Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

M&T Bank disclosed 30 risk factors in its most recent earnings report. M&T Bank reported the most risks in the “Finance & Corporate” category.

Risk Overview Q3, 2024

Risk Distribution

50% Finance & Corporate

13% Legal & Regulatory

13% Production

13% Macro & Political

7% Tech & Innovation

3% Ability to Sell

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2020

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

M&T Bank Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2024

Main Risk Category

Finance & Corporate

With 15 Risks

Finance & Corporate

With 15 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

0Risks added

0Risks removed

0Risks changed

Since Sep 2024

Number of Risk Changed

No changes from last report

S&P 500 Average: 3

No changes from last report

S&P 500 Average: 3

See the risk highlights of M&T Bank in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 30

Finance & Corporate

Total Risks: 15/30 (50%)Below Sector Average

Accounting & Financial Operations5 | 16.7%

Accounting & Financial Operations - Risk 1

M&T's ability to return capital to shareholders and to pay dividends on common stock may be adversely affected by market and other factors outside of its control and will depend, in part, on the results of supervisory stress tests administered by the Federal Reserve.

Any decision by M&T to return capital to shareholders, whether through a common stock dividend or a common stock share repurchase program, requires the approval of M&T's Board of Directors and must comply with applicable capital regulations, including the maintenance of capital ratios exceeding specified minimum levels and applicable buffers. For BHCs designated as Category IV institutions under the Tailoring Rules, including M&T, the Federal Reserve conducts biennial supervisory stress tests required under the Dodd-Frank Act whereby the BHC's financial position is tested under assumed severely adverse economic conditions. The results of those stress tests are incorporated in the determination of M&T's SCB. As a general matter,if M&T is unable to maintain capital in excess of regulatory minimum levels inclusive of its SCB, it would be subject to limitations on its ability to make capital distributions, including paying dividends and repurchasing stock. In June 2023, the Federal Reserve released the results of its most recent supervisory stress tests, and based on those results, on October 1, 2023, M&T's SCB of 4.0% became effective. The results of future supervisory stress tests and the impact of proposed revisions to capital and long-term debt requirements upon the stress testing framework are uncertain, and a more severe outcome may result in a higher SCB and an increase in M&T's effective capital requirements. An increased SCB may restrict M&T's ability to return capital to shareholders, including through paying dividends, entering into acquisitions or repurchasing its common stock, which in turn could negatively impact market and investor perceptions of M&T. The Federal Reserve has in the past implemented, and may in the future implement, restrictions on share repurchase programs and common stock dividends at large BHCs such as M&T, including in response to adverse or uncertain economic conditions.

Accounting & Financial Operations - Risk 2

M&T relies on dividends from its subsidiaries for its liquidity.

M&T is a separate and distinct legal entity from its subsidiaries. M&T has typically received a substantial amount of its revenue from subsidiary dividends. These dividends have been M&T's principal source of funds to pay dividends on common and preferred stock, pay interest and principal on its debt, and fund purchases of its common stock. Various federal and/or state laws and regulations, as well as regulatory expectations, limit the amount of dividends that M&T's banking subsidiaries and certain non-bank subsidiaries may pay. Regulatory scrutiny of capital and liquidity levels at BHCs and IDI subsidiaries has increased in recent years and has resulted in increased regulatory focus on all aspects of capital planning, including dividends and other distributions to shareholders of banks, such as parent BHCs. See Part I, Item 1, "Business," "Supervision and Regulation of the Company" and "Distributions" for discussions of regulatory and other restrictions on dividend declarations. Also, M&T's right to participate in a distribution of assets upon a subsidiary's liquidation or reorganization is subject to the prior claims of that subsidiary's creditors. Limitations on M&T's ability to receive dividends from its subsidiaries could have a material adverse effect on its liquidity and ability to pay dividends on its stock or interest and principal on its debt, and ability to fund purchases of its common stock.

Accounting & Financial Operations - Risk 3

Changes in accounting standards could impact the Company's reported financial condition and results of operations.

The accounting standard setters, including the FASB, the SEC and other regulatory bodies, periodically change the financial accounting and reporting standards that govern the preparation of the Company's consolidated financial statements. These changes can be difficult to predict and can materially impact how the Company records and reports its financial condition and results of operations. In some cases, the Company could be required to apply a new or revised standard retroactively, which would result in the restating of the Company's prior period financial statements. Information about recently adopted and not as yet adopted accounting standards is included in note 27 of Notes to Financial Statements included in Part II, Item 8, "Financial Statements and Supplemental Data" of this Form 10-K.

Accounting & Financial Operations - Risk 4

The Company's reported financial condition and results of operations depend on management's selection of accounting methods and require management to make estimates about matters that are uncertain.

Accounting policies and processes are fundamental to the Company's reported financial condition and results of operations. Some of these policies require use of estimates and assumptions that may affect the reported amounts of assets or liabilities and financial results. Several of M&T's accounting policies are critical because they require management to make difficult, subjective and complex judgments about matters that are inherently uncertain and because it is likely that materially different amounts would be reported under different conditions or using different assumptions. Pursuant to GAAP, management is required to make certain assumptions and estimates in preparing the Company's financial statements. If assumptions or estimates underlying the Company's financial statements are incorrect, the Company may experience material losses. Management has identified certain accounting policies as being critical because they require management's judgment to ascertain the valuations of assets, liabilities, commitments and contingencies. A variety of factors could affect the ultimate value that is obtained either when earning income, recognizing an expense, recovering an asset, valuing an asset or liability, or recognizing or reducing a liability. M&T has established detailed policies and control procedures that are intended to ensure these critical accounting estimates and judgments are well controlled and applied consistently. In addition, the policies and procedures are intended to ensure that the process for changing methodologies occurs in an appropriate manner. Because of the uncertainty surrounding judgments and the estimates pertaining to these matters, M&T could be required to adjust accounting policies or restate prior period financial statements if those judgments and estimates prove to be incorrect. For additional information, see "Critical Accounting Estimates" in Part II, Item 7, "Management's Discussion and Analysis of Financial Condition and Results of Operations" and note 1 of Notes to Financial Statements in Part II, Item 8.

Accounting & Financial Operations - Risk 5

The Company's models used for business planning purposes could perform poorly or provide inadequate information.

The Company uses quantitative models to assist in measuring risks and estimating or predicting certain financial values, among other uses. The Company uses models throughout many of its business lines, relying on them, along with its judgement, for many decision making processes. Examples of areas where the Company uses models include determining the pricing of various products, grading loans and extending credit, measuring interest rate and other market risks, predicting or estimating losses, assessing capital adequacy and evaluating liquidity risks. The Company also uses models to estimate the value of financial instruments and balance sheet items. Models generally evaluate the performance of various factors under anticipated future conditions, relying on historical data to help build the model and in part on assumptions as to the future, often with respect to macro-economic conditions, in order to generate the output. The models used may not accurately account for all variables and may fail to predict outcomes accurately and/or may overstate or understate certain effects. Poorly designed, implemented, or managed models or misused models, including in the choice of relevant historical data or future-looking assumptions, present the risk that the Company's business decisions that consider information based on such models will be adversely affected due to inadequate or inaccurate information, which may damage the Company's reputation and adversely affect its reported financial condition and results of operations. Even if the underlying assumptions used in the Company's models are adequate, the models may be deficient due to errors in computer code, use of bad data during development or input into the model during model use, or the use of a model for a purpose outside the scope of the model's design. As a result, the Company's models may not fully capture or express the risks the Company faces, may suggest that the Company has sufficient reserves, capital or liquidity when it may not, or may lead the Company to misjudge the business and economic environment in which it operates. If the models fail to produce reliable results on an ongoing basis, the Company may not make appropriate risk management, capital planning, or other business or financial decisions. Furthermore, strategies that the Company employs to manage and govern the risks associated with its use of models may not be effective or fully reliable, and as a result, the Company may realize losses or other lapses. Finally, information the Company provides to the public or to its regulators based on poorly designed, implemented, or managed models or misused models could be inaccurate or misleading. Some of the decisions that the Company's regulators make, including those related to capital distributions to M&T's stockholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information is insufficient.

Debt & Financing9 | 30.0%

Debt & Financing - Risk 1

The discontinuation of benchmark rates as permissible rate indices in new contracts and the development of alternative benchmark indices to replace discontinued benchmarks could adversely impact the Company's business and results of operations.

The Company's floating-rate funding, certain hedging transactions and a significant portion of the Company's products, such as floating-rate loans and mortgages, determine the applicable interest rate or payment amount by reference to a benchmark rate or to an alternative index. In the past, the regulators and administrators of certain benchmark rates have determined to cease publication of those rates, and they may do so again in the future with respect to other benchmark rates the Company utilizes. Any cessation of a benchmark rate and resulting transition to a successor benchmark would be complex and unpredictable, giving rise to a variety of risks, including operational risks, risks of value transfer between contract parties, the potential for customer disputes and litigation, as well as regulatory scrutiny.

Debt & Financing - Risk 2

The Company may be subject to more stringent capital and liquidity requirements and new requirements relating to long-term debt.

BHCs, including M&T, are subject to capital and liquidity requirements and standards imposed as a result of the Dodd-Frank Act (as amended by EGRRCPA) and the U.S. Basel III-based capital rules. For additional information, see "Capital Requirements" under Part I, Item 1, "Business." Regulators have implemented and may, from time to time, implement changes to these regulatory capital adequacy and liquidity requirements. If the Company fails to meet these minimum capital adequacy and liquidity requirements and other regulatory requirements, its business activities, including lending, and its ability to expand, either organically or through acquisitions, could be limited. It could also result in M&T being required to take steps to increase its regulatory capital that may be dilutive to shareholders or limit its ability to pay dividends or otherwise return capital to shareholders, or sell or refrain from acquiring assets. In addition, the liquidity-related provisions of the Federal Reserve's liquidity-related enhanced prudential supervision requirements may reduce the Company's ability to invest in other longer-term assets even if deemed more desirable from a balance sheet management perspective, which could adversely affect its net interest income and net interest margin. A determination by the Federal Reserve that M&T does not meet supervisory expectations regarding capital planning or liquidity risk management could have a variety of adverse consequences, including ratings downgrades, heightened supervisory scrutiny, expenses associated with remediation activities and potentially an enforcement action. See "Capital Requirements" and "Resolution Planning and Resolution-Related Requirements" under Part I, Item 1, "Business" for information regarding the federal banking regulators' July 2023 proposal implementing the revisions to the Basel capital framework and August 2023 long-term debt proposal. The long-term debt proposal, if adopted, would require M&T to maintain more long-term debt than it does currently, which may adversely affect interest expense, net interest income and net interest margin.

Debt & Financing - Risk 3

If an orderly liquidation of a systemically important BHC or non-bank financial company were triggered, M&T could face assessments for the OLF.

The Dodd-Frank Act created a mechanism, the OLF, for liquidation of systemically important BHCs and non-bank financial companies. The OLF is administered by the FDIC and is based on the FDIC's bank resolution model. The Secretary of the U.S. Treasury may trigger a liquidation under this authority after consultation with the President of the U.S. and after receiving a recommendation from the boards of the FDIC and the Federal Reserve upon a two-thirds vote. Liquidation proceedings will be funded by the OLF, which will borrow from the U.S. Treasury and impose risk-based assessments on covered financial companies. Risk-based assessments would be first made on entities that received more in the resolution than they would have received in the liquidation to the extent of such excess, and second, if necessary, on, among others, BHCs with total consolidated assets of $50 billion or more, such as M&T. Any such assessments may adversely affect the Company's business, financial condition or results of operations.

Debt & Financing - Risk 4

Deteriorating credit quality could adversely impact the Company.

As a lender, the Company is exposed to the risk that customers will be unable to repay their loans and other obligations in accordance with the terms of the relevant agreements, and that any collateral securing the loans and obligations may be insufficient to assure full repayment. Credit losses are inherent in the business of making loans and entering into other financial arrangements. Factors that influence the Company's credit loss experience include overall economic conditions affecting businesses and consumers, generally, but also residential and commercial real estate valuations, in particular, given the size of the Company's real estate loan portfolios. Factors that can influence the Company's credit loss experience include: (i) the impact of residential real estate values on loans to residential real estate builders and developers and other loans secured by residential real estate; (ii) the concentrations of commercial real estate loans in the Company's loan portfolio, including in the office, retail, healthcare and multifamily sectors and in the New York City area; (iii) the amount of commercial and industrial loans to businesses in areas of New York State outside of the New York City area and in central Pennsylvania that have historically experienced less economic growth and vitality than many other regions of the country; (iv) the repayment performance associated with first and second lien loans secured by residential real estate; and (v) the size of the Company's portfolio of loans to individual consumers, which historically have experienced higher net charge-offs as a percentage of loans outstanding than loans to other types of borrowers. The Company's credit risk and the performance of its lending portfolios may be affected by concentration in an industry,geography or asset type. As described further in this "Risk Factors" section, the Company's credit risks may be increased by the impacts of inflation, poor or recessionary economic conditions and financial market volatility. Commercial real estate valuations can be highly subjective as they are based upon many assumptions. Such valuations can be significantly affected over relatively short periods of time by changes in business climate, economic conditions, interest rates and, in many cases, the results of operations of businesses and other occupants of the real property. Emerging and evolving factors such as the shift to work-from-home or hybrid-work arrangements, changing consumer preferences (including for online shopping), and resulting changes in occupancy rates as a result of these and other trends can also impact such valuations over relatively short periods. Similarly, residential real estate valuations can be impacted by housing trends, the availability of financing at reasonable interest rates, governmental policy regarding housing and housing finance, and general economic conditions affecting consumers, as described above. The Company maintains an allowance for credit losses which represents, in management's judgment, the amount of losses expected in the loan and lease portfolio. The allowance is determined by management's evaluation of the loan and lease portfolio based on such factors as the differing economic risks associated with each loan category, the current financial condition of specific borrowers, the economic environment in which borrowers operate, the level of delinquent loans, the value of any collateral and, where applicable, the existence of any guarantees or indemnifications. Management believes that the allowance for credit losses as of December 31, 2023 appropriately reflects expected credit losses in the loan and lease portfolio. However, there is no assurance that the allowance is sufficient to cover all credit losses that may occur.

Debt & Financing - Risk 5

The Company may be adversely affected by the soundness of other financial institutions.

Financial services institutions are interrelated as a result of trading, clearing, counterparty, or other relationships. The Company has exposure to many different industries and counterparties, and routinely executes transactions with counterparties in the financial services industry, including commercial banks, brokers and dealers, investment banks, and other institutional clients. Many of these transactions expose the Company to credit risk in the event of a default by a counterparty or client. In addition, the Company's credit risk may be exacerbated when the collateral held by the Company cannot be realized or is liquidated at prices not sufficient to recover the full amount of the credit due to or derivative exposure of the Company. Any resulting losses could have a material adverse effect on the Company's financial condition and results of operations. In addition, adverse developments at other financial institutions, including failures of other financial institutions, could result in negative media coverage regarding the financial services industry, which may negatively influence the perceptions of investors, borrowers or depositors regarding the financial services industry in general, a subset of financial institutions or M&T in particular.

Debt & Financing - Risk 6

The Company must maintain adequate sources of funding and liquidity.

The Company must maintain adequate funding sources in the normal course of business to support its operations and fund outstanding liabilities, as well as meet regulatory requirements and supervisory expectations. The Company relies on core customer deposits to be a low cost and stable source of funding for the loans it makes and the operations of its business. Core customer deposits, which include noninterest-bearing deposits, interest-bearing transaction accounts, savings deposits and time deposits of $250,000 or less, have historically provided the Company with a sizeable source of relatively stable and low-cost funds. In addition to customer deposits, sources of liquidity include brokered deposits and borrowings from securities dealers, various FHLBs and the FRB of New York, as well as the debt and equity capital markets. The Company's liquidity and ability to fund and operate the business could be materially adversely affected by a variety of conditions and factors, including financial and credit market disruptions and volatility or a lack of market or customer confidence in financial markets in general, which may result in a loss of customer deposits or outflows of cash or collateral and/or ability to access capital markets on favorable terms. Negative news about the Company or the financial services industry generally may reduce market or customer confidence in the Company, which could in turn materially adversely affect the Company's liquidity and funding. Such reputational damage may result in the loss of customer deposits, the inability to sell or securitize loans or other assets, and downgrades in one or more of the Company's credit ratings, and may also negatively affect the Company's ability to access the capital markets. A downgrade in the Company's credit ratings, which could result from general industry-wide or regulatory factors not solely related to the Company, could adversely affect the Company's ability to borrow funds, including by raising the cost of borrowings substantially, and could cause creditors and business counterparties to raise collateral requirements or take other actions that could adversely affect M&T's ability to raise capital. Many of the above conditions and factors may be caused by events over which M&T has little or no control. There can be no assurance that significant disruption and volatility in the financial markets will not occur in the future. Regulatory changes relating to liquidity and risk management may also negatively impact the Company's results of operations and competitive position. Various regulations have been adopted to impose more stringent liquidity requirements for large financial institutions, including the Company. These regulations address, among other matters, liquidity stress testing and minimum liquidity requirements. The application of certain of these regulations to banking organizations, such as the Company, have been modified, including in connection with the implementation of the Tailoring Rules in the EGRRCPA. Following the failures of certain large banks in 2023, banking regulators indicated they may revise the liquidity requirements applicable to large financial institutions. If the Company is unable to continue to fund assets through customer bank deposits or access funding sources on favorable terms or if the Company suffers an increase in borrowing costs or otherwise fails to manage liquidity effectively, the Company's liquidity, operating margins, financial condition and results of operations may be materially adversely affected. The Company may also need to raise additional capital and liquidity through the issuance of stock, which could dilute the ownership of existing stockholders, or reduce or even eliminate common stock dividends or share repurchases to preserve capital and liquidity.

Debt & Financing - Risk 7

If the Company is unable to maintain or grow its deposits, it may be subject to paying higher funding costs.

The total amount that the Company pays for funding costs is dependent, in part, on the Company's ability to maintain or grow its deposits. If the Company is unable to sufficiently maintain or grow its deposits to meet liquidity objectives, it may be subject to paying higher funding costs. The Company competes with banks and other financial services companies for deposits. Increases in short-term interest rates have resulted in and may continue to result in more intense competition in deposit pricing and with respect to non-deposit financial products. If competitors raise the rates they pay on deposits, the Company's funding costs may increase, either because the Company raises rates to avoid losing deposits or because the Company loses deposits and must rely on more expensive sources of funding. Customers may also move noninterest-bearing deposits to interest-bearing accounts, increasing the cost of those deposits. Checking and savings account balances and other forms of customer deposits may decrease when customers perceive alternative investments, such as the stock market, as providing a better risk/return tradeoff. The Company's bank customers could withdraw their money and put it in alternative investments, causing the Company to lose a lower cost source of funding. Higher funding costs could reduce the Company's net interest margin and net interest income. The Company could be subject to sudden withdrawals of deposits, including as a result of negative media coverage, which may be spread through social media, regarding the financial services industry generally, a subset of financial institutions or M&T specifically. Online and mobile banking have made it easier for customers to withdraw their deposits or transfer funds to other accounts with short notice. This may make retaining deposits during periods of stress more difficult. In addition, depositors of certain types of deposits, such as uninsured or uncollateralized deposits, may be more likely to withdraw their deposits and do so more quickly. Any such withdrawals could result in higher funding costs to the Company as it loses a lower cost source of funding, and significant unanticipated withdrawals could materially and adversely affect the Company's liquidity, financial condition and results of operations.

Debt & Financing - Risk 8

The Company's business and performance is vulnerable to the impact of volatility in debt and equity markets.

As most of the Company's assets and liabilities are financial in nature, the Company's performance is sensitive to the performance of the financial markets. Turmoil and volatility in U.S. and global financial markets can be a major contributory factor to overall weak economic conditions, leading to some of the risks discussed herein, including the impaired ability of borrowers and other counterparties to meet obligations to the Company. Financial market volatility may: - Affect the value or liquidity of the Company's on-balance sheet and off-balance sheet financial instruments. - Affect the value of capitalized servicing assets. - Affect M&T's ability to access capital markets to raise funds. Inability to access capital markets if needed, at cost effective rates, could adversely affect the Company's liquidity and results of operations. - Affect the value of the assets that the Company manages or otherwise administers or services for others. Although the Company is not directly impacted by changes in the value of such assets, decreases in the value of those assets would affect related fee income and could result in decreased demand for the Company's services. - Impact the nature, profitability or risk profile of the financial transactions in which the Company engages. Volatility in the markets for real estate and other assets commonly securing financial products has been and may continue to be a significant contributor to overall volatility in financial markets. In addition, unfavorable or uncertain economic and market conditions can be caused by supply chain disruptions, the imposition of tariffs or other limitations on international trade and travel, as well as elevated inflation, which can result in market volatility, negatively impact client activity, and adversely affect the Company's financial condition and results of operations.

Debt & Financing - Risk 9

The Company's business and financial performance is impacted significantly by market interest rates and movements in those rates. The monetary, tax and other policies of governmental agencies, including the Federal Reserve, have a significant impact on interest rates and overall financial market performance over which the Company has no control and which the Company may not be able to anticipate adequately.

The Federal Reserve raised benchmark interest rates in 2022 and 2023 and may continue to raise or maintain interest rates in response to economic conditions, particularly inflationary pressures. As a result of the high percentage of the Company's assets and liabilities that are in the form of interest-bearing or interest-related instruments, changes in interest rates, including in the shape of the yield curve or in spreads between different market interest rates, as well as changes linked to inflation, can have a material effect on the Company's business and profitability and the value of the Company's assets and liabilities. For example, changes in interest rates or interest rate spreads may: - Affect the difference between the interest that the Company earns on assets and the interest that the Company pays on liabilities, which impacts the Company's overall net interest income and profitability. - Adversely affect the ability of borrowers to meet obligations under variable or adjustable-rate loans and other debt instruments (including due to an inability to refinance loans), which, in turn, affects the Company's loss rates on those assets. - Decrease the demand for interest rate-based products and services, including loans and deposits. - Affect the Company's ability to hedge various forms of market and interest rate risk and may decrease the profitability or protection or increase the risk or cost associated with such hedges. - Affect mortgage prepayment speeds and result in the impairment of capitalized mortgage servicing assets, reduce the value of loans held for sale and increase the volatility of mortgage banking revenues, potentially adversely affecting the Company's results of operations. The monetary, tax and other policies of the government and its agencies, including the Federal Reserve, have a significant impact on interest rates and overall financial market performance. These governmental policies can thus affect the activities and results of operations of banking organizations such as the Company. An important function of the Federal Reserve is to regulate the national supply of bank credit and certain interest rates. The actions of the Federal Reserve influence the rates of interest that the Company charges on loans and that the Company pays on borrowings and interest-bearing deposits and can also affect the value of the Company's on-balance sheet and off-balance sheet financial instruments. Interest rate increases have reduced the value of the Company's investment portfolio, for example, by decreasing the estimated fair value of fixed income securities. Furthermore, as interest rates rise, the Company's unrealized gains on fixed income securities would ordinarily decrease and unrealized losses would ordinarily increase, which occurred in both 2022 and 2023 and could continue to occur in 2024. Also, due to the impact on rates for short-term funding, the Federal Reserve's policies influence, to a significant extent, the Company's cost of such funding, and increases in short-term interest rates have in the past increased, and may in the future increase, the Company's cost of short-term funding. In addition, the Company is routinely subject to examinations from various governmental taxing authorities. Such examinations may result in challenges to the tax return treatment applied by the Company to specific transactions. Management believes that the assumptions and judgment used to record tax-related assets or liabilities have been appropriate. Should tax laws change or the tax authorities determine that management's assumptions were inappropriate, the result and adjustments required could have a material effect on the Company's results of operations. M&T cannot predict the nature or timing of future changes in monetary, tax and other policies or the effect that they may have on the Company's business activities, financial condition and results of operations.

Corporate Activity and Growth1 | 3.3%

Corporate Activity and Growth - Risk 1

The Company's framework for managing risks may not be effective.

The Company's risk management framework is made up of various processes and strategies to manage its risk exposure. The framework to manage risk, including the framework's underlying assumptions, may not be effective under all conditions and circumstances. If the risk management framework proves ineffective, the Company could suffer unexpected losses and could be materially adversely affected. The Company has established processes and procedures intended to identify, measure, monitor, report, and analyze the types of risk to which it is subject, including liquidity risk, credit risk, market risk, interest rate risk, compliance risk, strategic risk, reputational risk, and operational risk related to its employees, systems and vendors, among others. There are inherent limitations to the Company's risk management strategies as there may exist, or develop in the future, risks that it has not appropriately anticipated or identified. In addition, the Company relies on both qualitative and quantitative factors, including models, to monitor, measure and analyze certain risks and to estimate certain financial values, which are subject to error. The Company must also develop and maintain a culture of risk management among its employees, as well as manage risks associated with third parties, and could fail to do so effectively. If the Company's risk management framework proves ineffective, the Company could incur litigation and negative regulatory consequences, and suffer unexpected losses that could affect its financial condition or results of operations.

Legal & Regulatory

Total Risks: 4/30 (13%)Below Sector Average

Regulation2 | 6.7%

Regulation - Risk 1

Difficulties in obtaining regulatory approval for acquisitions and in combining the operations of acquired entities with the Company's own operations may prevent M&T from achieving the expected benefits from its acquisitions.

M&T has expanded its business through past acquisitions and may do so in the future. The Company's ability to complete acquisitions is in many instances subject to regulatory approval, and the Company cannot be certain when or if, or on what terms and conditions, any required regulatory approvals would be granted. In recent years, federal authorities, including the bank regulators and Department of Justice, have increased their scrutiny of bank mergers and acquisitions, and there is continued uncertainty with regard to how they will evaluate bank mergers and acquisitions, including from an antitrust perspective. Any requisite approval could be delayed or not obtained at all, including due to, among other factors, an adverse development in either party's regulatory standing or in any other factors considered by regulators when granting such approval, including factors not known at the time of entering into the definitive agreement for the acquisition or submission of the related application for regulatory approval, and factors that may arise subsequently; governmental, political or community group inquiries, investigations or opposition; or changes in legislation or the political environment more generally. Anticipated challenges in obtaining any requisite regulatory approval, or uncertainty as to the prospects for obtaining approvals, could also prevent the Company from pursuing a potential acquisition it may otherwise view as attractive. In addition, inherent uncertainties exist when integrating the operations of an acquired entity, such as with respect to the Company's People's United acquisition in April 2022. Acquiring other entities involves potential risks that could have a material adverse impact on the Company's business, financial condition and results of operations, including: - Inability to fully achieve the Company's strategic objectives and planned operating efficiencies in an acquisition. - Issues arising during transition and integration. - Disruption of the Company's business and diversion of management's time and attention. - Exposure to unknown or contingent liabilities of acquired institutions. - Loss of key employees and customers of acquired institutions. - Dilution in the ownership percentage of holders of M&T common stock. - Payment of a premium over book and market values that may dilute the Company's tangible book value and earnings per common share in the short and long-term. - Inability to realize the expected benefits of the acquisition due to lower financial results pertaining to the acquired entity (for example, the Company could experience higher credit losses, incur higher operating expenses or realize less revenue than originally anticipated related to an acquired entity). - Changes in banking or tax laws or regulations that could impair or eliminate the expected benefits of merger and acquisition activities. - Reputational risks.

Regulation - Risk 2

The Company is subject to extensive government regulation and supervision and this regulatory environment can be and has been significantly impacted by financial regulatory reform initiatives.

