First Bancorp Puerto Rico (FBP) Risk Analysis

State, federal, and foreign governments are increasingly enacting laws and regulations governing the collection, use, retention,sharing, transfer, and security of personally identifiable information and data. A variety of federal, state, local, and foreign laws and regulations, orders, rules, codes, regulatory guidance, and certain industry standards regarding privacy, data protection, consumer protection, information security, and the processing of personal information and other data apply to our business. State laws are changing rapidly, and new legislation proposed or enacted in a number of other states imposes, or has the potential to impose,additional obligations on companies that process confidential, sensitive and personal information, and will continue to shape the data privacy environment nationally. The U.S. federal government is also focused on privacy matters. Any failure by us or any of our business partners to comply with applicable laws, rules, and regulations may result in investigations or actions against us by governmental entities, private claims and litigation, fines, penalties or other liabilities. Such events may increase our expenses, expose us to liabilities, and impair our reputation, which could have a material adverse effect on our business. While we aim to comply with applicable data protection laws and obligations in all material respects, there is no assurance that we will not be subject to claims that we have violated such laws and obligations, will be able to successfully defend against such claims, or will not be subject to significant fines and penalties in the event of non-compliance. Additionally, to the extent multiple state-level laws are introduced in the U.S. with inconsistent or conflicting standards and there is no federal law to preempt such laws, compliance with such laws could be difficult and costly, or impossible, to achieve, and we could be subject to fines and penalties in the event of non-compliance. The current U.S. presidential administration has advocated for reduction of financial services regulation. This may include amendments to the Dodd-Frank Act and other federal banking laws, as well as structural changes to, or the elimination of, the CFPB. Consequently, rulemaking and regulatory guidance previously issued by such agencies or prior administrations may be rolled back or modified. The ultimate impact of new or amended federal banking statutes, or changes to certain federal agencies, like the CFPB, is uncertain at this time.

We are subject to certain regulatory restrictions that may adversely affect our operations. We are subject to supervision and regulation by the Federal Reserve Board and the FDIC. We are a bank holding company and a financial holding company under the Bank Holding Company Act of 1956, as amended. The Bank is also subject to supervision and regulation by OCIF. Under federal law, financial holding companies are permitted to engage in a broader range of "financial" activities than those permitted to bank holding companies that are not financial holding companies. A financial holding company that ceases to meet certain standards is subject to a variety of restrictions, depending on the circumstances, including the prohibition from undertaking new activities or acquiring shares or control of other companies. If we fail to comply with the requirements from our regulators, we may become subject to regulatory enforcement action and other adverse regulatory actions that might have a material and adverse effect on our operations. The FDIC insures deposits at FDIC-insured depository institutions up to certain limits (currently, $250,000 per depositor account). The FDIC charges insured depository institutions premiums to maintain the DIF. In the event of a bank failure, the FDIC takes control of a failed bank and, if necessary, pays all insured deposits up to the statutory deposit insurance limits using the resources of the DIF. The FDIC is required by law to maintain adequate funding of the DIF, and the FDIC may increase premium assessments to maintain such funding. The Dodd-Frank Wall Street Reform and Consumer Protection Act (the "Dodd-Frank Act") requires the FDIC to increase the DIF's reserves against future losses, which will require institutions with assets greater than $10 billion, such as FirstBank,to bear an increased responsibility for funding the prescribed reserve to support the DIF. The FDIC may further increase FirstBank's premiums or impose additional assessments or prepayment requirements in the future. The Dodd-Frank Act removed the statutory cap for the reserve ratio, leaving the FDIC free to set this cap going forward.

Monetary policies and regulations of the Federal Reserve Board could adversely affect our business, financial condition and In addition to being affected by general economic conditions, our earnings and growth are affected by the policies of the Federal Reserve Board. An important function of the Federal Reserve Board is to regulate the money supply and credit conditions. Among the instruments used by the Federal Reserve Board to implement these objectives are open market operations in U.S. government securities, adjustments of the discount rate and changes in reserve requirements for bank deposits. These instruments are used in varying combinations to influence overall economic growth and the distribution of credit, bank loans, investments and deposits. Their use also affects interest rates charged on loans or paid on deposits. The monetary policies and regulations of the Federal Reserve Board, which include d, but were not limited to, multiple increases in the federal funds rate to reduce inflation, have had a significant effect on the operating results of commercial banks and are expected to continue to do so in the future. The effects of such policies upon our business, financial condition and results of operations have been adverse in the past and may be adverse in the future.

We are subject to numerous laws designed to protect consumers, including the Community Reinvestment Act and fair lending

laws, and failure to comply with these laws could lead to a wide variety of sanctions. The Community Reinvestment Act, the Equal Credit Opportunity Act, the Fair Housing Act and other fair lending laws and regulations impose nondiscriminatory lending requirements on financial institutions. The U.S. Department of Justice and other federal agencies are responsible for enforcing these laws and regulations. A successful regulatory challenge to an institution's performance under the Community Reinvestment Act, the Equal Credit Opportunity Act, the Fair Housing Act or any of the other fair lending laws and regulations could result in a wide variety of sanctions, including damages and civil money penalties, injunctive relief, restrictions on mergers and acquisitions activity, restrictions on expansion and restrictions on entering new business lines. Private parties may also have the ability to challenge an institution's performance under fair lending laws in private class action litigation. Such actions could have a material adverse effect on our business, financial condition and results of operations.

We face a risk of noncompliance and enforcement action related to the Bank Secrecy Act and other anti-money laundering

statutes and regulations. The Bank Secrecy Act, the USA PATRIOT Act, and other laws and regulations require financial institutions to institute and maintain an effective anti-money laundering program and file suspicious activity and currency transaction reports as appropriate,among other duties. The Financial Crimes Enforcement Network is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the individual federal banking regulators, as well as the U.S. Department of Justice's Drug Enforcement Administration. We are also subject to increased scrutiny of our compliance with trade and economic sanctions requirements and rules enforced by OFAC. If our policies, procedures and systems are deemed deficient, we would be subject to liability, including fines and regulatory actions, which may include restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain aspects of our business plan, including our acquisition plans. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. Any of these results could have a material adverse effect on our business, financial condition and results of operations.

We are subject to regulatory capital adequacy guidelines, and, if we fail to meet these guidelines, our business and financial

The Corporation's judgments regarding tax accounting policies and the resolution of tax disputes may impact the Corporation's

earnings and cash flow, and changes in the tax laws of multiple jurisdictions can materially affect our operations, tax obligations,

and effective tax rate. Significant judgment is required in determining the Corporation's effective tax rate and in evaluating its tax positions. The Corporation provides for uncertain tax positions when such tax positions do not meet the recognition thresholds or measurement criteria prescribed by applicable generally accepted accounting principles in the United States ("GAAP"). Fluctuations in federal, state, local, and foreign taxes or a change to uncertain tax positions, including related interest and penalties,may impact the Corporation's effective tax rate. When particular tax matters arise, a number of years may elapse before such matters are audited and finally resolved. In addition, the Puerto Rico Department of Treasury ("PRTD"), the U.S. Internal Revenue Service ("IRS"), and the tax authorities in the jurisdictions in which we operate may challenge our tax positions and we may estimate and provide for potential liabilities that may arise out of tax audits to the extent that uncertain tax positions fail to meet the recognition standard under applicable GAAP. Unfavorable resolution of any tax matter could increase the effective tax rate and could result in a material increase in our tax expense. Resolution of a tax issue may require the use of cash in the year of resolution. First BanCorp. is subject to Puerto Rico income tax on its income from all sources. FirstBank is treated as a foreign corporation for U.S. and USVI income tax purposes and is generally subject to U.S. and USVI income tax only on its income from sources within the U.S. and USVI or income effectively connected with the conduct of a trade or business in those jurisdictions. The USVI jurisdiction imposes income taxes based on the U.S. Internal Revenue Code under the "mirror system" established by the Naval Service Appropriations Act of 1922. However, the USVI jurisdiction also imposes an additional 10% surtax on the USVI tax liability, if any. These tax laws are complex and subject to different interpretations. We must make judgments and interpretations about the application of these inherently complex tax laws when determining our provision for income taxes, our deferred tax assets and liabilities, and our valuation allowance. In addition, legislative changes, particularly changes in tax laws, could adversely impact our Changes in applicable tax laws in Puerto Rico, the U.S., or other jurisdictions or tax authorities' new interpretations could result in increases in our overall taxes and the Corporation's financial condition or results of operations may be adversely impacted.

The Corporation is subject to stringent and changing privacy laws, regulations, and standards as well as policies, contracts, and

government or the PROMESA oversight board to address the ongoing fiscal and economic challenges in Puerto Rico. A significant portion of our business activities and credit exposure is concentrated in Puerto Rico, which has faced prolonged fiscal challenges and debt restructuring efforts over the past decades. While Puerto Rico's economy showed growth in fiscal year 2023,driven by personal consumption and capital investments, future economic prospects remain uncertain. The Puerto Rico Planning Board ("PRPB") projected a real gross national product ("GNP") growth of 0.7% for fiscal year 2023, the third consecutive year with a positive year-over-year variance. In addition, the 2024 Fiscal Plan for Puerto Rico (the "2024 Fiscal Plan") certified by the PROMESA oversight board, projects the GNP growth to be 1.0% of in fiscal year 2024, followed by declines of 0.8% and 0.1% in fiscal year 2025 and fiscal year 2026,reflecting the temporary nature of federal stimulus inflows and structural challenges in the local economy. The fiscal policies and economic reforms outlined in the 2024 Fiscal Plan, including infrastructure investment, tax reforms, and energy modernization, aim to promote sustainable growth. However, delays in implementing these reforms or inefficiencies in their execution could negatively impact the local economy and, by extension, our business. Furthermore, while federal disaster relief and COVID-19 aid have supported economic activity, these funds are finite, and their gradual depletion could expose underlying economic weaknesses. As of December 31, 2024, the Corporation had $288.6 million of direct exposure to the Puerto Rico government, its municipalities and public corporations. As of December 31, 2024, approximately $195.8 million of the exposure consisted of loans and obligations of municipalities in Puerto Rico that are supported by assigned property tax revenues and for which, in most cases, the good faith, credit and unlimited taxing power of the applicable municipality have been pledged to their repayment, and $51.1 million consisted of loans and obligations which are supported by one or more specific sources of municipal revenues. The municipalities are required by law to levy special property taxes in such amounts as are required for the payment of all of their respective general obligation bonds and notes. In addition to municipalities, the total direct exposure also included $8.8 million in a loan extended to an affiliate of PREPA,$30.0 million in loans to public corporations of the Puerto Rico government, and obligations of the Puerto Rico government,specifically a residential pass-through MBS issued by the PR Housing Finance Authority ("PRHFA"), at an amortized cost of $2.9 million as part of its available-for-sale debt securities portfolio (fair value of $1.6 million as of December 31, 2024). Also, as of December 31, 2024, the outstanding balance of construction loans funded through conduit financing structures to support the federal programs of Low-Income Housing Tax Credit ("LIHTC") combined with Community Development Block Grant- Disaster Recovery ("CDBG-DR") funding amounted to $59.2 million. The main objective of these programs is to spur development in new or rehabilitated and affordable rental housing. PRHFA, as program subrecipient and conduct issuer, issues tax-exempt obligations which are acquired by private financial institutions and are required to co-underwrite with PRHFA a mirror construction loan agreement for the specific project loan to which the Corporation will serve as ultimate lender but where the PRHFA will be the lender of record. In addition, as of December 31, 2024, the Corporation had $72.5 million in exposure to residential mortgage loans guaranteed by the PRHFA. The Corporation operates in various jurisdictions highly dependent on federal funding programs. On January 27, 2025, the Office of Management and Budget ("OMB") issued Memorandum M-25-13 entitled "Temporary Pause of Agency Grant, Loan, and Other Financial Assistance Programs." The Memo directed every federal agency to "temporarily pause all activities related to obligation or disbursement of all federal financial assistance, and other relevant agency activities that may be implicated by executive orders,including, but not limited to, financial assistance for foreign aid, nongovernmental organizations, DEI, woke gender ideology, and the green new deal." Lawsuits challenging the pause were immediately filed and on January 28, 2025, the U.S. District Court for the District of Columbia enjoined the Trump administration from implementing OMB Memorandum M-25-13 for disbursements under open awards. On January 29, 2025, OMB rescinded the Memo, however, the administration indicated that it would still pursue a spending freeze. It is uncertain at this time whether the administration will issue any new or different directives with respect to the review and/or pause of federal financial assistance in the future, but any such directives could have a negative effect on our business. Instability in economic conditions, delays in the receipt of disaster relief funds allocated to Puerto Rico or any temporary or permanent pause on any federal funds, and the potential impact on asset values resulting from past or future natural disaster events,when added to Puerto Rico's ongoing fiscal challenges, could materially adversely affect our business, financial condition, liquidity,results of operations and capital position.

A deterioration in economic conditions in the U.S. Virgin Islands and British Virgin Islands could harm our results of

Natural disasters, whose nature and severity may be impacted by climate change, such as hurricanes, floods, extreme cold events and other adverse weather conditions; public health crises; political crises, such as terrorist attacks, war, labor unrest, other political instability, trade policies, tariffs and sanctions, including the repercussions of the ongoing conflict in Ukraine, the ongoing conflict in the Middle East, and the possible expansion of such conflicts to surrounding areas and potential geopolitical consequences; negative global climate patterns, especially in water stressed regions; or other catastrophic events, such as fires or other disasters occurring at our locations, whether occurring in Puerto Rico, the U.S., or internationally, could cause a significant adverse effect on the economy and disrupt our operations. Certain areas in which our business is concentrated, including Puerto Rico and the USVI, are particularly susceptible to earthquakes, hurricanes, and major storms. Further, climate change may increase both the frequency and severity of extreme weather conditions and natural disasters, which may affect our business operations, either in a particular region or globally, as well as the activities of our customers. The Corporation is also not able to predict the positive or negative effects that future events or changes to the U.S. or global economy, financial markets, or regulatory and business environment could have on our operations.

Climate change, and efforts to mitigate its long-term effects, may materially adversely affect the Corporation's business and Concerns over the long-term effects of climate change have led and will continue to lead to governmental efforts around the world to mitigate those impacts. Consumers and businesses also may voluntarily change their behavior as a result of these concerns. The Corporation and its customers will need to respond to new laws and regulations as well as consumer and business preferences resulting from climate change concerns. The Corporation and its customers may face cost increases, asset value reductions and operating process changes. The impact on our customers will likely vary depending on their specific attributes, including reliance on our role in fossil fuel activities. Among the impacts to the Corporation, we could face reductions in creditworthiness on the part of some customers or in the value of assets securing loans. The Corporation's efforts to take these risks into account in making lending and other decisions, including increasing our business with climate-responsible companies, may not be effective in protecting the Corporation from the negative impact of new laws and regulations or changes in consumer or business behavior.

incidents could potentially disrupt our business and adversely impact our results of operations, liquidity, and financial condition,

perform other actions. Our compensation practices are subject to oversight by the Federal Reserve Board and the FDIC. As discussed in Part I, Item 1,"Business" of this Form 10-K, the Corporation currently is subject to the interagency guidance governing the incentive compensation activities of regulated banks and bank holding companies, and other financial regulators have also implemented regulations regarding compensation practices. Our failure to satisfy these restrictions and guidelines could expose us to adverse regulatory criticism,lowered supervisory ratings, and restrictions on our operations and acquisition activities.

Our operational or security systems or infrastructure, or those of third parties, could fail or be breached. Any such future