handle current or higher volumes, failure of the vendor to provide services for any reason or poor performance of services, or failure of the vendor to notify us of a reportable event in a timely manner, could adversely affect our ability to deliver products and services to our customers and otherwise conduct our business, result in potential liability to clients and customers, result in the imposition of fines, penalties or judgments by our regulators, lead to exposure of BPPR customer information or harm to our reputation, any of which could materially and adversely affect us. The inability of our third-party service providers to timely address evolving cybersecurity threats may further exacerbate these risks. Financial or operational difficulties of a third-party vendor could also hurt our operations if those difficulties interfere with the vendor's ability to serve us. Replacing these third-party vendors, when possible, could also create significant delay and expense. Accordingly, the use of third parties creates an unavoidable inherent risk to our business operations.

Manufacturing - Risk 2

Added

instruments.

Our business and financial performance are impacted by market interest rates and movements in those rates. Since a high percentage of our assets and liabilities are interest bearing or otherwise sensitive in value to changes in interest rates, changes in interest rates, in the shape of the yield curve or in spreads between different types of rates, have had and could in the future have a material impact on our results of operations and the values of our assets and liabilities, including our investment portfolio. Interest rates are highly sensitive to many factors over which we have no control and which we may not be able to anticipate adequately,including general economic conditions and the monetary and tax policies of various governmental bodies, particularly the Federal Reserve Board. Increasing levels of inflation, driven by pent-up demand and supply-chain disruptions caused by the COVID-19 pandemic and the war in Ukraine, led the Federal Market Committee of the Federal Reserve Board (the "FOMC") to execute a series of sharp benchmark interest rate increases beginning in the first quarter of 2022. While the FOMC has indicated that it may conclude its interest rate hike cycle, the amount and pace of any reduction in interest rates remains uncertain. Higher interest rates could lead to fewer originations of commercial and residential real estate loans, loss of deposits, a misalignment in the pricing of short-term and long-term borrowings, less liquidity in the financial markets and higher funding costs. Furthermore, higher interest rates could negatively affect the payment performance on loans linked to variable interest rates to the extent borrowers are unable to afford higher interest payments, which could result in higher delinquencies. Inflationary pressure arising from increases in interest rates may also affect borrowers' financial condition and their ability to pay their debts when due. Additionally, if the interest rates we pay on our deposits and other borrowings were to increase at a faster rate than the interest rates we receive on loans and other investments, our net interest income, and, therefore, our earnings, could be adversely affected. All of these outcomes could adversely affect our earnings, liquidity and capital levels. The rapid rise in interest rates in 2022 resulted in approximately $2.5 billion in unrealized mark-to-market losses on available-for-sale securities held in our investment securities portfolio. In October 2022, we transferred U.S. Treasury securities with a fair value of approximately $6.5 billion (par value of $7.4 billion), and with accumulated unrealized losses of $873 million, from our available-for-sale portfolio to our held-to-maturity portfolio. While the size of our unrealized mark-to-market losses on available-for-sale securities had been reduced to $1.4 billion as of December 31, 2023, if interest rates were to again rise rapidly or for a prolonged period, we may accumulate significant additional mark-to-market losses on investment securities in our available-for-sale portfolio, which may adversely affect our tangible capital and impact our ability to return capital to our stockholders. For a discussion of the Corporation's interest rate sensitivity, please refer to the "Risk Management" section of the MD&A in this Form 10-K.

Employment / Personnel1 | 1.6%

Employment / Personnel - Risk 1

The ability to attract and retain qualified employeesis critical to our success.

The ability to attract and retain qualified employees is critical to our success. Our success depends, in large part, on our ability to attract and retain qualified employees. Competition for qualified candidates is intense and has increased recently as a result of a tighter labor market. Increased competition may lead to difficulties in attracting or retaining qualified employees, which may, in turn, lead to significant challenges in the execution of our business strategies and have an adverse effect on the quality of the service we provide to the customers and communities we serve. Such challenges could adversely affect our business, operations and financial condition. In addition, increased competition may lead to higher compensation packages and more flexible work arrangements. We may also be required to hire employees outside of our market areas for certain positions that require specific expertise, which could result in employment and tax compliance-related expenses, challenges and risks. In addition, flexible work arrangements, such as remote or hybrid work models, have led to other workplace challenges, including fewer opportunities for face-to-face interactions or to promote a cohesive corporate culture and heightened cybersecurity, information security and other operational risks. Our ability to attract and retain qualified employees is also impacted by regulatory limitations on our compensation practices, such as clawback requirements of incentive compensation, which may not affect other institutions with which we compete for talent. The scope and content of regulators' policies on executive compensation continue to develop and are likely to continue evolving. Such policies and limitations on our compensation practices could adversely affect our ability to attract, retain and motivate talented senior leaders in support of our long-term strategy.

Costs2 | 3.2%

Costs - Risk 1

Added

Increases in FDIC insurance premiums mayhave a material adverse effect on our earnings.

Increases in FDIC insurance premiums may have a material adverse effect on our earnings. Substantially all the deposits of BPPR and PB are subject to insurance up to applicable limits by the FDIC's deposit insurance fund ("DIF") and, as a result, BPPR and PB are subject to FDIC deposit insurance assessments. On October 18, 2022,the FDIC finalized a rule that increased initial base deposit insurance assessment rates by 2 basis points, beginning with the first quarterly assessment period of 2023. In addition, in November 2023, the FDIC finalized a rule that imposes a special assessment to recover the costs to the DIF resulting from the FDIC's use, in March 2023, of the systemic risk exception to the least-cost resolution test under the FDIA in connection with the receiverships of Silicon Valley Bank and Signature Bank. The exact amount of this assessment will be determined when the FDIC terminates the related receiverships considered in the final rule. Accordingly, the final special assessment amount and collection period may change as the estimated cost is periodically adjusted or if the total amount collected varies. We are generally unable to control the amount of premiums or additional assessments that we are required to pay for FDIC insurance. If there are additional bank or financial institution failures, our level of non-performing assets increases, or our risk profile changes or our capital position is impaired, we may be required to pay even higher FDIC premiums. Any future additional increases in FDIC premiums, assessment rates or special assessments may materially adversely affect our results of operations. See the "Supervision and Regulation-FDIC Insurance" discussion in Item 1. Business of this Form 10-K for additional information related to the FDIC's deposit insurance assessments applicable to BPPR and PB.

Costs - Risk 2

products andservices ina timelyand cost-effectivemanner,placing usat acompetitive disadvantageand significantly

products and services in a timely and cost-effective manner, placing us at a competitive disadvantage and significantly

Tech & Innovation

Total Risks: 4/63 (6%)Below Sector Average

Innovation / R&D2 | 3.2%

Innovation / R&D - Risk 1

Wehaveembarkedonabroad-basedmulti-year,technologicalandbusinessprocesstransformation.Thefailureto

We have embarked on a broad-based multi-year, technological and business process transformation. The failure to

Innovation / R&D - Risk 2

If we are unable tomeet constant technological changes and react quickly tomeet new industry standards, including as a

If we are unable to meet constant technological changes and react quickly to meet new industry standards, including as a

Cyber Security1 | 1.6%

Cyber Security - Risk 1

Added

Weand ourthird-party providershave been,and expectin thefuture tocontinue tobe, subjectto cyber-attacks,which

We and our third-party providers have been, and expect in the future to continue to be, subject to cyber-attacks, which

Technology1 | 1.6%

Technology - Risk 1

Added

The transition to new financial services technology providers, and the replacement of services currently provided tous by

The transition to new financial services technology providers, and the replacement of services currently provided to us by

Ability to Sell

Total Risks: 4/63 (6%)Below Sector Average

Competition1 | 1.6%

Competition - Risk 1

We face significant and increasing competition in therapidly evolving financial services industry.

We face significant and increasing competition in the rapidly evolving financial services industry. We operate in a highly competitive environment, in which we compete on the basis of a number of factors,including customer service, quality and variety of products and services, price, interest rates on loans and deposits, innovation,technology, ease of use, reputation, and transaction execution. While our main competition continues to come from other Puerto Rico banks and financial institutions, we face increased competition from non-Puerto Rico institutions as emerging technologies and the growth of e-commerce have significantly reduced geographic barriers. These technologies have also made it easier for non-depositary institutions to offer products and services that traditionally were banking products and allowed non-traditional financial service providers and technology companies to provide electronic and internet-based financial solutions and services. Increased competition could create pressure to lower prices, fees, commissions or credit standards on our products and services, which could adversely affect our financial condition and results of operations. Increased competition could also create pressure to raise interest rates on deposits, which could also impact our financial condition and results of operations.

Sales & Marketing2 | 3.2%

Sales & Marketing - Risk 1

resultof ourcontinued dependenceonEvertec, wemaybe unabletoenhance ourcurrent servicesand introducenew

result of our continued dependence on Evertec, we may be unable to enhance our current services and introduce new

Sales & Marketing - Risk 2

Added

or type of client.

Our credit risk and credit losses can increase to the extent our loans are concentrated in borrowers engaged in the same or similar activities or in borrowers who as a group may be uniquely or disproportionately affected by certain economic or market conditions. We have significant exposure to borrowers in certain economic sectors, such as residential and commercial real estate,hospitality and healthcare. Challenging economic or market conditions that affect the industries or types of clients to which we have significant exposure could result in higher credit losses and adversely affect our financial condition and results of operations. We also have direct lending and investment exposure to Puerto Rico government entities, which have faced significant fiscal challenges. At December 31, 2023, our exposure to the Puerto Rico government consisted of $362 million in direct lending exposure to Puerto Rico municipalities and $238 million in loans insured or securities issued by Puerto Rico governmental entities but for which the principal source of repayment is non-governmental. We also have indirect lending exposure to the Puerto Rico government in the form of loans to private borrowers who are service providers, lessors, suppliers or have other relationships with the Puerto Rico government. While the overall fiscal situation of the Puerto Rico government has improved in recent years, including as result of the government and certain of its instrumentalities having restructured their debt obligations, some Puerto Rico government entities, including certain municipalities, still face significant fiscal challenges. A deterioration in the fiscal situation of the Puerto Rico government and its instrumentalities, and in particular in the fiscal situation of the Puerto Rico municipalities to which we have direct lending exposure, could result in higher credit losses and reserves for credit losses. For a discussion of risks related to the Corporation's credit exposure to the Puerto Rico and USVI governments, see the Geographic and Government Risk section in the MD&A section of this Form 10-K.

Brand / Reputation1 | 1.6%

Brand / Reputation - Risk 1

Added

effects or cause significant reputational harm tous, which, in turn, could seriously harmour business prospects.

effects or cause significant reputational harm to us, which, in turn, could seriously harm our business prospects. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remains high. Substantial legal liability or significant regulatory action against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. For further information relating to our legal risk, see Note 24 - "Commitments & Contingencies", to the Consolidated Financial Statements in this Form 10-K.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing