Citigroup (C) Risk Analysis

Citi's regulators have broad powers and discretion under their prudential and supervisory authority, and have pursued active inspection and investigatory oversight. At any given time, Citi is a party to a significant number of legal and regulatory proceedings and is subject to numerous governmental and regulatory examinations. Additionally, Citi remains subject to governmental and regulatory investigations, consent orders (see discussion below) and related compliance efforts, and other inquiries. Citi could also be subject to enforcement proceedings and negative regulatory evaluation or examination findings not only because of violations of laws and regulations, but also due to failures, as determined by its regulators, to remedy deficiencies on a timely basis (see also the capital return and resolution plan risk factors above). Under U.S. banking law, Citi is prohibited from disclosing confidential supervisory information, and may therefore be unable to disclose even potentially material regulatory or supervisory matters. Citi could face further scrutiny and consequences from regulators for failing to timely resolve open regulatory issues or having repeat regulatory issues. As previously disclosed, the 2020 FRB Consent Order and the 2020 OCC Consent Order require Citigroup and Citibank, respectively, to implement extensive targeted action plans and submit quarterly progress reports on a timely and sufficient basis detailing the results and status of improvements relating principally to various aspects of enterprise-wide risk management, compliance, data quality management related to governance, and internal controls. These improvements will require continued significant investments by Citi during 2026 and beyond, as an essential part of Citi's broader transformation efforts (see the simplification, transformation and enhanced business performance priorities risk factor above). Further, in 2024, the FRB entered into a Civil Money Penalty Consent Order with Citigroup, and the OCC entered into a Civil Money Penalty Consent Order with Citibank. The FRB found that Citigroup had ongoing deficiencies related to its data quality management program and had inadequate measures for managing and controlling its data quality risks. The OCC found that Citibank had failed to make sufficient and sustainable progress toward achieving compliance with its 2020 Consent Order. There can be no assurance that efforts by Citi to address the deficiencies and resolve the OCC and FRB Consent Orders will occur in a manner satisfactory, in both timing and sufficiency, to the FRB and OCC. (For additional information, see "Citi's Multiyear Transformation" above.) Although there are no restrictions on Citi's ability to serve its clients, the OCC Consent Order requires Citibank to obtain prior approval of any significant new acquisition, including any portfolio or business acquisition, excluding ordinary course transactions. Moreover, the OCC Consent Order provides that the OCC has the right to assess future civil money penalties or take other supervisory and/or enforcement actions. Such actions by the OCC could include imposing business restrictions, including possible additional limitations on the declaration or payment of dividends by Citibank and changes in directors and/or senior executive officers. More generally, the OCC and/or the FRB could again take enforcement or other actions if the regulatory agency believes that Citi has not met regulatory expectations regarding compliance with the consent orders. Large financial institutions face a challenging global judicial, regulatory and political environment. The complexity of the federal and state regulatory and enforcement regimes in the U.S., coupled with the global scope of Citi's operations, also means that a single event or issue may give rise to a large number of overlapping investigations and regulatory proceedings, either by multiple federal and state agencies and authorities in the U.S. or by multiple regulators and other governmental entities in foreign jurisdictions, as well as multiple civil litigation claims in multiple jurisdictions. Violations of law by other financial institutions may also result in regulatory scrutiny of Citi. Responding to regulatory inquiries and proceedings can be time consuming and costly, and divert management attention from Citi's businesses. U.S. and non-U.S. regulators have focused on the culture of financial services firms, including Citi, as well as "conduct risk," a term used to describe the risks associated with behavior by employees and agents, including third parties, that could harm clients, customers, employees or the integrity of the markets, such as improperly creating, selling, marketing or managing products and services, failures to safeguard a party's personal information or failures to identify and manage conflicts of interest. Scrutiny and expectations from regulators could lead to investigations and other inquiries, as well as remediation requirements, regulatory restrictions, structural changes, more regulatory or other enforcement proceedings, civil litigation and higher compliance and other risks and costs. For additional information, see the capital return and regulatory scrutiny and changes risk factors above. Further, while Citi takes numerous steps to prevent and detect conduct by employees and agents that could potentially harm clients, customers, employees or the integrity of the markets, such behavior may not always be deterred or prevented. Moreover, the severity of the remedies sought in legal and regulatory proceedings to which Citi is subject has remained elevated. Citi may be required to accept or be subject to remedies, consent orders, sanctions, substantial fines and penalties, remediation and other financial costs or other requirements in the future, including for matters or practices not yet known to Citi, any of which could materially and negatively affect Citi's businesses, business practices, financial condition or results of operations, require material changes in Citi's operations or cause Citi substantial reputational harm. Additionally, many large claims-both private civil and regulatory-asserted against Citi are highly complex, slow to develop and may involve novel or untested legal theories. The outcome of such proceedings is difficult to predict or estimate until late in the proceedings. Although Citi establishes accruals for its legal and regulatory matters according to accounting requirements, Citi's estimates of, and changes to, these accruals involve significant judgment and may be subject to significant uncertainty, and the amount of loss ultimately incurred in relation to those matters may be substantially higher than the amounts accrued (see the changes in or incorrect assumptions risk factor above). In addition, certain settlements are subject to court approval and may not be approved. Furthermore, regulators may be more likely to pursue investigations or proceedings against financial institutions, such as Citi, that have previously been the subject of other regulatory actions. For further information on Citi's legal and regulatory proceedings, see Note 30.

Citi has experienced, and could experience in the future, negative impacts to its businesses, cost of credit, results of operations and financial condition as a result of various macroeconomic, geopolitical and other challenges, uncertainties and volatility. These include, among other things: - increases in unemployment rates, recessions or slowing economic growth in the U.S., Europe and other regions or countries - deterioration in consumer and corporate confidence - elevated inflation - significant volatility and disruptions in financial markets - government fiscal or monetary actions (see the changes to interest rates risk factor below) For example, substantial new import tariffs and a significant increase in the U.S. effective tariff rate occurred in 2025. There can be no assurance that there will not be additional significant changes in tariff or trade policies. Potential impacts in the U.S. and globally related to trade or tariff policies could include heightened market volatility, increased economic uncertainty, adverse impacts to inflation and global economic activity, disruptions in global supply chains and trade flows, impacts on corporate profitability and credit losses, and other adverse impacts. Additional areas of uncertainty include, among others, geopolitical challenges, tensions and conflicts, such as those related to the Russia–Ukraine war (see the emerging markets risk factor below) and conflicts in the Middle East and in other regions; economic and geopolitical challenges related to China, including weak economic growth, related policy actions, challenges in the Chinese real estate sector, banking and credit markets, trade restrictions, and tensions or conflicts between China and Taiwan and/or China and the U.S.; high and rising government debt levels in the U.S. and other countries; sanctions; natural disasters; and pandemics.

During 2025, emerging markets revenues accounted for approximately 25% of Citi's total revenues. Citi's presence in the emerging markets subjects it to various risks. Citi's emerging markets risks include, among others, limitations or unavailability of hedges on foreign investments; foreign currency volatility, including devaluations; central bank interest rate and other monetary policies; macroeconomic, geopolitical and domestic political challenges, uncertainties and volatilities; foreign exchange controls, including an inability to access indirect foreign exchange mechanisms; cyberattacks; restrictions arising from retaliatory laws and regulations; sanctions or asset freezes; sovereign debt volatility; fluctuations in commodity prices; limitations on foreign investment; sociopolitical instability; nationalization or loss of licenses; potential criminal charges; closure of branches or subsidiaries; and confiscation of assets; and these risks can be exacerbated in the event of a deterioration in the relationship between the U.S. and an emerging market country. For example, Citi operates in several countries that have strict capital controls, currency controls and/or sanctions that limit its ability to convert local currency into U.S. dollars and/or transfer funds outside of those countries. As a result, Citi might need to record additional translation losses due to these or other currency controls. Moreover, Citi could be required to adjust its reserves for expected losses for its credit exposures based on the transfer risk associated with exposures outside the U.S., driven by safety and soundness considerations under U.S. banking law (see "Significant Accounting Policies and Significant Estimates" below and Note 1). Moreover, the Russia–Ukraine war could have further negative impacts on macroeconomic conditions, financial markets and commodities prices, adversely impacting Citi and its customers, clients or employees. For additional information about these Russia-related risks, see the macroeconomic challenges and uncertainties and cybersecurity risk factors above. Emerging markets risks may adversely impact Citi's businesses, results of operations and financial condition in those countries where Citi operates and have required, and may continue to require, management time and attention and other resources.

Climate change presents both immediate and long-term risks to Citi, with the risks expected to increase over time. Climate risks can arise from both physical risks and transition risks. Physical and transition risks can manifest differently across Citi's risk categories in the short, medium and long terms. Physical risks include acute risks, such as wildfires, tropical cyclones, heat waves, floods and droughts, as well as consequences of chronic changes in climate. For example, physical risks could have adverse financial, operational and other impacts on Citi, both directly on its business and operations, and indirectly as a result of impacts to Citi's clients, customers, vendors and other counterparties. These impacts can include the following: - destruction, damage or impairment of owned or leased properties and other assets - destruction or deterioration of the value of collateral, such as real estate - disruptions to business operations and supply chains - reduced availability or increases in the cost of insurance Physical risks can also impact Citi's credit risk exposures, for example, in its mortgage and commercial real estate lending businesses. Transition risks may arise from changes in regulations or market preferences toward low-carbon industries or sectors, which in turn could have negative impacts on asset values, results of operations or the reputations of Citi and its customers and clients, and lead to a loss of market share, lower revenues and higher credit costs. Diverging legislative and regulatory changes and uncertainties regarding climate-related risk management and disclosures can increase Citi's regulatory and compliance risks and costs. Furthermore, Citi may face heightened scrutiny and litigation risks stemming from its climate and sustainability commitments, disclosures and marketing. Even as some regulators seek to mandate additional disclosure of climate-related information, Citi's ability to comply with such requirements and conduct more robust climate-related risk analyses may be hampered by lack of information and reliable data. Data on climate-related risks is limited in availability, often based on estimated or unverified figures, collected and reported on a time-lag, and variable in quality. Modeling capabilities to analyze climate-related risks and interconnections continue to evolve. Citi's approach to supporting clients in their efforts to decarbonize may lead to both continued exposure to carbon-intensive activity and increased reputation risks from stakeholders with divergent points of view. Additionally, if Citi is unable to achieve some of its objectives or commitments relating to climate change, its businesses, reputation and attractiveness to certain investors or clients may suffer. For additional information, see "Sustainability" and "Managing Global Risk-Strategic Risk-Climate Risk" below.

As a large, global financial institution, adequate liquidity and sources of funding are essential to Citi. Citi's liquidity, sources of funding and costs of funding can be significantly and negatively impacted by factors it cannot control, such as general disruptions in the financial markets; changes in fiscal and monetary policies; regulatory requirements, including changes in regulations; negative investor or counterparty perceptions of Citi's creditworthiness; deposit outflows or unfavorable changes in deposit mix; unexpected increases in cash or collateral requirements; credit ratings; and the consequent inability to monetize available liquidity resources. Additionally, Citi competes with other banks and non-bank financial institutions for both institutional and consumer deposits, which represent Citi's most stable and lowest cost source of long-term funding. The competition for deposits has continued to increase in recent years, including as a result of fixed income alternatives for customer funds. Citi's costs to obtain and access wholesale funding are directly related to changes in interest and currency exchange rates and its credit spreads. Changes in Citi's credit spreads are driven by both external market factors and factors specific to Citi, such as negative views by investors of the financial services industry or Citi's financial prospects, and can be highly volatile. For additional information on Citi's primary sources of funding, see "Managing Global Risk-Liquidity Risk" below. Citi's ability to obtain funding may be impaired and its cost of funding could also increase if other market participants are seeking to access the markets at the same time or to a greater extent than expected, or if market appetite for corporate debt securities declines, as is likely to occur in a liquidity stress event or other market crisis. In such circumstances, Citi's ability to sell assets may also be impaired if other market participants are seeking to sell similar assets at the same time or a liquid market does not exist for such assets. Additionally, unexpected changes in client needs due to idiosyncratic events or market conditions could result in greater than expected drawdowns from off-balance sheet committed facilities. A sudden drop in market liquidity could also cause a temporary or protracted dislocation of capital markets activity. In addition, clearing organizations, central banks, clients and financial institutions with which Citi interacts may exercise the right to require additional collateral during challenging market conditions, which could further impair Citi's liquidity. If Citi fails to effectively manage its liquidity, its businesses, results of operations and financial condition could be negatively impacted. Limitations on the payments that Citigroup Inc. receives from its subsidiaries could also impact its liquidity. As a holding company, Citigroup Inc. relies on interest, dividends, distributions and other payments from its subsidiaries to fund dividends as well as to satisfy its debt and other obligations. Several of Citi's U.S. and non-U.S. subsidiaries are or may be subject to capital adequacy or other liquidity, regulatory or contractual restrictions on their ability to provide such payments, including any local regulatory stress test requirements and inter-affiliate arrangements entered into in connection with Citigroup Inc.'s resolution plan. Citigroup Inc.'s broker-dealer and bank subsidiaries are subject to restrictions on their ability to lend or transact with affiliates, as well as restrictions on their ability to use funds deposited with them in brokerage or bank accounts to fund their businesses. A bank holding company is also required by law to act as a source of financial and managerial strength for its subsidiary banks. As a result, the FRB may require Citigroup Inc. to commit resources to its subsidiary banks even if doing so is not otherwise in the interests of Citigroup Inc. or its shareholders or creditors, reducing the amount of funds available to meet its obligations.

Citi's computer systems, software and networks are subject to ongoing attempted cyberattacks, as attempts to effectuate unauthorized access to, theft or destruction of data (including confidential client information), account takeovers, and disruptions of service, using techniques including phishing, malware, ransomware, computer viruses or other malicious code, exploitation of vulnerabilities, and others. These threats can arise from external parties, including cyber criminals, cyber terrorists, hacktivists and nation-state actors, as well as insiders who knowingly or unknowingly engage in or enable malicious cyber activities. For example, nation-state actors have recently targeted critical U.S. infrastructure with cyberattacks. Some cyber and information security incidents may also occur as a result of unintentional conduct on the part of employees, customers or suppliers. Citi develops its own software and relies on third-party applications and software, which are susceptible to vulnerability exploitations. Software leveraged in financial services and other industries continues to be impacted by an increasing number of zero-day vulnerabilities, thus increasing inherent cyber risk to Citi. The increasing use of cloud and new and emerging technologies (such as AI and digital assets), as well as connectivity solutions to facilitate remote working for Citi's employees, all increase Citi's exposure to cybersecurity risks. Citi is also susceptible to cyberattacks given, among other factors, its size and scale, high-profile brand, global footprint and prominent role in the financial system. Additionally, Citi continues to operate in multiple jurisdictions in the midst of geopolitical unrest or uncertainties, including, among others, those affected by the Russia–Ukraine war and the conflicts in the Middle East, which could expose Citi to heightened risk of insider threat, cyber threats from nation-state actors, hacktivism or other cyber incidents. Citi continues to experience increased exposure to cyberattacks through third parties. Third parties with which Citi does business, as well as retailers and other third parties with which Citi's customers do business, and any such third parties' downstream service providers, also pose cybersecurity risks, particularly where activities of customers are beyond Citi's security and control systems. For example, Citi outsources certain functions, such as processing customer credit card transactions, uploading content on customer-facing websites and developing software for new products and services. These relationships allow for the storage and processing of customer information by third-party hosting of, or access to, Citi websites. This could lead to compromise or the potential to introduce vulnerable or malicious code,resulting in security breaches or business disruptions impacting Citi customers, employees or operations. While many of Citi's agreements with third parties include indemnification provisions, Citi may not be able to recover sufficiently under these provisions, or at all, to adequately offset any losses and other adverse impacts Citi may incur from third-party cyber incidents. Citi and some of its third-party partners have been subjected to attempted and sometimes successful cyberattacks over the last several years, including the following: - denial of service attacks, which attempt to interrupt service to clients and customers - hacking and malicious software installations intended to gain unauthorized access to information systems or to disrupt those systems and/or impact availability or privacy of confidential data, with objectives including, but not limited to, extortion payments or causing reputational damage - data breaches due to unauthorized access to customer accounts or other data - malicious software attacks on client systems, in attempts to gain unauthorized access to Citi systems or client data under the guise of normal client transactions While Citi's cyber and information security program has historically generally succeeded in detecting, thwarting and/or responding to attacks targeting its systems before they become significant, certain past incidents resulted in limited losses, as well as increases in expenditures to monitor against the threat of similar future cyber incidents. There can be no assurance that such cyber incidents will not occur again, and they could occur more frequently, via novel tactics, including leveraging of tools made possible by emerging technologies, and on a more significant scale. Because the techniques used to initiate cyberattacks change frequently or, in some cases, are not recognized until deployed, Citi may be unable to implement effective preventive measures or otherwise proactively address these risks. In addition, cyber threats and cyberattack techniques change, develop and evolve rapidly, including from emerging technologies such as AI and quantum computing. Given the frequency and sophistication of cyberattacks, the determination of the severity and potential impact of a cyber incident may not become apparent for a substantial period of time following detection of the incident. Also, while Citi strives to implement measures to reduce the exposure resulting from outsourcing risks, such as performing security control assessments of third-party vendors and limiting third-party access to the least privileged level necessary to perform service functions, these measures cannot prevent all third-party-related cyberattacks or data breaches. Cyber incidents can result in the disclosure of personal, confidential or proprietary customer, client or employee information; damage to Citi's reputation with its clients, other counterparties and the market; customer dissatisfaction; and additional costs to Citi, including expenses such as repairing or replacing systems, replacing customer payment cards, credit monitoring or adding new personnel or protection technologies. Cyber incidents can also result in regulatory penalties, loss of revenues, deposit outflows, exposure to litigation and regulatory action and other financial losses, including loss of funds to both Citi and its clients and customers, and disruption to Citi's operational systems (see the operational processes and systems risk factor above). Moreover, the increasing risk of cyber incidents has resulted in increased legislative and regulatory action on cybersecurity, including, among other things, scrutiny of firms' cybersecurity programs, laws and regulations to enhance protection of consumers' personal data and mandated disclosure on cybersecurity matters and of certain cybersecurity incidents. While Citi maintains insurance coverage that may, subject to policy terms and conditions including significant self-insured deductibles, transfer certain aspects of cyber risks, such insurance coverage may be insufficient to cover all losses and may not take into account reputational harm, the costs of which are impossible to quantify. For additional information about Citi's management of cybersecurity risk, see "Managing Global Risk-Operational Risk-Cybersecurity Risk" below.

Citi has used AI and machine learning tools for many years and has more recently begun to broadly deploy Generative AI, including within its technology platforms and services. In the future, Citi expects to more broadly integrate Generative AI tools within its systems, businesses and functions, including advanced AI capabilities, such as autonomous agents and sophisticated user interactions, which if improperly managed, could result in increased risks and costs. While Citi has policies that govern the use of emerging technologies, including in model risk management, ineffective, inadequate or faulty Generative AI development or deployment practices by Citi or third parties, including insufficient testing and monitoring, poorly structured or manipulated prompts or insufficient or inadequate human oversight, could result in adverse consequences, such as AI algorithms that produce inaccurate or incomplete output or output based on biased, incomplete and/or inaccurate datasets, infringe on intellectual property rights of others, involve data exfiltration risks, including release of confidential or proprietary information, or cause other issues, concerns or deficiencies. The complexity of AI models, particularly Generative AI models, can make it challenging to understand why particular outputs are generated, which can increase the risk of erroneous and/or biased output and complying with regulations requiring documentation, explainability or auditability on the basis of AI-influenced decisions. Citi may also rely on AI models developed by third parties and be exposed to risks arising from their development and training methods, including potential inclusion of unauthorized material in the training data or limitations in their risk mitigation strategies, over which Citi may have limited visibility or control (see also the operational processes and systems risk factor below). While Citi may provide restrictions on use of certain data in third-party AI applications or models, a third party could breach those terms, which could expose Citi to legal and reputations risks. Citi is also exposed to risks related to the use of AI technologies by counterparties, clients and vendors, where interconnected AI systems could amplify failures and threats of cyber infiltration, as well as cause widespread disruptions. Moreover, the use of increasingly sophisticated AI technologies by malicious actors and others has increased the risk of fraud, including identity theft and bypassing of verification controls, and exposure to cyberattacks (see the cybersecurity risk factor below), as well as disinformation and market manipulation campaigns, and failure to effectively manage such risks could result in misappropriation of funds, unauthorized transactions, exposure of sensitive client or Company information, reputational harm and increased litigation and regulatory risk. Citi also faces competition risks to the extent that competitors may be faster and more successful in developing and deploying AI technologies to improve processes, productivity, efficiency, products and services, and thereby gain competitive advantages over Citi (see the competition risk factor above). In addition, compliance with new or changing laws, regulations or industry standards relating to AI may impose additional operational risks and costs. Failure to sufficiently manage these risks could expose Citi to adverse legal, regulatory or reputational consequences.

Citi operates in an increasingly evolving and competitive business environment, which includes both financial and non-financial services firms, such as banks and private credit, financial technology and digital asset companies, among others. Certain competitors may be subject to different and, in some cases, less stringent legal, regulatory and supervisory requirements, whether due to size, jurisdiction, entity type or other factors, placing Citi at a competitive disadvantage. To the extent that Citi is not able to compete effectively with other financial services companies, including private credit, financial technology and digital asset companies, and non-financial services firms, or adequately assess the competitive landscape, Citi could be placed at a competitive disadvantage, which could result in loss of customers and market share, and its businesses, results of operations and financial condition could suffer. For additional information on Citi's competitive risks, see the co-branding and private label credit cards and qualified employees risk factors above and the AI risk factor and "Supervision, Regulation and Other-Competition" below. Citi competes with other financial services companies in the U.S. and globally that have grown rapidly over the last several years or have introduced new products and services. Mergers and acquisitions involving traditional financial services companies, such as regional banks or credit card issuers, as well as networks and merchant acquirers, may also increase competition. Non-traditional financial services firms, such as private credit, financial technology and digital asset companies, are less regulated and supervised and continue to expand their offerings of services traditionally provided by financial institutions. Additionally, emerging technologies have the potential to accelerate disruption and intensify competition in the financial services industry. These emerging technologies, such as artificial intelligence (AI) and digital assets (including tokenized deposits, cryptocurrencies, stablecoins and other assets and products that use distributed ledger or blockchain technology) and changes in the payments space (e.g., instant and 24/7 payments) are accelerating, and, as a result, certain of Citi's products and services could become less competitive (see the AI risk factor below). Increased competition and emerging technologies could require Citi to change or adapt its products and services, as well as invest in and develop related infrastructure, to attract and retain customers or clients. The U.S. administration and Congress have been supportive of the growth and use of digital assets, including passing legislation such as the GENIUS Act and pursuing a more favorable regulatory approach, although the legal and regulatory landscape remains highly uncertain. As digital assets continue to evolve, customer demand for enhanced offerings may increase. Failure to strategically adopt emerging technologies may result in a competitive disadvantage to Citi. Citi also may not be able to provide the same or similar products and services for legal or regulatory reasons, which may be exacerbated by rapidly evolving and conflicting regulatory requirements. Moreover, as Citi develops new products and services leveraging emerging technologies, new risks may emerge that, if not designed and governed adequately, may result in control gaps and in Citi operating outside of its risk appetite. For example, the use or development of emerging technologies, such as AI or digital assets, without sufficient controls, governance and risk management may result in increased risks across various risk categories (for additional information, see the AI, operational processes and systems and cybersecurity risk factors below). As another example, instant and 24/7 payments products could be accompanied by challenges to forecasting and managing liquidity, as well as increased operational and compliance risks. Citi relies on third parties to support certain of its product and service offerings, which may put Citi at a disadvantage to competitors who may directly offer a broader array of products and services. Citi's businesses, results of operations and reputation may suffer if any third party is unable to provide adequate support for such product and service offerings, whether due to operational incidents or otherwise (see the operational processes and systems and cybersecurity risk factors below).

Citi has co-branding and private label relationships with various retailers and merchants through its Branded Cards and Retail Services credit card businesses, whereby in the ordinary course of business Citi issues credit cards to consumers, including customers of the retailers or merchants. The five largest relationships across both businesses constituted an aggregate of approximately 12% of Citi's revenues in 2025 (see "U.S. Personal Banking" above). Citi's co-branding and private label agreements often provide for shared economics between the parties and generally have a fixed term. Competition among credit card issuers, including Citi, for these relationships is significant, and Citi may not be able to maintain such relationships on existing terms or at all. Citi's co-branding and private label relationships could also be negatively impacted by, among other things, the general economic environment, including the impacts stemming from potential increases in unemployment, inflation or interest rates or lower economic growth rates, as well as a risk of recession; changes in consumer sentiment, spending patterns and credit card usage behaviors; a decline in sales and revenues, partner store closures, any reduction in air and business travel, or other operational difficulties of the retailer or merchant;changes in partner business strategies, including changes in products and services offered; termination or non-renewal of partner agreements, including early termination due to a contractual breach or exercise of other early termination rights; or other factors, including bankruptcies, liquidations, restructurings, consolidations or other similar events, whether due to a challenging macroeconomic environment or otherwise. These events, particularly early termination and bankruptcies or liquidations, could negatively impact the results of operations or financial condition of Branded Cards, Retail Services or Citi as a whole, including as a result of loss of revenues, increased expenses, higher cost of credit, impairment of purchased credit card relationships and contract-related intangibles or other losses (see Note 17 for information on Citi's credit card-related intangibles generally).

Citi's performance and the performance of its individual businesses largely depend on the talents and efforts of its highly qualified employees. Specifically, Citi's continued ability to compete in each of its lines of business, grow and manage its businesses effectively, as well as to execute its strategic priorities, depends on its ability to hire new employees and to retain and motivate its existing employees. If Citi is unable to continue to hire, retain and motivate highly qualified employees, Citi's performance, including its competitive position, the achievement of its priorities and its results of operations could be negatively impacted. Citi's ability to attract, retain and motivate employees depends on numerous factors, some of which are outside of Citi's control. For example, the competition for talent continues to be particularly intense due to various factors, such as changes in worker expectations, concerns and preferences. Also, the banking industry generally is subject to more comprehensive regulation of employee compensation than other industries, including deferral and clawback requirements for incentive compensation, which can make it unusually challenging for Citi to compete in labor markets against businesses, including, for example, technology companies, that are not subject to such regulation. Other factors that could impact Citi's ability to attract, retain and motivate employees include, among other things, Citi's presence in a particular market or region, the professional and development opportunities it offers and its reputation. For information on Citi's employee and workforce management, see "Human Capital Resources and Management" below.