JPMorgan Chase & Co. (JPM) Risk Analysis

JPMorganChase's businesses and operations are subject to complex and evolving laws, rules and regulations, both within and outside the U.S., governing the privacy and protection of personal information of individuals. Governmental authorities around the world have adopted and are considering the adoption of numerous legislative and regulatory initiatives concerning privacy, data protection and security. Litigation or enforcement actions relating to these laws, rules and regulations could result in fines or orders requiring that JPMorganChase change its data-related practices, which could have an adverse effect on JPMorganChase's ability to provide products and otherwise harm its business operations. Implementing processes relating to JPMorganChase's collection, use, sharing and storage of personal information to comply with all applicable laws, rules and regulations in all relevant jurisdictions, including where the laws of different jurisdictions are in conflict, can: - increase JPMorganChase's compliance and operating costs - hinder the development of new products or services, curtail the offering of existing products or services, or affect how products and services are offered to clients and customers - demand significant oversight by JPMorganChase's management, and - require JPMorganChase to structure its businesses, operations and systems in less efficient ways. Not all of JPMorganChase's clients, customers, vendors, counterparties and other external parties may have appropriate controls in place to protect the confidentiality, integrity or availability of the information exchanged between them and JPMorganChase, particularly where information is transmitted by electronic means. JPMorganChase could be exposed to litigation or regulatory fines, penalties or other sanctions if personal information of clients, customers, employees or others were to be mishandled or misused, such as situations where such information is:- erroneously provided to parties who are not permitted to have the information, or- intercepted or otherwise compromised by unauthorized third parties.The increasing sophistication of artificial intelligence technologies poses a greater risk of identity fraud, as malicious actors may exploit artificial intelligence to create convincing false identities or manipulate verification processes. This challenge necessitates ongoing enhancements to client verification systems and security protocols to prevent unauthorized access and protect sensitive client information. Failure to manage these risks or to implement effective countermeasures could lead to unauthorized transactions, financial losses, reputational damage and increased regulatory scrutiny.Concerns regarding the effectiveness of JPMorganChase's measures to safeguard personal information, or the perception that those measures are inadequate, could cause JPMorganChase to lose existing or potential clients and customers or employees, and thereby reduce JPMorganChase's revenues. Furthermore, any failure or perceived failure by JPMorganChase to comply with applicable privacy or data protection laws, rules and regulations, or any failure to appropriately calibrate, manage and monitor access by employees or third parties to personal information, could subject JPMorganChase to inquiries, examinations and investigations that could result in requirements to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties or other sanctions. Any of these could damage JPMorganChase's reputation and otherwise adversely affect its businesses.In recent years, well-publicized incidents involving the inappropriate collection, use, sharing or storage of personal information have led to expanded governmental scrutiny of practices relating to the processing or safeguarding of personal information by companies in the U.S. and other countries. That scrutiny has in some cases resulted in, and could in the future lead to, the adoption of stricter laws, rules and regulations relating to the collection, use, sharing and storage of personal information. These types of laws, rules and regulations can prohibit or significantly restrict financial services firms such as JPMorganChase from transferring information across national borders or sharing information among affiliates or with third parties such as vendors, thereby information exchanged between them and JPMorganChase, particularly where information is transmitted by electronic means. JPMorganChase could be exposed to litigation or regulatory fines, penalties or other sanctions if personal information of clients, customers, employees or others were to be mishandled or misused, such as situations where such information is: - erroneously provided to parties who are not permitted to have the information, or - intercepted or otherwise compromised by unauthorized third parties. The increasing sophistication of artificial intelligence technologies poses a greater risk of identity fraud, as malicious actors may exploit artificial intelligence to create convincing false identities or manipulate verification processes. This challenge necessitates ongoing enhancements to client verification systems and security protocols to prevent unauthorized access and protect sensitive client information. Failure to manage these risks or to implement effective countermeasures could lead to unauthorized transactions, financial losses, reputational damage and increased regulatory scrutiny. Concerns regarding the effectiveness of JPMorganChase's measures to safeguard personal information, or the perception that those measures are inadequate, could cause JPMorganChase to lose existing or potential clients and customers or employees, and thereby reduce JPMorganChase's revenues. Furthermore, any failure or perceived failure by JPMorganChase to comply with applicable privacy or data protection laws, rules and regulations, or any failure to appropriately calibrate, manage and monitor access by employees or third parties to personal information, could subject JPMorganChase to inquiries, examinations and investigations that could result in requirements to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties or other sanctions. Any of these could damage JPMorganChase's reputation and otherwise adversely affect its businesses. In recent years, well-publicized incidents involving the inappropriate collection, use, sharing or storage of personal information have led to expanded governmental scrutiny of practices relating to the processing or safeguarding of personal information by companies in the U.S. and other countries. That scrutiny has in some cases resulted in, and could in the future lead to, the adoption of stricter laws, rules and regulations relating to the collection, use, sharing and storage of personal information. These types of laws, rules and regulations can prohibit or significantly restrict financial services firms such as JPMorganChase from transferring information across national borders or sharing information among affiliates or with third parties such as vendors, thereby increase compliance costs and operational risk, or restrict JPMorganChase's use of personal information when developing or offering products or services to customers. Some countries are considering or have adopted legislation implementing data protection requirements or requiring local storage and processing of data which could increase the cost and complexity of JPMorganChase's delivery of products and services. These restrictions could also inhibit JPMorganChase's development or marketing of certain products or services, or increase the costs of offering them to customers.JPMorganChase's operations, results and reputation could be harmed by occurrences of extraordinary events beyond its control.JPMorganChase's business and operational systems could be seriously disrupted, and its reputation could be harmed, by events or contributing factors that are wholly or partially beyond its control, including material instances of:- cyber attacks- security breaches of its physical premises, including threats to health and safety- power, telecommunications or internet outages, or shutdowns of mass transit- failure of, or loss of access to, technology or operational systems, including any resulting loss of critical data- interruption of service from third-party service providers - damage to or loss of property or assets of JPMorganChase or third parties, and any consequent injuries, including in connection with any construction projects undertaken by JPMorganChase- effects of climate change- natural disasters or severe weather conditions- accidents such as explosions or structural failures- health emergencies, the spread of infectious diseases, epidemics or pandemics, or- events arising from local or larger-scale civil or political unrest, any outbreak or escalation of hostilities, or terrorist acts.JPMorganChase operates a Firmwide resiliency framework that is intended to enable it to prepare for and adapt to changing conditions and withstand and recover from, and address any adverse effects on its operations caused by, disruptions that may impact critical business functions and supporting assets, including its staff, technology, data and facilities and those of third-party service providers. Although not every form of disruption can be anticipated or defended against, JPMorganChase increase compliance costs and operational risk, or restrict JPMorganChase's use of personal information when developing or offering products or services to customers. Some countries are considering or have adopted legislation implementing data protection requirements or requiring local storage and processing of data which could increase the cost and complexity of JPMorganChase's delivery of products and services. These restrictions could also inhibit JPMorganChase's development or marketing of certain products or services, or increase the costs of offering them to customers.

Some of the countries in which JPMorganChase conducts business have economies or markets that are less developed and more volatile or may have political, legal and regulatory regimes that are less established or predictable than other countries in which JPMorganChase operates. In addition, in some jurisdictions in which JPMorganChase conducts business, the local economy and business activities are subject to substantial government influence or control. Some of these countries have in the past experienced economic disruptions, including: - extreme currency fluctuations - high inflation - low or negative growth - defaults or reduced ability to service sovereign debt and - increased fraud or other misrepresentation of value. The governments in these countries have sometimes reacted to these developments by imposing restrictive policies that adversely affect the local and regional business environment, such as: - price, capital or exchange controls, including imposition of punitive transfer and convertibility restrictions or forced currency exchange - expropriation or nationalization of assets, including client assets, or confiscation of property, including intellectual property, and - changes in laws, rules and regulations. The impact of these actions could be accentuated in trading markets that are smaller, less liquid and more volatile than more-developed markets. These types of government actions can negatively affect JPMorganChase's operations in the relevant country, either directly or by suppressing the business activities of local clients or multi-national clients that conduct business in the jurisdiction. In addition, emerging markets countries, as well as more developed countries, have been susceptible to unfavorable social developments arising from poor economic conditions or governmental actions, including: - widespread demonstrations, civil unrest or general strikes - crime and corruption- security and personal safety issues- an outbreak or escalation of hostilities, or other geopolitical instabilities- overthrow of incumbent governments- terrorist attacks, and - other forms of internal discord. These economic, political, regulatory and social developments have in the past resulted in, and in the future could lead to, conditions that can adversely affect JPMorganChase's operations in those countries and impair the revenues, growth and profitability of those operations. In addition, any of these events or circumstances in one country can affect JPMorganChase's operations and investments in another country or countries, including in the U.S.PeopleJPMorganChase's ability to attract and retain qualified employees is critical to its success.JPMorganChase's employees are its most important resource, and in many areas of the financial services industry, competition for qualified personnel is intense. JPMorganChase endeavors to attract talented new employees from a variety of backgrounds and retain, develop and motivate its existing employees. JPMorganChase's efforts to hire and retain talented employees could be hindered by factors such as:- the emerging need for more-skilled workers in an evolving labor and workplace environment, including due to changes in technology- targeted recruitment of JPMorganChase employees by competitors, and- modifications to or discontinuation of JPMorganChase's hybrid work models.JPMorganChase's performance and competitive position could be materially and adversely affected if it is unable to attract or retain qualified employees for its workforce or to devise and execute effective succession planning for key leadership roles, such as the Chief Executive Officer, members of the Operating Committee and other senior leaders.In addition, advances in technology, such as automation and artificial intelligence, may lead to workforce displacement. This could require JPMorganChase to invest in additional employee training, manage impacts on morale and retention, and compete for employment candidates who possess more advanced technological skills, all of which could unfavorable social developments arising from poor economic conditions or governmental actions, including: - widespread demonstrations, civil unrest or general strikes - crime and corruption - security and personal safety issues - an outbreak or escalation of hostilities, or other geopolitical instabilities - overthrow of incumbent governments - terrorist attacks, and - other forms of internal discord. These economic, political, regulatory and social developments have in the past resulted in, and in the future could lead to, conditions that can adversely affect JPMorganChase's operations in those countries and impair the revenues, growth and profitability of those operations. In addition, any of these events or circumstances in one country can affect JPMorganChase's operations and investments in another country or countries, including in the U.S.

The value of securities, derivatives and other financial instruments which JPMorganChase owns or in which it makes markets can be materially affected by market fluctuations. Market volatility, illiquid market conditions and other disruptions in the financial markets may make it extremely difficult to value certain financial instruments. Subsequent valuations of financial instruments in future periods, in light of factors then prevailing, may result in significant changes in the value of these instruments. In addition, at the time of any disposition of these financial instruments, the price that JPMorganChase ultimately realizes will depend on the demand and liquidity in the market at that time and may be materially lower than their current fair value. Any of these factors could cause a decline in the value of financial instruments that JPMorganChase owns or in which it makes markets, which may have an adverse effect on JPMorganChase's results of operations. JPMorganChase's risk management and monitoring processes, including its stress testing framework, seek to quantify and manage JPMorganChase's exposure to more extreme market moves. However, JPMorganChase's hedging and other risk management strategies may not be effective, and it could incur significant losses, if extreme market events were to occur.

When JPMorganChase launches a new product or service, introduces a new platform for the delivery or distribution of products or services (including mobile connectivity, electronic trading and cloud computing), acquires or invests in a business, makes changes to an existing product, service or delivery platform, or adopts a new technology, it may not fully appreciate or identify new operational risks that may arise from those changes, including increased reliance on third party providers, or may fail to implement adequate controls to mitigate the risks associated with those changes. Any significant failure in this regard could diminish JPMorganChase's ability to operate one or more of its businesses or result in:- potential liability to clients, counterparties and customers- higher compliance, operational or integration costs - higher litigation costs, including regulatory fines, penalties and other sanctions- damage to JPMorganChase's reputation- impairment of JPMorganChase's liquidity- regulatory intervention, or - weaker competitive standing.Any of the foregoing consequences could materially and adversely affect JPMorganChase's businesses and results of operations.JPMorganChase's business and operations rely on its ability, and the ability of key external parties, to maintain appropriately-staffed workforces, and on the competence, trustworthiness, health and safety of employees.JPMorganChase's ability to operate its businesses efficiently and profitably, to offer products and services that meet the expectations of its clients and customers, and to maintain an effective risk management framework is highly dependent on its ability to staff its operations appropriately and on the competence, trustworthiness, health and safety of its employees. JPMorganChase's businesses and operations similarly rely on the workforces of third parties, including employees of vendors, custodians and financial markets infrastructures, and of businesses that it may seek to acquire. JPMorganChase's businesses could be materially and adversely affected by:- the ineffective implementation of business decisions- any failure to institute controls that appropriately address risks associated with business activities, or to appropriately train employees with respect to those risks and controls- staffing shortages, particularly in tight labor markets- the possibility that significant portions of JPMorganChase's workforce are unable to work effectively, including because of illness, quarantines, shelter-in-place arrangements, government actions or other restrictions in connection with health distribution of products or services (including mobile connectivity, electronic trading and cloud computing), acquires or invests in a business, makes changes to an existing product, service or delivery platform, or adopts a new technology, it may not fully appreciate or identify new operational risks that may arise from those changes, including increased reliance on third party providers, or may fail to implement adequate controls to mitigate the risks associated with those changes. Any significant failure in this regard could diminish JPMorganChase's ability to operate one or more of its businesses or result in: - potential liability to clients, counterparties and customers - higher compliance, operational or integration costs - higher litigation costs, including regulatory fines, penalties and other sanctions - damage to JPMorganChase's reputation - impairment of JPMorganChase's liquidity - regulatory intervention, or - weaker competitive standing. Any of the foregoing consequences could materially and adversely affect JPMorganChase's businesses and results of operations.

JPMorganChase experiences numerous cyber attacks on its computer systems, software, networks and other technology assets on a daily basis from various actors, including groups acting on behalf of hostile countries, cyber-criminals, "hacktivists" (i.e., individuals or groups that use technology to promote a political agenda or social change) and others. These cyber attacks can take many forms, including attempts to introduce computer viruses or malicious code, which are commonly referred to as "malware," into JPMorganChase's systems. These attacks are often designed to: - obtain unauthorized access to JPMorganChase's systems or to confidential information belonging to JPMorganChase or its clients, customers, counterparties or employees - manipulate data - destroy data or systems with the aim of rendering services unavailable - disrupt, sabotage or degrade service on JPMorganChase's systems - steal money, or - extort money through the use of so-called "ransomware." JPMorganChase also experiences: - distributed denial-of-service attacks intended to disrupt JPMorganChase's websites, including those that provide online banking and other services,- a higher volume and complexity of cyber attacks against the backdrop of heightened geopolitical tensions, and - a high volume of disruptions to internet-based services used by JPMorganChase that are provided by third parties. JPMorganChase has experienced security breaches due to cyber attacks in the past, and it is inevitable that additional breaches will occur in the future. Any such breach could result in serious and harmful consequences for JPMorganChase or its clients and customers. A principal reason that JPMorganChase cannot provide absolute security against cyber attacks is that it may not always be possible to anticipate, detect or recognize threats to JPMorganChase's systems, or to implement effective preventive measures against all breaches due to evolving risks, including:- the techniques used in cyber attacks evolve frequently and increase in sophistication, and therefore may not be recognized until launched or may go undetected for extended periods- cyber attacks can originate from a wide variety of sources, including JPMorganChase's own employees, cyber-criminals, hacktivists, groups linked to terrorist organizations or hostile nation-states that can sustain malicious activities for extended periods, or third parties whose objective is to disrupt the operations of financial institutions more generally- JPMorganChase does not have control over the cybersecurity of the systems of the large number of clients, customers, counterparties and third-party service providers with which it does business, and- it is possible that a third party, after establishing a foothold on an internal network without being detected, may gain access to other networks and systems.The risk of a security breach due to a cyber attack could increase in the future due to factors such as: - JPMorganChase's ongoing expansion of its digital banking and other internet-based product offerings and its internal use of internet-based products and applications, including those that use cloud computing services- advances in artificial intelligence, such as the use of machine learning, generative artificial intelligence and quantum computing by malicious actors to develop more advanced social engineering attacks, including targeted phishing attacks- the inability to maintain the security of information transmitted by JPMorganChase due to advances in quantum computing that may counteract or nullify existing information protections, and- the acquisition and integration of new businesses.In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by JPMorganChase's employees.The dynamic nature of the cyber threat landscape, including the pace of innovation and increased threat of novel attack methods, necessitates ongoing investment in, as well as enhancement and adaptation of, cybersecurity controls, including the adoption of enhanced security measures in certain jurisdictions. Failure to discover or address emerging threats, known vulnerabilities or shortcomings in cybersecurity controls, or to prioritize or complete enhancements to address them, in each case in a timely manner, may leave JPMorganChase vulnerable to cyber attacks, potentially resulting in data breaches, financial losses,implement effective preventive measures against all breaches due to evolving risks, including: - the techniques used in cyber attacks evolve frequently and increase in sophistication, and therefore may not be recognized until launched or may go undetected for extended periods - cyber attacks can originate from a wide variety of sources, including JPMorganChase's own employees, cyber-criminals, hacktivists, groups linked to terrorist organizations or hostile nation-states that can sustain malicious activities for extended periods, or third parties whose objective is to disrupt the operations of financial institutions more generally - JPMorganChase does not have control over the cybersecurity of the systems of the large number of clients, customers, counterparties and third-party service providers with which it does business, and - it is possible that a third party, after establishing a foothold on an internal network without being detected, may gain access to other networks and systems. The risk of a security breach due to a cyber attack could increase in the future due to factors such as: - JPMorganChase's ongoing expansion of its digital banking and other internet-based product offerings and its internal use of internet-based products and applications, including those that use cloud computing services - advances in artificial intelligence, such as the use of machine learning, generative artificial intelligence and quantum computing by malicious actors to develop more advanced social engineering attacks, including targeted phishing attacks - the inability to maintain the security of information transmitted by JPMorganChase due to advances in quantum computing that may counteract or nullify existing information protections, and - the acquisition and integration of new businesses. In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by JPMorganChase's employees. The dynamic nature of the cyber threat landscape, including the pace of innovation and increased threat of novel attack methods, necessitates ongoing investment in, as well as enhancement and adaptation of, cybersecurity controls, including the adoption of enhanced security measures in certain jurisdictions. Failure to discover or address emerging threats, known vulnerabilities or shortcomings in cybersecurity controls, or to prioritize or complete enhancements to address them, in each case in a timely manner, may leave JPMorganChase vulnerable to cyber attacks, potentially resulting in data breaches, financial losses,reputational damage and regulatory penalties, including the failure to prioritize or complete enhancements relating to:- preventing unauthorized access and protecting against the misuse of access, including the maintenance and enhancement of controls related to secure software development practices and identity and access management, such as those relating to the management of administrative access to systems- detecting, escalating and addressing effectively and in a timely manner any vulnerabilities that may be present either in internally-developed software or externally-provided software or services, including vulnerabilities that could allow attackers to exploit unknown security flaws in software and hardware ("zero-day vulnerabilities")- oversight of third-party vendors and early detection of attacks against those vendors, including ransomware attacks and attacks targeting vulnerabilities in third-party open-source software, in support of the secure development and maintenance of internal systems- maintaining and enhancing controls related to technology asset management and inventory systems to prevent the risk of undetected vulnerabilities that could undermine JPMorganChase's ability to operate an effective control process - upgrading the coverage and capabilities of systems and controls to protect JPMorganChase and its clients and customers from the impact of distributed denial-of-service attacks, or to recover from outages that could be caused by a malware or ransomware attack- the continuing migration of client-facing services to the cloud, and modernization of those services- strengthening network security and managing outbound connections to reduce the risk of data loss - identifying, assessing and mitigating insider threat activities that could lead to the misuse of JPMorganChase's systems or client and customer information, and- integrating acquired businesses where system integration may be complex or may require extensive and lengthy remediation or enhancement of controls.A successful penetration or circumvention of the security of JPMorganChase's systems or the systems of a vendor, governmental body or another market participant could cause serious negative consequences, including:- significant disruption of JPMorganChase's operations and those of its clients, customers and reputational damage and regulatory penalties, including the failure to prioritize or complete enhancements relating to: - preventing unauthorized access and protecting against the misuse of access, including the maintenance and enhancement of controls related to secure software development practices and identity and access management, such as those relating to the management of administrative access to systems - detecting, escalating and addressing effectively and in a timely manner any vulnerabilities that may be present either in internally-developed software or externally-provided software or services, including vulnerabilities that could allow attackers to exploit unknown security flaws in software and hardware ("zero-day vulnerabilities")- oversight of third-party vendors and early detection of attacks against those vendors, including ransomware attacks and attacks targeting vulnerabilities in third-party open-source software, in support of the secure development and maintenance of internal systems - maintaining and enhancing controls related to technology asset management and inventory systems to prevent the risk of undetected vulnerabilities that could undermine JPMorganChase's ability to operate an effective control process - upgrading the coverage and capabilities of systems and controls to protect JPMorganChase and its clients and customers from the impact of distributed denial-of-service attacks, or to recover from outages that could be caused by a malware or ransomware attack - the continuing migration of client-facing services to the cloud, and modernization of those services - strengthening network security and managing outbound connections to reduce the risk of data loss - identifying, assessing and mitigating insider threat activities that could lead to the misuse of JPMorganChase's systems or client and customer information, and - integrating acquired businesses where system integration may be complex or may require extensive and lengthy remediation or enhancement of controls. A successful penetration or circumvention of the security of JPMorganChase's systems or the systems of a vendor, governmental body or another market participant could cause serious negative consequences, including: - significant disruption of JPMorganChase's operations and those of its clients, customers and counterparties, including losing access to operational systems- misappropriation of confidential information of JPMorganChase or that of its clients, customers, counterparties, employees or regulators- disruption of or damage to JPMorganChase's systems and those of its clients, customers and counterparties- the inability, or extended delays in the ability, to fully recover and restore data that has been stolen, manipulated or destroyed, or the inability to prevent systems from processing fraudulent transactions- demands that JPMorganChase pay a ransom to a malicious actor that has perpetrated a cybersecurity breach- unintended violations by JPMorganChase of applicable privacy and other laws- financial loss to JPMorganChase or to its clients, customers, counterparties or employees- losses to JPMorganChase in excess of cyber insurance policy coverage- loss of confidence in JPMorganChase's cybersecurity and business resiliency measures- dissatisfaction among JPMorganChase's clients, customers or counterparties- significant exposure to litigation and regulatory fines, penalties or other sanctions, and- harm to JPMorganChase's reputation.The extent of a particular cyber attack, the methods and tools used by various actors, and the steps that JPMorganChase may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed. While such an investigation is ongoing, JPMorganChase may not necessarily know the full extent of the harm caused by the cyber attack, and that damage may continue to spread. These factors may inhibit JPMorganChase's ability to provide rapid, full and reliable information about the cyber attack to its clients, customers, counterparties and regulators, as well as the public. Furthermore, it may not be clear how best to contain and remediate the harm caused by the cyber attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber attack.JPMorganChase can be negatively affected if it fails to identify and address operational risks associated with the introduction of or changes to products, services and delivery platforms or the adoption of new technologies.When JPMorganChase launches a new product or service, introduces a new platform for the delivery or counterparties, including losing access to operational systems - misappropriation of confidential information of JPMorganChase or that of its clients, customers, counterparties, employees or regulators - disruption of or damage to JPMorganChase's systems and those of its clients, customers and counterparties - the inability, or extended delays in the ability, to fully recover and restore data that has been stolen, manipulated or destroyed, or the inability to prevent systems from processing fraudulent transactions - demands that JPMorganChase pay a ransom to a malicious actor that has perpetrated a cybersecurity breach - unintended violations by JPMorganChase of applicable privacy and other laws - financial loss to JPMorganChase or to its clients, customers, counterparties or employees - losses to JPMorganChase in excess of cyber insurance policy coverage - loss of confidence in JPMorganChase's cybersecurity and business resiliency measures - dissatisfaction among JPMorganChase's clients, customers or counterparties - significant exposure to litigation and regulatory fines, penalties or other sanctions, and The extent of a particular cyber attack, the methods and tools used by various actors, and the steps that JPMorganChase may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed. While such an investigation is ongoing, JPMorganChase may not necessarily know the full extent of the harm caused by the cyber attack, and that damage may continue to spread. These factors may inhibit JPMorganChase's ability to provide rapid, full and reliable information about the cyber attack to its clients, customers, counterparties and regulators, as well as the public. Furthermore, it may not be clear how best to contain and remediate the harm caused by the cyber attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber attack.

JPMorganChase's businesses rely on the ability of JPMorganChase's financial, accounting, transaction execution, data processing and other operational systems, including devices supporting those systems, to process, record, monitor and report a large number of transactions on a continuous basis, and to do so accurately, quickly and securely. In addition to proper design, installation, maintenance and training, the effective functioning of JPMorganChase's operational systems depends on: - the quality of the information contained in those systems, as inaccurate, outdated, incomplete or corrupted data can significantly compromise the functionality or reliability of a particular system and other systems to which it transmits or from which it receives information, and- JPMorganChase's ability to continue to maintain and upgrade its systems on a regular and timely basis in line with technological advancements and evolving security requirements, maintain security and operational continuity of its systems, including by carefully managing any changes introduced to its systems, prevent unauthorized access and the misuse of access to its systems, and adhere to all applicable legal and regulatory requirements, particularly in regions where JPMorganChase may face a heightened risk of malicious activity.JPMorganChase has experienced and expects that it will continue to experience failures and disruptions in the stability of its operational systems, including degraded performance of data processing systems, data quality issues, disruptions of network connectivity and malfunctioning software, as well as disruptions in its ability to access and use the operational systems of third parties and interruptions in service from third-party service providers. These incidents have resulted in various negative effects for customers, including the inability to access account information or transact through ATM, internet or mobile channels, the exfiltration of customer personal data, the recording of duplicative transactions and extended delays for customers requiring services from call centers. There can be no assurance that these and other types of operational failures or disruptions will not occur in the future.JPMorganChase's ability to effectively manage the stability of its operational systems and infrastructure could be hindered by many factors, any of which could have a negative impact on JPMorganChase and its clients, customers and counterparties, including:- JPMorganChase's ability to effectively maintain and upgrade systems and infrastructure can become more challenging as the speed, frequency, volume, interconnectivity and complexity of transactions continue to increase- attempts by third parties to defraud JPMorganChase or its clients and customers continue to increase, evolve and become more complex, and during periods of market disruption or economic uncertainty, these attempts can be expected to further increase in volume- errors made by JPMorganChase or another market participant, whether inadvertent or malicious, could cause widespread system disruption- failure to detect weaknesses or shortcomings in operational systems in a timely manner- isolated or seemingly insignificant errors in operational systems could compound, or migrate to other systems over time, to become larger issues functionality or reliability of a particular system and other systems to which it transmits or from which it receives information, and - JPMorganChase's ability to continue to maintain and upgrade its systems on a regular and timely basis in line with technological advancements and evolving security requirements, maintain security and operational continuity of its systems, including by carefully managing any changes introduced to its systems, prevent unauthorized access and the misuse of access to its systems, and adhere to all applicable legal and regulatory requirements, particularly in regions where JPMorganChase may face a heightened risk of malicious activity. JPMorganChase has experienced and expects that it will continue to experience failures and disruptions in the stability of its operational systems, including degraded performance of data processing systems, data quality issues, disruptions of network connectivity and malfunctioning software, as well as disruptions in its ability to access and use the operational systems of third parties and interruptions in service from third-party service providers. These incidents have resulted in various negative effects for customers, including the inability to access account information or transact through ATM, internet or mobile channels, the exfiltration of customer personal data, the recording of duplicative transactions and extended delays for customers requiring services from call centers. There can be no assurance that these and other types of operational failures or disruptions will not occur in the future. JPMorganChase's ability to effectively manage the stability of its operational systems and infrastructure could be hindered by many factors, any of which could have a negative impact on JPMorganChase and its clients, customers and counterparties, including: - JPMorganChase's ability to effectively maintain and upgrade systems and infrastructure can become more challenging as the speed, frequency, volume, interconnectivity and complexity of transactions continue to increase - attempts by third parties to defraud JPMorganChase or its clients and customers continue to increase, evolve and become more complex, and during periods of market disruption or economic uncertainty, these attempts can be expected to further increase in volume - errors made by JPMorganChase or another market participant, whether inadvertent or malicious, could cause widespread system disruption - failure to detect weaknesses or shortcomings in operational systems in a timely manner - isolated or seemingly insignificant errors in operational systems could compound, or migrate to other systems over time, to become larger issues - disruptions in operational systems or in the ability of systems to communicate with each other could be caused by failures in synchronization or encryption software, or degraded performance of microprocessors, and- attempts by third parties to block the use of key technology solutions by claiming that the use infringes on their intellectual property rights.JPMorganChase also depends on its ability to access and use the operational systems of third parties, including its custodians, vendors (such as those that provide data and cloud computing services, and security and technology services) and other market participants (such as clearing and payment systems, CCPs and securities exchanges). These external operational systems with which JPMorgan is connected, whether directly or indirectly, can be sources of operational risk to JPMorganChase. JPMorganChase may be exposed not only to a systems failure or cyber attack that may be experienced by a vendor or market infrastructure with which JPMorganChase is directly connected, but also to a systems breakdown or cyber attack involving another party to which such a vendor or infrastructure is connected. Similarly, retailers, payment systems and processors, data aggregators and other external parties with which JPMorganChase's customers do business can increase JPMorganChase's operational risk. This is particularly the case where activities of customers or other parties are beyond JPMorganChase's security and control systems, including through the use of the internet, cloud computing services, and personal smart phones and other mobile devices or services.If an external party obtains access to customer account data on JPMorganChase's systems, whether authorized or unauthorized, and that party misappropriates that data, this could result in negative outcomes for JPMorganChase and its clients and customers, including a heightened risk of fraudulent transactions using JPMorganChase's systems, losses from fraudulent transactions and reputational harm arising from the perception that JPMorganChase's systems may not be secure.As JPMorganChase's interconnectivity with clients, customers and other external parties continues to expand, JPMorganChase increasingly faces the risk of operational failure or cyber attacks with respect to the systems of those parties. Security breaches affecting JPMorganChase's clients or customers, or systems breakdowns or failures, security breaches or human error or misconduct affecting other external parties, may require JPMorganChase to take steps to protect the integrity of its own operational systems or to safeguard confidential information, including restricting the access of customers to their accounts. These actions can increase JPMorganChase's - disruptions in operational systems or in the ability of systems to communicate with each other could be caused by failures in synchronization or encryption software, or degraded performance of microprocessors, and - attempts by third parties to block the use of key technology solutions by claiming that the use infringes on their intellectual property rights. JPMorganChase also depends on its ability to access and use the operational systems of third parties, including its custodians, vendors (such as those that provide data and cloud computing services, and security and technology services) and other market participants (such as clearing and payment systems, CCPs and securities exchanges). These external operational systems with which JPMorgan is connected, whether directly or indirectly, can be sources of operational risk to JPMorganChase. JPMorganChase may be exposed not only to a systems failure or cyber attack that may be experienced by a vendor or market infrastructure with which JPMorganChase is directly connected, but also to a systems breakdown or cyber attack involving another party to which such a vendor or infrastructure is connected. Similarly, retailers, payment systems and processors, data aggregators and other external parties with which JPMorganChase's customers do business can increase JPMorganChase's operational risk. This is particularly the case where activities of customers or other parties are beyond JPMorganChase's security and control systems, including through the use of the internet, cloud computing services, and personal smart phones and other mobile devices or services. If an external party obtains access to customer account data on JPMorganChase's systems, whether authorized or unauthorized, and that party misappropriates that data, this could result in negative outcomes for JPMorganChase and its clients and customers, including a heightened risk of fraudulent transactions using JPMorganChase's systems, losses from fraudulent transactions and reputational harm arising from the perception that JPMorganChase's systems may not be secure. As JPMorganChase's interconnectivity with clients, customers and other external parties continues to expand, JPMorganChase increasingly faces the risk of operational failure or cyber attacks with respect to the systems of those parties. Security breaches affecting JPMorganChase's clients or customers, or systems breakdowns or failures, security breaches or human error or misconduct affecting other external parties, may require JPMorganChase to take steps to protect the integrity of its own operational systems or to safeguard confidential information, including restricting the access of customers to their accounts. These actions can increase JPMorganChase's operational costs and potentially diminish customer satisfaction and confidence in JPMorganChase.Furthermore, the widespread and expanding interconnectivity among financial institutions, clearing banks, CCPs, payments processors, financial technology companies, securities exchanges, clearing houses and other financial market infrastructures increases the risk that the disruption of an operational system involving one institution or entity, including due to a cyber attack, may cause industry-wide operational disruptions that could materially affect JPMorganChase's ability to conduct business. In addition, the risks associated with the disruption of an operational system of a third party could be exacerbated to the extent that the services provided by that system are used by a significant number or proportion of market participants.The ineffectiveness, failure or other disruption of operational systems upon which JPMorganChase depends, including due to a systems malfunction, cyber incident or other systems failure, could result in unfavorable ripple effects in the financial markets and for JPMorganChase and its clients and customers, including:- delays or other disruptions in providing services, including the provision of liquidity or information to clients and customers- impairment of JPMorganChase's ability to execute transactions, including delays or failures in the confirmation or settlement of transactions or in obtaining access to funds or other assets required for settlement- the possibility that funds transfers, capital markets trades or other transactions are executed erroneously- financial losses, including due to loss-sharing requirements of CCPs, payment systems or other market infrastructures, or as possible restitution to clients and customers- higher operational costs associated with replacing services provided by a system that has experienced a failure or other disruption - limitations on JPMorganChase's ability to collect data needed for its business and operations- loss of confidence in the ability of JPMorganChase, or financial institutions generally, to protect against and withstand operational disruptions- dissatisfaction among JPMorganChase's clients or customers- significant exposure to litigation and regulatory fines, penalties or other sanctions, and - harm to JPMorganChase's reputation.If JPMorganChase's operational systems, or those of acquired businesses or of external parties on which operational costs and potentially diminish customer satisfaction and confidence in JPMorganChase. Furthermore, the widespread and expanding interconnectivity among financial institutions, clearing banks, CCPs, payments processors, financial technology companies, securities exchanges, clearing houses and other financial market infrastructures increases the risk that the disruption of an operational system involving one institution or entity, including due to a cyber attack, may cause industry-wide operational disruptions that could materially affect JPMorganChase's ability to conduct business. In addition, the risks associated with the disruption of an operational system of a third party could be exacerbated to the extent that the services provided by that system are used by a significant number or proportion of market participants. The ineffectiveness, failure or other disruption of operational systems upon which JPMorganChase depends, including due to a systems malfunction, cyber incident or other systems failure, could result in unfavorable ripple effects in the financial markets and for JPMorganChase and its clients and customers, including: - delays or other disruptions in providing services, including the provision of liquidity or information to clients and customers - impairment of JPMorganChase's ability to execute transactions, including delays or failures in the confirmation or settlement of transactions or in obtaining access to funds or other assets required for settlement - the possibility that funds transfers, capital markets trades or other transactions are executed erroneously - financial losses, including due to loss-sharing requirements of CCPs, payment systems or other market infrastructures, or as possible restitution to clients and customers - higher operational costs associated with replacing services provided by a system that has experienced a failure or other disruption - limitations on JPMorganChase's ability to collect data needed for its business and operations - loss of confidence in the ability of JPMorganChase, or financial institutions generally, to protect against and withstand operational disruptions - dissatisfaction among JPMorganChase's clients or customers - significant exposure to litigation and regulatory fines, penalties or other sanctions, and If JPMorganChase's operational systems, or those of acquired businesses or of external parties on which JPMorganChase's businesses depend, are unable to meet the requirements of JPMorganChase's businesses and operations or bank regulatory standards, or if they fail or have other significant shortcomings, JPMorganChase could be materially and adversely affected.A successful cyber attack affecting JPMorganChase could cause significant harm to JPMorganChase and its clients and customers.JPMorganChase experiences numerous cyber attacks on its computer systems, software, networks and other technology assets on a daily basis from various actors, including groups acting on behalf of hostile countries, cyber-criminals, "hacktivists" (i.e., individuals or groups that use technology to promote a political agenda or social change) and others. These cyber attacks can take many forms, including attempts to introduce computer viruses or malicious code, which are commonly referred to as "malware," into JPMorganChase's systems. These attacks are often designed to:- obtain unauthorized access to JPMorganChase's systems or to confidential information belonging to JPMorganChase or its clients, customers, counterparties or employees- manipulate data- destroy data or systems with the aim of rendering services unavailable- disrupt, sabotage or degrade service on JPMorganChase's systems- steal money, or- extort money through the use of so-called "ransomware."JPMorganChase also experiences:- distributed denial-of-service attacks intended to disrupt JPMorganChase's websites, including those that provide online banking and other services,- a higher volume and complexity of cyber attacks against the backdrop of heightened geopolitical tensions, and- a high volume of disruptions to internet-based services used by JPMorganChase that are provided by third parties.JPMorganChase has experienced security breaches due to cyber attacks in the past, and it is inevitable that additional breaches will occur in the future. Any such breach could result in serious and harmful consequences for JPMorganChase or its clients and customers.A principal reason that JPMorganChase cannot provide absolute security against cyber attacks is that it may not always be possible to anticipate, detect or recognize threats to JPMorganChase's systems, or to JPMorganChase's businesses depend, are unable to meet the requirements of JPMorganChase's businesses and operations or bank regulatory standards, or if they fail or have other significant shortcomings, JPMorganChase could be materially and adversely affected.

JPMorganChase operates in a highly competitive environment in which it must evolve and adapt to changes in financial regulation, technological advances, increased public scrutiny and changes in economic conditions. JPMorganChase expects that competition in the U.S. and global financial services industry will continue to be intense. Competitors include: - other banks and financial institutions - trading, advisory and investment management firms - finance companies - technology companies, and - other non-bank firms that are engaged in providing similar as well as new products and services. JPMorganChase cannot provide assurance that the significant competition in the financial services industry will not materially and adversely affect its future results of operations. For example, aggressive or less disciplined lending practices by non-bank competitors could lead to a loss of market share for traditional banks, and in an economic downturn could result in instability in the financial services industry and adversely impact other market participants, including JPMorganChase.New competitors in the financial services industry continue to emerge. For example, technological advances and the growth of e-commerce have made it possible for non-depository institutions to offer products and services that traditionally were banking products. These advances have also allowed financial institutions and other companies to provide electronic and internet-based financial solutions, including electronic securities and cryptocurrency trading, lending and other extensions of credit to consumers, payments processing and online automated algorithmic-based investment advice. Furthermore, both financial institutions and their non-banking competitors face the risk that payments processing and other products and services, including deposits and other traditional banking products, could be significantly disrupted by the use of new technologies, such as cryptocurrencies and other applications using secure distributed ledgers, that may not require intermediation. New technologies have required and could require JPMorganChase to spend more to modify or adapt its products to attract and retain clients and customers or to match products and services offered by its competitors, including technology companies. In addition, new technologies may be used by customers, or breached or infiltrated by third parties, in unexpected ways, which can increase JPMorganChase's costs for complying with laws, rules and regulations that apply to the offering of products and services through those technologies and reduce the income that JPMorganChase earns from providing products and services through those technologies.Ongoing or increased competition may put pressure on the pricing for JPMorganChase's products and services or may cause JPMorganChase to lose market share, particularly with respect to traditional banking products. This competition may be based on quality and variety of products and services offered, transaction execution, innovation, reputation and price. The failure of any of JPMorganChase's businesses to meet the expectations of clients and customers, whether due to general market conditions, under-performance, a decision not to offer a particular product or service, changes in client and customer expectations or other factors, could affect JPMorganChase's ability to attract or retain clients and customers. Any such impact could, in turn, reduce JPMorganChase cannot provide assurance that the significant competition in the financial services industry will not materially and adversely affect its future results of operations. For example, aggressive or less disciplined lending practices by non-bank competitors could lead to a loss of market share for traditional banks, and in an economic downturn could result in instability in the financial services industry and adversely impact other market participants, including JPMorganChase. New competitors in the financial services industry continue to emerge. For example, technological advances and the growth of e-commerce have made it possible for non-depository institutions to offer products and services that traditionally were banking products. These advances have also allowed financial institutions and other companies to provide electronic and internet-based financial solutions, including electronic securities and cryptocurrency trading, lending and other extensions of credit to consumers, payments processing and online automated algorithmic-based investment advice. Furthermore, both financial institutions and their non-banking competitors face the risk that payments processing and other products and services, including deposits and other traditional banking products, could be significantly disrupted by the use of new technologies, such as cryptocurrencies and other applications using secure distributed ledgers, that may not require intermediation. New technologies have required and could require JPMorganChase to spend more to modify or adapt its products to attract and retain clients and customers or to match products and services offered by its competitors, including technology companies. In addition, new technologies may be used by customers, or breached or infiltrated by third parties, in unexpected ways, which can increase JPMorganChase's costs for complying with laws, rules and regulations that apply to the offering of products and services through those technologies and reduce the income that JPMorganChase earns from providing products and services through those technologies. Ongoing or increased competition may put pressure on the pricing for JPMorganChase's products and services or may cause JPMorganChase to lose market share, particularly with respect to traditional banking products. This competition may be based on quality and variety of products and services offered, transaction execution, innovation, reputation and price. The failure of any of JPMorganChase's businesses to meet the expectations of clients and customers, whether due to general market conditions, under-performance, a decision not to offer a particular product or service, changes in client and customer expectations or other factors, could affect JPMorganChase's ability to attract or retain clients and customers. Any such impact could, in turn, reduce JPMorganChase's revenues. Increased competition also may require JPMorganChase to make additional capital investments in its businesses, or to extend more of its capital on behalf of its clients to remain competitive.The effects of climate change could adversely affect JPMorganChase's business and operations, both directly and as a result of impacts on its clients and customers.JPMorganChase operates in many regions, countries and communities around the world where its business, and the activities of its clients and customers, could be adversely affected by climate change. Climate change could manifest as a financial risk to JPMorganChase either through changes in the physical climate or from the process of transitioning to a lower-carbon economy. Both physical risks and transition risks associated with climate change could have negative impacts on the financial condition or creditworthiness of JPMorganChase's clients and customers, on JPMorganChase's exposure to affected companies and markets, and on the effectiveness of JPMorganChase's existing business strategy with respect to its operations, clients and customers.Physical risks include the increased frequency or severity of acute weather events, such as floods, wildfires and tropical cyclones, and chronic shifts in the climate, such as rising sea levels, persistent changes in precipitation levels, or increases in average ambient temperatures. Potential adverse impacts of climate-related physical risks to JPMorganChase, its clients or customers include:- declines in asset values, including due to the destruction or degradation of property- reduced availability or increased cost of insurance for clients of JPMorganChase- interruptions to business operations, including supply chain disruption, and- population migration or unemployment in affected regions.Transition risks arise from the financial and economic consequences of society's shift towards a lower-carbon economy, such as changes in public policy, adoption of new technologies or changes in consumer preferences towards low-carbon goods and services. These risks could also be influenced by changes in the physical climate. Potential adverse impacts of transition risks to JPMorganChase, its clients or customers include: - sudden devaluation of assets, including unanticipated write-downs ("stranded assets")- increased operational and compliance costs driven by changes in climate policy JPMorganChase's revenues. Increased competition also may require JPMorganChase to make additional capital investments in its businesses, or to extend more of its capital on behalf of its clients to remain competitive.

JPMorganChase routinely executes transactions with clients and counterparties such as corporations, financial institutions, asset managers, hedge funds, securities exchanges and government entities within and outside the U.S. Many of these transactions expose JPMorganChase to the credit risk of its clients and counterparties, and can involve JPMorganChase in disputes and litigation if a client or counterparty defaults. JPMorganChase can also be subject to losses or liability where a financial institution that it has appointed to provide custodial services for client assets or funds becomes insolvent as a result of fraud or the failure to abide by existing laws and obligations, or where clients are unable to access assets held by JPMorganChase as custodian due to governmental actions or other factors.A default by, or the financial or operational failure of, a CCP through which JPMorganChase executes contracts would require JPMorganChase to replace those contracts, thereby increasing its operational costs and potentially resulting in losses. In addition, JPMorganChase can be exposed to losses if a member of a CCP in which JPMorganChase is also a member defaults on its obligations to the CCP because of requirements that each member of the CCP absorb a portion of those losses. Furthermore, JPMorganChase can be subject to bearing its share of non-default losses incurred by a CCP, including losses from custodial, settlement or investment activities or due to cyber or other security breaches.As part of its clearing services activities, JPMorganChase is exposed to the risk of nonperformance by its clients, which it seeks to mitigate by requiring clients to provide adequate collateral. JPMorganChase is also exposed to intra-day credit risk of its clients in connection with providing cash management, clearing, custodial and other transaction services to those clients. If a client for which JPMorganChase provides these services becomes bankrupt or insolvent, JPMorganChase may incur losses, become involved in disputes and litigation with one or more CCPs, the client's bankruptcy estate and other creditors, or be subject to regulatory investigations. All of the foregoing events can increase JPMorganChase's operational and litigation costs, and JPMorganChase may suffer losses to the extent that any collateral that it has received is insufficient to cover those losses.Transactions with government entities, including national, state, provincial, municipal and local authorities, can expose JPMorganChase to enhanced sovereign, credit, operational and reputation risks. Government entities may, among other things, claim that actions taken by government officials were beyond the legal authority of those officials or repudiate transactions authorized by a previous incumbent government. These types of actions have in the past caused, and could in the future cause, JPMorganChase to suffer losses or hamper its ability to conduct business in the relevant jurisdiction.In addition, local laws, rules and regulations could limit JPMorganChase's ability to resolve disputes and litigation in the event of a counterparty default or unwillingness to make previously agreed-upon payments, which could subject JPMorganChase to losses. or liability where a financial institution that it has appointed to provide custodial services for client assets or funds becomes insolvent as a result of fraud or the failure to abide by existing laws and obligations, or where clients are unable to access assets held by JPMorganChase as custodian due to governmental actions or other factors. A default by, or the financial or operational failure of, a CCP through which JPMorganChase executes contracts would require JPMorganChase to replace those contracts, thereby increasing its operational costs and potentially resulting in losses. In addition, JPMorganChase can be exposed to losses if a member of a CCP in which JPMorganChase is also a member defaults on its obligations to the CCP because of requirements that each member of the CCP absorb a portion of those losses. Furthermore, JPMorganChase can be subject to bearing its share of non-default losses incurred by a CCP, including losses from custodial, settlement or investment activities or due to cyber or other security breaches. As part of its clearing services activities, JPMorganChase is exposed to the risk of nonperformance by its clients, which it seeks to mitigate by requiring clients to provide adequate collateral. JPMorganChase is also exposed to intra-day credit risk of its clients in connection with providing cash management, clearing, custodial and other transaction services to those clients. If a client for which JPMorganChase provides these services becomes bankrupt or insolvent, JPMorganChase may incur losses, become involved in disputes and litigation with one or more CCPs, the client's bankruptcy estate and other creditors, or be subject to regulatory investigations. All of the foregoing events can increase JPMorganChase's operational and litigation costs, and JPMorganChase may suffer losses to the extent that any collateral that it has received is insufficient to cover those losses. Transactions with government entities, including national, state, provincial, municipal and local authorities, can expose JPMorganChase to enhanced sovereign, credit, operational and reputation risks. Government entities may, among other things, claim that actions taken by government officials were beyond the legal authority of those officials or repudiate transactions authorized by a previous incumbent government. These types of actions have in the past caused, and could in the future cause, JPMorganChase to suffer losses or hamper its ability to conduct business in the relevant jurisdiction. In addition, local laws, rules and regulations could limit JPMorganChase's ability to resolve disputes and litigation in the event of a counterparty default or unwillingness to make previously agreed-upon payments, which could subject JPMorganChase to losses. Disputes may arise with counterparties to derivatives contracts with regard to the terms, the settlement procedures or the value of underlying collateral. The disposition of those disputes could cause JPMorganChase to incur unexpected transaction, operational and legal costs, or result in credit losses. These consequences can also impair JPMorganChase's ability to effectively manage its credit risk exposure from its market activities, or cause harm to JPMorganChase's reputation.The financial or operational failure of a significant market participant, such as a major financial institution or a CCP, or concerns about the creditworthiness of such a market participant or its ability to fulfill its obligations, can cause substantial and cascading disruption within the financial markets, including in circumstances where coordinated action by multiple other market participants is required to address the failure or disruption. JPMorganChase's businesses could be significantly disrupted by such an event, particularly if it leads to other market participants incurring significant losses, experiencing liquidity issues or defaulting, and JPMorganChase is likely to have significant interrelationships with, and credit exposure to, such a significant market participant.JPMorganChase may suffer losses if the value of collateral declines in stressed market conditions.During periods of market stress or illiquidity, JPMorganChase's credit risk may be further increased when:- JPMorganChase fails to realize the estimated value of the collateral it holds- collateral is liquidated at prices that are not sufficient to recover the full amount owed to it, or- counterparties are unable to post collateral, whether for operational or other reasons.Furthermore, disputes with counterparties concerning the valuation of collateral may increase in times of significant market stress, volatility or illiquidity, and JPMorganChase could suffer losses during these periods if it is unable to realize the fair value of collateral or to manage declines in the value of collateral.JPMorganChase could incur significant losses arising from concentrations of credit and market risk.JPMorganChase is exposed to greater credit and market risk to the extent that groupings of its clients or counterparties, or obligors on securities and other financial instruments:- engage in similar or related businesses, or in businesses in related industries- do business in the same geographic region, or Disputes may arise with counterparties to derivatives contracts with regard to the terms, the settlement procedures or the value of underlying collateral. The disposition of those disputes could cause JPMorganChase to incur unexpected transaction, operational and legal costs, or result in credit losses. These consequences can also impair JPMorganChase's ability to effectively manage its credit risk exposure from its market activities, or cause harm to JPMorganChase's reputation. The financial or operational failure of a significant market participant, such as a major financial institution or a CCP, or concerns about the creditworthiness of such a market participant or its ability to fulfill its obligations, can cause substantial and cascading disruption within the financial markets, including in circumstances where coordinated action by multiple other market participants is required to address the failure or disruption. JPMorganChase's businesses could be significantly disrupted by such an event, particularly if it leads to other market participants incurring significant losses, experiencing liquidity issues or defaulting, and JPMorganChase is likely to have significant interrelationships with, and credit exposure to, such a significant market participant.

Maintaining trust in JPMorganChase is critical to its ability to attract and retain clients, customers, investors and employees. Damage to JPMorganChase's reputation can therefore cause significant harm to JPMorganChase's business and prospects, and can arise from numerous sources, including: - employee misconduct, including discriminatory behavior or harassment with respect to clients, customers or employees, or actions that are contrary to JPMorganChase's goal of fostering an inclusive workplace - security breaches, including as a result of cyber attacks - failure to safeguard client, customer or employee information - failure to manage risks associated with its client relationships, or with transactions or business activities in which JPMorganChase or its clients engage, including transactions or activities that may be unpopular among one or more constituencies - rapid and broad dissemination of misinformation and disinformation across the media landscape, including social networking sites - incorrect, biased or misleading results or content generated by artificial intelligence, leading to harmful outcomes, including discrimination in lending practices against vulnerable populations, fraud, manipulation of customers, privacy breaches or intellectual property infringement - deficiencies or perceived failures in managing ESG-related initiatives, including modifying or failing to meet publicly-announced targets - operational failures - litigation or regulatory fines, penalties or other sanctions - actions taken in executing regulatory and governmental requirements during a global or regional health emergency, spread of infectious disease, epidemic or pandemic - regulatory investigations or enforcement actions, or resolutions of these matters, and - failure or perceived failure to comply with laws, rules or regulations by JPMorganChase or its clients,customers, counterparties or other parties, including newly-acquired businesses, companies in which JPMorganChase has made principal investments, parties to joint ventures with JPMorganChase, and vendors with which JPMorganChase does business.Social and environmental activists have been targeting JPMorganChase and other financial services firms with public criticism concerning their business practices, including business relationships with clients that are engaged in certain sensitive industries, such as companies:- whose products are or are perceived to be harmful to human health, or- whose activities negatively affect or are perceived to negatively affect the environment, workers' rights or communities. Activists have also taken actions intended to change or influence JPMorganChase's business practices with respect to ESG matters, including public protests at JPMorganChase's headquarters and other properties, and submitting specific ESG-related proposals for a vote by JPMorganChase's shareholders.In addition, JPMorganChase has been and expects that it will continue to be criticized by activists, politicians and other members of the public concerning business practices or positions taken by JPMorganChase with respect to matters of public policy (such as diversity, equity and inclusion initiatives) or regarding transactions or other business or interactions between JPMorganChase and governmental or regulatory bodies. Furthermore, JPMorganChase's relationships or ability to transact with clients and customers, and with governmental or regulatory bodies in jurisdictions in which JPMorganChase does business, could be adversely affected if its decisions with respect to doing business with companies in certain sensitive industries are perceived to harm those companies or to align with particular political viewpoints. The foregoing types of criticism can be more widespread during election years in various jurisdictions, and could have the effect of focusing attention on a company such as JPMorganChase as part of a wider public debate on public policy matters. Furthermore, JPMorganChase's participation in or association with certain environmental and social industry groups or initiatives could be viewed by activists or governmental authorities as boycotting or other discriminatory business behavior.These and other types of criticism and actions directed at JPMorganChase could potentially engender dissatisfaction among clients, customers, investors, employees, government officials and other stakeholders. In all of these cases, JPMorganChase's reputation and its business and results of operations could be harmed by: customers, counterparties or other parties, including newly-acquired businesses, companies in which JPMorganChase has made principal investments, parties to joint ventures with JPMorganChase, and vendors with which JPMorganChase does business. Social and environmental activists have been targeting JPMorganChase and other financial services firms with public criticism concerning their business practices, including business relationships with clients that are engaged in certain sensitive industries, such as companies: - whose products are or are perceived to be harmful to human health, or - whose activities negatively affect or are perceived to negatively affect the environment, workers' rights or communities. Activists have also taken actions intended to change or influence JPMorganChase's business practices with respect to ESG matters, including public protests at JPMorganChase's headquarters and other properties, and submitting specific ESG-related proposals for a vote by JPMorganChase's shareholders. In addition, JPMorganChase has been and expects that it will continue to be criticized by activists, politicians and other members of the public concerning business practices or positions taken by JPMorganChase with respect to matters of public policy (such as diversity, equity and inclusion initiatives) or regarding transactions or other business or interactions between JPMorganChase and governmental or regulatory bodies. Furthermore, JPMorganChase's relationships or ability to transact with clients and customers, and with governmental or regulatory bodies in jurisdictions in which JPMorganChase does business, could be adversely affected if its decisions with respect to doing business with companies in certain sensitive industries are perceived to harm those companies or to align with particular political viewpoints. The foregoing types of criticism can be more widespread during election years in various jurisdictions, and could have the effect of focusing attention on a company such as JPMorganChase as part of a wider public debate on public policy matters. Furthermore, JPMorganChase's participation in or association with certain environmental and social industry groups or initiatives could be viewed by activists or governmental authorities as boycotting or other discriminatory business behavior. These and other types of criticism and actions directed at JPMorganChase could potentially engender dissatisfaction among clients, customers, investors, employees, government officials and other stakeholders. In all of these cases, JPMorganChase's reputation and its business and results of operations could be harmed by: - greater scrutiny from governmental or regulatory bodies, or further criticism from politicians and other members of the public, including in the form of governmental or regulatory investigations or litigation- unfavorable coverage or commentary in the media, including through social media campaigns- certain clients and customers ceasing doing business with JPMorganChase, and encouraging others to do so- impairment of JPMorganChase's ability to attract new clients and customers, to expand its relationships with existing clients and customers, or to hire or retain employees, or- certain investors opting to divest from investments in securities of JPMorganChase.Actions by the financial services industry generally or individuals in the industry can also affect JPMorganChase's reputation. For example, the reputation of the industry as a whole can be damaged by concerns that:- consumers have been treated unfairly by a financial institution, or- a financial institution has acted inappropriately with respect to the methods used to offer products to customers.If JPMorganChase is perceived to have engaged in these types of behaviors, this could weaken its reputation among clients or customers, employees or other stakeholders.Failure to effectively manage potential conflicts of interest or to satisfy fiduciary obligations can result in litigation and enforcement actions, as well as damage JPMorganChase's reputation.JPMorganChase's ability to manage potential conflicts of interest is highly complex due to the broad range of its business activities which encompass a variety of transactions, obligations and interests with and among JPMorganChase's clients and customers. JPMorganChase can become subject to litigation, enforcement actions, and heightened regulatory scrutiny, and its reputation can be damaged, by the failure or perceived failure to:- adequately address or appropriately disclose conflicts of interest, including potential conflicts of interest that may arise in connection with providing multiple products and services in, or having one or more investments related to, the same transaction- identify and address any conflict of interest that a third party with which it is does business may have with respect to a transaction involving JPMorganChase- deliver appropriate standards of service and quality - greater scrutiny from governmental or regulatory bodies, or further criticism from politicians and other members of the public, including in the form of governmental or regulatory investigations or litigation - unfavorable coverage or commentary in the media, including through social media campaigns - certain clients and customers ceasing doing business with JPMorganChase, and encouraging others to do so - impairment of JPMorganChase's ability to attract new clients and customers, to expand its relationships with existing clients and customers, or to hire or retain employees, or - certain investors opting to divest from investments in securities of JPMorganChase. Actions by the financial services industry generally or individuals in the industry can also affect JPMorganChase's reputation. For example, the reputation of the industry as a whole can be damaged by concerns that: - consumers have been treated unfairly by a financial institution, or - a financial institution has acted inappropriately with respect to the methods used to offer products to customers. If JPMorganChase is perceived to have engaged in these types of behaviors, this could weaken its reputation among clients or customers, employees or other stakeholders.