First Busey (BUSE) Risk Analysis

Many aspects of our business and operations involve the risk of legal liability, and in some cases we or our subsidiaries have been named or threatened to be named as defendants in various lawsuits arising from our business activities. In addition, companies in our industry are frequently the subject of governmental and self-regulatory agency information-gathering requests, reviews, investigations, and proceedings. The results of such proceedings could lead to significant civil or criminal penalties, including monetary penalties, damages, adverse judgments, settlements, fines, injunctions, restrictions on the way in which we conduct our business, or reputational harm. Although we establish accruals for legal proceedings when information related to the loss contingencies represented by those matters indicates both that a loss is probable and that the amount of loss can be reasonably estimated, we do not have accruals for all legal proceedings where we face a risk of loss. In addition, due to the inherent subjectivity of the assessments and unpredictability of the outcome of legal proceedings, amounts accrued may not represent the ultimate loss to us from the legal proceedings in question. Accordingly, our ultimate losses may be higher, and possibly significantly so, than the amounts accrued for legal loss contingencies, which could adversely affect our financial condition and results of operations. See "Note 16. Outstanding Commitments and Contingent Liabilities" in the Notes to the Consolidated Financial Statements for information regarding an inquiry from the ISOS, pursuant to which the ISOS asked for additional information regarding certain of our franchise tax filings and the calculation of amounts due thereunder.

Although Busey devotes significant resources to maintain and regularly upgrade systems and processes designed to protect the security of its computer systems, software, networks, and other technology assets, these measures do not provide absolute security for the Company's websites or other systems, some of which have been targeted with sophisticated intended to obtain unauthorized access to confidential information, destroy data, disable or degrade service, or sabotage systems, often through the introduction of computer viruses or malware, cyber-attacks, and other means. In addition, cyber attackers have persistently employed sophisticated campaigns to leverage individuals' fears and uncertainties. They capitalize on the increased volume of transactions occurring on digital channels, employing social engineering techniques to manipulate human psychology and perpetuate security breaches. Implementation of remote working arrangements that use virtual private networks, virtual conferencing services, and telecommunication technologies can increase insider risk, cybersecurity vulnerabilities, and other operational exposures. Industry trends in ransomware, phishing, and other intrusion methods have increased significantly and will continue to pose increased risk. Threats to security also exist in the processing of customer information through various other third-parties, their personnel, and their use of subcontractors. Advances in computer capabilities, new discoveries in the field of cryptography, or other developments could result in a compromise or breach of the algorithms Busey and its third-party service providers use to encrypt and protect customer transaction data. Such cyber incidents may go undetected for a period of time. An inability by our third-party providers, and their third-party providers, to anticipate, detect, or adequately mitigate, breaches of security, known as "supply chain risk," could result in a number of negative events, including losses to us or our clients, loss of business or clients, damage to our reputation, the incurrence of additional expenses, additional regulatory scrutiny or penalties, or exposure to civil litigation and possible financial liability, any of which could have a material adverse effect on our business, financial condition, results of operations, and growth prospects. Busey also faces risks related to cyber-attacks and other security breaches in connection with credit card, debit card, and other payment-related transactions that typically involve the transmission of sensitive information regarding Busey's customers through various third-parties, including merchant acquiring banks, payment processors, payment card networks, and processors. Cyber-attacks or other breaches, whether affecting Busey or others, could intensify consumer concern and regulatory focus and result in breach and fraud-related losses as well as increased costs, all of which could have a material adverse effect on Busey's business. Penetration or circumvention of Busey's security systems could result in serious negative consequences for the Company, including significant disruption of Busey's operations, misappropriation of Busey's confidential information or that of its customers or employees, or damage to Busey's computers or systems and those of its customers and counterparties. Such events could result in violations of applicable privacy and other laws, financial loss to Busey or its customers, loss of confidence in Busey's security measures, customer dissatisfaction, significant litigation exposure, and harm to Busey's reputation, all of which would adversely affect the Company. These risks have increased for all financial institutions globally as new technologies, the use of the Internet and telecommunications technologies, including mobile devices, to conduct financial and other business transactions, and the sophistication and activities of malicious individuals and organizations have increased substantially. Despite Busey's significant investment in security resources and its continued efforts to prevent or limit the effects of potential threats, it is possible that Busey may not be able to anticipate or implement effective preventative measures against all security incidents.

Construction, land acquisition, and development loans involve additional risks because funds are advanced upon the security of the project, which is of uncertain value prior to its completion, and costs may exceed realizable values in declining real estate markets. Because of the uncertainties inherent in estimating construction costs and the realizable market value of the completed project, and the effects of governmental regulation on real property, it is relatively difficult to evaluate accurately the total funds required to complete a project and the related loan-to-value ratio. As a result, construction loans often involve the disbursement of substantial funds with repayment dependent, in part, on the success of the ultimate project and the ability of the borrower to sell or lease the property, rather than the ability of the borrower or guarantor to repay principal and interest. If Busey's appraisal of the value of the completed project proves to be overstated, or market values or rental rates decline, there may be inadequate security for the repayment of the loan upon completion of construction of the project. If Busey is forced to foreclose on a project prior to or at completion due to a default, there can be no assurance that it will be able to recover all of the unpaid balance of, and accrued interest on, the loan as well as related foreclosure and holding costs. In addition, Busey may be required to fund additional amounts to complete the project and may have to hold the property for an unspecified period of time while it attempts to dispose of it.

Liquidity is essential to Busey's business. An inability to raise funds through deposits, borrowings, sales of securities, sales of loans, and other sources could have a substantial negative effect on liquidity. Busey's primary sources of funds consist of deposits and funds from sales of investment securities, investment maturities and sales, and cash from operations. Additional liquidity is available through repurchase agreements, brokered deposits, and the ability to borrow from the Federal Reserve Bank and the FHLB. Access to funding sources in amounts adequate to finance or capitalize Busey's activities or on terms that are acceptable to the Company could be impaired by factors that affect it directly or the financial services industry or economy in general, such as disruptions in the financial markets or negative views and expectations about the prospects for the financial services industry. In addition, increased competition with the largest banks and Fintechs for retail deposits may impact our ability to raise funds through deposits and could have a negative effect on our liquidity. Any decline in available funding and/or capital could adversely impact Busey's ability to originate loans, invest in securities, meet its expenses, pay dividends to its stockholders, or meet deposit withdrawal demands, any of which could have a material adverse impact on its liquidity, business, financial condition, and results of operations.

Busey currently conducts its banking operations in central and suburban Chicago, Illinois; the St. Louis, Missouri, metropolitan area; central Indiana; and southwest Florida. In addition, the Company currently offers fiduciary and wealth management services, which account for a significant portion of its non-interest income. Many competitors offer the same, or a wider variety of, banking and wealth management services within Busey's market areas. These competitors include national banks, regional banks, and other community banks. Busey also faces competition from many other types of financial institutions, including savings and loan institutions, finance companies, brokerage firms, insurance companies, credit unions, mortgage banks, digital banks and online lenders, and other financial intermediaries. In addition, a number of out-of-state financial intermediaries have opened production offices or otherwise solicit deposits in Busey's market areas. Also, technology and other changes have lowered barriers to entry and made it possible for non-banks or financial technology companies, as well as other large technology corporations, to offer products and services traditionally provided by banks. For example, customers can maintain funds that would have historically been held as bank deposits in brokerage accounts or mutual funds, can apply for and receive credit, and can also complete transactions such as paying bills and/or transferring funds without the assistance of banks. The process of eliminating banks as intermediaries, known as "disintermediation," could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. Increased competition in Busey's markets may result in reduced loans, deposits, and commissions and brokers' fees, as well as reduced net interest margin and profitability. Ultimately, Busey may not be able to compete successfully against current and future competitors. If Busey is unable to attract and retain banking and wealth management customers, it may be unable to grow its loan and deposit portfolios or its wealth management commissions, which could adversely affect its business, results of operations, and financial condition. While we do not offer products relating to digital assets, including cryptocurrencies, stablecoins and other similar assets, there has been a significant increase in digital asset adoption globally over the past several years. Certain characteristics of digital asset transactions, such as the speed with which such transactions can be conducted, the ability to transact without the involvement of regulated intermediaries, the ability to engage in transactions across multiple jurisdictions, and the anonymous nature of the transactions, are appealing to certain consumers notwithstanding the various risks posed by such transactions. Accordingly, digital asset service providers-which, at present are not subject to the same degree of scrutiny and oversight as banking organizations and other financial institutions-are becoming active competitors to more traditional financial institutions.

Busey's ability to attract and retain customers, investors, and employees is contingent upon maintaining trust. Negative public opinion could result from the Company's actual or alleged conduct in a number of activities, including, but not limited to, employee misconduct, a failure or perceived failure to deliver appropriate standards of service and quality or to treat customers fairly, faulty lending practices, compliance failures, security breaches, corporate governance, sharing or inadequate protection of customer information, failure to comply with laws or regulations, and actions taken by government regulators and community organizations in response to that conduct. The results of such actual or alleged misconduct could include customer dissatisfaction, inability to attract potential acquisition prospects, litigation, and heightened regulatory scrutiny, all of which could lead to lost revenue, higher operating costs, and harm to Busey's reputation. No assurance can be made, despite the cost or efforts made by the Company to address the issues arising from reputational harm, that results could not adversely affect Busey's business, financial condition, and results of operations.