The Company is subject to extensive federal and state regulation and supervision. Banking regulations are primarily intended to protect consumers, depositors and the financial system as a whole, not securities holders, including the holders of common stock. These regulations and supervisory guidance affect the Company's sale and lending practices, capital structure, capital distributions and dividend policy, investment practices, growth and expansionary activity, among other things. Failure to comply with laws, regulations or policies, or to meet supervisory expectations, could result in civil or criminal penalties, including monetary penalties, the loss of FDIC insurance, the revocation of a banking charter, other sanctions by regulatory agencies, and/or reputational damage, which could have a material adverse effect on the Company's business, financial condition and results of operations. Following the failures of certain banks in 2023, banking regulators have proposed changes, or indicated the potential for changes, regarding the regulation and supervision of banking organizations, in particular those, such as M&T, with $100 billion or more in assets. The introduction of new or more stringent regulatory requirements, as well as heightened supervisory expectations, could require the Company to maintain additional capital or liquidity or incur significant expenses. Government authorities, including the bank regulatory agencies, can pursue aggressive enforcement actions with respect to compliance and other legal matters involving financial activities, which heightens the risks associated with actual and perceived compliance failures and may also adversely affect the Company's ability to enter into certain transactions or engage in certain activities, or obtain necessary regulatory approvals in connection therewith. In general, the amounts paid by financial institutions in settlement of proceedings or investigations have increased substantially and are likely to remain elevated. In some cases, governmental authorities have required criminal pleas or admissions of wrongdoing as part of such settlements, which could have significant collateral consequences for a financial institution, including loss of customers, restrictions on the ability to access the capital markets, and the inability to operate certain businesses or offer certain products for a period of time. In addition, enforcement matters could impact the Company's supervisory and CRA ratings, which may in turn restrict or limit the Company's activities. A prior enforcement action also increases the risk that regulators and governmental authorities pursue formal enforcement actions in connection with the resolution of an inquiry or investigation, even if unrelated to the prior enforcement action. Any new regulatory requirements, changes to existing requirements, or changes to interpretations of requirements could require changes to the Company's businesses, result in increased compliance costs and affect the profitability of such businesses. Additionally, such activity could affect the behaviors of third parties with which the Company deals in the ordinary course of business, such as rating agencies, insurance companies and investors. Heightened regulatory scrutiny, requirements or expectations could have significant effects on the Company, including through restrictions on growth or required remediation activities and associated resource requirements, and, in turn, could have a material adverse effect on the Company's business, financial condition and results of operations. There have been significant revisions to the laws and regulations applicable to the Company that have been enacted or proposed in recent years, and additional proposed changes are anticipated. Many of these and other rules to implement the changes have yet to be finalized, and the final timing, scope and impact of these changes to the regulatory framework applicable to financial institutions remain uncertain. For more information on the regulations to which the Company is subject and recent initiatives to reform financial institution regulation, see Part I, Item 1, "Business."

Litigation & Legal Liabilities1 | 3.3%

Litigation & Legal Liabilities - Risk 1

The Company is or may become involved from time to time in suits, legal proceedings, information-gathering requests, investigations and proceedings by governmental and self-regulatory agencies that may lead to adverse consequences.

Many aspects of the Company's business and operations involve substantial risk of legal liability. M&T and/or its subsidiaries have been named or threatened to be named as defendants in various lawsuits arising from its or its subsidiaries' business activities (and in some cases from the activities of companies M&T has acquired). In addition, from time to time, M&T is, or may become, the subject of governmental and self-regulatory agency information-gathering requests, reviews, investigations and proceedings and other forms of regulatory inquiry, including by bank and other regulatory agencies, the SEC and law enforcement authorities. The SEC has announced a policy of seeking admissions of liability in certain settled cases, which could adversely impact the defense of private litigation. M&T is also at risk with respect to its obligations to indemnify directors and officers of it and its subsidiaries in connection with certain legal matters as well as in situations where it has agreed to indemnify others for losses related to legal proceedings, including for litigation and governmental investigations and inquiries, such as in connection with the purchase or sale of a business or assets. The results of such proceedings could lead to significant civil or criminal penalties, including monetary penalties, damages, adverse judgments, settlements, fines, injunctions, restrictions on the way in which the Company conducts its business, or reputational harm. Although the Company establishes accruals for legal proceedings when information related to the loss contingencies represented by those matters indicates both that a loss is probable and that the amount of loss can be reasonably estimated, the Company does not have accruals for all legal proceedings where it faces a risk of loss. In addition, due to the inherent subjectivity of the assessments and unpredictability of the outcome of legal proceedings, amounts accrued may not represent the ultimate loss to the Company from the legal proceedings in question. Thus, the Company's ultimate losses may be higher, and possibly significantly so, than the amounts accrued for legal loss contingencies, which could adversely affect the Company's financial condition and results of operations.

Environmental / Social1 | 3.3%

Environmental / Social - Risk 1

The Company is subject to laws and regulations relating to the privacy of the information of customers, clients, employees or others, and any failure to comply with these laws and regulations could expose the Company to liability and/or reputational damage.

The Company is also subject to laws and regulations relating to the privacy of the information of customers, clients, employees or others, and any failure to comply with these laws and regulations could expose the Company to liability and/or reputational damage. New privacy and data protection initiatives will impose additional operational burdens on the Company, may limit the Company's ability to pursue desirable business initiatives and increase the risks associated with any future use of customer data. Significant examples include the General Data Protection Act, the UK General Data Protection Act, known as The Data Protection Act of 2018, and the California Consumer Privacy Act. Compliance with these and other laws and regulations may require changes to policies, procedures and technology for information security and segregation of data, which could, among other things, make the Company more vulnerable to operational failures, and to monetary penalties, litigation or regulatory enforcement actions for breach of such laws and regulations. As privacy-related laws and regulations are implemented, they may also limit how companies like M&T can use personal data and impose obligations on companies in their management of such data. The time and resources needed for the Company to comply with such laws and regulations, as well as its potential liability for non-compliance and reporting obligations in the case of data breaches, may significantly increase. The impacts will be greater to the extent requirements vary across jurisdictions.

Production

Total Risks: 4/30 (13%)Above Sector Average

Manufacturing2 | 6.7%

Manufacturing - Risk 1

The Company is exposed to reputational risk.

A negative public opinion of the Company and its business can result from any number of activities, including the Company's lending practices, corporate governance and regulatory compliance, acquisitions and actions taken by regulators or by community organizations in response to these activities. Significant harm to the Company's reputation could also arise as a result of regulatory or governmental actions, litigation, employee misconduct or the activities of customers, developments and the actions of other participants in the financial services industry, including failures of other financial institutions or activities of the Company's contractual counterparties, such as service providers and vendors. A service disruption of the Company's technology platforms, or to those of the Company's service providers or vendors, or an impact to the Company's branches could have a negative impact on a customer's access to banking services and harm the Company's reputation with customers. In particular, a cybersecurity event impacting the Company's or its customers' data could have a negative impact on the Company's reputation and customer confidence in the Company and its cybersecurity. Damage to the Company's reputation could also adversely affect its credit ratings and access to the capital markets. Additionally, whereas negative public opinion once was primarily driven by adverse news coverage in traditional media, the increased use of social media platforms facilitates the rapid dissemination of information or misinformation, which magnifies the potential harm to the Company's reputation.

Manufacturing - Risk 2

The Company is subject to operational risk which could adversely affect the Company's business and reputation and create material legal and financial exposure.

Like all businesses, the Company is subject to operational risk, which represents the risk of loss resulting from human error or misconduct, inadequate or failed internal processes and systems, and external events, including the risk of loss resulting from fraud by employees or persons outside the Company, and breaches in data security. Operational risk also encompasses reputational risk and compliance and legal risk, which is the risk of loss from violations of, or noncompliance with, laws, rules, regulations, prescribed practices or ethical standards, as well as the risk of noncompliance with contractual and other obligations. The Company is also exposed to the above referenced operational risks through outsourcing arrangements, as such outsourcing vendors are exposed to operational risks themselves, as well as the effects that changes in circumstances or capabilities of its outsourcing vendors can have on the Company's ability to continue to perform operational functions necessary to its business. Although the Company seeks to mitigate operational risk through a system of internal controls that are reviewed and updated, no system of controls, however well designed and maintained, is infallible. Control weaknesses or failures or other operational risks could result in charges, increased operational costs, harm to the Company's reputation or foregone business opportunities.

Employment / Personnel1 | 3.3%

Employment / Personnel - Risk 1

The Company could suffer if it fails to attract and retain skilled personnel.

The Company's success depends, in large part, on its ability to attract and retain key individuals and to have a diverse workforce. Competition for qualified and diverse candidates in the activities in which the Company engages and markets that the Company serves is significant, and the Company may not be able to hire candidates and retain them. Growth in the Company's business, including through acquisitions, may increase its need for additional qualified personnel. The Company is increasingly competing for personnel with financial technology providers and other less regulated entities who may not have the same limitations on compensation as the Company does. Recruiting and compensation costs may increase as a result of changes in the marketplace, which may increase costs and adversely impact the Company. The increase in remote and hybrid-work arrangements and opportunities in regional, national and global labor markets has also increased competition for the Company to attract and retain skilled personnel. The Company's current or future approach to in-office and remote-work arrangements may not meet the needs or expectations of current or prospective employees or may not be perceived as favorable as compared with the arrangements offered by other companies, which could adversely affect the Company's ability to attract and retain employees. If the Company is not able to hire or retain highly skilled, qualified and diverse individuals, it may be unable to execute its business strategies and may suffer adverse consequences to its business, financial condition and results of operations. The Company's compensation practices are subject to review and oversight by the Federal Reserve, the OCC, the FDIC and other regulators. The federal banking agencies have issued joint guidance on executive compensation designed to help ensure that a banking organization's incentive compensation policies do not encourage imprudent risk taking and are consistent with the safety and soundness of the organization. In addition, the Dodd-Frank Act required those agencies, along with the SEC, to adopt rules to require reporting of incentive compensation and to prohibit certain compensation arrangements. If as a result of complying with such rules the Company is unable to attract and retain qualified employees, or do so at rates necessary to maintain its competitive position, or if the compensation costs required to attract and retain employees become more significant, the Company's performance, including its competitive position, could be materially adversely affected.

Supply Chain1 | 3.3%

Supply Chain - Risk 1

M&T relies on other companies to provide key components of the Company's business infrastructure.

Third parties provide key components of the Company's business infrastructure such as banking services, processing, and Internet connections and network access. Any disruption in such services provided by these third parties or any failure of these third parties to handle current or higher volumes of use could adversely affect the Company's ability to deliver products and services to clients and otherwise to conduct business. Technological or financial difficulties of a third party service provider could adversely affect the Company's business to the extent those difficulties result in the interruption or discontinuation of services provided by that party. The Company may not be insured against all types of losses as a result of third party failures and insurance coverage may be inadequate to cover all losses resulting from system failures or other disruptions. Failures in the Company's business infrastructure could interrupt the operations or increase the costs of doing business. Additionally, the Company is exposed to the risk that a service disruption at a common service provider to the Company's third-party service providers could impede their ability to provide services to the Company. Notwithstanding any attempts to diversify its reliance on third parties, the Company may not be able to effectively mitigate operational risks relating to its vendors' use of common service providers.

Macro & Political

Total Risks: 4/30 (13%)Above Sector Average

Economy & Political Environment2 | 6.7%

Economy & Political Environment - Risk 1

Weakness in the economy has adversely affected the Company in the past and may adversely affect the Company in the future.

Poor business and economic conditions in general or specifically in markets served by the Company could have adverse effects on the Company's business including: - A decrease in the demand for loans and other products and services offered by the Company. - A decrease in net interest income derived from the Company's lending and deposit gathering activities. - A decrease in the value of the Company's investment securities, loans held for sale or other assets secured by residential or commercial real estate. - A decrease in fees from the Company's brokerage, trust, and investment management businesses associated with declines or lack of growth in stock market prices. - Potential higher FDIC assessments due to the DIF falling below minimum required levels or special FDIC assessments relating to the failure of specific banks. - An impairment of certain intangible assets, such as goodwill. - An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws or default on their loans or other obligations to the Company. An increase in the number of delinquencies, bankruptcies or defaults could result in higher levels of nonperforming assets, net charge-offs, provision for credit losses as well as impairment write-downs of certain investment securities and valuation adjustments on loans held for sale. If recessionary economic conditions develop, they would likely have a negative financial impact across the financial services industry, including on the Company. If recessionary economic conditions are more severe, the extent of the negative impact on the Company's business and financial performance can increase and be more severe, including the adverse effects listed above and discussed throughout this "Risk Factors" section. Supply chain constraints, robust demand and labor shortages have led to persistent inflationary pressures throughout the economy. Volatility and uncertainty related to inflation and the effects of inflation, including potentially higher interest rates, which may lead to increased costs for businesses and consumers and potentially contribute to poor business and economic conditions generally, may also enhance or contribute to some of the risks discussed herein. For example, higher inflation, or volatility and uncertainty related to inflation, could reduce demand for the Company's products, adversely affect the creditworthiness of the Company's borrowers, result in lower values for the Company's investment securities and other interest-earning assets and increase expense related to talent acquisition and retention. Additionally, economic conditions, financial markets and inflationary pressures may be adversely affected by the impact of current or anticipated geopolitical uncertainties; military conflicts, including Russia's invasion of Ukraine and the attacks on Israel and conflict in the Middle East; pandemics, including the COVID-19 pandemic; and global, national and local responses thereto by governmental authorities and other third parties. These unpredictable events could create, increase or prolong economic and financial disruptions and volatility that adversely affects the Company's business, financial condition, capital and results of operations. Concern regarding the ability of Congress to reach agreement on federal budgetary matters (including the debt ceiling), or total or partial governmental shutdowns, also can adversely affect the economy and increase the risk of economic instability or market volatility, which could have adverse consequences on our business, financial condition, liquidity and results of operations.

Economy & Political Environment - Risk 2

The Company's regional concentrations expose it to adverse economic conditions in its primary retail banking office footprint.

The Company's core banking business is largely concentrated within the Company's retail banking office network footprint, located principally in the Northeast and Mid-Atlantic regions. Therefore, the Company is, or in the future may be, particularly vulnerable to adverse changes in economic conditions in the Northeast and Mid-Atlantic regions, as well as events particularly affecting those regions. The credit quality of the Company's borrowers may deteriorate for a number of reasons that are outside the Company's control, including as a result of prevailing economic and market conditions and asset valuations. The trends and risks affecting borrower credit quality, particularly in the Northeast and Mid-Atlantic regions, have caused, and in the future may cause, the Company to experience impairment charges, which are reductions in the recoverable value of an asset; increased purchase demands, wherein customers make withdrawals with minimum notice; higher costs (e.g. servicing, foreclosure, property maintenance); additional write-downs and losses and a potential impact to the ability to engage in lending transactions based on a reduction of customer deposits, which could have a material adverse effect on the Company's business, financial condition and results of operations.

Natural and Human Disruptions2 | 6.7%

Natural and Human Disruptions - Risk 1

Pandemics, acts of war or terrorism and other adverse external events could significantly impact the Company's business.

Pandemics, such as the COVID-19 pandemic; acts of war; military conflicts, such as Russia's invasion of Ukraine and the conflict in the Middle East as a result of recent attacks on Israel; or terrorism and other adverse external events, including severe weather and other natural disasters, could have a significant impact on the Company's ability to conduct business. Such events could affect the stability of the Company's deposit base, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, result in loss of revenue and/or cause the Company to incur additional expenses. Although the Company has established disaster recovery plans and procedures, and monitors for significant environmental effects on its properties or its investments, the occurrence of any such event could have a material adverse effect on the Company. For example, the COVID-19 pandemic created economic and financial disruptions that adversely affected, and may in the future adversely affect, the Company's business, financial condition, capital and results of operations. Depending on the impact of pandemics, military conflicts, terrorism and other detrimental or destabilizing global and national events on general economic and market conditions, consumer and corporate spending and investment and borrowing patterns, there is a risk that adverse conditions could occur, including supply chain disruptions; higher inflation; decreased demand for the Company's products and services or those of its borrowers, which could increase credit risk; challenges related to maintaining sufficient qualified personnel due to labor shortages, talent attrition, employee illness and willingness to return to work; and disruptions to business operations at the Company and at counterparties, vendors and other service providers. Even after such events fully subside, the U.S. economy may experience a prolonged economic slowdown or recession, and M&T anticipates the Company's businesses would be materially and adversely affected by a prolonged economic slowdown or recession. The escalation or continuation of the war between Russia and Ukraine or other hostilities, such as the conflict in the Middle East resulting from recent attacks on Israel, could result in, among other things, further increased risk of cybersecurity attacks, supply chain disruptions, higher inflation, lower consumer demand and increased volatility in commodity, currency and other financial markets. To the extent that pandemics, acts of war or conflict, terrorism and other detrimental external events adversely affect the Company's business, financial condition, liquidity, capital or results of operations, such factors may also have the effect of heightening many of the other risks described in this "Risk Factors" section.

Natural and Human Disruptions - Risk 2

The Company's assets, communities, operations, reputation and customers could be adversely affected by the impacts of climate risk.

The Company operates in regions where its businesses and the activities of its customers could be negatively impacted by climate risk. This includes the physical risks resulting from chronic shifts in climate, such as rising average global temperatures, rising sea levels, and acute climate events, such as an increase in the frequency and severity of extreme weather events and natural disasters, including floods, wildfires, hurricanes and tornados. Such chronic shifts and acute events could damage or otherwise impact the value or productivity of customers' assets and disrupt the Company's operations and the operations of customers or third parties on which the Company relies. They could also result in market volatility, negatively impact the Company's customers' ability to repay outstanding loans, and damage or deteriorate the value of collateral. Over time such risks may result in both increasing premiums for and reduced availability of insurance and have a broader impact on the economy. Further, climate risk may manifest from efforts to transition to a low-carbon economy. Transition risks may arise from changes in consumer and business preferences, legislation, regulation, policy, and technological advancement associated with the changes necessary to limit climate change. Such risks may result in increased expenses or otherwise adversely impact the Company and its customers, including the ability of customers to repay outstanding loans. The Company could experience increased expenses resulting from climate-related strategic planning and market changes, as well as litigation and reputational harm as a result of negative public sentiment, regulatory scrutiny and reduced investor and stakeholder confidence due to the Company's actual or perceived action, or inaction, regarding climate change. For example, the Company's reputation may be damaged, its financial condition could suffer, and its ability to attract and retain employees may be harmed as a result of any perceived ineffective identification, monitoring or management of risks relating to providing financial services to certain industries or projects that are sensitive to a transition to a lower carbon economy, as well as any decisions the Company makes to continue to conduct or change its activities in response to considerations relating to climate change. In addition, laws, regulations, and the expectations of federal and state banking regulators, investors and other stakeholders regarding appropriate climate risk management, practices and disclosures are continuously evolving and may require financial institutions including the Company, to adhere to new or heightened requirements and expectations regarding the disclosure and management of their climate risks and related lending, investment, operations and advisory activities. For example, the Federal Reserve, the FDIC, and the OCC jointly issued interagency guidance for large financial institutions on principles for climate-related financial risk management in October 2023, the NYSDFS issued proposed guidance for New York State-regulated banking and mortgage institutions relating to the management of material financial risks from climate change in December 2022, and the SEC proposed climate-related disclosure rules in March 2022. In addition, a number of states in which the Company operates have enacted or proposed statutes and regulations addressing climate change and sustainability issues. Any such new or heightened requirements may result in higher regulatory, compliance, and other expenses, and may subject the Company to different and potentially conflicting requirements in the various jurisdictions in which it operates. Discussions of the specific risks outlined herein and other risks facing the Company are included within this Annual Report on Form 10-K in Part I, Item 1, "Business," and Part II, Item 7, "Management's Discussion and Analysis of Financial Condition and Results of Operations." Furthermore, in Part II, Item 7 under the heading "Forward-Looking Statements" is a description of certain risks, uncertainties and assumptions identified by management that are difficult to predict and that could materially affect the Company's financial condition and results of operations, as well as the value of the Company's financial instruments in general, and M&T common stock, in particular. In addition, the market price of M&T common stock may fluctuate significantly in response to a number of other factors, including changes in securities analysts' estimates of financial performance, volatility of stock market prices and volumes, rumors or erroneous information, changes in market valuations of similar companies and changes in accounting policies or procedures as may be required by the FASB or other regulatory agencies.

Tech & Innovation

Total Risks: 2/30 (7%)Below Sector Average

Cyber Security2 | 6.7%

Cyber Security - Risk 1

The Company's information systems may experience interruptions or breaches in security, including due to events beyond the Company's control.

The Company relies heavily on communications and information systems, including those of third-party service providers, to conduct its business. Any failure, interruption or breach in security of these systems could result in disruptions to its accounting, deposit, loan and other systems, and adversely affect the Company's customer relationships. Disruption of operating systems caused by events beyond the Company's control may include computer viruses, electrical or telecommunications outages, quality of vulnerability patches, cybersecurity attacks (including Distributed Denial of Service attacks, which occur when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor), damage to property or physical assets, or events arising from political protests or terrorist acts. While the Company has policies and procedures designed to prevent or limit the effect of these possible events, there can be no assurance that any such failure, disruption, interruption or security breach will not occur or, if any does occur, that it can be sufficiently or timely remediated. Information security risks for large financial institutions such as M&T have increased significantly in recent years in part because of the proliferation of new technologies, such as digital and mobile banking to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, terrorists, nation-states, activists and other external parties. There have been increasing efforts on the part of third parties, including through cybersecurity attacks, to breach data security at financial institutions or with respect to financial transactions. There have been numerous instances involving financial services and consumer-based companies reporting unauthorized access to and disclosure of client or customer information or the destruction or theft of corporate data, including by executive impersonation and third party vendors, or the freezing of operating systems and databases making them inaccessible or unusable. There have also been several highly publicized cases where hackers have requested "ransom" payments in exchange for not disclosing customer information or for restoring access to, or the usage of, operating systems and databases. Ransomware is a form of malicious software, known as "malware," designed to block access to, and often encrypt, computer systems or data. Once the victim's computer system or data is locked down and encrypted, rendering it essentially useless, the malicious cyber actor then extorts the victim by demanding a ransom payment in exchange for providing a method to decrypt it. The attacker may also copy the victim's data in the course of the attack and threaten to sell or publish the data if the ransom is not paid. Ransomware attacks can result in a loss of business functionality and of sensitive data. As cybersecurity threats continue to evolve, the Company expects to continue to expend significant additional resources to modify or enhance its layers of defense or to investigate and remediate any information security vulnerabilities. The techniques used by cybersecurity criminals change frequently, may not be recognized until launched and can be initiated by a variety of actors, including terrorist organizations and hostile foreign governments. These techniques may include attempts to fraudulently induce employees, customers or others to disclose sensitive information in order to gain access to data or systems. These risks may increase as the use of mobile payment and other Internet-based applications expands. Further, third parties with which the Company does business, as well as vendors and other third parties with which the Company's customers do business, can also be sources of information security risk to the Company, particularly where activities of customers are beyond the Company's security and control systems, such as through the use of the Internet, personal computers, tablets, smart phones and other mobile services. Risks relating to cybersecurity attacks on vendors and other third parties, including supply chain attacks affecting software and information technology service providers, have been rising as such attacks become increasingly frequent and severe. For example, in 2023, a widely reported global cybersecurity incident occurred involving MOVEit, a file transfer software product owned by Progress Software Corporation that is used by thousands of public and private sector entities worldwide. As reported, this incident resulted in the theft of sensitive data from a large number of organizations, and certain Company customer information in the possession of the Company's external service providers was compromised in connection with it, while no information was obtained from the Company's internal systems and these systems were not at risk from the MOVEit incident. Security breaches affecting the Company's customers, or systems breakdowns, failures, security breaches or employee misconduct affecting such other third parties, may require the Company to take steps to protect the integrity of its own systems or to safeguard confidential information of the Company or its customers, thereby increasing the Company's operational costs and adversely affecting its business. Additionally, successful cybersecurity attacks at other large financial institutions, whether or not the Company is impacted, could lead to a general loss of customer confidence in financial institutions that could negatively affect M&T, including harming the market perception of the effectiveness of the Company's security measures or the financial system in general which could result in reduced use of the Company's financial products. Though the Company has insurance against some cybersecurity risks and attacks, it may not be sufficient to offset the impact of a material loss event. The Company, as well as third parties with which the Company does business, has expanded the use of cloud service providers, which could experience system breakdowns or failures, outages, downtime, cybersecurity attacks, negative changes to financial condition, bankruptcy, or other adverse conditions, which could have a material adverse effect on the Company's business and reputation. For example, during 2021, there were a number of widely publicized cases of outages in connection with access to cloud service providers. Thus, increasing the amount of infrastructure that the Company or its vendors and service providers outsource to the cloud or to other parties may increase M&T's risk exposure. The failure to properly upgrade or maintain the computer systems could result in greater susceptibility to attacks, particularly in light of the greater frequency and severity of attacks in recent years, as well as the growing prevalence of supply chain attacks affecting software and information technology service providers. Failures related to upgrades and maintenance also increase risks related to unauthorized access and misuse, as well as the Company's ability to achieve its business continuity and resiliency objectives.

Cyber Security - Risk 2

The Company could incur higher costs, experience lower revenue, and suffer reputational damage in the event of the theft, loss or misuse of information, including due to a cybersecurity attack.

Like other financial services firms, the systems, networks and devices of the Company, its customers, employees, service providers or other third parties with whom the Company interacts continue to be the subject of attempted unauthorized access, denial-of-service attacks, computer viruses, hacking, malware, ransomware, phishing or other forms of social engineering, and cybersecurity attacks designed to obtain confidential information, destroy data, disrupt or degrade service, eliminate access or cause other damage. These threats may arise from human error, fraud on the part of employees, insiders or third parties or may result from accidental technology failure or vulnerabilities of suppliers through supply chain attacks. Further, cybersecurity and information security risks for financial institutions have generally increased because of, among other things, the growth of new technologies, the use of the Internet and telecommunications technologies (including computers, smartphones, and other mobile devices outside the Company's systems) by customers to conduct financial transactions, and the increased sophistication and activities of organized crime, fraudsters, hackers, terrorists, activists, instrumentalities of foreign governments and other external parties. Although the Company believes that a robust suite of authentication and layered security controls, data encryption and tokenization, threat intelligence, anti-malware defenses and vulnerability management tools exist, the failure of any of these controls could result in a failure to detect, mitigate or remediate these risks in a timely manner. Moreover, potential new regulations may require the Company to disclose information about a cybersecurity event before it has been resolved or fully investigated. Further, as the Company expands its mobile and digital capabilities, cybersecurity risks increase. A disruption or breach, including as a result of a cybersecurity attack, or media reports of perceived security vulnerabilities at the Company or at third-party service providers could result in significant legal and financial exposure, regulatory intervention, remediation costs, damage to reputation or loss of confidence in the security of systems, products and services that could adversely affect the Company's business. Like other U.S. financial services providers, the Company continues to be targeted with evolving and adaptive cybersecurity threats from sophisticated third parties. Although the Company is not aware of any material losses relating to cybersecurity incidents, there can be no assurance that unauthorized access or cybersecurity incidents will not become known or occur or that the Company will not suffer such losses in the future.

Ability to Sell

Total Risks: 1/30 (3%)Below Sector Average

Competition1 | 3.3%

Competition - Risk 1

The financial services industry is highly competitive and creates competitive pressures that could adversely affect the Company's revenue and profitability.

The financial services industry in which the Company operates is highly competitive. The Company competes not only with commercial and other banks and thrifts, but also with private credit funds, insurance companies, mutual funds, hedge funds, securities brokerage firms, financial technology companies and other companies offering financial services in the U.S., globally and over the Internet. Some of the Company's non-bank competitors are not subject to the same extensive regulations the Company is, and may have greater flexibility in competing for business. In particular, the activity and prominence of so-called marketplace lenders and other technological financial services companies has grown significantly in recent years and is expected to continue growing. The Company competes on the basis of several factors, including capital, access to capital, revenue generation, products, services, transaction execution, innovation, reputation and price. Over time, certain sectors of the financial services industry have become more concentrated, as institutions involved in a broad range of financial services have been acquired by or merged into other firms. These developments have and could continue to result in the Company's competitors gaining greater capital and other resources, such as a broader range of products and services and geographic diversity. The Company has and may continue to experience pricing pressures as a result of these factors and as some of its competitors seek to increase market share. Technological change is influencing how individuals and firms conduct their financial affairs and is changing the delivery channels for financial services. Financial technology providers, who invest substantial resources in developing and designing new technology (in particular digital and mobile technology) are beginning to offer more traditional banking products (either directly or through bank partnerships) and may in the future be able to provide additional services by obtaining a bank-like charter, such as the OCC's financial technology company charter. In addition, the emergence, adoption and evolution of new technologies that do not require intermediation, including distributed ledgers such as digital assets and blockchain, as well as advances in robotic process automation, could significantly affect the competition for financial services. As a result, the Company has had and will likely continue to have to contend with a broader range of competitors including many that are not located within the geographic footprint of its banking office network. Further, along with other participants in the financial services industry, the Company frequently attempts to introduce new technology-driven products and services that are aimed at allowing the Company to better serve customers and to reduce costs. The Company may not be able to effectively implement new technology-driven products and services that allow it to remain competitive or be successful in marketing these products and services to its customers.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing