First Citizens BancShares (FCNCA) Risk Factors

As an FHC, we are a separate legal entity from FCB. We derive most of our revenue and cash flow from dividends paid by FCB. These dividends are the primary source from which we pay dividends on our common and preferred stock and interest and principal on our debt obligations. State and federal laws impose restrictions on the dividends that FCB may pay to us. In general, we are required to submit an annual capital plan to the FRB that includes any planned dividends, redemptions, or stock repurchases over a set planning horizon. The FRB could prohibit or limit our payment of dividends, redemptions, or stock repurchases if it determines that payment of the dividend or such redemption or stock repurchase would constitute an unsafe or unsound practice. In the event FCB is unable to pay dividends to us for an extended period of time, we may not be able to service our debt obligations or pay dividends on our common or preferred stock, and the inability to receive dividends from FCB could consequently have a material adverse effect on our business, financial condition and results of operations.

Our goodwill could become impaired in the future. At December 31, 2023, we had $346 million of goodwill recorded as an asset on our balance sheet. We test goodwill for impairment at least annually, comparing the estimated fair value of a reporting unit with its net book value. We also test goodwill for impairment when certain events occur, such as a significant decline in our expected future cash flows, a significant adverse change in the business climate or a sustained decline in the price of our common stock. These tests may result in a write-off of goodwill deemed to be impaired, which could have a significant impact on our financial results.

Fair value discounts that are recorded at the time an asset is acquired are accreted into interest income based on United States generally accepted accounting principles ("GAAP"). The rate at which those discounts are accreted is unpredictable and the result of various factors including prepayments and estimated credit losses. Post-acquisition credit deterioration results in the recognition of provision expense. Volatility in earnings could unfavorably influence investor interest in our common stock, thereby depressing the market value of our stock and the market capitalization of BancShares.

As required by GAAP, the SVBB Acquisition was accounted for under the purchase method of accounting and is based upon a preliminary valuation that involves significant estimates that are subject to change. The opening balances of acquired assets and assumed liabilities in connection with the SVBB Acquisition have been recorded at estimated fair value based on information currently available to us. In developing these fair value estimates, management was required to make significant estimates involving, among other things, the assigned risk ratings to loans based on credit quality, appraisals and estimated collateral values, estimated expected cash flows and appropriate liquidity and discount rates. The loans purchased in connection with the SVBB Acquisition have credit profiles that differ from most banking companies. For example, many of the legacy Silicon Valley Bank loans acquired were made to early-stage, privately held companies with modest or negative cash flows and/or no established record of profitable operations. In addition, a significant portion of the loans were comprised of larger loans equal to or greater than $20 million, and collateral for many of the legacy Silicon Valley Bank loans in the technology, life science and healthcare industries include intellectual property and other intangible assets, which are difficult to value and not readily salable in the case of default. Furthermore, the receivables from the FDIC for the commercial shared loss agreement involve significant estimates that involve uncertainty. In addition, the core deposit intangibles were valued using the after-tax cost savings method under the income approach. This method estimates the fair value by discounting to present value the favorable funding spread attributable to the core deposit balances over their estimated average remaining lives. The valuation considered a dynamic approach to interest rates and alternative cost of funds. The favorable funding spread is calculated as the difference in the alternative cost of funds and the net deposit cost. The estimates used in creating the preliminary fair value estimates of the assets acquired and liabilities assumed may change as additional information becomes available, which could lead to changes in our fair value estimates. We continue to review information relating to events or circumstances existing at the SVBB Acquisition Date that could impact the preliminary fair value estimates. Until management finalizes its fair value estimates for the acquired assets and assumed liabilities, the preliminary gain on acquisition can be updated for a period not to exceed one year following the SVBB Acquisition Date. The fair value measurements of certain other assets and liabilities are preliminary as we identify and assess information regarding the nature of these assets and liabilities and review the associated valuation assumptions and methodologies. The tax treatment of FDIC-assisted acquisitions is complex and subject to interpretations that may result in future adjustments of deferred taxes as of the SVBB Acquisition Date. As such, the amounts recorded for tax assets and liabilities are considered provisional as we continue to evaluate the nature and extent of permanent and temporary differences between the book and tax bases of the acquired assets and liabilities assumed, as well as the tax impact on the preliminary gain on acquisition. Item 1C. Cybersecurity Risk Management and Strategy BancShares maintains robust processes for assessing, identifying, and managing material risks from cybersecurity threats that are integrated with our overall risk management program. As part of its cybersecurity risk management framework, BancShares leverages a Three Lines of Defense model (the "Three Lines Model") to promote clarity of roles and responsibilities in managing risk. Under the Three Lines Model, the ECSO led by our Chief Information Security Officer (the "CISO"), acts as a first line of defense and has primary responsibility for identifying, assessing, monitoring, and managing material risks from cybersecurity threats. Our CISO reports to our Chief Information & Operations Officer ("CIOO"), who reports directly to our Chief Executive Officer. As a part of the ECSO, Enterprise Incident Management ("EIM") maintains incident response playbooks (i.e., standard operating procedures) to identify, respond, classify, and analyze incidents and events in accordance with BancShares' Enterprise Severity Matrix, and our Security Operation Center identifies, assesses, manages, and monitors potential cybersecurity events with EIM. In addition, BancShares maintains a third-party risk management team tasked with evaluating, identifying, and managing risk from all third-party engagements, including from cybersecurity threats. The second-line independent risk management, including compliance, enterprise risk management, and operational risk management, works with the first line ECSO to evaluate, assess, and manage material risks using an established Risk Appetite Framework that is designed to require that the cybersecurity organization appropriately document the current risk landscape and the activities undertaken to mitigate risk that falls outside of the enterprise risk tolerance. The third-line in the Three Lines Model is our internal audit team, which assesses the effectiveness of related controls. We maintain processes for escalation from each line, including processes to report information to management, management-level committees and to committees of the Board and the Board as a whole, as appropriate. For example, Risk Appetite Statements, top risks, and issues are reported to the Management Committees and the Risk Committee of the Board to monitor progress, identify trends, and escalate issues. BancShares follows a defense-in-depth and layered-control framework to protect the organization against cybersecurity threats and attacks. ECSO remains committed to maintaining and improving preventative and detective controls and enhancing our defenses in response to the evolving threat landscape. This mission is supported by policy, standards, and procedures which align to industry standards, including the National Institute of Standards and Technology Cybersecurity Framework, and are enforced through the firm's preventive and detective controls. Additionally, BancShares has implemented a threat awareness program that includes cross-organizational information sharing capability for threat intelligence and membership and engagement with intelligence communities including the Financial Services Information Sharing and Analysis Center, Federal Bureau of Investigation, United States Department of Homeland Security, and others. BancShares also utilizes external experts and third-party assessors to maximize its risk intelligence coverage and management ability. BancShares engages internal auditors, external assessors, and consultants to benchmark, scale, manage, and identify cybersecurity threats. Consultants also assess BancShares' cybersecurity systems and complete vulnerability testing. These groups assist the ECSO with cybersecurity risk management and identification. The BancShares information security program continues to operate under heightened awareness due to industry threats and recent acquisitions. For more information regarding the risks we face from cybersecurity threats, refer to Item 1A. Risk Factors. Thus far, there have been no cybersecurity incidents that we have determined to have materially affected or to be reasonably likely to materially affect us, including with respect to our business, results of operations, or financial condition. The focus continues to be on monitoring the threat landscape and integration of entities. Governance The Board retains supervisory oversight responsibility for the organization and its activities, including enterprise risk management and cybersecurity threats, subject to the committee delegation described below. The Board conducts oversight of management through its subcommittees, presentations from senior leadership, and routine board-directed reporting to ensure management continues to operate and conduct business in alignment with Risk Appetite Statements. Oversight of cybersecurity and the ECSO organization is the responsibility of the Risk Committee. The Risk Committee further oversees cybersecurity and other risks through a subcommittee, the Enterprise Risk Oversight Committee ("EROC"), as well as additional management-level subcommittees beneath the Risk Committee including the Technology & Security Risk Committee ("TSRC") and the Operational Risk Committee ("ORC" and, together with the EROC and TSRC, the "Management Committees"). Management Committees, which include as members the CISO and other cybersecurity leadership, have clear lines of communication with the Board and its committees. The Management Committees are designed with a purpose-driven scope and decision-making authority and are required to provide the Board with regular reporting of management's current business activities and the potential risk associated with those activities. Management Committees are informed by EIM following the incident management process as per internal policies and standards. In addition, the Audit Committee of the Board (the "Audit Committee") monitors internal audit's coverage of cybersecurity governance, risks, and related controls, including any identified deficiencies, from cybersecurity or other risks, that could adversely affect the ability to record, process, summarize, and report financial data. The Risk Committee coordinates with Audit Committee for review of information security matters, as needed. The Board may from time to time create informal working groups to enable deeper and more detailed discussions related to our technology needs and investments and inform the Board on cybersecurity risks, among other topics. For example, our Board recently established and authorized a Task Force on Technology (the "Task Force") to assist and support the Board in a strategic review of the role of technology in our operations, our current and future investments in technology resources, and the current board oversight of risk, governance, and controls surrounding technology and cybersecurity. The Task Force is comprised of members of the Board, working closely with management, including the CIOO. The CISO is responsible for assessing and managing material cyber risks. His expertise with assessing and managing material cyber risks is based on more than 20 years of cybersecurity experience with prior roles as a CISO and Global Head of Operations. The CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity by the ECSO through regular reporting and escalations, as required. He, the CIOO, and others report information about material risks from cybersecurity threats to the Board or a committee or subcommittee of the Board, as described below. The Risk Committee receives information on cybersecurity risk, including risk appetite utilization, breaches and emerging risks, and the control environment, directly or indirectly, from various sources, including each of the CISO, the EROC, Management Committees, the Task Force, the TSRC and the ORC. Additionally, the Risk Committee reviews BancShares' information security policies and program with a focus on whether they are appropriate to protect data, records, and proprietary information of BancShares as well as that of its customers and employees.

We must have effective internal controls over financial reporting in order to provide reliable financial reports, to effectively prevent fraud and to operate successfully as a public company. If we are unable to provide reliable financial reports or prevent fraud, our reputation and operating results will be harmed and we may violate regulatory requirements or otherwise become subject to legal liability. We may discover material weaknesses or significant deficiencies requiring remediation, which would require additional expense and diversion of management attention, among other consequences. A "material weakness" is a deficiency, or a combination of deficiencies, in internal controls over financial reporting such that there is a reasonable possibility that a material misstatement of a company's annual or interim financial statements will not be prevented or detected on a timely basis. Any failure to maintain effective internal controls or to implement any necessary improvement of our internal controls in a timely manner could, among other things, result in losses from fraud or error, harm our reputation or cause investors to lose confidence in our reported financial information, each of which could have a material adverse effect on our results of operations and financial condition and the market value of our common stock.

We rely on qualitative and quantitative models to measure risks and to estimate certain financial values. Such models may be used in many processes including, but not limited to, the pricing of various products and services, classifications of loans, setting interest rates on loans and deposits, quantifying interest rate and other market risks, forecasting losses, measuring capital adequacy and calculating economic and regulatory capital levels. Models may also be used to estimate the value of financial instruments and balance sheet items. Inaccurate or erroneous models present the risk that business decisions relying on the models will prove inefficient, ineffective or harmful to us. Additionally, information we provide to our investors and regulators may be negatively impacted by inaccurately designed or implemented models. For further information on risk monitoring, refer to the "Risk Management" section included in Item 7A. Quantitative and Qualitative Disclosure about Market Risk of this Annual Report on Form 10-K.

Accounting policies and processes are fundamental to how we record and report our financial condition and results of operations. Management must exercise judgment in selecting and applying many of these accounting policies and processes so they comply with GAAP. In some cases, management must select the accounting policy or method to apply from two or more alternatives, any of which may be reasonable under the circumstances, yet may result in us reporting materially different results than would have been reported under a different alternative. Management has identified certain accounting policies as being critical because they require management to make difficult, subjective or complex conclusions about matters that are uncertain. Materially different amounts could be reported under different conditions or using different assumptions or estimates. Because of the uncertainty surrounding management's judgments and the estimates pertaining to these matters, we may be required to adjust accounting policies or restate prior period financial statements. Refer to "Critical Accounting Estimates" included in Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations of this Annual Report on Form 10-K.

Our primary capital sources have been retained earnings and debt issued through both private and public markets. Rating agencies regularly evaluate our creditworthiness and assign credit ratings to us and FCB. The ratings of the agencies are based on a number of factors, some of which are outside our control. In addition to factors specific to our financial strength and performance, the rating agencies also consider conditions generally affecting the financial services industry. We may not be able to maintain our current credit ratings. Rating reductions could adversely affect our access to funding sources and increase the cost of obtaining funding. Based on existing capital levels, we and FCB are well capitalized under current leverage and risk-based capital standards. Our ability to grow is contingent on our ability to generate or otherwise access sufficient capital to remain well capitalized under current and future capital adequacy guidelines.

Based on our asset size, we are subject to enhanced liquidity risk management requirements as a Category IV banking organization, including reporting, liquidity stress testing, a liquidity buffer and resolution planning, subject to the applicable transition periods. Were we to meet or exceed certain other thresholds for asset size and other risk-based factors, we would become subject to additional requirements under the Tailoring Rules. We expect to incur significant expense in continuing to develop policies, programs and systems designed to comply with all such requirements applicable to us. Failure to develop and maintain an adequate liquidity risk management and monitoring process may lead to adverse regulatory action (including possible restrictions on our activities), along with inadequate liquidity.

Our deposit base represents our primary source of core funding and balance sheet liquidity. We typically have the ability to stimulate core deposit growth through reasonable and effective pricing strategies. However, these deposits are subject to fluctuation due to certain factors outside our control, such as increasing competitive pressures for retail or corporate customer deposits, changes in interest rates and returns on other investment classes, or a loss of confidence by customers in us or in the banking sector generally which could result in a significant outflow of deposits within a short period of time, which may have a material adverse effect on our liquidity position. In circumstances where our ability to generate needed liquidity is impaired, we need access to other sources of funding such as borrowings from the FHLBs and the Federal Reserve, Federal Funds purchased lines, and brokered deposits. In connection with the SVBB Acquisition, FCB issued a five-year note of approximately $36 billion payable to the FDIC (the "Purchase Money Note") and FCB also entered into an Advance Facility Agreement, dated as of March 27, 2023 and effective as of November 20, 2023 (the "Advance Facility Agreement") with the FDIC, pursuant to which the FDIC is providing total advances available through March 27, 2025 of up to $70 billion (subject to certain limits described below under Item 8. Financial Statements and Supplementary Data, Note 2-Business Combinations), of which $15.11 billion was immediately available at December 31, 2023. We may draw on the Advance Facility Agreement through March 27, 2025 to provide liquidity to offset deposit withdrawal or runoff of former SVBB deposit accounts and to fund the unfunded commercial lending commitments acquired in connection with the SVBB Acquisition. While we maintain access to these non-core funding sources, including the Advance Facility Agreement, these sources are dependent on the availability of collateral as well as the counterparty's willingness and ability to lend. Failure to access sources of liquidity may affect our ability to pay deposits and fund our operations.

Our results of operations and cash flows are highly dependent upon net interest income ("NII"). Interest rates are highly sensitive to many factors that are beyond our control, including general economic and market conditions and policies of various governmental and regulatory agencies, particularly the actions of the Federal Reserve's Federal Open Market Committee ("FOMC"). Changes in monetary policy, including changes in interest rates, could influence interest income, interest expense, and the fair value of our financial assets and liabilities. If changes in interest rates on our interest-earning assets are not equal to the changes in interest rates on our interest-bearing liabilities, our NII and, therefore, our net income, could be adversely impacted. If indicators show signs that inflation is stabilizing, the FOMC may begin to reduce interest rates over the next 12 months. Any future change in monetary policy by the Federal Reserve resulting in lower interest rates may negatively impact our performance and financial condition due to the composition of our interest rate sensitive assets and liabilities. Our portfolio is generally in a net asset-sensitive position whereby our assets reprice faster than our liabilities, which is generally concentrated at the short end of the yield curve. While our interest expense may decline, the impact on our interest-rate sensitive assets may be greater, resulting in a potential decrease to our NII. As interest rates rise, our interest expense will increase and our net interest margin ("NIM") may decrease, negatively impacting our performance and our financial condition. To the extent banks and other financial services providers compete for interest-bearing deposit accounts through higher interest rates, our deposit base could be reduced if we are unwilling to pay those higher rates. If we decide to compete with those higher interest rates, our cost of funds could increase and our NIM could be reduced, dependent on the timing and sensitivities of our interest-earning assets and interest-bearing liabilities. Additionally, higher interest rates may impact our ability to originate new loans. Increases in interest rates could adversely affect the ability of our borrowers to meet higher payment obligations. If this occurred, it could cause an increase in nonperforming assets and net charge-offs. We cannot control or predict with certainty changes in interest rates. The forecasts of future NII by our interest rate risk monitoring system are estimates and may be inaccurate. Actual interest rate movements may differ from our forecasts, and unexpected actions by the FOMC may have a direct impact on market interest rates. The Federal Reserve announced in January of 2022 that it would be slowing the pace of its bond purchasing and increasing the target range for the federal funds rate over time. On January 1, 2022, the target range for the federal funds rate was 0%; however, over the past two years, the FOMC has steadily increased the target range, reaching a range of 5.25% to 5.50% as of December 31, 2023, with the FOMC deciding to maintain this target range as of January 31, 2024. Although economists are projecting that the target funds rate will most likely decline in small periodic increments, it remains uncertain whether the FOMC will begin to reduce the federal funds rate, the extent and frequency of any such reductions, whether the FOMC will leave the rate at its current elevated level for a lengthy period of time or whether FOMC will increase the targeted federal funds rate should inflation return to elevated levels. The higher interest rate environment of recent periods, and our offerings of higher rates to attract or maintain deposits, has increased the cost of deposits, and may continue to do so, dependent on the Federal Reserve actions. In addition, the high interest rate environment has increased costs on our other funding sources, and may continue to do so, in the event we may need to issue debt.

Our investment securities portfolio contains certain equity securities and corporate bonds of other financial institutions. As a result, a portion of our investment securities portfolio is subject to fluctuation due to changes in the financial stability and market value of other financial institutions, as well as interest rate sensitivity to economic and market conditions. Such fluctuations could reduce the value of our investment securities portfolio and consequently have an adverse effect on our results of operations. We have seen volatile earnings impacts related to the fair value of equity securities in recent periods.

The soundness and stability of many financial institutions may be closely interrelated as a result of credit, trading, clearing, counterparty and other relationships between the institutions. As a result, concerns about, or a default or threatened default by, one institution could lead to significant market-wide liquidity and credit problems, losses or defaults by other institutions. For example, the failures of several high-profile banking institutions in early 2023 caused significant market volatility, regulatory uncertainty, and decreased confidence in the U.S. banking system. In response to the recent bank failures, the United States government has proposed a variety of measures and new regulations designed to strengthen capital levels, liquidity standards, and risk management practices and otherwise restore confidence in financial institutions. Any reforms, if adopted, could have a significant impact on banks and BHCs, including us. In addition, we have exposure to numerous financial services providers, including banks, securities brokers and dealers and other financial services providers. Our monitoring of the financial conditions of financial institutions with which we have credit exposure is inherently limited and may be inadequate, and transactions with those institutions expose us to credit risk through the possibility of counterparty default. Market Risks

As a lender, we are exposed to the risk that our customers will be unable to repay their loans and other obligations in accordance with the terms of the relevant agreements, and that any collateral securing the payment of their loans and obligations may be insufficient to assure full repayment. Credit losses are inherent in the business of making loans and entering into other financial arrangements. Factors that influence our credit losses include overall economic conditions affecting businesses and consumers, generally, but also residential and CRE valuations. For example, real property collateral values may be impacted by economic conditions in the real estate market and may result in losses on loans that, while adequately collateralized at the time of origination, become inadequately collateralized over time. CRE loans may involve a higher risk of default compared to our other types of loans as a result of several factors, including, but not limited to, prevailing economic conditions and volatility in real estate markets, occupancy, rental collections, interest rates, and collateral value. Recent trends including the growth of e-commerce, adverse impacts of the COVID-19 pandemic, and long-term work-from-home arrangements, as well as increases in variable rates on CRE loans in connection with the significant increase over a span of 17 months in the target for the federal funds rate from near zero to 5.25% - 5.50% by July 2023, have had an adverse impact on the CRE sector, including retail stores, hotels and office buildings, creating greater risk exposure for our CRE loan portfolio. In addition, our reliance on junior liens is concentrated in our consumer revolving mortgage loan portfolio. Approximately two-thirds of the consumer revolving mortgage portfolio is secured by junior lien positions, and lower real estate values for collateral underlying these loans may cause the outstanding balance of the senior lien to exceed the value of the collateral, resulting in a junior lien loan becoming effectively unsecured. Inadequate collateral values, rising interest rates and unfavorable economic conditions could result in greater delinquencies, write-downs or charge-offs in future periods, which could have a material adverse impact on our results of operations and capital adequacy.

Our loans and leases include concentrations in certain industries in healthcare, such as medical and dental industries, as well as the rail business. A significant portion of the loans acquired in the SVBB Acquisition were concentrated within certain industries, including technology, life science and healthcare, and with private equity and venture capital clients, areas in which we did not have significant exposure prior to the SVBB Acquisition. Although we believe our combined loan portfolio is diversified, borrowers in certain industries may have a heightened vulnerability to negative economic conditions. For example, statutory or regulatory changes relevant to the medical and dental industries, or economic conditions in the market generally, could negatively impact these borrowers' businesses and their ability to repay their loans with us. Additionally, smaller practices such as those in the dental industry generally have fewer financial resources in terms of capital or borrowing capacity than larger entities, and generally have a heightened vulnerability to negative economic conditions. Repayment of loans in the portfolios for early-stage and mid-stage privately held companies, including those acquired in the SVBB Acquisition, may depend upon receipt by those borrowers of additional financing from venture capitalists or others, or, in some cases, a successful sale to a third-party, public offering or other form of liquidity event. In addition, decreases in the amount of equity capital available to early-stage and mid-stage companies, including through a decrease in merger and acquisition activity, could adversely impact the ability of borrowers to repay our loans in these industries. If such events occur, our levels of nonperforming assets and charge offs may increase, and we may be required to increase our ALLL through additional provisions on our income statement, which would reduce reported net income and could have an adverse effect on our business, financial condition, results of operations and prospects. Due to our substantial concentration in our rail business, if there is a significant downturn in shipping by railcar, it could have a material adverse effect on our business and results of operations. In addition, volatility in the price of, and demand for oil and gas may have negative effects on not only our loan exposures in the exploration and production section, but may also lead to a decreased demand for our railcars.

We maintain an allowance for loan and lease losses ("ALLL") that is designed to cover expected credit losses on loans and leases that borrowers may not repay in their entirety. A reserve is also maintained in other liabilities to cover expected losses for off-balance sheet credit exposures. The ALLL may not be sufficient to cover actual credit losses, and future provisions for credit losses could materially and adversely affect our operating results. Accounting measurements related to asset impairment and the ALLL require significant estimates that are subject to uncertainty and revisions driven by new information and changing circumstances. The significant uncertainties surrounding our borrowers' abilities to conduct their businesses successfully through changing economic environments, competitive challenges and other factors complicate our estimates of the risk and amount of loss on any loan. Due to the degree of uncertainty and the susceptibility to change, the actual losses may vary substantially from current estimates. We also expect fluctuations in the ALLL due to economic changes nationally as well as locally within the states in which we conduct business. In addition, the reserve related to off-balance sheet credit exposures may not be sufficient to cover actual losses, and future provisions for such losses could also materially and adversely affect our operating results and are also subject to significant uncertainties and fluctuations. As an integral part of their examination process, our banking regulators periodically review the ALLL and may require us to increase it by recognizing additional provisions for credit losses charged to expense or to decrease the allowance by recognizing loan charge-offs, net of recoveries. Any such required additional credit loss provisions or loan charge-offs could have a material adverse effect on our financial condition and results of operations.

Effectively managing credit risks is essential for the operation of our business. There are credit risks inherent in making any loan, including risks of repayment, risks with respect to the period of time over which the loan may be repaid, risks relating to proper loan underwriting and guidelines, risks resulting from changes in economic and industry conditions, risks in dealing with individual borrowers and risks resulting from uncertainties as to the future value of collateral. Our loan approval procedures and our credit risk monitoring may be or become inadequate to appropriately manage the inherent credit risks associated with lending. Our credit administration personnel, policies and procedures may not adequately adapt to changes in economic or other conditions affecting customers and the quality of our loan portfolio. Any failure to manage such credit risks may materially adversely affect our business, consolidated results of operations and financial condition because it may lead to loans that we make not being paid back in part or in full on a timely basis or at all.

- Capital Adequacy Risks: The risks that our capital levels become inadequate to preserve our safety and soundness, support our ongoing business operations and strategies and provide us with support against unexpected or sudden changes in the business/economic environment, or that we will not meet the capital adequacy requirements applicable to us as a Category IV banking organization, subject to the applicable transition periods.

- Liquidity Risks: The risks that we will be unable to meet our obligations as they come due because of an inability to (i) liquidate assets or obtain adequate funding, or (ii) unwind or offset specific exposures without significantly lowering market prices because of inadequate market depth or market disruptions, or that we will not meet the liquidity management requirements applicable to us as a Category IV banking organization, subject to the applicable transition periods.

- Financial Reporting Risks: The risks that our financial information is reported incorrectly or incompletely, including through the improper application of accounting standards or other errors or omissions.

Safely conducting and growing our business requires that we create and maintain an appropriate operational and organizational control infrastructure. Operational risk can arise in numerous ways, including, but not limited to, employee fraud, customer fraud, control lapses in bank operations and information technology, and pace of change brought about by organizational growth. Our dependence on our employees and internal and third-party automated systems and vendors to record and process transactions may further increase the risk that technical failures or system-tampering will result in losses that are difficult to detect. Our internal controls that are intended to safeguard and maintain our operational and organizational infrastructure and information, as well as oversee and monitor control effectiveness, have inherent limitations and may not be successful. We may be subject to disruptions of our operating systems arising from events that are wholly or partially beyond our control. In addition, our railcars are used to transport a variety of products including, but not limited to, cement, energy products, chemicals and coal. An accidental derailment of these railcars could result in personal injury and property damage, which could be significant, as well as potential environmental remediation and restoration obligations and penalties. Failure to maintain appropriate operational infrastructure and oversight or to safely operate our business can lead to loss of service to customers, reputational harm, legal actions and noncompliance with various laws and regulations, all of which could have a material adverse impact on our business, financial condition and results of operations.