Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

SoFi Technologies disclosed 79 risk factors in its most recent earnings report. SoFi Technologies reported the most risks in the “Finance & Corporate” category.

Risk Overview Q3, 2024

Risk Distribution

43% Finance & Corporate

33% Legal & Regulatory

9% Production

8% Macro & Political

5% Tech & Innovation

3% Ability to Sell

Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy

This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2020

S&P500 Average

Sector Average

Risks removed

Risks added

Risks changed

SoFi Technologies Risk Factors

New Risk (0)

Risk Changed (0)

Risk Removed (0)

No changes from previous report

The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q3, 2024

Main Risk Category

Finance & Corporate

With 34 Risks

Finance & Corporate

With 34 Risks

Number of Disclosed Risks

No changes from last report

S&P 500 Average: 31

No changes from last report

S&P 500 Average: 31

Recent Changes

0Risks added

16Risks removed

5Risks changed

Since Sep 2024

0Risks added

16Risks removed

5Risks changed

Since Sep 2024

Number of Risk Changed

From last report

S&P 500 Average: 3

From last report

S&P 500 Average: 3

See the risk highlights of SoFi Technologies in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 79

Finance & Corporate

Total Risks: 34/79 (43%)Below Sector Average

Share Price & Shareholder Rights7 | 8.9%

Share Price & Shareholder Rights - Risk 1

The price of our common stock has fluctuated and may be volatile in the future.

The price of our common stock has fluctuated and may continue to fluctuate due to a variety of factors, including: - changes in the industry in which we operate, including public perception of such industry;- developments involving our competitors;- changes in laws and regulations affecting our business, or changes in policies with respect to student loan forgiveness;- changes in interest rates and inflation;- variations in our operating performance and the performance of our competitors in general;- actual or anticipated fluctuations in our quarterly or annual operating results;- publication of research reports by securities analysts about us or our competitors or our industry;- the public's reaction to our press releases, our other public announcements and our filings with the SEC or any changes in our reputation;- actions by stockholders;- additions and departures of key personnel;- commencement of, or involvement in, litigation or regulatory enforcement investigations involving our company;- changes in our capital structure, such as future issuances of securities or the incurrence of additional debt, including in connection with acquisitions;- any reverse stock split of our outstanding shares of common stock, which may increase the price of our common stock;- volatility in capital markets and changes in the volume of shares of our common stock available for public sale; and - general economic and political conditions, such as the effects of recessions, interest rates, inflation, consumer confidence and spending, public perception of the financial services industry, availability of loans and liquidity in the capital markets, local and national elections, corruption, political instability and acts of war or terrorism, including escalating conflict in the Middle East and the ongoing war in Ukraine, and upcoming changes to the United States presidential administration. These market and industry factors, as well as others, may materially reduce the market price of our common stock regardless of our operating performance.

Share Price & Shareholder Rights - Risk 2

Future resales of our common stock may cause the market price of our securities to drop significantly, even if our business is doing well.

Sales of a substantial number of shares of our common stock in the public market or the perception that these sales might occur, have in the past and could in the future depress the market price of our common stock and could impair our ability to raise capital through the sale of additional equity securities. Sales of a substantial number of shares, or the perception that such sales may occur, could have a material and adverse effect on the trading price of our common stock. Sales of a substantial number of shares of common stock in the public market could occur at any time. We have filed with the SEC, and the SEC has declared effective, a registration statement covering shares of our common stock issued in connection with the Agreement, including shares issued to the Third Party PIPE Investors, among others, to facilitate such sales and we have filed a registration statement on Form S-3 which allows us to sell securities from time to time. These sales, or the perception in the market that the holders of a large number of shares intend to sell shares, could cause the market price of our common stock to decline or increase the volatility in the market price of our common stock.

Share Price & Shareholder Rights - Risk 3

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute all other stockholders.

Our issuance of additional capital stock in connection with financings, acquisitions, investments, our stock incentive plans or otherwise will dilute our stockholders. We expect to issue additional capital stock in the future that will result in dilution to all other stockholders. We expect to continue granting equity awards to employees, directors, and consultants under our stock incentive plans. We may also raise capital through equity financings in the future. As part of our business strategy, we may acquire or make investments in complementary companies, products, or technologies and issue equity securities to pay for any such acquisition or investment. Any such issuances of additional capital stock may cause stockholders to experience significant dilution of their ownership interests and the per share value of our common stock to decline.

Share Price & Shareholder Rights - Risk 4

There can be no assurance that we will be able to comply with the continued listing standards of Nasdaq.

If Nasdaq delists our shares of common stock from trading on its exchange for failure to meet Nasdaq's listing standards, we and our stockholders could face significant material adverse consequences, including: - a limited availability of market quotations for our securities;- reduced liquidity for our securities;- a determination that our common stock is a "penny stock," which will require brokers trading in our common stock to adhere to more stringent rules and possibly result in a reduced level of trading activity in the secondary trading market for our securities;- a limited amount of news and analyst coverage; and - a decreased ability to issue additional securities or obtain additional financing in the future.

Share Price & Shareholder Rights - Risk 5

Delaware law and our organizational documents contain certain provisions, including anti-takeover provisions that limit the ability of stockholders to take certain actions and could delay or discourage takeover attempts that stockholders may consider favorable.

The General Corporation Law of the State of Delaware (the "DGCL") and our organizational documents contain provisions that could have the effect of rendering more difficult, delaying, or preventing an acquisition that stockholders may consider favorable, including transactions in which stockholders might otherwise receive a premium for their shares. These provisions could also limit the price that investors might be willing to pay in the future for shares of our common stock, and therefore depress the trading price of our common stock. Additionally, these provisions could also make it difficult for stockholders to take certain actions, including electing directors who are not nominated by the current members of our Board of Directors or taking other corporate actions, including effecting changes in our management. Among other things, our organizational documents include provisions regarding: - the ability of our Board of Directors to issue shares of preferred stock, including "blank check" preferred stock and to determine the price and other terms of those shares, including preferences and voting rights, without stockholder approval, which could be used to significantly dilute the ownership of a hostile acquirer;- the prohibition of cumulative voting in the election of directors, which limits the ability of minority stockholders to elect director candidates;- limitations on the liability of our directors, and the indemnification of our directors and officers;- the ability of our Board of Directors to amend our bylaws, which may allow our Board of Directors to take additional actions to prevent an unsolicited takeover and inhibit the ability of an acquirer to amend our bylaws to facilitate an unsolicited takeover attempt; and - advance notice procedures with which stockholders must comply to nominate candidates to our Board of Directors or to propose matters to be acted upon at a stockholders' meeting, which could preclude stockholders from bringing matters before annual or special meetings of stockholders and delay changes in our Board of Directors and also may discourage or deter a potential acquirer from conducting a solicitation of proxies to elect the acquirer's own slate of directors or otherwise attempting to obtain control of our company. These provisions, alone or together, could delay or prevent hostile takeovers and changes in control or changes in the Board of Directors or management of our company.

Share Price & Shareholder Rights - Risk 6

The provisions of our bylaws requiring exclusive forum in the Court of Chancery of the State of Delaware and the federal district courts of the United States for certain types of lawsuits may have the effect of discouraging certain lawsuits, including derivative lawsuits and lawsuits against our directors and officers, by limiting plaintiffs' ability to bring a claim in a judicial forum that they find favorable.

Our bylaws provide that, to the fullest extent permitted by law, and unless we consent in writing to the selection of an alternative forum, the Court of Chancery of the State of Delaware (or, in the event that such court does not have jurisdiction, the federal district court for the District of Delaware or other state courts of the State of Delaware) will be the sole and exclusive forum for any state law claims for (i) any derivative action or proceeding brought on our behalf, (ii) any action asserting a claim for or based on a breach of a fiduciary duty owed by any of our current or former directors, officers or other employees to us or our stockholders, (iii) any action asserting a claim against us or any of our current or former directors, officers or other employees arising pursuant to any provision of the DGCL or our bylaws or Certificate of Incorporation (as either may be amended from time to time), (iv) any action asserting a claim related to or involving our company that is governed by the internal affairs doctrine, and (v) any action asserting an "internal corporate claim" as that term is defined in Section 115 of the DGCL (the "Delaware Forum Provision"). The Delaware Forum Provision, however, does not apply to actions or claims arising under the Exchange Act. Our bylaws also provide that, unless we consent in writing to the selection of an alternate forum, the sole and exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act of 1933, as amended, and the rules and regulations promulgated thereunder, will be the United States Federal District Courts (the "Federal Forum Provision"). Section 27 of the Exchange Act creates exclusive federal jurisdiction over all suits brought to enforce any duty or liability created by the Exchange Act or the rules and regulations thereunder; our stockholders cannot and will not be deemed to have waived compliance with the U.S. federal securities laws and the rules and regulations thereunder. The Delaware Forum Provision and the Federal Forum Provision in our bylaws may impose additional litigation costs on stockholders in pursuing any such claims and may also impose additional litigation costs on stockholders who assert that either such provision is not enforceable or invalid. Additionally, these forum selection clauses may limit our stockholders' ability to bring a claim in a judicial forum that they find favorable for disputes with us or our directors, officers or employees, which may discourage the filing of lawsuits against us and our directors, officers and employees, even though an action, if successful, might benefit our stockholders. In addition, while the Delaware Supreme Court and other states courts have upheld the validity of federal forum selection provisions purporting to require claims under the Securities Act be brought in federal court, there is still some uncertainty as to whether other courts will enforce our Federal Forum Provision. If the Federal Forum Provision is found to be unenforceable, we may incur additional costs associated with resolving such matters. The Court of Chancery of the State of Delaware and the federal district courts of the United States may reach different judgments or results than would other courts, including courts where a stockholder considering an action may be located or would otherwise choose to bring the action, and such judgments may be more or less favorable to us than our stockholders.

Share Price & Shareholder Rights - Risk 7

If analysts publish inaccurate or unfavorable research, our stock price and trading volume could decline.

The trading market for our common stock depends in part on the research and reports that analysts publish about our business. We do not have any control over these analysts. If one or more of the analysts who cover us downgrade our common stock or publish inaccurate or unfavorable research about our business, as they have done in the past, the price of our common stock would likely decline. If few analysts cover us, demand for our common stock could decrease and our common stock price and trading volume may decline. Similar results may occur if one or more of these analysts stop covering us in the future or fail to publish reports on us regularly. In addition, analysts may establish and publish their own periodic projections for us. These projections may vary widely and may not accurately predict the results we actually achieve. Our share price may decline if our actual results do not match the projections of these research analysts. In addition, if the market for technology stocks or financial services stocks or the broader stock market experiences a loss of investor confidence, the trading price of our common stock could decline for reasons unrelated to our business, financial condition or results of operations.

Accounting & Financial Operations7 | 8.9%

Accounting & Financial Operations - Risk 1

We do not intend to pay cash dividends on our common stock for the foreseeable future.

We currently intend to retain our future earnings, if any, to finance the further development and expansion of our business and do not intend to pay cash dividends on our common stock in the foreseeable future. Any future determination to pay dividends on our common stock will be at the discretion of our Board of Directors and will depend on obtaining regulatory approvals, if required, our financial condition, results of operations, capital requirements, restrictions contained in future agreements and financing instruments, business prospects and such other factors as our Board of Directors deems relevant.

Accounting & Financial Operations - Risk 2

Incorrect estimates or assumptions by management in connection with the preparation of our consolidated financial statements or forecasts could adversely affect our reported or forecasted assets, liabilities, income, revenues or expenses.

The preparation of our consolidated financial statements requires management to make critical accounting estimates and assumptions that affect the reported amounts of assets, liabilities, income, revenues or expenses during the reporting periods. Incorrect estimates and assumptions by management could adversely affect our reported amounts of assets, liabilities, income, revenues and expenses during the reporting periods. If we make incorrect assumptions or estimates, our reported financial results may be over- or understated, which could materially and adversely affect our business, financial condition and results of operations. In addition, operating results are difficult to forecast because they generally depend on a number of factors, including the competition we face, and our ability to attract and retain members and enterprise partnerships, and macroeconomic risks, while generating sustained revenues through the Financial Services Productivity Loop. Additionally, our business may be affected by reductions in consumer borrowing, spending and investing, consumer deposits or investment by technology platform clients from time to time as a result of a number of factors, including the state of the overall economy, which may be difficult to predict. This may result in decreased revenue levels, and we may be unable to adopt measures in a timely manner to compensate for any unexpected shortfall in income. This inability could cause our operating results in a given quarter to be higher or lower than expected. These factors make creating accurate forecasts and budgets challenging and, as a result, we may fall materially short of our forecasts and expectations, which could cause our stock price to decline and investors to lose confidence in us.

Accounting & Financial Operations - Risk 3

We may fail to meet our publicly announced guidance or other expectations about our business and future operating results, which could cause our stock price to decline.

We typically release earnings guidance in our quarterly and annual earnings conference calls and quarterly and annual earnings releases, and may, from time to time, announce guidance otherwise, regarding our future performance that represents our management's estimates as of the date of release. This guidance includes forward-looking statements based on projections prepared by our management. Projections are based upon a number of assumptions and estimates that are based on information known when they are issued, and, while presented with numerical specificity, are inherently subject to significant business, economic and competitive uncertainties and contingencies relating to our business, many of which are beyond our control and are based upon specific assumptions with respect to future business decisions, some of which will change. Guidance is necessarily speculative in nature, and some or all of the assumptions underlying the guidance furnished by us may not materialize or may vary significantly from actual outcomes. Accordingly, our guidance is only an estimate of what management believes is realizable as of the date of release. Actual results may vary from our guidance and the variations may be material. In light of the foregoing, investors are urged not to rely upon our guidance in making an investment decision regarding our common stock. Information Technology and Data Risks

Accounting & Financial Operations - Risk 4

Our reported financial results may be adversely affected by changes in accounting principles generally accepted in the United States.

Generally accepted accounting principles in the United States are subject to interpretation by the Financial Accounting Standards Board, the American Institute of Certified Public Accountants, the SEC and various bodies formed to promulgate and interpret appropriate accounting principles. A change in these principles or interpretations could have a significant effect on our reported financial results, and could affect the reporting of transactions completed before the announcement of a change.

Accounting & Financial Operations - Risk 5

If we do not make accurate credit and pricing decisions or effectively forecast our loss rates, our business and financial results will be harmed, and the harm could be material.

In making a decision whether to extend credit to prospective or existing members, we rely upon data to assess our ability to extend credit within our risk appetite, our debt servicing capacity, and overall risk level to determine lending exposure and loan pricing. If the decision components, rapidly deteriorating macroeconomic conditions or analytics are either unstable, biased, or missing key pieces of information, the wrong decisions will be made, which will negatively affect our financial results. If our credit decisioning strategy fails to adequately predict the creditworthiness of our members, including a failure to predict a member's true credit risk profile and ability to repay their loan or credit card balance, higher than expected loss rates will impact the fair value of our loans and credit card receivables. Additionally, if any portion of the information pertaining to the prospective member is false, inaccurate or incomplete, and our systems did not detect such falsities, inaccuracies or incompleteness, or any or all of the other components of our credit decision process fails, we may experience higher than forecasted losses,?including losses attributed to fraud. Furthermore, we rely on credit reporting agencies to obtain credit reports and other information we rely upon in making underwriting and pricing decisions. If one of these third parties experiences an outage, if we are unable to access the third-party data used in our decision strategy, if such data contains inaccuracies or our access to such data is limited, our ability to accurately evaluate potential members will be compromised, and we may be unable to effectively predict credit losses inherent in our loan portfolio, which would negatively impact our results of operations, which could be material. Additionally, if we make errors in the development, validation, or implementation of any of the underwriting models or tools that we use for the loans securing our debt warehouses or included in securitization transactions or whole loan sales, such loans may experience higher delinquencies and losses, which would negatively impact our debt warehouse financing terms and future securitization and whole loan sale transactions.

Accounting & Financial Operations - Risk 6

We conduct our business operations through subsidiaries and may in the future rely on dividends from our subsidiaries for a substantial amount of our cash flows.

We may in the future depend on dividends, distributions and other payments from our subsidiaries to fund payments on our obligations, including any debt obligations we may incur. Regulatory and other legal restrictions may limit our ability to transfer funds to or from certain subsidiaries, including SoFi Securities and SoFi Bank. In addition, certain of our subsidiaries are subject to laws and regulations that authorize regulatory bodies to block or reduce the flow of funds to us, or that prohibit such transfers altogether in certain circumstances. These laws and regulations may hinder our ability to access funds that we may need to make payments on our obligations, including any debt obligations we may incur and otherwise conduct our business by, among other things, reducing our liquidity in the form of corporate cash. In addition to negatively affecting our business, a significant decrease in our liquidity could also reduce investor confidence in us. Certain rules and regulations of the SEC and FINRA may limit the extent to which our broker-dealer subsidiaries may distribute capital to us. For example, under FINRA rules applicable to SoFi Securities, a dividend in excess of 10% of a member firm's excess net capital may not be paid without FINRA's prior written approval. In addition, the OCC has the authority to use its enforcement powers to prohibit a bank from paying dividends if, in its opinion, the payment of dividends would constitute an unsafe or unsound practice. Federal law also prohibits the payment of dividends by a bank that will result in the bank failing to meet its applicable capital requirements on a pro forma basis. In addition, under the National Bank Act, SoFi Bank generally may, without prior approval of the OCC, declare a dividend but only so long as the total amount of all dividends (common and preferred), including the proposed dividend, in the current year do not exceed net income for the current year to date plus retained net income for the prior two years. Compliance with these rules may impede our ability to receive dividends, distributions and other payments from SoFi Securities and SoFi Bank.

Accounting & Financial Operations - Risk 7

If we fail to establish and maintain proper and effective internal control over financial reporting, our ability to produce accurate and timely financial statements could be impaired, investors may lose confidence in our financial reporting and the trading price of our common stock may decline.

Pursuant to Section 404 of the Sarbanes-Oxley Act, a report by management on internal control over financial reporting and an attestation of our independent registered public accounting firm are required. The rules governing the standards that must be met for management to assess internal control over financial reporting are complex and require significant documentation, testing and possible remediation. We are required, pursuant to Section 404 of the Sarbanes-Oxley Act, to furnish a report by management on, among other things, the effectiveness of our internal control over financial reporting for our annual reports on Form 10-K. This assessment must include disclosure of any material weaknesses identified by our management in our internal control over financial reporting. Our independent registered public accounting firm must also attest to the effectiveness of our internal control over financial reporting in our annual reports on Form 10-K. We are required to disclose changes made in our internal controls and procedures on a quarterly basis. Failure to comply with the Sarbanes-Oxley Act could potentially subject us to sanctions or investigations by the SEC, the applicable stock exchange or other regulatory authorities, which would require additional financial and management resources. The annual internal control assessment required by Section 404 of Sarbanes-Oxley has diverted, and may in the future divert, internal resources and we have and may experience higher operating expenses, higher independent auditor and consulting fees in the future. To comply with the Sarbanes-Oxley Act, the requirements of being a reporting company under the Exchange Act and any new or revised accounting rules in the future, as necessary, we have, and may in the future further, work to upgrade the Company's legacy information technology systems; implement additional financial and management controls, reporting systems and procedures; and hire additional accounting and finance staff. If we are unable to hire the additional accounting and finance staff necessary to comply with these requirements, we may need to retain additional outside consultants. In addition, our current controls and any new controls that we develop may become inadequate because of poor design and changes in our business. For example, our continuing growth and expansion in globally dispersed markets, such as our acquisition of Technisys, has placed and may in the future place significant additional pressure on our system of internal control over financial reporting, as acquisition targets may not be in compliance with the provisions of the Sarbanes-Oxley Act. We do not conduct a formal evaluation of companies' internal control over financial reporting prior to an acquisition. We may be required to hire additional staff and incur substantial costs to implement the necessary new internal controls at companies we acquire. Any failure to implement and maintain effective internal controls over financial reporting could adversely affect the results of assessments by our independent registered public accounting firm and their attestation reports. If we or, if required, our independent registered public accounting firm, are unable to conclude that our internal control over financial reporting is effective, investors may lose confidence in our financial reporting, which could negatively impact the price of our securities. As a result of any material weakness, restatement, change in accounting, or other matters raised or that may in the future be raised by the SEC, we may face potential litigation or other disputes, which may include, among others, claims invoking the federal and state securities laws, contractual claims or other claims arising from the restatement and material weaknesses in our internal control over financial reporting and the preparation of our financial statements. We can provide no assurance that litigation or disputes will not arise in the future. Any such litigation or dispute related to our financial statements or internal controls, whether successful or not, could have a material adverse effect on our business, results of operations and financial condition. We cannot assure you that there will not be additional material weaknesses in our internal control over financial reporting now or in the future. For example, as the accounting acquirer in the Business Combination, we inherited a material weakness from SCH related to the treatment of warrants issued by special acquisition companies which required SCH to restate its previously issued audited financial statements as of December 31, 2020. Any failure to maintain internal control over financial reporting could cause us to fail to timely detect errors and severely inhibit our ability to accurately report our financial condition, results of operations or cash flows. If we are unable to conclude that our internal control over financial reporting is effective, or if our independent registered public accounting firm determines that we have a material weakness in our internal control over financial reporting, investors may lose confidence in the accuracy and completeness of our financial reports, the market price of our common stock could decline, and we could be subject to sanctions or investigations by Nasdaq, the SEC or other regulatory authorities. Failure to remedy any material weakness in our internal control over financial reporting, or to implement or maintain other effective control systems required of public companies, could also restrict our future access to the capital markets.

Debt & Financing16 | 20.3%

Debt & Financing - Risk 1

Increases in member default rates on loans could make us and our loans less attractive to whole loan buyers, lenders under debt warehouse facilities and investors in securitizations, which may adversely affect our access to financing and our business.

Increases in member default rates, due to deteriorating economic conditions or other factors, could make us and our loans less attractive to our existing or prospective funding sources, including whole loan buyers, securitization investors and lenders under debt warehousing facilities. If our existing funding sources do not achieve their desired financial returns or if they suffer losses, they or prospective funding sources may increase the cost of providing future financing or refuse to provide future financing or purchase loans on terms acceptable to us or at all. Our securitizations are nonrecourse to the Company and are collateralized by the pool of our loans pledged to the relevant securitization issuer. If the loans securing our securitizations fail to perform as expected, rating agencies may place our bonds on watch or change their ratings on (or their ratings methodology for) the bonds issued by our securitization trusts. Our loans performance and any actions taken by the rating agencies could result in the lenders under our warehouse facilities, the whole loan purchasers who purchase our loans, the investors in our securitizations who purchase securities backed by our loans, or future lenders, whole loan purchasers or securitization investors in similar arrangements, increasing the cost of providing future financing or refusing to provide future financing or purchase loans on terms acceptable to us or at all. While this risk may be partially mitigated by our ability to hold loans on our balance sheet, in sufficient volume this will negatively impact our financial condition. Consequently, if we were to be unable to arrange new or alternative methods of financing on favorable terms, we may have to curtail or cease our origination of loans, which could have a material adverse effect on our business, financial condition, operating results and cash flows.

Debt & Financing - Risk 2

We make representations and warranties in connection with the transfer of loans to whole loan purchasers, government-sponsored enterprises, and our debt warehouse lenders and securitization trusts. If such representations and warranties are not correct, we could be required to repurchase loans or indemnify the purchaser, which could have an adverse effect on our ability to operate and fund our business.

We sell and finance the loans we originate to and with third parties, including, with respect to home loans, counterparties like GSEs, and we make certain representations and warranties to those third parties in connection with the transfer of loans described below. In the ordinary course of business, we are exposed to liability under these representations and warranties made to purchasers of loans. Such representations and warranties typically include, among other things, that the loans were originated and serviced in compliance with the law and with our credit risk origination policy and servicing guidelines, and, in connection with transfers to GSEs, that the loans were originated in compliance with the guidelines of the relevant GSE, and that, to the best of our knowledge, each loan was originated by us without any fraud or misrepresentation on our part or on the part of the borrower or any other person. In addition, purchasers require loans to meet strict underwriting and loan term criteria in order to be eligible for purchase. If those representations and warranties are breached as to a given loan, or if a certain loan we sell does not meet the relevant eligibility criteria, we will be obligated to repurchase the loan, typically at a purchase price equal to the then-outstanding principal balance of such loan, plus accrued interest and any premium. We may also be required to indemnify the purchaser for losses resulting from the breach of representations and warranties. With regard to home loans insured by the Federal Housing Administration or the VA, and to the extent that any of our home loans do not comply with Federal Housing Administration or VA guidelines, we could also face claims under the False Claims Act. In connection with our whole loan sales, we also typically covenant to repurchase any loan that enters delinquent status within the first thirty to sixty days following origination of the loan. Any significant increase in our obligation to repurchase loans or indemnify purchasers of loans could have a significant adverse impact on our cash flows, even if they are reimbursable, and could also have a detrimental effect on our business and financial condition. If any such repurchase event occurs on a large scale, we may not have sufficient funds to meet our repurchase obligations, which would result in a default under the underlying agreements. Moreover, we may not be able to resell or refinance loans repurchased due to a breach of a representation or warranty or we may be forced to sell such loans below par. Any such event could have an adverse impact on our business, operating results, financial condition and prospects. In addition, in the acquisition of Wyndham, we also acquired Wyndham's liability to its loan investors and loan insurers for mortgage loans originated by Wyndham, including repurchase obligations that might not be contingent upon the investor proving an error by Wyndham. In addition to loan level representations and warranties, our agreements with the lenders and investors on our securitizations, debt warehouse facilities and corporate revolving debt contain a number of corporate financial covenants and early payment triggers and performance covenants. These facilities, together with deposits, are the primary funding sources available to support the maintenance and growth of our business and our liquidity would be materially adversely affected by our inability to comply with the various covenants and other specified requirements set forth in our agreements with our lenders and investors, which could result in the early amortization, default and/or acceleration of our existing facilities. Such covenants and requirements include financial covenants, portfolio performance covenants and other events. For a description of these covenants, requirements and events, see "Management's Discussion and Analysis of Financial Condition and Results of Operations?-?Liquidity and Capital Resources. During an early amortization period or occurrence of a termination event or an event of default, principal collections from the loans in our warehouse facilities would be applied to repay principal under such facilities rather than being available to fund newly originated loans. During the occurrence of a termination event or an event of default under any of our facilities, the applicable lenders could accelerate the related debt and such lenders' commitments to extend further credit under the related facility, if any, would terminate. If we were unable to repay the amounts due and payable under such facilities and securitizations, the applicable lenders and noteholders could seek remedies, including against the collateral pledged under such facilities and by the securitization trust. An acceleration of the debt under certain facilities could also lead to a default under other facilities and, in certain instances, our hedging arrangements, due to cross-default and cross-acceleration provisions. An early amortization event or event of default would negatively impact our liquidity, including our ability to originate new loans, and require us to rely on alternative funding sources, which might increase our funding costs or which might not be available when needed. If we were unable to arrange new or alternative methods of financing on favorable terms, we might have to hold loans on balance sheet in an amount that may negatively impact our financial condition, or curtail or cease the origination of loans, which could impair our growth, and, in each case, have a material adverse effect on our business, financial condition, operating results and cash flows, which in turn could have a material adverse effect on our ability to meet our obligations under our facilities.

Debt & Financing - Risk 3

We require substantial capital and, in the future, may require additional capital to pursue our business objectives and achieve recurring profitability. If adequate capital is not available to us or is unavailable on favorable terms, including due to the cost and availability of funding in the capital markets, our business, operating results and financial condition may be harmed.

Since our founding, we have raised substantial equity and debt financing to support the growth of our business. We may require additional capital to pursue our business objectives and growth strategy and respond to business opportunities, challenges or unforeseen circumstances, including supporting our lending operations, increasing our marketing expenditures to attract new members and technology platform clients and improve our brand awareness, developing our products, introducing new services, further expanding internationally in existing or new countries or further improving existing offerings and services, enhancing our operating infrastructure and potentially acquiring complementary businesses and technologies, and complying with the increased regulatory requirements for bank holding companies and banks. Accordingly, on a regular basis we need, or we may need, to engage in additional debt or equity financings to secure additional funds. However, additional funds may not be available when we need them, in amounts we need, or permitted to be applied to specific use cases, on terms that are acceptable to us or at all. Volatility in the credit markets in general or in the market for personal, student and home loans and credit cards in particular may also have an adverse effect on our ability to obtain debt financing. Furthermore, the cost of our borrowing has increased and may continue to increase due to market volatility, interest rates that are higher than those in the recent past, changes in the risk premiums required by lenders or the unavailability of traditional sources of debt capital. Volatility or depressed valuations or trading prices in the equity markets may similarly adversely affect our ability to obtain equity financing. Furthermore, if we raise additional funds through further issuances of equity or convertible debt securities, our existing stockholders could suffer significant dilution and any new equity securities we issue could have rights, preferences and privileges superior to those of holders of our common stock. We are required to serve as a source of financial strength for SoFi Bank, which is subject to minimum capital requirements imposed by federal regulators, which means that we may be required to provide capital or liquidity support to SoFi Bank, even at times when we may not have the resources to provide such support. In addition, maintaining adequate liquidity is crucial to our securities brokerage, including key functions such as transaction settlement, custody requirements and margin lending. Our broker-dealer subsidiary, SoFi Securities, is subject to Rule 15c3-1 under the Exchange Act, which specifies minimum capital requirements intended to ensure the general financial soundness and liquidity of broker-dealers, and SoFi Securities is subject to Rule 15c3-3 under the Exchange Act, which requires broker-dealers to maintain certain liquidity reserves. We meet our liquidity needs primarily from working capital, deposits and cash generated by member activity, as well as from external debt and equity financing. Increases in the number of members, fluctuations in member cash or deposit balances, as well as market conditions or changes in regulatory treatment of member deposits, may affect our ability to meet our liquidity needs. A reduction in our liquidity position could reduce our members' confidence in us, which could result in the withdrawal of member assets, including deposits held at SoFi Bank, and loss of members, or could cause us to fail to satisfy minimum capital requirements for SoFi Bank, or broker-dealer or other regulatory capital guidelines, which may result in immediate suspension of banking and other securities activities, regulatory prohibitions against certain business practices, increased regulatory inquiries and reporting requirements, increased costs, fines, penalties or other sanctions, by the Federal Reserve, the OCC, the SEC, FINRA or other SROs or state regulators, and could ultimately lead to the liquidation of SoFi Bank or our broker-dealer or other regulated entities. Factors which may adversely affect our liquidity position include temporary liquidity demands due to timing differences between brokerage transaction settlements and the availability of segregated cash balances, fluctuations in cash held in member accounts, a significant increase in our margin lending activities, increased regulatory capital requirements, changes in regulatory guidance or interpretations, or Federal Housing Administration or VA guidelines, other regulatory changes or a loss of market or member confidence resulting in unanticipated withdrawals of member assets. We expect that we will continue to use our available cash to fund our lending activities and help scale our Financial Services segment. To supplement our cash resources, we may seek to enter into additional securitizations and whole loan sale agreements or increase the size of existing debt warehousing facilities, increase the size of, or replace, our revolving credit facility, continue to grow deposits and pursue other potential options. In addition, a reduction in our liquidity position could impair our technology platform clients' confidence in us and our platform as a service products and services, many of which require capital investments and ongoing platform maintenance by us, which could result in decisions by our technology platform clients to terminate or not renew their existing contracts or to not add new products to their account. If we are unable to adequately maintain our cash resources, we may delay non-essential capital expenditures, implement cost cutting procedures, delay or reduce future hiring, discontinue the pursuit of our strategic objectives and growth strategies or reduce our rate of future originations compared to the current level. There can be no assurance that we can obtain sufficient sources of external capital to support the growth of our business. Delays in doing so or failure to do so may require us to reduce loan originations or reduce our operations, which would harm our ability to pursue our business objectives as well as harm our business, operating results and financial condition.

Debt & Financing - Risk 4

Our checking and savings product is expected to continue to provide us with an important source of cost-efficient funding and any failure to scale the product due to our limited experience or a competitive marketplace could have a negative impact on our business, operating results and financial condition.

We expect that checking and savings, a deposit account product, will continue to provide us with an important source of deposits to use for cost-effective funding of loan originations and other activities. However, revenue growth for checking and savings is dependent on increasing the volume of members who open an account and on growing balances in those accounts. Although our checking and savings account product has grown since its introduction in the first quarter of 2022, there is no guarantee that account openings and the amount on deposit in those accounts will continue to grow. In addition, although we have invested in a number of initiatives to attract new checking and savings account holders and capture a greater share of our members' savings, including offering a competitive annual percentage yield on deposits and offering SoFi Plus membership benefits to deposit holders, there can be no assurance that these investments to acquire and retain members, provide differentiated features and services and spur usage of our deposit account product will be effective or cost effective. There are also no assurances that we will be able to maintain a competitive annual percentage yield on deposits, and members can easily transfer checking and savings account balances to our competitors. Further, developing our service offerings and marketing the checking and savings product in additional customer acquisition channels could have higher costs than anticipated or be less effective than anticipated, and could adversely impact our results or dilute our brand. Finally, our checking and savings product faces competition from similar products offered by our competitors which may offer more attractive features, including a higher interest rate on deposits, which may impact the success of the product. In the event we are unable to sufficiently grow the checking and savings product, we may be required to find alternative, higher-cost funding for our lending and other activities, or we might not be able to originate an acceptable or sustainable volume of loans, either of which could have a negative impact on our business, operating results and financial condition. See "Market and Interest Rate Risks - Fluctuations in interest rates could negatively affect the demand for our checking and savings product".

Debt & Financing - Risk 5

Any failure to accurately capture credit risk or to execute our funding strategy for SoFi Credit Card could have a negative impact on our business, operating results and financial condition.

The performance of the SoFi Credit Card product is significantly dependent on the ability of the credit and fraud decisioning and scoring models we use to originate the product, which includes a variety of factors, to effectively prevent fraud, evaluate an applicant's credit profile and likelihood of default. Despite establishing a defined risk appetite and leveraging third-party stress testing of product loss forecasts, there is no assurance that our credit criteria can accurately predict repayment and loss profiles. If our criteria do not accurately prevent fraud or reflect credit risk on the SoFi Credit Card product, greater than expected losses may result and our business, operating results, financial condition and prospects could be materially and adversely affected. In addition, revenue growth for SoFi Credit Card is dependent on increasing the volume of members who open an account and on growing loan balances on those accounts. Over time we will continue to invest in a number of new product initiatives to attract new SoFi Credit Card members and capture a greater share of our members' total spending and borrowings. Revenue growth for SoFi Credit Card may be adversely affected by new restrictions on credit card fees finalized by the CFPB in March 2024. Although originally scheduled to become effective in May 2024, the rule remains subject to challenge in the 5th U.S. Circuit Court of Appeals following a stay order from that court. If the rule ultimately becomes effective as written, it could, if we modify our terms in response to changes made by issuers impacted by the rule, adversely affect revenue. While we have generally seen increases in revenue from SoFi Credit Card, there can be no assurance that our investments in SoFi Credit Card to acquire members, provide differentiated features and services and spur usage of our card will continue to be effective, and developing our service offerings and forming new partnerships could have higher costs than anticipated, and could adversely impact our results or dilute our brand. Furthermore, the success of the SoFi Credit Card product depends on our ability to execute on our funding strategy for the resulting credit card receivables. We may establish a credit card receivable securitization program in the future. There is no guarantee, however, that we will be successful in establishing a securitization program for these assets. In the event we are unable to finance our credit card receivables, we may be required to hold those assets on our consolidated balance sheet or sell them for a loss, either of which could have a negative impact on our business, operating results and financial condition. Regulatory, Tax and Other Legal Risks

Debt & Financing - Risk 6

An inability to accept or maintain deposits due to market demand or regulatory constraints could materially adversely affect our liquidity position and our ability to fund our business.

SoFi Bank accepts deposits and uses the proceeds as a source of funding, with our direct retail deposits becoming a larger proportion of our funding over time. Although we launched the SoFi Insured Deposit Program in 2023, whereby funds (up to $2 million) are deposited into deposit accounts at banks which are insured by the FDIC up to the applicable limits, we continue to face strong competition with regard to deposits, and pricing and product changes may adversely affect our ability to attract and retain cost-effective deposit balances. To the extent we offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Our ability to obtain deposit funding and offer competitive interest rates on deposits is also dependent on SoFi Bank's capital levels. The FDIA's brokered deposit provisions and related FDIC rules in certain circumstances prohibit banks from accepting or renewing brokered deposits and apply other restrictions, such as a cap on interest rates that can be paid. For example, while SoFi Bank met the definition of "well-capitalized" as of September 30, 2024 and currently has no restrictions regarding acceptance of brokered deposits or setting of interest rates, there can be no assurance that we will continue to meet this definition. Additionally, our regulators can adjust applicable capital requirements at any time and have authority to place limitations on our deposit businesses. An inability to attract or maintain deposits in the future could materially adversely affect our ability to fund our business.

Debt & Financing - Risk 7

Changed

Higher than expected payment speeds of loans could negatively impact the fair market value of the lending portfolio and our returns as the holder of the residual interests in securitization trusts holding personal and student loans. These factors could materially alter our net revenue or the value of our residual interest holdings.

The rate at which borrowers prepay their loans can have a material impact on our net revenue, the value of our lending portfolio and the value of our residual interests in securitization trusts. Prepayment rates are subject to a variety of economic, social, competitive and other factors, including fluctuations in interest rates, availability of alternative financings, legislative, regulatory or policy changes affecting the student loan market, the home loan market, consumer lending generally and the general economy, including changing expectations for inflation and deflation. For example, interest rates began to decline in 2024 and a lower interest rate environment may lead to higher prepayment rates on loans. While we anticipate some variability in prepayment rates, extraordinary or extended increases or decreases in prepayment rates could materially affect our liquidity and net revenue. For example, when, as a result of unanticipated prepayment levels, loans within a securitization trust amortize faster than originally contracted due to prepayments, the trust's pool balance may decline at a rate faster than the prepayment rate assumed when the trust's bonds were originally issued. If the trust's pool balance declines faster than originally anticipated, in most of our securitization structures, the bonds issued by that trust will also be repaid faster than originally anticipated. In such cases, our net revenue may decrease, inclusive of our servicing revenue and the diminished value of any retained residual interest by us in the trust. Finally, rating agencies may place bonds on watch or change their ratings on (or their ratings methodology for) the bonds issued by a securitization trust, possibly raising or lowering their ratings, based upon these prepayment rates and their perception of the risk posed by those rates to the timing of the trust cash flows. Placing bonds on watch, changing ratings negatively, proposing or making changes to ratings methodology could: (i) affect our liquidity, (ii) impede our access to the securitization markets, (iii) require changes to our securitization structures, and (iv) raise or lower the value of the residual interests of our future securitization transactions.

Debt & Financing - Risk 8

We have the option of pursuing a gain-on-sale origination model and, consequently, our business is affected by the cost and availability of funding in the capital markets.

In addition to the issuance of equity, historically we have funded our operations and capital expenditures through sales of our loans, secured and unsecured borrowing facilities and securitizations. We have the option of pursuing a gain-on-sale origination model and, consequently, our earnings and financial condition are largely dependent on the price we can obtain for our products in the capital markets, which has been and may be negatively impacted by interest rates that are higher than those in the recent past combined with longer periods during which we have held, and may continue to hold, loans on-balance sheet. These capital markets risks may be partially mitigated by the availability of bank deposits and other corporate cash (if any) to temporarily hold the loans on our balance sheet, and by utilizing our Loan Platform Business to originate and sell loans, in certain instances on a fixed fee basis. However, bank deposits and corporate cash have not historically been our primary source of funding and can be impacted by a number of factors, and our Loan Platform Business is new and does not have a significant performance history. Our ability to obtain financing in the capital markets depends, among other things, on our development efforts, business plans, operating performance, lending activities, public perceptions of the financial services industry, and condition of, and our access to, the capital markets at the time we seek financing. The capital markets have recently and from time to time experienced periods of significant volatility, including volatility driven by rising inflation, uncertainty in the financial services sector, escalating conflict in the Middle East and the ongoing war in Ukraine, among other things. This volatility can dramatically and adversely affect financing costs when compared to historical norms or make funding unavailable. Additional factors that could make financing more expensive or unavailable to us include, but are not limited to, financial losses, events that have an adverse impact on our reputation, lawsuits challenging our business practices, adverse regulatory changes, changes in the activities of our business partners, loan performance, events that have an adverse impact on the financial services industry generally, counterparty availability, negative credit rating actions with respect to our rated securities, corporate and regulatory actions, interest rate changes, general economic conditions, including changing expectations for inflation and deflation, and the legal, regulatory and tax environments governing funding transactions, including existing or future securitization transactions. If financing is difficult, expensive or unavailable, our business, financial condition, results of operations, cash flows and future prospects could be materially and adversely affected.

Debt & Financing - Risk 9

Fluctuations in interest rates could negatively affect the demand for our checking and savings product.

Falling, low or fluctuating interest rates, including declining interest rates in 2024, have in the past had and may in the future have a negative impact on the demand for our checking and savings product. Checking and savings provides members a digital banking experience that offers a variable annual percentage yield, which is at our discretion. If we are not able to offer competitive interest rates on deposit accounts, demand for our checking and savings product may decrease, which may impact our ability to access deposits as a more cost-effective source of funding for our loans. Although we have been in an elevated interest rate environment in recent years, interest rates began to decline in 2024 and there is no guarantee that the interest rate we offer on our deposit accounts will remain competitive and in a falling or low interest rate environment, account holders and prospective account holders may be discouraged from using these products, which would adversely affect our business, financial condition, results of operations, cash flows and future prospects.

Debt & Financing - Risk 10

We are exposed to financial risks that may be partially mitigated but cannot be eliminated by our hedging activities, which carry their own risks.

We continue to use, and may in the future use, financial instruments for hedging and risk management purposes in order to protect against possible fluctuations in interest rates, or for other reasons that we deem appropriate. In particular, we expect our interest rate risk to increase with our home loans business which continues to grow, including as a result of our acquisition of Wyndham. However, any current and future hedges we enter into will not completely eliminate the risk associated with fluctuating interest rates and our hedging activities may prove to be ineffective. The success of our hedging strategy will be subject to our ability to correctly assess counterparty risk and the degree of correlation between the performance of the instruments used in the hedging strategy and any changes in interest rates, along with our ability to continuously recalculate, readjust and execute hedges in an efficient and timely manner. Therefore, though we may enter into transactions to seek to reduce risks, unanticipated changes may create a more negative consequence than if we had not engaged in any such hedging transactions. Moreover, for a variety of reasons, we may not seek to establish a perfect correlation between such hedging instruments and the instruments being hedged. Any such imperfect correlation may prevent us from achieving the effect of the intended hedge and expose us to risk of loss. Any failure to manage our hedging positions properly or inability to enter into hedging instruments under acceptable terms, or any other unintended or unanticipated economic consequences of our hedging activities, could affect our financial condition and results of operations.

Debt & Financing - Risk 11

Internet-based loan origination processes may give rise to greater risks than paper-based processes.

We use internet-based loan processes to obtain application information and distribute certain legally required notices to applicants for, and borrowers of, loans and to obtain electronically signed loan documents in lieu of paper documents with ink signatures obtained in person. These processes may entail greater risks than paper-based loan origination processes, including regarding the sufficiency of notice for compliance with consumer protection laws, risks that borrowers may challenge the authenticity of loan documents, or the validity of the borrower's electronic signature on loan documents, and risks that unauthorized changes are made to the electronic loan documents. If any of those factors were to cause our loans, or any of the terms of our loans, to be unenforceable against the relevant borrowers, or impair our ability to service our loans (as master servicer or servicer), the value of our loan assets would decrease significantly to us and to our whole loan purchasers, securitization investors and warehouse lenders. In addition to increased default rates and losses on our loans, this could lead to the loss of whole loan purchasers and securitization investors and trigger terminations and amortizations under our debt warehouse facilities, each of which would materially adversely impact our business.

Debt & Financing - Risk 12

Student loans are subject to discharge in certain circumstances.

Private education loans, including the refinanced student loans and other student loans made by us, are generally not dischargeable by a borrower in bankruptcy. However, a private education loan may be discharged if a debtor files an adversary claim and the bankruptcy court determines that not discharging the debt would impose an undue hardship on the debtor and the debtor's dependents. New policies implemented by the Biden Administration in late 2022 gave judges more leeway to discharge student loans, resulting in more borrowers discharging their student loans in bankruptcy in 2023, compared to prior years. In addition, in November 2022, the Department of Justice introduced a new process for handling student loan discharge cases intended to reduce the burden on debtors pursuing discharge of their federal student loans in bankruptcy. Further, bills have been introduced in Congress that would make student loans dischargeable in bankruptcy to the same extent as other forms of unsecured credit without regard to a hardship analysis. For example, in October 2022, then House Judiciary Chair Jerrold Nadler and Representative David Cicilline introduced the Student Borrower Bankruptcy Relief Act of 2022, which would eliminate the section of the U.S. bankruptcy code that makes private and federal student loans non-dischargeable through bankruptcy. It is possible that a higher percentage of borrowers will obtain relief under bankruptcy or other debtor relief laws in the future than is reflected in our historical experience. A private education loan that is not a refinanced parent-student loan is also generally dischargeable as a result of the death or disability of the borrower. The discharge of a significant amount of our loans could adversely affect our business and results of operations. See "Regulatory, Tax and Other Legal Risks-Legislative and regulatory policies and related actions have had and could in the future have a material adverse effect on our student loan portfolios and our student loan origination volume."

Debt & Financing - Risk 13

We offer personal loans, which have a limited performance history, and therefore we have only limited prepayment, loss and delinquency data with respect to such loans on which to base projections.

The performance of the personal loans we offer is significantly dependent on the ability of the credit decisioning, income validation, and scoring models we use to originate such loans, which include a variety of factors, to effectively evaluate an applicant's credit profile and likelihood of default. Despite recession-readiness planning and stress forecasting, there is no assurance that our credit criteria can accurately predict loan performance under economic conditions such as a prolonged down-cycle or recessionary economic environment or the governmental response to periods of disruption, which may drive unexpected outcomes. If our criteria do not accurately reflect credit risk on the personal loans, greater than expected losses may result on these loans and our business, operating results, financial condition and prospects could be materially and adversely affected. In addition, personal loans are dischargeable in a bankruptcy proceeding involving a borrower without the need for the borrower to file an adversary proceeding. The discharge of a significant amount of our personal loans could adversely affect our financial condition. Furthermore, other characteristics of personal loans may increase the risk of default or fraud and there are few restrictions on the uses that may be made of personal loans by borrowers, which may result in increased levels of credit consumption. We also originate a material portion of our personal loans through ACH deposits directly to the borrowers, which may result in a higher risk of fraud. The effect of these factors may be to reduce the amounts collected on our personal loans and adversely affect our operating results and financial condition.

Debt & Financing - Risk 14

We perform and manage the loan origination process for all of the home loans that we originate. If we fail to properly perform these functions, our home loans business may be adversely affected.

In April 2023, we acquired Wyndham, a mortgage lender, expanding our home loans business. In connection with the acquisition of Wyndham, we adopted loan origination technology which facilitates performing many functions in connection with the origination of home loans, including processing, underwriting, pricing, vendor management, closing, and additional functions for loan origination that we previously outsourced to third-party providers, and we now directly manage loan underwriters and loan processors which are services previously managed by third-party providers. In the event that we fail for any reason to perform or manage such functions in accordance with all applicable requirements, including through human errors, technology errors, negligence, willful misconduct or fraud, our ability to originate home loans will suffer and our business, cash flows and future prospects may be negatively impacted, and we could incur penalties or liabilities including obligations to repurchase loans from investors to whom we sold the loans. Additionally, if we fail to perform such functions or properly manage our new resources, we may be unable to complete, or be delayed in the completion of, the origination of home loans in our pipeline and to originate new home loans, and we may not be able to onboard a replacement service provider that has the ability to promptly provide the same services in the same manner and on the same economic terms.

Debt & Financing - Risk 15

Potential geographic concentration of our members may increase the risk of loss on the loans that we originate and negatively impact our business.

Any concentration of our members in specific geographic areas may increase the risk of loss on our loans. Certain regions of the U.S. from time to time will experience weaker economic conditions and higher unemployment and, consequently, will experience higher rates of delinquency and loss than on similar loans in other regions of the country. Moreover, a further deterioration in economic conditions or a recession, outbreaks of disease, the continued increase in extreme weather conditions and other natural events (such as hurricanes, tornadoes, floods, drought, wildfires, mudslides, earthquakes and other extreme conditions) and other factors could adversely affect the ability and willingness of borrowers in affected regions to meet their payment obligations under their loans and may consequently affect the delinquency and loss experience of such loans. In addition, we, as master servicer for all student loans and home loans and as servicer of our personal loans, have offered in the past, and may in the future offer, hardship forbearance or other relief programs in certain circumstances to affected borrowers. Conversely, an improvement in economic conditions in one or more of the geographic areas in which we have members could result in higher prepayments of their payment obligations under their loans by borrowers in such states. As a result, we and the whole loan purchasers who hold our loans or securitization investors or warehouse lenders who hold securities backed by our loans may receive principal payments earlier than anticipated, and fewer interest payments than anticipated, and face certain reinvestment risks, such as the inability to acquire loans on equally attractive terms as the prepaid loans. In addition, higher prepayments than anticipated may have a negative impact on our servicing revenue which could cause our operating results and financial condition to be materially and adversely affected. Further, the concentration of our loans in one or more geographic locations may have a disproportionate effect on us or investors in our loans or securities backed by our loans if governmental authorities in any of those areas take action against us as originator, master servicer or servicer of those loans or take action affecting our ability as master servicer or servicer to service those loans. Funding and Liquidity Risks

Debt & Financing - Risk 16

If we are unable to retain and/or increase our current sources of funding, including deposits, and secure new or alternative methods of financing, our ability to finance additional loans and introduce new products will be negatively impacted.

Historically, in addition to the issuance of equity, we have funded our operations and capital expenditures primarily through access to the capital markets through sales of our loans, access to secured and unsecured borrowing facilities and utilization of securitization financing from consolidated and nonconsolidated VIEs. In each of these instances (other than for certain whole loan sales of home loans), we retain the servicing rights to our loans from which we earn a servicing fee. In securitization financing transactions, we transfer a pool of loans originated by SoFi Lending Corp. or SoFi Bank to a VIE which is sponsored by SoFi Lending Corp. or SoFi Bank, and we retain risk in the VIE, typically in the form of asset-backed bonds and residual interest investments. Through SoFi Bank, we utilize deposits as well, which offer us a lower cost source of funds, and we have the ability to access other funding sources, such as the FHLB and certain brokered deposit channels established by SoFi Bank. We rely on each of these outlets for liquidity and the loss or reduction of any one of these outlets, including deposits, could materially adversely impact our business. For example, certain banks have faced operational difficulties in accessing the FHLB discount window and there is no guarantee that we will not face the same or similar issues. In addition, there can be no assurance that we will be able to successfully access the securitization markets at any given time, or that deposits at SoFi Bank will remain at current levels or grow, and in the event of a sudden or unexpected shortage of funds in the banking and financial system, we cannot be sure that we will be able to maintain necessary levels of funding without incurring high funding costs, a reduction in the term of funding instruments, an increase in the amount of equity we are required to hold or the liquidation of certain assets. Furthermore, there is a risk that there will be no market at all for our loans either from whole loan buyers or through investments in securities backed by our loans. We may require capital in excess of amounts we currently anticipate, and depending on market conditions and other factors, we may not be able to maintain our capital or obtain additional capital for our current operations or anticipated future growth on reasonable terms or at all. As the volume of loans that we originate, and the increased suite of products that we make available to members, increases, we may be required to expand the size of our debt warehousing facilities or seek additional sources of capital. The availability of these financing sources depends on many factors, some of which are outside of our control. We may also experience the occurrence of events of default or breaches of financial performance or other covenants under our debt agreements, which could reduce or terminate our access to institutional funding. If we are unable to increase our current sources of funding, including deposits, and secure new or alternative methods of financing, our ability to finance additional loans and to develop and offer new products will be negatively impacted. The interest rates, advance rates and other costs of new, renewed or amended facilities may also be higher than those currently in effect. If we are unable to renew or otherwise replace these facilities or generally arrange new or alternative methods of financing on favorable terms, we may be forced to curtail our origination of loans or reduce lending or other operations, which would have a material adverse effect on our business, financial condition, operating results and cash flows.

Corporate Activity and Growth4 | 5.1%

Corporate Activity and Growth - Risk 1

We have in the past consummated, and from time to time we may evaluate and potentially consummate, acquisitions, which could require significant management attention, disrupt our business and adversely affect our financial results.

Our success depends, in part, on our ability to expand our business. In some circumstances, we may determine to do so through the acquisition of complementary assets, businesses and technologies rather than through internal development. For example: (i) in April 2020, we acquired 8 Limited, an investment business in Hong Kong, (ii) in May 2020, we acquired Galileo, a company that provides technology platform services to financial and non-financial institutions, (iii) in February 2022, we acquired Golden Pacific, a bank holding company, (iv) in March 2022, we acquired Technisys, a cloud-native digital multi-product core banking platform, and (v) in April 2023, we acquired Wyndham, a mortgage lender. The identification of suitable acquisition candidates can be difficult, time-consuming and costly, and we may not be able to successfully complete identified acquisitions. The risks we face in connection with acquisitions include, among others: - diversion of management time and focus from operating our business to addressing acquisition integration challenges;- coordination of technology, product development, risk management and sales and marketing functions;- retention of employees from the acquired company and retention of our employees due to cultural challenges associated with integrating employees from the acquired company into our organization;- integration of the acquired company's accounting, management information, human resources, third-party risk management and other administrative systems;- the need to implement or improve controls, procedures and policies at a business that prior to the acquisition may have lacked effective controls, information security and cybersecurity safeguards, procedures and policies, including third-party risk management practices;- write-offs or impairments of intangible assets, goodwill or other assets recognized in connection with the acquisition;- liability for activities of the acquired company before the acquisition, including patent and trademark infringement claims, violations of laws, including employment laws, commercial disputes, tax liabilities and other known and unknown liabilities;- litigation or other claims in connection with the acquired company, including claims from terminated or current employees, customers, former stockholders or other third parties; and - known and unknown regulatory compliance risks resulting from geographic expansion, including elevated risk factors for tax compliance, money laundering controls, and supervisory controls oversight. Our failure to address these risks or other problems encountered in connection with our acquisitions and investments could cause us to fail to realize the anticipated benefits of these acquisitions or investments, cause us to incur unanticipated liabilities and harm our business, generally. Future acquisitions could also result in dilutive issuances of our equity securities, the incurrence of debt, contingent liabilities, regulatory obligations to further capitalize our business, goodwill and intangible asset impairments, and increased regulatory scrutiny, any of which could harm our financial condition and negatively impact our stockholders. To the extent we pay the consideration for any future acquisitions or investments in cash, it would reduce the amount of cash available to us for other purposes.

Corporate Activity and Growth - Risk 2

Changed

We may be unable to realize the anticipated benefits of acquiring Technisys.

We closed the Technisys acquisition in March 2022 and its operations have been largely integrated into our business. The success of the Technisys acquisition, including anticipated benefits and cost savings and potential additional revenue opportunities, will depend, in part, on our ability to realize various benefits, including, among other things, the development of an end-to-end vertically integrated banking technology stack to support multiple products and enable the combined company to meet the expanding needs of existing customers and serve additional established banks, fintechs and non-financial brands looking to enter financial services. The inability to realize our expected cost savings in connection with the Technisys' acquisition could have an adverse effect on our business, financial condition, operating results and prospects. Failure to achieve these anticipated benefits could result in increased costs, decreases in the amount of expected revenues, lost cost savings and incremental revenue opportunities and diversion of management's time and energy and could have an adverse effect on our business, financial condition, operating results and prospects.

Corporate Activity and Growth - Risk 3

Our management has limited experience in operating a public company.

We have incurred and will continue to incur increased costs as a result of operating as a public company, and our management intends to continue to devote substantial time to new compliance initiatives. As a public company, we are subject to the reporting requirements of the Exchange Act, the Sarbanes-Oxley Act, the Dodd-Frank Act, as well as rules adopted, and to be adopted, by the SEC and Nasdaq. Our management and other personnel devote and we expect will continue to devote a substantial amount of time to these compliance initiatives. Furthermore, new rules and regulations or changes to existing rules and regulations in the future may increase our legal and financial compliance costs and make some activities more time-consuming and costly, which would increase our net loss for the foreseeable future. The impact of these requirements could also make it more difficult for us to attract and retain qualified persons to serve on our Board of Directors, its board committees or as executive officers. Our executive officers have limited experience in dealing with the increasingly complex laws pertaining to public companies, which may increase the amount of their time devoted to these activities and result in less time being devoted to the management and growth of the business. We continue to evaluate whether we have adequate personnel with the appropriate level of knowledge, experience and training in the accounting policies, practices or internal control over financial reporting required of public companies. We have in the past and may in the future expand our employee base and hire additional employees to support our operations as a public company, which has caused and may in the future cause our operating costs to increase. See "If we fail to establish and maintain proper and effective internal control over financial reporting, our ability to produce accurate and timely financial statements could be impaired, investors may lose confidence in our financial reporting and the trading price of our common stock may decline".

Corporate Activity and Growth - Risk 4

Our risk management processes and procedures may not be effective.

Our risk management processes and procedures seek to appropriately balance risk and return and mitigate risks. We have established processes and procedures intended to identify, measure, monitor and control the types of risk to which we are subject, including interest rate risk, credit risk, deposit risk, market risk, foreign currency exchange rate risk, liquidity risk,strategic risk, operational risk, cybersecurity risk, and reputational risk. Credit risk is the risk of loss that arises when a loan obligor fails to meet the terms of a loan repayment obligation, the loan enters default, and if uncured results in financial loss of remaining principal and interest to the loan purchaser. Our exposure to credit risk mainly arises from our lending activities, including SoFi Credit Card. Deposit risk refers to accelerated availability of depositor funds, prior to settlement, risk of ACH returns or merchant settlements, and transactional limits that may be applied to deposit accounts. Market risk is the risk of loss due to changes in external market factors, such as interest rates, asset prices, and foreign exchange rates. Foreign currency exchange rate risk is the risk that our financial position or results of operations could be positively or negatively impacted by fluctuations in exchange rates. We may in the future be subject to increasing foreign currency exchange rate risk with our acquisition of Technisys, a foreign company, and we continue to pursue a diversified durable growth strategy with expansion via new products and geographies. Liquidity risk is the risk that financial condition or overall safety and soundness are adversely affected by an inability, or perceived inability, to meet obligations (e.g., current and future cash flow needs) and support business growth. We actively monitor our liquidity position at the broker-dealer and SoFi Bank. Strategic risk is the risk from changes in the business environment, ineffective business strategies, improper implementation of decisions or inadequate responsiveness to changes in the business and competitive environment. Operational risk is the risk of loss arising from inadequate or failed internal processes, controls, people (e.g., human error or misconduct) or systems (e.g., technology problems), business continuity or external events (e.g., natural disasters), compliance, reputational, regulatory, cybersecurity or legal matters and includes those risks as they relate directly to us, fraud losses attributed to applications and any associated fines and monetary penalties as a result, transaction processing, or employees, as well as to third parties with whom we contract or otherwise do business. We believe operational risk is one of the most prevalent forms of risk in our risk profile. We strive to manage operational risk by establishing policies and procedures to accomplish timely and efficient processing, obtaining periodic internal control attestations from management, conducting internal process Risk Control Self-Assessments and audit reviews to evaluate the effectiveness of internal controls. Our operational risk, and the amount we invest in risk management, may increase as we introduce new products and product features, and as new threat actors and evolving threat vectors, such as account takeover tactics, increase and become more sophisticated. In order to be effective, among other things, our enterprise risk management capabilities must adapt and align to support any new product or loan features, capability, strategic development, or external change. Cybersecurity risk is the risk of a malicious technological attack intended to impact the confidentiality, availability, or integrity of our systems and data, including, but not limited to, sensitive client data. Our technology and cybersecurity teams rely on a layered system of preventive and detective technologies, controls, and policies to detect, mitigate, and contain cybersecurity threats. In addition, our cybersecurity team, and the third-party consultants they engage, regularly assess our cybersecurity risks and mitigation efforts. Cyberattacks can also result in financial and reputational risk. Reputational risk is the risk arising from possible negative perceptions of us, whether true or not, among our current and prospective members, clients, counterparties, employees, and regulators. The potential for either enhancing or damaging our reputation is inherent in almost all aspects of business activity. We attempt to manage this risk through our commitment to a set of core values that emphasize and reward high standards of ethical behavior, maintaining a culture of compliance, and by being responsive to member and regulatory requirements. Risk, including, but not limited to, the risks outlined above, is inherent in our business, and therefore, despite our efforts to manage risk, there can be no assurance that we will not sustain unexpected losses. We could incur substantial losses and our business operations could be disrupted to the extent our business model, operational processes, control functions, technological capabilities, risk analyses, and business/product knowledge do not adequately identify and manage potential risks associated with our strategic initiatives. There also may be risks that exist, or that develop in the future, that we have not appropriately anticipated, identified or mitigated, including when processes are changed or new products and services are introduced. If our risk management framework does not effectively identify and control our risks, we could suffer unexpected losses or be otherwise adversely affected, which could have a material adverse effect on our business.

Legal & Regulatory

Total Risks: 26/79 (33%)Above Sector Average

Regulation18 | 22.8%

Regulation - Risk 1

As a result of our business combination with a special purpose acquisition company, regulatory obligations may impact us differently than other publicly traded companies.

We became a publicly traded company by completing a transaction with SCH, a SPAC. As a result of this transaction, regulatory obligations have, and may continue, to impact us differently than other publicly traded companies. For instance, the SEC and other regulatory agencies may issue additional guidance or apply further regulatory scrutiny to companies like us that have completed a business combination with a SPAC. Managing this regulatory environment, which has and may continue to evolve, could divert management's attention from the operation of our business, negatively impact our ability to raise additional capital when needed or have an adverse effect on the price of our common stock.

Regulation - Risk 2

Lawmakers, regulators and other public officials have signaled an increased focus on new or additional laws or regulations that could impact our broker-dealer business and require us to make significant changes to our business model and practices, and could result in significant costs to our business or loss of current revenue streams.

Various lawmakers, regulators and other public officials have recently made statements about business practices in which we and other broker-dealers engage, including SoFi Securities, and signaled an increased focus on new or additional laws or regulations that, if acted upon, could impact our business. For example, a focus by regulators and lawmakers on PFOF, exchange rebates, and related conflicts of interest have resulted in new proposed rules. Additionally, the SEC has proposed new requirements regarding best execution (Regulation Best Execution), PFOF and a rule to prohibit volume-based transaction pricing in connection with the execution of agency-related orders in national market system stock. The SEC also issued an order in September 2023 directing the equity exchanges and FINRA to file a new national marketing system plan. This order and other proposals have the potential to substantially reshape U.S. equities markets in intended and unintended ways, and to substantially alter existing order routing, execution incentives and business practices. The SEC also finalized rules in February 2023 to shorten the standard settlement cycle for most broker-dealer transactions in securities from two business days after the trade (T+2) to one (T+1). The SEC compliance date for T+1 was in May 2024 and this change has required and will continue to require technological, operational, and compliance adjustments across the industry that are likely to be time consuming and costly for all market participants. Additionally, a focus by lawmakers and regulators on so-called gamification and digital engagement practices has resulted in a new rule proposed by the SEC and, in July 2023, the SEC proposed new rules and amendments to address certain conflicts of interest associated with the use of predictive data analytics by broker-dealers and investment advisers in investor interactions. If adopted, the proposed rules would require broker-dealers and investment advisers to evaluate and determine whether their use of certain technologies in investor interactions such as analytical, technological or computational functions, algorithms, models, correlation matrices or similar methods or processes that direct or optimize for investment related behavior, involves a conflict of interest that results in the broker-dealer or investment adviser's interests being placed ahead of investors' interests. To the extent that the SEC, FINRA or other regulatory authorities or legislative bodies adopt additional regulations or legislation in respect of any of these areas or relating to any other aspect of our business, we could face a heightened risk of potential regulatory violations and could be required to make significant changes to our business model and practices, which changes may not be successful. Any of these outcomes could have an adverse effect on our business, financial condition and results of operations. Additionally, any negative publicity surrounding PFOF practices generally, or our implementation of this practice, could harm our brand and reputation. For more information about the potential impact of legal and regulatory changes, see "We may become subject to enforcement actions or litigation as a result of our failure to comply with laws and regulations, even though noncompliance was inadvertent or unintentional".

Regulation - Risk 3

We will be adversely affected if we, or any of our subsidiaries, are determined to have been subject to registration as an investment company under the Investment Company Act.

We are currently not deemed to be an "investment company" subject to regulation under the Investment Company Act of 1940, as amended (the "Investment Company Act"). No opinion or no-action position has been requested of the SEC on our status as an Investment Company. There is no guarantee we will continue to be exempt from registration under the Investment Company Act and were we to be deemed to be an investment company under the Investment Company Act, and thus subject to regulation under the Investment Company Act, the increased reporting and operating requirements could have an adverse impact on our business, operating results, financial condition and prospects. In addition, if the SEC or a court of competent jurisdiction were to find that we are in violation of the Investment Company Act for having failed to register as an investment company thereunder, possible consequences include, but are not limited to, the following: (i) the SEC could apply to a district court to enjoin the violation; (ii) we could be sued by investors in us and in our securities for damages caused by the violation; and (iii) any contract to which we are a party that is made in, or whose performance involves a, violation of the Investment Company Act would be unenforceable by any party to the contract unless a court were to find that under the circumstances enforcement would produce a more equitable result than nonenforcement and would not be inconsistent with the purposes of the Investment Company Act. Should we be subjected to any or all of the foregoing, our business would be materially and adversely affected. Personnel and Business Continuity Risks

Regulation - Risk 4

Legislative and regulatory policies and related actions have had and could in the future have a material adverse effect on our student loan portfolios and our student loan origination volume.

Legislative and regulatory actions have had and could continue to have a significant impact on our student loan refinancing business. On March 27, 2020, the CARES Act was signed into law. In compliance with the CARES Act, payments and interest accrual on all loans owned by the U.S. Department of Education were initially suspended through September 30, 2020, a pause on student loan repayments that was subsequently extended through August 30, 2023 by a series of executive actions. Interest on federal student loans began accruing on September 1, 2023 and borrowers' first loan payments were due in October 2023. Although federal student loans are largely back in repayment, the increased focus in recent years by policymakers on outstanding federal student loans, including, among other things, on the total volume of outstanding loans and on the number of loans outstanding per borrower, has led to discussion of additional potential legislative and regulatory actions and other possible steps to, among other things: - permit private education loans such as our refinanced student loan and in-school student loan products to be discharged in bankruptcy without the need to show undue hardship;- amend the federal postsecondary education loan programs, including to reduce interest rates on certain loans, to revise repayment plans, to make income-driven repayment plans more attractive to borrowers, to implement broader loan forgiveness plans, to provide for refinancing of private education loans into federal student loans at low interest rates, to reduce or eliminate the Grad PLUS program (which authorizes loans that comprise a substantial portion of our student loan refinancing business) and to provide for refinancing of existing federally held student loans into new federal student loans at low interest rates;- require private education lenders to reform loan agreements to provide for income-driven repayment plans and other payment plans; and - make sweeping changes to the entire cost structure and financial aid system for higher education in the U.S., including proposals to provide free postsecondary education. In addition, there is pressure on policymakers to reduce or cancel student loans or accrued interest at a significant scale, which would further reduce demand for our student loan refinancing product and have a negative impact on our loan origination volume and revenue. For example, despite legal challenges at the Supreme Court to some of the Biden Administration's prior student loan forgiveness measures, the Biden Administration continues to pursue options for providing relief to student borrowers, announcing additional relief for 2024 and beyond, including the approval of an additional $74 billion under the PSLF program, and an additional 6-month extension of a student loan payment pause for borrowers in the SAVE program. In April 2024, the U.S. Department of Education issued a notice of proposed rulemaking to include targeted student loan debt forgiveness to certain borrowers, including provisions under the Higher Education Act of 1965, as amended, that would provide relief for eligible borrowers of runaway interest, forgiveness of outstanding debt related to loans which entered repayment at least 20 years ago, and additional provisions to facilitate relief related to income-driven repayment plans. The Biden Administration's ability to pursue further student debt relief may be impacted by ongoing legal challenges and the change in administration expected in January 2025. As of October 2024, the Biden Administration is still in the process of appealing federal court injunctions that prevent the U.S. Department of Education from implementing parts of the SAVE Plan and other IDR plans and limiting the Biden Administration ability to provide further loan forgiveness for borrowers under the SAVE Plan. The future impact to our student loan refinancing product will also largely depend on expectations regarding the introduction or implementation of these or any additional relief measures, the interest rate environment, how competitive our student loan refinancing products are compared to our competitors and macroeconomic factors. If in the future, student loans were forgiven or canceled in any meaningful scale, or if federal loan borrowers were permitted to refinance at lower interest rates, our student loan refinancing business within our Lending segment, which is our largest segment, would be materially and adversely affected and our profitability, results of operations, financial condition, cash flows or future business prospects could be materially and adversely affected as a result. In addition, proposals to make student loans dischargeable in bankruptcy or similar proposals could make whole loan purchasers less likely to purchase our student loans, securitization investors less likely to purchase securities backed by our student loans or warehouse lenders less likely to lend against our student loans at attractive advance rates. As a result of any material adverse effect to our Lending segment, our overall profitability, results of operations, financial condition, cash flows or future business prospects may be adversely affected. Although we continue to evaluate the ultimate impact of local, state and federal legislation, regulation and politics, guidance and actions, future legislative, regulatory and executive actions, and the ongoing impact of our own forbearance measures on our financial results, business operations and strategies, there is no guarantee that our estimates will be accurate or that any actions we take based on such estimates will be successful. Furthermore, we believe that the cost of responding to, and complying with, evolving laws and regulations, as well as any guidance from enforcement actions, will continue to increase, as will the risk of penalties and fines from any enforcement actions that may be imposed on our businesses. Our profitability, results of operations, financial condition, cash flows or future business prospects could be materially and adversely affected as a result.

Regulation - Risk 5

If we fail to comply with federal and state consumer protection laws, rules, regulations and guidance, our business could be adversely affected.

The CFPB, an agency which oversees compliance with and enforces federal consumer financial protection laws, has supervisory authority over the offer, sale or provision of our consumer financial products and services. Prior to January 1, 2024, the OCC examined SoFi Bank for compliance with CFPB rules and enforced CFPB rules with respect to SoFi Bank. In addition, to the extent certain of our lending or loan servicing activity was conducted outside of SoFi Bank, the CFPB had the authority to pursue enforcement actions against us as a company offering those certain consumer financial products or services. Beginning January 1, 2024, SoFi Bank and its affiliates became subject to supervision and regulation by the CFPB with respect to federal consumer protection laws, including laws relating to fair lending and the prohibition of UDAAP in connection with the offer, sale or provision of consumer financial products and services. As part of its regulatory oversight, the CFPB may seek a range of remedies, including rescission of contracts, refund of money, return of real property, restitution, disgorgement of profits or other compensation for unjust enrichment, damages, public notification of the violation and "conduct" restrictions (i.e., future limits on the target's activities or functions). Under the current administration and leadership of the agency, the CFPB has pursued a more aggressive enforcement policy with respect to a range of regulatory compliance matters. For example, on January 6, 2022, the CFPB announced a new initiative to scrutinize so-called consumer "junk fees." Since then, the CFPB issued guidance to banks on how to avoid charging unlawful overdraft and depositor fees, confirmed their policy against "pay to pay" fees or charging any fees not expressly authorized and properly disclosed in a consumer agreement, issued a final rule limiting credit card penalty fees, which was stayed pending ongoing litigation, and launched an inquiry into junk fees in mortgage closing costs. The CFPB has also identified additional unfair, deceptive, and abusive acts or practices that could violate the CFPA, including certain billing and collection practices after bankruptcy discharges of certain student loan debt, taking unreasonable advantage of a consumer's reasonable reliance on an operator or lead generator to act in the consumer's interests, and including unclear or unenforceable terms and conditions in consumer contracts or fine print. The CFPB has also continued to be active in litigation against student loan servicers and others, including Climb Credit and its largest shareholder 1/0, Ejudicate, Navient, Prehired, the National Collegiate Student Loan Trusts and Pennsylvania Higher Education Assistance Agency, and Western Benefits Group for CFPA and other violations. In addition, where a company has violated Title X of the Dodd Frank Act, the Dodd-Frank Act empowers state attorneys general and state regulators to bring certain civil actions. Increased enforcement or rules from the CFPB could increase our legal and financial compliance costs, require us to evaluate or amend certain activities or products in light of evolving compliance standards, make some activities more difficult, time-consuming and costly, and increase demand on our systems and resources. We hold lending licenses or similar authorizations in multiple states, each of which has the authority to supervise and examine our activities. As a licensed consumer lender, mortgage lender, loan broker, collection agency, MSB and loan servicer in certain states, we are subject to examinations by state agencies in those states. Similarly, we are subject to licensure requirements and regulations as an education loan servicer in multiple states. An administrative proceeding, litigation, investigation or regulatory proceeding relating to allegations or findings of the violation of such laws by us, any sub-servicer we engage, or our collection agents, could impair our ability to service and collect on our loans or could result in requirements that we pay damages, fines or penalties and/or cancel the balance or other amounts owing under one or more of our loans. There is no assurance that allegations of violations of the provisions of applicable federal or state consumer protection laws will not be asserted against us, any sub-servicers or collection agents we engage or other prior owners of our loans in the future. To the extent it is determined that any of our loans were not originated in accordance with all applicable laws, we may be obligated to repurchase such loan from a whole loan buyer, securitization trust or warehouse facility. We must comply with federal, state and local consumer protection laws including, among others, the federal and state UDAAP laws, the Federal Trade Commission Act, the Truth in Lending Act, the CRA, the Real Estate Settlement Procedures Act, the ECOA, the FHA, the HMDA, the Secure and Fair Enforcement for Mortgage Licensing Act, FCRA, the Fair Debt Collection Practices Act, the Servicemembers Civil Relief Act, the Military Lending Act, the Electronic Fund Transfer Act, the GLBA, the CARES Act and the Dodd-Frank Act. We must also comply with laws on advertising, as well as privacy laws, including the TCPA, the Telemarketing Sales Rule, the CAN-SPAM Act, the Personal Information Protection and Electronic Documents Act, applicable laws and regulations of Hong Kong including the Personal Data (Privacy) Ordinance and the Personal Data (Privacy) (Amendment) Ordinance 2012 and the CCPA and other state privacy laws. Privacy and data security concerns, data collection and transfer restrictions, contractual obligations and U.S. laws and regulations related to data privacy, security and protection could materially and adversely affect our business, financial condition and results of operations. Compliance with applicable laws is costly, and our failure to comply with applicable federal, state and local laws could lead to: - loss of our licenses and approvals to engage in our lending and servicing businesses;- damage to our reputation in the industry;- governmental investigations and enforcement actions;- administrative fines and penalties and litigation;- civil and criminal liability, including class action lawsuits;- inability to enforce loan agreements;- diminished ability to sell loans that we originate or purchase, requirements to sell such loans at a discount compared to other loans or repurchase or address indemnification claims from purchasers of such loans;- loss or restriction of warehouse facilities to fund loans;- inability to raise capital; and - inability to execute on our business strategy, including our growth plans. The CRA, to which SoFi Bank is subject, presents a useful example of how a failure to comply with applicable laws could hamper our growth. On January 1, 2023, SoFi Bank began operating under a five-year CRA strategic plan which includes measurable goals relating to: (i) CD Lending and CD Investments, (ii) CD Contributions, (iii) CD Services, (iv) Small Business Lending, and (v) Retail Services and Products. On October 23, 2023, the Federal Reserve, OCC and FDIC approved changes to their CRA regulations, maintaining the existing CRA ratings (Outstanding, Satisfactory, Needs to Improve, and Substantial Noncompliance) but modifying the evaluation framework to replace the existing tests generally applicable to banks with at least $2 billion in assets (the lending, investment, and services tests) with four new tests and associated performance metrics. The new CRA regulations, which become effective on January 1, 2026, increase the geographic areas in which banks will be evaluated for CRA performance and may be particularly burdensome on banks focused on mobile and digital banking such as SoFi Bank. The implementation of the new CRA regulations is currently paused pending the resolution of legal challenges to the new regulations. The OCC's assessment of our compliance with the CRA is taken into account when evaluating any application we submit for, among other things, a merger or the acquisition of another financial institution. Our failure to satisfy our CRA obligations could, at a minimum, result in the denial of such applications and limit our growth. In the first quarter of 2019, we were subject to a consent order from the FTC (the "FTC Consent Order"), which resolved allegations that we misrepresented how much money student loan borrowers have saved or would save from financing their loans with us, in violation of the Federal Trade Commission Act. Under the FTC Consent Order, we are prohibited from misrepresenting to consumers how much money they would save by using our products, unless the claims are backed up by reliable evidence. While we have developed and monitor policies and procedures designed to assist in compliance with laws and regulations, no assurance can be given that our compliance policies and procedures will be effective and that we will not be subject to fines and penalties, including with respect to any alleged noncompliance with the FTC Consent Order. Ambiguities in applicable statutes and regulations may leave uncertainty with respect to permitted or restricted conduct and may make compliance with laws, and risk assessment decisions with respect to compliance with laws, difficult and uncertain. In addition, ambiguities make it difficult, in certain circumstances, to determine if, and how compliance violations may be cured. We have in the past and may in the future fail to comply with applicable statutes and regulations even if acting in good faith, or because governmental bodies or courts interpret existing laws or regulations in a more restrictive manner, which have in the past and may in the future lead to regulatory investigations, governmental enforcement actions or private causes of action with respect to our compliance. To resolve issues raised in examinations or other governmental actions, we may be required to take various corrective actions, including changing certain business practices, making refunds or taking other actions that could be financially or competitively detrimental to us. In some cases, regardless of fault, it may be less time-consuming or costly to settle these matters, which may require us to implement certain changes to our business practices, provide remediation to certain individuals or make a settlement payment to a given party or regulatory body. There is no assurance that any future settlements will not have a material adverse effect on our business.

Regulation - Risk 6

We hold state licenses that result in substantial compliance costs, and our business would be adversely affected if our licenses are impaired as a result of noncompliance with those requirements.

We currently hold state licenses in connection with our lending activities, student loan servicing activities, securities business, and prior MSB activities. Although we have transitioned our lending products to SoFi Bank, for as long as SoFi Lending Corp. originates, brokers, purchases or master services or services loans, we must comply with certain state licensing requirements and varying compliance requirements. In addition, although we have transferred our digital assets business, we still hold MSB licenses while we determine whether to maintain or relinquish those licenses. Changes in licensing laws may result in increased disclosure requirements, increased fees, or may impose other conditions to licensing that we or our personnel are unable to meet. In most states in which we operate, a regulatory agency or agencies regulate and enforce laws relating to loan servicers, brokers, and originators, collection agencies, and MSBs. We are subject to periodic examinations by state and other regulators in the jurisdictions in which we conduct business, which can result in increases in our administrative costs and refunds to borrowers of certain fees earned by us, and we may be required to pay substantial penalties imposed by those regulators due to compliance errors, or we may lose our license or our ability to do business in the jurisdiction otherwise may be impaired. Fines and penalties incurred in one jurisdiction may cause investigations or other actions by regulators in other jurisdictions. We may not be able to maintain all currently required licenses and permits. If we change or expand our business activities, we may be required to obtain additional licenses before we can engage in those activities. If we apply for a new license, a regulator may determine that we were required to do so at an earlier point in time, and as a result, may impose penalties or refuse to issue the license, which could require us to modify or limit our activities in the relevant state. For example, we have been fined in the past by state regulators for engaging in financial services related activities prior to obtaining a license. Based on changes to our businesses, we may also forfeit certain of our licenses that are no longer required, such as our MSB licenses following the transfer of our digital assets business. Regulators may impose conditions, requirements or penalties in connection with the forfeiture of any of our licenses. States may also expand or otherwise modify their current regulations and if such states so act, we may not be able to comply with such updated regulations or maintain all requisite licenses and permits in such states or our costs of compliance with and maintenance of such licenses or permits may materially increase. For example, California, Colorado and Maine have implemented additional regulations related to student loan servicers which impose additional registration, reporting and disclosure requirements and which, if applicable to us, may increase our costs of originating and servicing loans in those states. In addition, the states that currently do not provide extensive regulation of our business may later choose to do so, and if such states so act, we may not be able to obtain or maintain all requisite licenses and permits, which could require us to modify or limit our activities in the relevant state or states. The failure to satisfy those and other regulatory requirements could result in a default under our warehouse facilities, other financial arrangements and/or servicing agreements and thereby have a material adverse effect on our business, financial condition and results of operations.

Regulation - Risk 7

Our compliance and risk management policies and procedures as a bank, bank holding company and otherwise regulated financial services company may not be fully effective in identifying or mitigating compliance and risk exposure in all market environments or against all types of risk.

As a bank, a bank holding company and a financial services company operating in the banking and securities industry, among others, our business exposes us to a number of heightened risks. We have devoted significant resources to developing our compliance and risk management policies and procedures and will continue to do so, but there can be no assurance these are sufficient, especially as our business is rapidly growing and evolving. Nonetheless, our limited operating history in many of the products we offer, our evolving business and our rapid growth make it difficult to predict all of the risks and challenges we may encounter and may increase the risk that our policies and procedures that serve to identify, monitor and manage compliance risks may not be fully effective in mitigating our exposure in all market environments or against all types of risk. Further, some controls are manual and are subject to inherent limitations and errors in oversight. This could cause our compliance and other risk management strategies to be ineffective. Other compliance and risk management methods depend upon the evaluation of information regarding markets, customers, catastrophic occurrences or other matters that are publicly available or otherwise accessible to us, which may not always be accurate, complete, up-to-date or properly evaluated. Insurance and other traditional risk-shifting tools may be held by or available to us in order to manage certain exposures, but they are subject to terms such as deductibles, coinsurance, limits and policy exclusions, as well as risk of counterparty denial of coverage, default or insolvency. Any failure to maintain effective compliance and other risk management strategies could have an adverse effect on our business, financial condition and results of operations. We are also exposed to heightened regulatory risk because our business is subject to extensive regulation and oversight in a variety of areas, and such regulations are subject to evolving interpretations and application and it can be difficult to predict how they may be applied to our business, particularly as we introduce new products and services and expand into new jurisdictions. Additionally, the regulatory landscape involving digital assets is constantly evolving. Although we have exited our digital assets business, the Company, including SoFi Digital Assets, LLC, may still be subject to regulatory scrutiny related to our prior business practices. Also, due to market volatility, it is difficult to predict how much capital we will need in the future to meet net capital requirements. Any perceived or actual breach of laws and regulations could negatively impact our business, financial condition or results of operations. It is possible that these laws and regulations could be interpreted or applied in a manner that would prohibit, alter or impair our existing or planned products and services.

Regulation - Risk 8

Regulatory scrutiny of banking as a service, or BaaS, solutions has recently increased and may require us to devote significant resources to enhancing our Technology Platform policies, procedures, operations, controls and products, and the failure to satisfy such increased scrutiny may cause regulators to take action against us or our BaaS partners, or result in a loss of one or more of our BaaS partners.

Our Technology Platform facilitates the provision of BaaS products and services to third parties through various card, deposit, payment, transfer, credit and lending solutions that allow financial technology companies or other third parties to, among other things, connect to sponsor banks' systems directly via application programming interfaces and cloud infrastructure so they can build banking offerings on top of the sponsor banks' regulated infrastructure. In addition, our Technology Platform offers an end-to-end core banking platform solution with integrated payment processing. Furthermore, in connection with our Technology Platform's BaaS solutions, we sometimes offer certain program management, data, analytics, compliance and risk management functions. The third parties that use these BaaS solutions include a variety of financial entities, including banks, fintech companies and other financial intermediaries. SoFi Bank is one of the sponsor banks that utilizes our BaaS products and services and may continue to do so in the future. Federal bank regulators have increasingly focused on the risks related to BaaS solutions, including risk management, oversight, internal controls, information security, change management and information technology operational resilience, as well as potential systemic risk posed by BaaS solutions to the larger banking industry. Recently, regulators have even brought enforcement actions against financial entities that have allegedly not adequately addressed these concerns while growing their BaaS offerings. Regulators have specifically required these financial entities to enhance oversight of third-party fintech partnerships, improve control frameworks related to anti-money laundering and Bank Secrecy Act compliance, and adopt, implement and adhere to revised and expanded risk-based policies, procedures and processes. If we or any of the fintech clients or sponsor bank partners supported by our Technology Platform were to face regulatory actions that limit the growth of our or their fintech business, or if we were forced to stop growing our Technology Platform, or if any of our fintech clients or sponsor banks were to limit or cease their participation in BaaS solutions, this could have a negative impact on our revenue and results of operation for the Technology Platform segment. Furthermore, regulatory scrutiny of BaaS solutions extends directly to middleware providers, such as our Technology Platform, which, in certain circumstances, bear accountability for their partners' compliance and risk management, including with respect to penalties, fines, and other measures that bank regulatory agencies take in the event of non-compliant activity or risks that are not well controlled. This is particularly true when the BaaS solution includes program management, and compliance and risk management controls, including managing anti-money laundering and fraud risks. In addition, as our fintech and sponsor bank partners face increased regulatory scrutiny, their scrutiny of our services will likely increase and our inability to satisfactorily respond to partner demands could result in those partners moving to different solutions. Assessing and managing risk for our Technology Platform clients in the face of regulatory and client scrutiny has in the past and will continue to require us to devote significant resources to enhancing relevant policies, procedures, operations and products. Finally, as a subsidiary of a bank holding company, any failure of our Technology Platform's BaaS solutions to withstand regulatory scrutiny could reflect badly on our relationship with our regulators and on our overall reputation. While we believe we are a leader in managing, monitoring and overseeing BaaS relationships with third parties and corresponding technologies, if we are not successful in continuing to enhance our controls for assessing and managing the third-party, anti-money laundering, fraud and information technology risks stemming from certain of our fintech and sponsor bank partnerships, we could be subject to additional regulatory scrutiny with respect to that portion of our business which could subject us to regulatory fines or other penalties, or business or reputational harm, and could adversely affect our financial condition and results of operations.

Regulation - Risk 9

We may become subject to enforcement actions or litigation as a result of our failure to comply with laws and regulations, even though noncompliance was inadvertent or unintentional.

We maintain systems and procedures designed to ensure that we comply with applicable laws and regulations; however, some legal/regulatory frameworks provide for the imposition of fines or penalties for noncompliance even though the noncompliance was inadvertent or unintentional and even though there were systems and procedures designed to ensure compliance in place at the time. For example, we engage in outbound telephone and text communications with consumers, and accordingly must comply with a number of federal and state statutes and regulations that regulate certain such communications, including the TCPA and Telemarketing Sales Rules. The U.S. Federal Communications Commission (the "FCC"), and the FTC have responsibility for regulating various aspects of some of these federal laws. Among other requirements, the TCPA requires us to obtain prior express written consent for certain telemarketing calls and to adhere to "do-not-call" registry requirements which, in part, mandate we maintain and regularly update lists of consumers who have chosen not to be called and restrict certain calls to consumers who are on the national do-not-call list. Further, in late 2023 and early 2024, the FCC introduced various new TCPA requirements relating to, among other things, lead generation, prior express written consent to marketing calls made with certain telephony technology and processing opt-outs and do not call requests. These new requirements will come into effect later this year or in January 2025. In addition to federal laws, many states also have mini-TCPA and other similar consumer protection laws regulating certain telemarketing directed to their residents. Collectively, these federal and state laws limit our ability to communicate with consumers through calls and text messages and reduce the effectiveness of our marketing programs. As currently construed, the TCPA and several state mini-TCPA laws do not distinguish between voice and data, and, as such, SMS/MMS messages are also "calls" for the purpose of these laws. For violations of the TCPA, the law provides for a private right of action under which a plaintiff may recover monetary statutory damages of $500 for each call or text made in violation of the statute. A court may treble the $500 amount upon a finding of a willful or knowing violation. There is no statutory cap on maximum aggregate exposure for TCPA violations (although some courts have applied in TCPA class actions constitutional limits on excessive penalties). Like the TCPA, several mini-TCPA and other similar state laws also provide for a private right of action under which a plaintiff may recover statutory damages of $500 or more for each violative call or text and enhanced statutory if the violation is knowing or willful. An action may be brought by the FCC, a state attorney general, an individual, or a class of individuals. Like other companies that rely on telephone and text communications, we may be subject to putative class action suits alleging violations of the TCPA, and state mini-TCPA and other similar state laws. If in the future we are found to have violated any federal or state law regulating telemarketing, the amount of damages and potential liability could be extensive and adversely impact our business. In addition, we use credit reports in our credit decisioning processes and, accordingly, must comply with FCRA which requires a permissible purpose to obtain a consumer credit report and requires persons that furnish loan payment information to credit bureaus to report such information accurately. We are also required to perform a reasonable investigation in the event we receive indirect disputes from the credit bureaus about the accuracy of our credit reporting for a particular consumer and to update any inaccurate information we discover. Although we have policies and procedures in place to comply with FCRA, we are subject to lawsuits alleging that we failed under FCRA to adequately investigate indirect disputes over credit reporting which we receive from one or more credit bureaus. We have experienced an increase in such FCRA claims since our business has grown and even if we are ultimately successful in defending against such suits, they could involve substantial time and expense to analyze and respond to, could divert management's attention and other resources from running our business, and could lead to settlements, judgments, fines, penalties or injunctive relief.

Regulation - Risk 10

Changes in applicable laws and regulations, as well as changes in government enforcement policies and priorities, may negatively impact the management of our business, results of operations, ability to offer certain products or the terms and conditions upon which they are offered, and ability to compete.

Financial services regulation is constantly changing, and new laws or regulations, or new interpretations of existing laws or regulations, could have a materially adverse impact on our ability to operate as currently intended, and cause us to incur significant expense in order to ensure compliance. Federal and state financial services regulators are also enforcing existing laws, regulations, and rules aggressively and enhancing their supervisory expectations regarding the management of legal and regulatory compliance risks. These regulatory changes and uncertainties make our business planning more difficult and could result in changes to our business model and potentially adversely impact our results of operations. Furthermore, to the extent applicable, these laws can impose specific statutory liabilities upon creditors who fail to comply with their provisions and may affect the enforceability of a loan. Proposals to change the statutes affecting financial services companies are frequently introduced in Congress and state legislatures that, if enacted, may affect their operating environment in substantial and unpredictable ways. In addition, numerous federal and state regulators and SROs have the authority to promulgate or change regulations that could have a similar effect on our operating environment. We cannot determine with any degree of certainty whether any such legislative or regulatory proposals will be enacted and, if enacted, the ultimate impact that any such potential legislation or implementing regulations, or any such potential regulatory actions by federal or state regulators, would have upon our business. New laws, regulations, policy or changes in enforcement of existing laws or regulations applicable to our business, or reexamination of current practices, could adversely impact our profitability, limit our ability to continue existing or pursue new business activities, require us to change certain of our business practices, affect retention of key personnel, or expose us to additional costs (including increased compliance costs and/or customer remediation). These changes also may require us to invest significant resources, and devote significant management attention, to make any necessary changes and could adversely affect our business. For example, the SEC proposed Regulation Best Execution, along with other proposals related to equity market structure, in December 2022. If adopted as proposed, Regulation Best Execution and other recent proposals would substantially alter existing order routing, execution incentives and business practices. The SEC also finalized rules in February 2023 to shorten the standard settlement cycle for most broker-dealer transactions in securities from two business days after the trade (T+2) to one (T+1). The SEC compliance date for T+1 was in May 2024 and this change has and will continue to require technological, operational, and compliance adjustments across the industry that are and will likely continue to be time consuming and costly for all market participants. In March 2023, the SEC proposed multiple rules related to privacy and cybersecurity. The SEC's proposed Rule 10 relating to cybersecurity for market entities (including broker-dealers) would impose additional requirements related to incident reporting, the establishment and periodic review of policies and procedures designed to address cybersecurity risks, and disclosure about cybersecurity risks and significant incidents. The SEC also reopened the comment period for the Investment Management Cybersecurity Release which proposed new rules that would require registered investment advisers and investment companies to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, disclose information about cybersecurity risks and incidents, report information confidentially to the SEC about certain cybersecurity incidents, and maintain related records. In July 2023, the SEC proposed new rules and amendments to address certain conflicts of interest associated with the use of predictive data analytics by broker-dealers and investment advisers ("firms") in investor interactions. If adopted, the proposed rules would require broker-dealers and investment advisers to evaluate and determine whether their use of certain technologies in investor interactions such as analytical, technological or computational functions, algorithms, models, correlation matrices or similar methods or processes that direct or optimize for investment related behavior, involves a conflict of interest that results in the broker-dealer or investment adviser's interests being placed ahead of investors' interests. Depending on the outcome of any final rule, our ability to use these technologies to generate business activity and revenue may be limited. On October 13, 2023, the SEC adopted rules relating to providing additional disclosures in the securities lending market. These rules require any covered person that loans a reportable security on behalf of itself or another person to report certain material terms of those loans and related information to FINRA by the end of the day on which the loan is effected. FINRA in turn will make certain information it receives publicly available by the next business day. These regulations could make securities lending more costly, leading to less overall lending activity and a decrease in revenue. On February 22, 2024, the SEC adopted amendments to Rule 605 under Exchange Act that requires disclosures for order executions in national market system ("NMS") stocks. The amendments modify the type of information required to be disclosed under Rule 605 and expand the scope of reporting entities subject to Rule 605 to include broker-dealers who introduce or carry 100,000 or more customer accounts. Complying with Rule 605 is a new requirement for us. In addition, the Rule itself has been modified to include new definitions, new and modified categories of order types, and new statistical measures of execution quality and other metrics. In May 2024, the SEC adopted amendments to Regulation S-P ("Reg S-P"). The finalized amendments to Reg S-P are designed to address the expanded use of technology and corresponding risks that have emerged since Reg S-P's original adoption and modernize and improve the protection of consumer financial information by certain financial institutions, also known as "covered institutions" (including broker-dealers and investment advisers). As adopted, amended Reg S-P (i) requires covered institutions to develop, implement, and maintain written policies and procedures for an incident response program that is reasonably designed to detect, respond to, and recover from unauthorized access to or use of customer information; (ii) requires that the response program include procedures for covered institutions to provide timely notification to affected individuals whose sensitive customer information was, or is reasonably likely to have been, accessed or used without authorization; and (iii) broadens the scope of information covered by Regulation S-P's requirements. On September 18, 2024, the SEC adopted rules that would (i) amend Rule 612 of Regulation NMS to establish a new minimum pricing increment, also known as a tick size, of $0.005 for the quoting of certain NMS stocks; (ii) reduce the access fee caps applicable to stock exchanges under Rule 610 of Regulation NMS (from $0.003 per share (i.e., 30 mils) to $0.001 per share (i.e., 10 mils) and require national securities exchanges to make the amounts of all fees and rebates determinable at the time of execution; and (iii) accelerate the implementation of the round lot and odd-lot information definitions adopted in 2020 under the Market Data Infrastructure Rules ("MDI Rules") and add information about the best odd-lot order to the definition of odd-lot information. These changes, particularly the amendments to Rule 612 and 610 of Regulation NMS, will likely affect the economics for orders executed on national stock exchanges and as a result may impact order routing and order execution decisions by market participants, including third parties on which we rely, like clearing brokers. See "Business, Financial and Operational Risks - We rely on third parties to perform certain key functions, and their failure to perform those functions could adversely affect our business, financial condition and results of operations". Compliance with this rule may impose additional cost on our business. In addition, SoFi Securities' ability to generate revenue may be impacted as a result of the changes in stock exchange fee caps and the resulting potential changes in order routing and execution decisions. The ultimate effect of these potential changes is uncertain and may impact how SoFi Securities manages and evaluates its compliance with other obligations, such as its obligation to achieve best execution for customer orders. See also "Lawmakers, regulators and other public officials have signaled an increased focus on new or additional laws or regulations that could impact our broker-dealer business and require us to make significant changes to our business model and practices, and could result in significant costs to our business or loss of current revenue streams". Compliance with each of these rules, when applicable and if required, would impose additional costs on our business. To the extent such proposals affect the equity market structure more broadly, our ability to generate revenue may be impaired. There is also the risk that, despite our best efforts, the SEC or FINRA does not view our compliance measures as sufficient. This risk is substantially elevated where regulators adopt a substantial number of new rules in a short time frame. In addition, non-compliance with any adopted requirements would likely result in enforcement action by the SEC or FINRA.

Regulation - Risk 11

Extensive regulation and supervision have a negative impact on our ability to compete in a cost-effective manner and may subject us to material compliance costs and penalties.

The Company, primarily through its subsidiary SoFi Bank and certain non-bank subsidiaries, is subject to extensive federal and state regulation and supervision. Banking regulations are primarily intended to protect depositors' funds, federal deposit insurance funds and the banking system as a whole. Many laws and regulations affect our lending practices, capital structure, investment practices, dividend policy and growth, among other things. They encourage us to ensure a satisfactory level of lending in defined areas and establish and maintain comprehensive programs relating to anti-money laundering and customer identification. Congress, state legislatures, and federal and state regulatory agencies continually review banking laws, regulations and policies for possible changes. Changes to statutes, regulations or regulatory policies, including changes in interpretation or implementation of statutes, regulations or policies, could affect us in substantial and unpredictable ways. Such changes could subject us to additional costs, limit the types of financial services and products it may offer and/or increase the ability of non-banks to offer competing financial services and products, among other things. Failure to comply with laws, regulations or policies could result in sanctions by regulatory agencies, civil money penalties and/or reputation damage, which could have a material adverse effect on our business, financial condition and results of operations.

Regulation - Risk 12

We are subject to the risk that regulatory or enforcement agencies and/or consumer advocacy groups may assert that our business practices may violate certain rules, laws and regulations, including anti-discrimination statutes.

Anti-discrimination statutes, such as the FHA and the ECOA and state law equivalents, prohibit creditors from discriminating against loan applicants and borrowers based on certain characteristics, such as race, religion and national origin. Various federal regulatory and enforcement departments and agencies, including the Department of Justice and CFPB, take the position that these laws apply not only to intentional discrimination, but also to facially neutral practices that have a disparate impact on a group that shares a characteristic that a creditor may not consider in making credit decisions. State and federal regulators, as well as consumer advocacy groups and plaintiffs' attorneys, are focusing greater attention on "disparate impact" claims. Similarly, these regulatory agencies and litigants could take the position that the geographical footprint within which we conduct lending activity or the manner in which we advertise loans, disproportionately excludes potential borrowers belonging to a protected class, and constitutes unlawful "redlining". Although we utilize an automated underwriting process to originate loans, we frequently adjust pricing strategies which increases our risk of inadvertently violating the FHA and the ECOA. These regulatory agencies could also take the position that the underwriting or credit models or algorithms we use produce disparate outcomes or do not produce sufficient information about a credit decision to satisfy applicant notification requirements under ECOA. In addition to reputational harm, violations of the FHA and the ECOA can result in actual damages, punitive damages, injunctive or equitable relief, attorneys' fees and civil money penalties.

Regulation - Risk 13

Our investment adviser and broker-dealer subsidiaries are subject to regulation by the SEC and FINRA.

We offer investment management services through SoFi Wealth which sponsors private investment funds that invest in asset-backed securitizations. SoFi Wealth ( the "Investment Adviser") is registered as an investment adviser under the Investment Advisers Act of 1940, as amended (the "Advisers Act"), which does not imply any level of skill or training, and is subject to regulation by the SEC. SoFi Securities is an affiliated SEC-registered broker-dealer and FINRA member. We offer cash management accounts, which are brokerage products, through SoFi Securities. The Investment Adviser operates in a highly regulated environment and is subject to, among other things, the anti-fraud provisions of the Advisers Act and to fiduciary duties derived from these provisions, which apply to its relationships with our members who are its advisory clients, as well as the funds managed by the Investment Advisers. These provisions and duties also impose certain restrictions and obligations on us with respect to our dealings with our members, fund investors and our investments, including for example restrictions on transactions with our affiliates. Our Investment Adviser is also subject to other requirements under the Advisers Act and related regulations. These additional requirements relate to matters including, among others, maintaining an effective and comprehensive compliance programs and record-keeping and reporting and disclosure requirements. In recent years, the SEC proposed and, in some cases, adopted amendments to the Advisers Act rules, which present a number of additional significant and burdensome compliance challenges for registered investment advisers. In addition, our Investment Adviser has been in the past, and will be in the future, subject to SEC examination. Moreover, the Advisers Act generally grants the SEC broad administrative powers, including the power to limit or restrict an investment adviser from conducting advisory activities in the event it fails to comply with federal securities laws. The Investment Adviser is also subject to applicable state securities laws. Additional sanctions that may be imposed for failure to comply with applicable requirements include any prohibition of individuals from associating with an investment adviser, the revocation of registration and other censures and fines. Even if an investigation or proceeding did not result in a sanction or the sanction imposed against us or our personnel by a regulator was small in monetary amount, the adverse publicity relating to the investigation, proceeding or imposition of these sanctions could harm our reputation and cause us to lose existing members or fail to gain new members. See Part II, Item 1. "Legal Proceedings". Our subsidiary, SoFi Securities, is an affiliated SEC-registered broker-dealer and FINRA member. The securities industry is highly regulated, including under federal, state and other applicable laws, rules and regulations, and we may be adversely affected by regulatory changes related to suitability of financial products, supervision, sales practices, advertising, application of fiduciary standards, best execution and market structure, any of which could limit our business and damage our reputation. FINRA has adopted extensive regulatory requirements relating to sales practices, advertising, registration of personnel, compliance and supervision, and compensation and disclosure, to which SoFi Securities and its personnel are subject. FINRA and the SEC also have the authority to conduct examinations of SoFi Securities, and may also conduct administrative proceedings. Additionally, material expansions of the business in which SoFi Securities engages are subject to approval by FINRA. This could delay, or even prevent, the firm's ability to expand its securities and brokerage offerings in the future. Furthermore, SoFi Securities is subject to increased governance in its role as an affiliate of a national bank under guidance from the OCC regarding retail non-deposit investment products or RNDIPs. OCC guidance, which was further updated in June 2024, requires that banks implement effective oversight and monitoring of relevant RNDIP arrangements to ensure that, among other things, sales transactions and recommendations to retail investors comply with SEC regulations. Such oversight and monitoring may increase costs for SoFi Securities and SoFi Bank and could have a material adverse effect on our business, financial condition and results of operations, and any failure by SoFi Bank to effectively oversee and monitor such arrangements could result in harm to members and financial and reputational harm to us. From time to time, SoFi Securities and the Investment Adviser may be threatened with or named as a defendant in lawsuits, arbitrations and administrative claims. As previously noted, these entities are also subject to regulatory examinations and inspections by regulators (including the SEC and FINRA, as applicable). Compliance and trading problems or other deficiencies or weaknesses that are reported to regulators, such as the SEC and FINRA, by dissatisfied members or others, or that are identified by regulators themselves are investigated by such regulators, and may, if pursued, result in formal claims being filed against SoFi Securities and the Investment Adviser by members or disciplinary action being taken by regulators against us or our personnel. Our failure to comply with applicable laws or regulations or our own policies and procedures could result in fines, litigation, suspensions of personnel or other sanctions, which could have a material effect on our overall financial results. For example, in December 2023, FINRA found that SoFi Securities failed to establish, maintain, and enforce a supervisory system reasonably designed to supervise its fully paid securities lending offerings. Even if a sanction imposed against us or our personnel is small in monetary amount, the adverse publicity arising from the imposition of sanctions against us by regulators could harm our reputation and our brand and lead to material legal, regulatory and financial exposure (including fines and other penalties), cause us to lose existing members or fail to gain new members. In addition, in the normal course of business, SoFi Securities and the Investment Adviser discuss matters raised by its regulators during regulatory examinations or otherwise upon their inquiry. These matters could also result in censures, fines, penalties or other sanctions. In addition to the broker-dealer proposals described above under "Changes in applicable laws and regulations, as well as changes in government enforcement policies and priorities, may negatively impact the management of our business, results of operations, ability to offer certain products or the terms and conditions upon which they are offered, and ability to compete", a substantial number of proposed rules for investment advisers were introduced in 2023 and 2024 and may be adopted or re-proposed this year. These proposals cover material regulatory topics, including: (i) environmental, social, and governance issues for investment advisers and funds; (ii) outsourcing by investment advisers; (iii) safeguarding and custody of client assets; and (iv) expansion of the scope of activities and relationships that make a person an investment advice fiduciary under Section 3(21) of the Employee Retirement Income Security Act of 1974 and Section 4975 of the Internal Revenue Code. If enacted, compliance with each of these proposed rules would impose additional costs on our business. There is also the risk that, despite our best efforts, the SEC does not view our compliance measures as sufficient. This risk is substantially elevated where regulators adopt a substantial number of new rules in a short time frame.

Regulation - Risk 14

We recently transferred our digital assets-related trading services to comply with regulations governing bank holding companies; this transfer could adversely impact our member relationships and our reputation.

Until recently, we offered virtual currency and digital asset-related trading services through SoFi Digital Assets, LLC, a subsidiary licensed and registered with various governmental authorities as a MSB, money transmitter, virtual currency business or the equivalent. In connection with our approval as a bank holding company in February 2022, the Federal Reserve determined that SoFi Digital Assets, LLC was engaged in certain digital asset-related activities that the Federal Reserve has not found to be permissible for a bank holding company under the Bank Holding Company Act and Regulation Y. Section 4(a)(2) of the Bank Holding Company Act permitted us to continue our digital assets related offering for a two-year conformance period from the date we became a bank holding company. In compliance with the requirement that we conform our activities to those permissible for a bank holding company, in December 2023, we ceased offering digital-asset related trading services in all states except New York. We provided a majority of our members with the option to either close their digital asset account or migrate their digital assets accounts to Blockchain.com. Members located in New York were not eligible for account migration, so those member accounts remained open for sell orders only until January 28, 2024, following which any open New York accounts were closed. All transaction fees from any sales from digital assets accounts were reimbursed. As part of our transfer of our digital asset-related activities we entered into a referral arrangement with Blockchain.com, and we have and may continue to enter into additional referral arrangements with other companies that can provide digital-asset related trading services to our members. Although we do not expect the transfer of our digital asset-related activities or entry into the referral arrangements to have a material adverse impact on our business, results of operation or financial results, we cannot guarantee that our members will not experience a negative impact with respect to their digital asset positions. In addition, these are recent events and there is no guarantee we will not face member dissatisfaction or litigation, or harm to our reputation, or adverse regulatory consequences, from such developments. Furthermore, if our prior digital asset-related trading services are the subject of regulatory scrutiny or enforcement actions, it could have a material adverse effect on our business, results of operations and reputation. There has been a significant amount of guidance, reports, and public statements issued by federal and state financial regulators regarding the legal permissibility of, and supervisory considerations relating to, financial institutions engaging in digital assets-related activities. Many U.S. regulators, including the SEC, FinCEN, the CFTC, the IRS, and state regulators including the New York State Department of Financial Services, have made official pronouncements, pursued cases against businesses in the digital assets space or issued guidance or rules regarding the treatment of Bitcoin and other digital currencies. Both federal and state agencies have instituted enforcement actions against those violating their interpretation of existing laws. Other U.S. and many state agencies have offered little or incomplete official guidance regarding the treatment of digital assets. For example, the CFTC has publicly taken the position that certain virtual currencies, which term includes digital assets, are commodities. Senior SEC staff members have created additional ambiguity about certain digital assets, including Ether, by refusing to affirmatively state whether they are "commodities" subject to CFTC jurisdiction or "securities" subject to SEC jurisdiction. In addition, in 2023, the SEC brought high profile enforcement actions against companies that intermediate transactions in digital assets. For example, in June 2023, the SEC filed lawsuits against cryptocurrency exchanges Coinbase and Binance Holdings Limited and its affiliate BAM Trading Services Inc. (collectively, "Binance") alleging, among other allegations, that Coinbase operated its crypto trading platform as an unregistered national securities exchange, broker and clearing agency and for its failure to register the offer and sale of its crypto asset staking-as-a-service program. The SEC alleges that Binance was operating unregistered national exchanges, broker-dealers and clearing agencies and the unregistered offer and sale of crypto assets. In November, 2023, the SEC filed a lawsuit against Kraken alleging that Kraken's crypto trading platform operated as an unregistered securities exchange, broker, dealer, and clearing agency. In March 2024, the CFTC filed a lawsuit against KuCoin, alleging that KuCoin operated an illegal digital asset derivative exchange. If the SEC, CFTC or another federal or state regulator alleges that any assets we offered were securities or derivatives, or that we have violated any other federal or state securities or commodities law or regulation, we could face potential liability, including an enforcement action or private class action lawsuits, and face the costs of defending ourselves in the action, including potential fines, penalties, reputation harm, and potential loss of revenue. See "We may become subject to enforcement actions or litigation as a result of our failure to comply with laws and regulations, even though noncompliance was inadvertent or unintentional".

Regulation - Risk 15

Failure to comply with anti-money laundering, economic and trade sanctions regulations, and similar laws could subject us to penalties and other adverse consequences.

Various laws and regulations in the U.S. and abroad, such as the BSA, the Dodd-Frank Act, the USA PATRIOT Act, and the Credit Card Accountability Responsibility and Disclosure Act, impose certain anti-money laundering requirements on companies that are financial institutions or that provide financial products and services. Under these laws and regulations, financial institutions are broadly defined to include banks and MSBs such as money transmitters. In 2013, FinCEN issued guidance regarding the applicability of the BSA to administrators and exchangers of convertible virtual currency, clarifying that they are MSBs, and more specifically, money transmitters. The BSA requires banks and MSBs to develop and implement risk-based anti-money laundering programs, report large cash transactions and suspicious activity, and maintain transaction records, among other requirements. State regulators may impose similar requirements on licensed money transmitters. In addition, our contracts with financial institution partners and other third parties may contractually require us to maintain an anti-money laundering program. SoFi Bank is subject to the regulatory and supervisory jurisdiction of the OCC with respect to the BSA and its implementing regulations applicable to banks. Our subsidiary, SoFi Digital Assets, LLC, is registered with FinCEN as an MSB. Registration as an MSB subjects us to the regulatory and supervisory jurisdiction of FinCEN and the IRS, the anti-money laundering provisions of the BSA and its implementing regulations applicable to MSBs. Although we have exited our digital assets business, the Company, including SoFi Digital Assets, LLC, may still be subject to regulatory scrutiny related to our prior business practices. We are also subject to economic and trade sanctions programs administered by OFAC, which prohibit or restrict transactions to or from or dealings with specified countries, their governments, and in certain circumstances, their nationals, and with individuals and entities that are specially-designated nationals of those countries, narcotics traffickers, terrorists or terrorist organizations, and other sanctioned persons and entities. Our failure to comply with anti-money laundering, economic and trade sanctions regulations, and similar laws could subject us to substantial civil and criminal penalties, or result in the loss or restriction of our national bank charter, MSB or broker-dealer registrations and state licenses, or liability under our contracts with third parties, which may significantly affect our ability to conduct some aspects of our business. Changes in this regulatory environment, including changing interpretations and the implementation of new or varying regulatory requirements by the government, may significantly affect or change the manner in which we currently conduct some aspects of our business.

Regulation - Risk 16

We are subject to anti-corruption, anti-bribery and similar laws, and noncompliance with such laws can subject us to significant adverse consequences, including criminal or civil liability, and harm our business.

We are subject to the Foreign Corrupt Practices Act, U.S. domestic bribery laws and other U.S. and foreign anti-corruption laws. Anti-corruption and anti-bribery laws have been enforced aggressively in recent years and are interpreted broadly to generally prohibit companies, their employees and their third-party intermediaries from authorizing, offering or providing, directly or indirectly, improper payments or benefits to recipients in the public sector. These laws also require that we keep accurate books and records and maintain internal controls and compliance procedures designed to prevent any such actions. Although our operations are currently concentrated in the U.S., as we increase our international cross-border business and expand operations abroad, we have engaged and may further engage with business partners and third-party intermediaries to market our services and to obtain necessary permits, licenses and other regulatory approvals. In addition, we or our third-party intermediaries may have direct or indirect interactions with officials and employees of government agencies or state-owned or affiliated entities. We can be held liable for the corrupt or other illegal activities of these third-party intermediaries, our employees, representatives, contractors, partners, and agents, even if we do not explicitly authorize such activities. The failure to comply with any such laws could subject us to criminal or civil liability, cause us significant reputational harm and have an adverse effect on our business, financial condition and results of operations.

Regulation - Risk 17

As a bank holding company, we are subject to extensive supervision and regulation, and changes in laws and regulations applicable to bank holding companies could limit or restrict our activities and could have a material adverse effect on our operations.

As a bank holding company, we are subject to regulation, supervision and examination by the Federal Reserve, and SoFi Bank is subject to regulation, supervision and examination by the OCC and the FDIC, as well as regulations issued by the CFPB. Federal laws and regulations govern numerous matters affecting us, including changes in the ownership or control of banks and bank holding companies, maintenance of adequate capital and the financial condition of a financial institution, permissible types, amounts and terms of extensions of credit and investments, permissible nonbanking activities, the level of reserves against deposits and restrictions on dividend payments. The OCC possesses the power to issue cease and desist orders to prevent or remedy unsafe or unsound practices or violations of law by banks subject to their regulation, and the Federal Reserve possesses similar powers with respect to bank holding companies. In general, the bank supervisory framework is intended to protect insured depositors and the safety, soundness and stability of the U.S. financial system and not shareholders in depository institutions or their holding companies. In connection with applying for approval to become a bank holding company, we developed a financial and bank capitalization plan and enhanced our governance, compliance, controls and management infrastructure and capabilities in order to ensure compliance with all applicable regulations, which required, and will continue to require, substantial time, monetary and human resource commitments. If any new regulations or interpretations of existing regulations to which we are subject impose requirements on us that are impractical or that we cannot satisfy, our financial performance, and our stock price, may be adversely affected. Federal regulations establish minimum capital requirements for insured depository institutions, including minimum risk-based capital and leverage ratios, and define "capital" for calculating these ratios. The minimum capital requirements are: (i) a common equity Tier 1 capital ratio of 4.5%; (ii) a Tier 1 to risk-based assets capital ratio of 6%; (iii) a total capital ratio of 8%; and (iv) a Tier 1 leverage ratio of 4%. The regulations also establish a "capital conservation buffer" of 2.5% of common equity Tier 1 capital. An institution will be subject to limitations on paying dividends, engaging in share repurchases and paying discretionary bonuses if its capital level falls below the capital conservation buffer amount. The federal banking regulators could also require the Company and/or SoFi Bank, as applicable, to hold capital that exceeds minimum capital requirements for insured depository institutions. The application of these capital requirements could, among other things, require us to maintain higher capital resulting in lower returns on equity, and we may be required to obtain additional capital, or face regulatory actions if we are unable, to comply with such requirements. We are also subject to the requirements in Sections 23A and 23B of the Federal Reserve Act and the Federal Reserve's implementing Regulation W, which regulate loans, extensions of credit, purchases of assets, and certain other transactions between an insured depository institution (such as SoFi Bank) and its affiliates. The statute and regulation require us to impose certain quantitative limits, collateral requirements and other restrictions on "covered transactions" between SoFi Bank and its affiliates and require all transactions be on "market terms" and conditions consistent with safe and sound banking practices. The laws, rules, regulations, and supervisory guidance and policies applicable to us are subject to regular modification and change, including increased regulation as a result of the turmoil in the banking industry. These changes could adversely and materially impact us. For example, the Dodd-Frank Act and other federal banking laws subject companies with $10 billion or more of consolidated assets to additional regulatory requirements. Section 1075 of the Dodd-Frank Act, which is commonly known as the "Durbin Amendment", amended the Electronic Fund Transfer Act to restrict the amount of interchange fees that may be charged and prohibit network exclusivity for debit card transactions. SoFi Bank is required to comply with the restrictions on interchange fees that went into effect on July 1, 2023, which may negatively impact future interchange fees we collect. In addition, in November 2023, the Federal Reserve proposed changes to the regulations implementing the Electronic Fund Transfer Act that would further restrict the amount of interchange fees that may be charged and require biennial reviews of those fees. Guidance from regulators of SoFi Bank can subject its non-bank affiliates to increased governance. For example, the OCC's guidance on retail non-deposit investment products, or RNDIPs, applies to referral arrangements that SoFi Bank may have with an affiliate, including SoFi Securities. This guidance, which was further updated in June 2024 to align with the SEC's Regulation BI, requires that banks implement and maintain effective oversight and monitoring of relevant RNDIP arrangements to ensure that, among other things, sales transactions and recommendations to retail investors comply with SEC regulations. Changes in laws, rules, regulations and supervisory guidance and policies could, among other things, subject us to additional costs, including costs of compliance; limit the types of financial services and products we may offer; and/or increase the ability of non-banks to offer competing financial services and products. Failure to comply with laws, regulations, policies, or supervisory guidance could result in enforcement and other legal actions by federal and state authorities, including criminal and civil penalties, the loss of FDIC insurance, revocation of a banking charter or registration as a broker-dealer and investment adviser, other sanctions by regulatory agencies, civil money penalties, and/or reputational damage, which could have a material adverse effect on our business, financial condition, and results of operations. Finally, we intend to continue to explore other products for SoFi Bank over time. Some of those products may require, or be deemed to require, additional data, procedures, partnerships, regulatory approvals, or capabilities that we have not yet obtained or developed. Should we fail to expand and evolve SoFi Bank products in a successful manner, or should these new products, or new regulations or interpretations of existing regulations, impose requirements on us that are cumbersome or that we cannot satisfy, our business may be materially and adversely affected.

Regulation - Risk 18

Failure to comply with applicable laws, regulations or commitments, or to satisfy our regulators' supervisory expectations, could subject us to, among other things, supervisory or enforcement action, which could adversely affect our business, financial condition and results of operations.

If we do not comply with applicable laws, regulations or commitments, including SoFi Bank's operating agreement, if we are deemed to have engaged in unsafe or unsound conduct, or if we do not satisfy our regulators' supervisory expectations, then we may be subject to increased scrutiny, supervisory criticism, governmental or private litigation and/or a wide range of potential monetary penalties or consequences, enforcement actions, criminal liability and/or reputational harm. Such actions could be public or of a confidential nature, and arise even if we are acting in good faith or operating under a reasonable interpretation of the law and could include, for example, monetary penalties, payment of damages or other monetary relief, restitution or disgorgement of profits, directives to take remedial action or to cease or modify practices, restrictions on growth or expansionary proposals, denial or refusal to accept applications, removal of officers or directors, prohibition on dividends or capital distributions, increases in capital or liquidity requirements and/or termination of SoFi Bank's deposit insurance. Additionally, compliance with applicable laws, regulations and commitments requires significant investment of management attention and resources. Any failure to comply with applicable laws, regulations or commitments could have an adverse effect on our business, financial condition and results of operations.

Litigation & Legal Liabilities5 | 6.3%

Litigation & Legal Liabilities - Risk 1

Litigation, regulatory actions and compliance issues could subject us to significant fines, penalties, judgments, remediation costs, negative publicity, changes to our business model, and requirements resulting in increased expenses.

Our business is subject to increased risks of litigation and regulatory actions as a result of a number of factors and from various sources, including as a result of the highly regulated nature of the financial services industry and the focus of state and federal enforcement agencies on the financial services industry. From time to time, we are also involved in, or the subject of, reviews, requests for information, investigations and proceedings (both formal and informal) by state and federal governmental agencies and SROs, regarding our business activities and our qualifications to conduct our business in certain jurisdictions, which has in the past and could in the future subject us to significant fines, penalties, obligations to change our business practices and other requirements resulting in increased expenses and diminished earnings. Our involvement in any such matter also has in the past and could in the future cause significant harm to our reputation and divert management attention from the operation of our business, even if the matters are ultimately determined in our favor. Moreover, any settlement, or any consent order or adverse judgment in connection with any formal or informal proceeding or investigation by a government agency, may prompt litigation or additional investigations or proceedings as other litigants or other government agencies begin independent reviews of the same activities. See "If we fail to comply with federal and state consumer protection laws, rules, regulations and guidance, our business could be adversely affected" for a discussion of the FTC Consent Order. In addition, a number of participants in the financial services industry have been the subject of: putative class action lawsuits; state attorney general actions and other state regulatory actions; federal regulatory enforcement actions, including actions relating to alleged unfair, deceptive or abusive acts or practices; violations of state licensing and lending laws, including state usury laws; actions alleging discrimination on the basis of race, ethnicity, gender or other prohibited bases; and allegations of noncompliance with various state and federal laws and regulations relating to originating and servicing consumer finance loans. For example, we entered into a settlement agreement on April 18, 2022 related to a putative class action in which it was alleged that we engaged in unlawful lending discrimination through policies and practices by making applicants?who are conditional permanent residents or DACA holders?ineligible for loans or eligible only with a co-signer who is U.S. citizen or lawful permanent resident. We made an aggregate payment to the class and the class counsel in an immaterial amount. In addition, as a financial services company, errors in performing settlement functions, including clerical, technological and other errors related to the handling of funds and securities could lead to censures, fines or other sanctions imposed by applicable regulatory authorities as well as losses and liabilities in related lawsuits and proceedings brought by transaction counterparties and others. The current regulatory environment, increased regulatory compliance efforts and enhanced regulatory enforcement have resulted in significant operational and compliance costs and may prevent us from providing certain products and services. There is no assurance that these regulatory matters or other factors will not, in the future, affect how we conduct our business and, in turn, have a material adverse effect on our business. In particular, legal proceedings brought under state consumer protection statutes or under several of the various federal consumer financial services statutes may result in a separate fine for each violation of the statute, which, particularly in the case of class action lawsuits, could result in damages substantially in excess of the amounts we earned from the underlying activities. In addition, from time to time, through our operational and compliance controls, we identify compliance and other issues that require us to make operational changes and, depending on the nature of the issue, result in financial remediation to impacted members. These self-identified issues and voluntary remediation payments could be significant, depending on the issue and the number of members impacted, and also could generate litigation or regulatory investigations that subject us to additional risk. See Part II, Item 1. "Legal Proceedings".

Litigation & Legal Liabilities - Risk 2

We have in the past, continue to be, and may in the future be subject to inquiries, exams, pending investigations, or enforcement matters.

The financial services industry is subject to extensive regulation and oversight under federal, state, and applicable international laws. From time to time, in the normal course of business, we have received and may receive or be subject to inquiries or investigations by state and federal regulatory or enforcement agencies and bodies, such as the CFPB, SEC, the Federal Reserve, the OCC, the FDIC, the FHFA, the VA, the state attorneys general, state financial regulatory agencies, other state or federal agencies and SROs like FINRA. We also have in the past and may in the future receive inquiries from state regulatory agencies regarding requirements to obtain licenses from or register with those states, including in states where we have previously determined that we are not required to obtain such a license or be registered with the state. In addition, we have been threatened with or named as a defendant in lawsuits, arbitrations and administrative claims involving securities, consumer financial services and other matters. We are also subject to periodic regulatory examinations and inspections. Compliance and trading problems or other deficiencies or weaknesses that are reported to regulators, such as the OCC, SEC, FINRA, the CFPB or state regulators, by dissatisfied customers or others, or that are identified by regulators themselves, are investigated by such regulators, and may, if pursued, result in formal claims being filed against us by customers or disciplinary action being taken against us or our employees by regulators or enforcement agencies. In addition, we could be required to disclose such federal, state, or local government actions or court orders to the CFPB's registry of corporate offenders that have broken consumer laws, which could be time-consuming and costly, increase our legal and compliance costs, increase demand on our systems and resources, and adversely impact our reputation. To resolve issues raised in examinations or other governmental actions, we may be required to take various corrective actions, including changing certain business practices, making refunds or taking other actions that could be financially or competitively detrimental to us. Any such inquiries, investigations, lawsuits, arbitrations, administrative claims or other inquiries have in the past and could in the future involve substantial time and expense to analyze and respond to, divert management's attention and other resources from running our business, and lead to fines, penalties, injunctive relief, and the need to obtain additional licenses that we do not currently possess. Our involvement in any such matters, whether tangential or otherwise and even if the matters are ultimately determined in our favor, could also cause significant harm to our reputation, lead to additional investigations and enforcement actions from other agencies or litigants, and further divert management attention and resources from the operation of our business. As a result, the outcome of legal and regulatory actions arising out of any state or federal inquiries we receive could have a material adverse effect on our business, financial condition or results of operations.

Litigation & Legal Liabilities - Risk 3

If the information provided to us by applicants is incorrect or fraudulent, we may misjudge an applicant's qualification to receive a loan or use one of our products, and our results of operations may be harmed.

Our lending and platform access decisions are based partly on information provided to us by applicants. To the extent that an applicant provides information to us in a manner that we are unable to verify, or the information provided by an applicant consists of data obtained under false pretenses by third parties, is a manufactured/synthetic identity, or is a stolen identity, our credit decisioning process may not accurately reflect the associated risk. In addition, data provided by third-party sources, including credit reporting agencies, is a significant component of our credit decisions and this data may contain inaccuracies. Inaccurate analysis of credit data that could result from false loan application information could harm our reputation, business and results of operations. Additionally, we rely on the accuracy of applicant information in approving applicants for our non-lending products, such as SoFi Money, SoFi Credit Card or SoFi Invest accounts. If the information provided to us by these applicants is incorrect or fraudulent and we are unable to detect the inaccuracies, it increases our regulatory and fraud risk and the risk of identity theft to our members, and could harm our reputation, business and results of operations. We use identity and fraud prevention tools to analyze data provided by external databases or automated physical identity document proofing technologies to authenticate each applicant's identity. These fraud prevention tools, scores, and data aggregators are reliant on sustained access to reliable data sources to facilitate robust verification which have reduced effectiveness with diminished data access. From time to time in the past, however, these checks have failed and there is a risk that these checks could fail in the future and fraud, which may be significant, may occur and go undetected. For example, in the past we have identified certain fraudulent activity related to our personal loans product. While the fraudulent activity was detected and the losses were recognized in our results of operations, there can be no assurance there will not be future instances of fraud, that we will be able to detect such fraudulent activity in a timely manner, or that such future fraudulent activity will not be material. We may not be able to recoup funds underlying loans made in connection with inaccurate statements, omissions of fact or fraud, in which case our revenue, results of operations and profitability will be harmed. Fraudulent activity or significant increases in fraudulent activity could also lead to regulatory intervention, which could negatively impact our results of operations, brand and reputation, and require us to take steps to reduce fraud risk, which could increase our costs.

Litigation & Legal Liabilities - Risk 4

An increase in fraudulent activity could lead to reputational damage to our brand and material legal, regulatory and financial exposure (including fines and other penalties), and could reduce the use and acceptance of SoFi Money and SoFi Credit Card.

Financial institutions like us, as well as our members, colleagues, regulators, vendors and other third parties, have experienced a significant increase in fraudulent activity in recent years and will likely continue to be the target of increasingly sophisticated fraudsters and fraud rings in the future. This is particularly true for our newer products where we have limited experience evaluating customer behavior and performing tailored risk assessments, such as checking and savings and credit card. We develop and maintain systems and processes aimed at detecting and preventing fraudulent activity, which require significant investment, maintenance and ongoing monitoring and updating as technologies and regulatory requirements change and as efforts to overcome security and anti-fraud measures become more sophisticated. Despite our efforts, we have in the past and may in the future be subject to fraudulent activity, which may affect our results of operations. For example, our general and administrative expenses in the past have included charges related to fraud events. The possibility of fraudulent or other malicious activities and human error or malfeasance cannot be eliminated entirely and will evolve as new and emerging technology is deployed, including the increasing use of personal mobile and computing devices that are outside of our network and control environments, particularly as a large part of our workforce works remotely. Risks associated with each of these include theft of funds and other monetary loss, the effects of which could be compounded if not detected quickly. Fraudulent activity may not be detected until well after it occurs and the severity and potential impact may not be fully known for a substantial period of time after it has been discovered. Fraudulent activity and other actual or perceived failures to maintain a product's integrity and/or security has led to increased regulatory scrutiny and may lead to regulatory investigations and intervention (such as mandatory card reissuance), increased litigation (including class action litigation), remediation, fines and response costs, negative assessments of us and our subsidiaries by regulators and rating agencies, reputational and financial damage to our brand, and reduced usage of our products and services, all of which could have a material adverse impact on our business. In addition, we offer certain fraud and compliance and risk management services to technology platform clients as part of our platform as a service offerings and regulatory scrutiny of these types of services has increased recently. Any failure in these services provided to technology platform clients could result in regulatory actions or fines, and potential loss of client accounts. Successful fraudulent activity and other incidents related to the actual or perceived failures to maintain the integrity of our processes and controls could negatively affect us, including harming the market perception of the effectiveness of our security measures or harming the reputation of the financial system in general, which could result in reduced use of our products and services. Such events could also result in legislation and additional regulatory requirements. Although we maintain insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate.

Litigation & Legal Liabilities - Risk 5

We may be subject to securities litigation, which is expensive and could divert management attention.

The market price of our common stock may be volatile and, in the past, companies that have experienced volatility in the market price of their stock have been subject to securities class action litigation. We may be the target of this type of litigation in the future. Securities litigation against us could result in substantial costs and divert management's attention from other business concerns, which could seriously harm our business.

Taxation & Government Incentives1 | 1.3%

Taxation & Government Incentives - Risk 1

Changes in tax law and differences in interpretation of tax laws and regulations may adversely impact our financial statements.

We operate in multiple jurisdictions and are subject to tax laws and regulations of the U.S. federal, state and local and non-U.S. governments. U.S. federal, state and local and non-U.S. tax laws and regulations are complex and subject to varying interpretations. U.S. federal, state and local and non-U.S. tax authorities may interpret tax laws and regulations differently than we do and challenge tax positions that we have taken. This may result in differences in the treatment of revenues, deductions, credits and/or differences in the timing of these items. The differences in treatment may result in payment of additional taxes, interest or penalties that could have an adverse effect on our financial condition and results of operations. Further, future changes to U.S. federal, state and local and non-U.S. tax laws and regulations could increase our tax obligations in jurisdictions where we do business or require us to change the manner in which we conduct some aspects of our business. Proposals to reform U.S. and foreign tax laws could significantly impact how U.S. multinational corporations are taxed on foreign earnings and could increase the U.S. corporate tax rate. Several of the proposals currently being considered, if enacted, could have an adverse impact on our future effective tax rate, income tax expense, and cash flows. Further, the Organisation for Economic Co-operation and Development (the "OECD"), an international association of 38 countries, including the U.S., has issued guidelines that change long-standing tax principles. These guidelines create tax uncertainty as countries amend their tax laws to adopt certain parts of the guidelines.

Environmental / Social2 | 2.5%

Environmental / Social - Risk 1

Regulations relating to privacy, information security and data protection could increase our costs, affect or limit how we collect and use personal information, and adversely affect our business opportunities.

We are subject to various privacy, information security and data protection laws, including requirements concerning security breach notification, and we could be negatively impacted by them. For example, we are subject to the GLBA and implementing regulations and guidance. Among other things, the GLBA (i) imposes certain limitations on the ability to share consumers' nonpublic personal information with nonaffiliated third parties and (ii) requires certain disclosures to consumers about our practices for the collection, sharing and safeguarding of their information and their right to "opt out" of the institution's disclosure of their personal financial information to nonaffiliated third parties (with certain exceptions). The GLBA and other state laws also require that we implement and maintain certain security measures, policies and procedures to protect personal information. Furthermore, legislators and/or regulators are increasingly adopting new and/or amending existing privacy, information security and data protection laws that potentially could have a significant impact on our current and planned privacy, data protection and information security-related practices; our policies and practices related to the collection, use, sharing, retention and safeguarding of consumer and/or employee information; and some of our current or planned business activities. New requirements, originating from new or amended laws, could also increase our costs of compliance and business operations and could reduce income from certain business initiatives. Compliance with current or future privacy, information security and data protection laws (including those regarding security breach notification) affecting customer and/or employee data to which we are subject could result in higher compliance and technology costs and could restrict our ability to provide certain products and services (such as products or services that involve sharing information with third parties or storing sensitive credit card information), which could materially and adversely affect our profitability. A failure by us or a third-party contractor providing services to us to comply with applicable data privacy and security laws, regulations, self-regulatory requirements or industry guidelines, or our terms of use with our users, may result in sanctions, statutory or contractual damages or litigation (including class actions) and may subject us to reputational harm. Additionally, there is always a danger that regulators can attempt to assert authority over our business in the area of privacy, information security and data protection. Furthermore, if our vendors and/or service providers are or become subject to laws and regulations in the jurisdictions that have enacted more stringent and expansive legislation applicable to privacy, information and/or data protection, the costs that these vendors and service providers must incur in becoming compliant may be passed along to us, resulting in increasing costs on our business. Concerns in our ability, perceived or otherwise, to protect the privacy and security of personal information may affect our ability to retain and engage new and existing members, clients, investors, and employees, and thereby affect our financial condition. Furthermore, failure to comply or perceived failure to comply with applicable privacy or data protection laws, rules, and regulations may subject us to examinations, investigations, and general heightened scrutiny that may cause us to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties or other sanctions. Any of these could damage our reputation and adversely affect our business, financial condition, and results of operations. Privacy requirements, including notice and opt-out requirements, under the GLBA and FCRA are enforced by the FTC, the OCC and by the CFPB through UDAAP and are a standard component of OCC and CFPB compliance and examinations. State entities also may initiate actions for alleged violations of privacy or security requirements under state law. Our failure to comply with privacy, information security and data protection laws could result in potentially significant regulatory investigations and government actions, litigation, fines or sanctions, consumer or merchant actions and damage to our reputation and brand, all of which could have a material adverse effect on our business. If we collect and process personal data relating to individuals in the EU or the United Kingdom (the "UK") as a result of either offering goods or services into the EU or UK, or monitoring the behavior of EU and UK individuals, we will be required to comply with stringent privacy and data protection laws. Within the EU, legislators have adopted the General Data Protection Regulation (the "EU GDPR"), which became effective in May 2018. The EU GDPR will impose additional obligations and risk upon our business, which may increase substantially the penalties to which we could be subject in the event of any noncompliance. We may incur substantial expense in complying with obligations imposed by the EU GDPR and we may be required to make significant changes in our business operations, all of which may adversely affect our revenues and our business overall. In addition, further to the UK's exit from the EU on January 31, 2020, the EU GDPR ceased to apply in the UK at the end of the transition period on December 31, 2020. However, as of January 1, 2021, the UK's European Union (Withdrawal) Act 2018 incorporated the GDPR (as it existed on December 31, 2020 but subject to certain UK specific amendments) into UK law, referred to as the "UK GDPR". The UK GDPR and the UK Data Protection Act 2018 set out the UK's data protection regime, which is independent from but aligned to the EU's data protection regime. Noncompliance with the UK GDPR may result in significant monetary penalties. Although the UK is regarded as a third country under the EU's GDPR, the EC has issued a decision recognizing the UK as providing adequate protection under the EU GDPR and, therefore, transfers of personal data originating in the EU to the UK remain unrestricted. Like the EU GDPR, the UK GDPR restricts personal data transfers outside the UK to countries not regarded by the UK as providing adequate protection. The UK government has confirmed that personal data transfers from the UK to the EEA remain free flowing. In addition, around the world many jurisdictions outside of Europe are also considering and/or have enacted comprehensive data protection legislation. For example, we are subject to stringent privacy and data protection requirements in Hong Kong. Also, many jurisdictions where we may seek to expand our business in the future are also considering and/or have enacted comprehensive data protection legislation. Additional jurisdictions with stringent data protection laws include Brazil and China. In the United States, the SEC proposed multiple rules related to privacy and cybersecurity in March 2023. Proposed amendments to Regulation S-P would, among other things: (i) require covered institutions (including broker-dealers and investment advisers) to adopt written policies and procedures for an incident response program to address unauthorized access to or use of customer information; and (ii) require covered institutions to have written policies and procedures to provide timely notification to affected individuals whose sensitive customer information was or is reasonably likely to have been accessed or used without authorization. The SEC reopened the comment period for the Investment Management Cybersecurity Release which proposed new rules that would require registered investment advisers and investment companies to adopt and implement written cybersecurity policies and procedures reasonably designed to address cybersecurity risks, disclose information about cybersecurity risks and incidents, report information confidentially to the SEC about certain cybersecurity incidents, and maintain related records. While we believe we have robust policies and procedures addressing incidents involving unauthorized access to or use of customer information, these regulations have and may in the future require us to amend our current incident response program. In addition, these regulations may interfere with our intended business activities, inhibit our ability to expand into those markets or prohibit us from continuing to offer services in those markets without significant additional costs. The regulatory framework governing the collection, processing, storage, use and sharing of certain information, particularly financial and other personal information, is rapidly evolving and is likely to continue to be subject to uncertainty and varying interpretations. It is possible that these laws may be interpreted and applied in a manner that is inconsistent with laws in other jurisdictions or with our existing data management practices or the features of our services and platform capabilities. We therefore cannot yet fully determine the impact existing and/or future laws, rules, regulations and industry standards may have on our business or operations. Any failure or perceived failure by us, or any third parties with which we do business, to comply with our posted privacy policies, changing consumer expectations, evolving laws, rules and regulations, industry standards, or contractual obligations to which we or such third parties are or may become subject, may result in actions or other claims against us by governmental entities or private actors, the expenditure of substantial costs, time and other resources or the imposition of significant fines, penalties or other liabilities. In addition, any such action, particularly to the extent we were found to be guilty of violations or otherwise liable for damages, would damage our reputation and adversely affect our business, financial condition and results of operations. Any such laws, rules, regulations and industry standards may be inconsistent among different jurisdictions, subject to differing interpretations or may conflict with our current or future practices. Additionally, our customers may be subject to differing privacy laws, rules and legislation, which may mean that they require us to be bound by varying contractual requirements applicable to certain other jurisdictions. Adherence to such contractual requirements may impact our collection, use, processing, storage, sharing and disclosure of various types of information including financial information and other personal information, and may mean we become bound by, or voluntarily comply with, self-regulatory or other industry standards relating to these matters that may further change as laws, rules and regulations evolve. Complying with these requirements and changing our policies and practices may be onerous and costly, and we may not be able to respond quickly or effectively to regulatory, legislative and other developments. These changes may in turn impair our ability to offer our existing or planned features, products and services and/or increase our cost of doing business. As we expand our customer base, these requirements may vary from customer to customer, further increasing the cost of compliance and doing business. We publicly post documentation regarding our practices concerning the collection, processing, use and disclosure of data. Although we endeavor to comply with our published policies and documentation, we may at times fail to do so or be alleged to have failed to do so. Any failure or perceived failure by us to comply with our privacy policies or any applicable privacy, security or data protection, information security or consumer-protection related laws, regulations, orders or industry standards could expose us to costly litigation, significant awards, fines or judgments, civil and/or criminal penalties or negative publicity, and could materially and adversely affect our business, financial condition and results of operations. The publication of our privacy policy and other documentation that provide promises and assurances about privacy and security can subject us to potential state and federal action if they are found to be deceptive, unfair, or misrepresentative of our actual practices, which could, individually or in the aggregate, materially and adversely affect our business, financial condition and results of operations.

Environmental / Social - Risk 2

The collection, processing, use, storage, sharing and transmission of personal data could give rise to liabilities as a result of federal, state and international laws and regulations, as well as our failure to adhere to the privacy and data security practices that we articulate to our members.

We collect, process, store, use, share and/or transmit a large volume of personal information and other non-public data from current, past and prospective members. There are federal, state, and foreign laws regarding privacy, data security and the collection, use, storage, protection, sharing and/or transmission of personal information and non-public data. Additionally, many states continue to enact legislation on matters of privacy, information security, cybersecurity, data breach and data breach notification requirements. For example, as of January 1, 2020, the CCPA granted additional consumer rights with respect to data privacy in California. The CCPA was amended by a California ballot initiative, the CPRA, in November 2020. The CCPA amendments, including expanded rights for consumers and obligations for businesses, went into effect on January 1, 2023. The CCPA, among other things, entitles California residents to know how their personal information is being collected and shared, to access or request the deletion of their personal information and to opt out of the sharing of their personal information. The amended CCPA also created a new state agency, the CPPA, and vested it with full administrative power, authority and jurisdiction to implement and enforce the CCPA. Generally, personal information that we process is subject to GLBA and thereby exempt from CCPA coverage. However, the CCPA regulates other personal information that we collect and process in connection with the business. While we have made modifications to our data collection and processing practices and policies to comply with the CCPA, we cannot predict their impact on our business, operations or financial condition. Similar laws have been passed in numerous other states and a number of other states have proposed new privacy laws, some of which are similar to the above-discussed recently passed laws. Such proposed legislation, if enacted, may add additional complexity, variation in requirements, restrictions and potential legal risk, require additional investment of resources in compliance programs, impact strategies and the availability of previously useful data and could result in increased compliance costs and/or changes in business practices and policies. The existence of comprehensive privacy laws in different states in the country would make our compliance obligations more complex and costly and may increase the likelihood that we may be subject to enforcement actions or otherwise incur liability for noncompliance. In addition, laws in all 50 U.S. states require businesses to provide notice to individuals if certain of their personal information has been disclosed as a result of a qualifying data breach. These various privacy and security laws may impact our business activities, including our identification of research subjects, relationships with business partners and ultimately the marketing and distribution of our products. State laws are changing rapidly and in 2023, U.S. Congress proposed a new comprehensive federal data privacy law to which we may likely become subject, if enacted. Outside the United States, an increasing number of laws, regulations, and industry standards apply to data privacy and security. For example, the European Union's General Data Protection Regulation (EU GDPR), the United Kingdom's GDPR (UK GDPR), various Latin American (LATAM) privacy laws such as Brazil's Lei Geral de Proteção de Dados Pessoais (LGPD) and Argentina's Ley de Protección de los Datos Personales (PDPA) impose strict requirements for the processing of personal data of individuals located, respectively, within the European Economic Area (EEA), the United Kingdom (UK) and LATAM region. For example, under the EU GDPR, government regulators may impose temporary or definitive bans on data processing, as well as fines of up to 20 million Euros or 4% of the annual global revenue of the company, whichever is greater; or private litigation related to processing of personal data brought by classes of data subjects or consumer protection organizations authorized at law to represent their interests. Certain jurisdictions, such as the EU, Switzerland, the UK and LATAM have enacted cross-border personal data transfers laws regulating personal data flows to third countries. For example, absent appropriate safeguards or other circumstances, the EU GDPR generally restricts the transfer of personal data to countries outside of the EEA, such as the United States, which the European Commission does not consider to provide an adequate level of personal data protection. The European Commission has issued standard contractual clauses for data transfers from controllers or processors in the EU (or otherwise subject to the EU GDPR) to controllers or processors established outside the EU. The new standard contractual clauses require exporters to assess the risk of a data transfer on a case-by-case basis, including an analysis of the laws in the destination country. The UK is not subject to the European Commission's new standard contractual clauses but has published a UK-specific transfer mechanism, which enables transfers from the UK. The UK-specific mechanism, the "International Data Transfer Agreement", requires a similar risk assessment of the transfer as the standard contractual clauses. Further, the EU and United States have adopted its adequacy decision for the EU-U.S. Data Privacy Framework ("Framework"), which entered into force on July 11, 2023. This Framework provides that the protection of personal data transferred between the EU and the United States is comparable to that offered in the EU. This provides a further avenue to ensuring transfers to the United States are carried out in line with the EU GDPR. There has been an extension to the Framework to cover UK transfers to the United States. The Framework could be challenged like its predecessor frameworks. This complexity and the additional contractual burden may increase our overall risk exposure. In addition, laws in Switzerland and LATAM similarly restrict personal data transfers outside of those jurisdictions to countries such as the United States of America that do not provide an adequate level of personal data protection. In addition to European restrictions on cross-border personal data transfers, other jurisdictions have enacted or are considering similar cross-border personal data transfer laws and local personal data residency laws, any of which could increase the cost and complexity of doing business. If we cannot implement a valid compliance mechanism for cross-border personal data transfers, we may face increased exposure to regulatory actions, substantial fines, and injunctions against processing or transferring personal data from Europe or elsewhere. Inability to import personal data to the United States may significantly and negatively impact our business operations, including by limiting our ability to collaborate with parties subject to European and other data protection laws or requiring us to increase our personal data processing capabilities in Europe and/or elsewhere at significant expense. Any violations of these laws and regulations may require us to change our business practices or operational structure, including limiting our activities in certain states and/or jurisdictions, address legal claims, and sustain monetary penalties, reputational damage and/or other harms to our business. Further, in certain cases we rely on the data processing, privacy, data protection and cybersecurity practices of our third-party service providers, including with regard to maintaining the confidentiality, security and integrity of data. If we fail to manage our third-party service providers or their relevant practices, or if they fail to meet any requirements with regard to data processing, privacy, data protection or cybersecurity required by applicable legal or contractual obligations that we face (including any applicable requirements of our clients), we may be liable in certain cases. Legal obligations relating to privacy, cybersecurity and data protection may require us to manage our third-party service providers and their practices and to enter into agreements with them in certain cases. We may face difficulties in binding our third-party service providers to these agreements and otherwise managing their relevant practices, which may subject us to claims, proceedings, and liabilities. Furthermore, our online privacy policy and website make certain statements regarding our privacy, information security, and data security practices with regard to information collected from our members. Failure to adhere to such practices may result in regulatory scrutiny and investigation (including the potential for fines and monetary penalties), complaints by affected members, reputational damage and other harm to our business. If either we, or the third-party service providers with which we share member data, are unable to address privacy concerns, even if unfounded, or to comply with applicable laws and regulations, it could result in additional costs and liability, damage our reputation, and harm our business.

Production

Total Risks: 7/79 (9%)Below Sector Average

Employment / Personnel5 | 6.3%

Employment / Personnel - Risk 1

Employee misconduct, which can be difficult to detect and deter, could harm our reputation and subject us to significant legal liability.

We operate in an industry in which integrity and the confidence of our members is of critical importance. We are subject to risks of errors and misconduct by our employees that could adversely affect our business, including: - engaging in misrepresentation or fraudulent activities when marketing or performing online brokerage and other services to our members;- improperly using or disclosing confidential information of our members, technology platform clients, or other parties;- concealing unauthorized or unsuccessful activities; or - otherwise not complying with applicable laws and regulations or our internal policies or procedures. There have been numerous highly-publicized cases of fraud and other misconduct by financial services industry employees. The precautions that we take to detect and deter employee misconduct might not be effective. If any of our employees engage in illegal, improper, or suspicious activity or other misconduct, we could suffer serious harm to our reputation, financial condition, member relationships, and our ability to attract new members. We also could become subject to regulatory sanctions and significant legal liability, which could cause serious harm to our financial condition, reputation, member relationships and prospects of attracting additional members. Risk Management and Financial Reporting Risks

Employment / Personnel - Risk 2

We adjust our total number of members in the event a member is removed in accordance with our terms of service, and our total member count in any one period may not yet reflect such adjustments.

We adjust our total number of members in the event a member is removed in accordance with our terms of service. This could occur for a variety of reasons-including fraud or pursuant to certain legal processes or if a member requests that we close their account in accordance with our terms of service-and, as our terms of service evolve together with our business practices, product offerings and applicable regulations, additional grounds for removing members from our total member count could occur. The determination that a member should be removed in accordance with our terms of service is subject to an evaluation process, following the completion, and based on the results, of which, relevant members and their associated products are removed from our total member count. However, depending on the length of the evaluation process, that removal may not take place in the same period in which the member was added to our member count or the same period in which the circumstances leading to their removal occurred. For this reason, our total member count in any one period may not yet reflect such adjustments. In any given period, we estimate that up to 10% of our members may be under evaluation for removal in accordance with our terms of service; however, we cannot assure you that this percentage in any period will not be more significant and have an adverse impact on our stock price or results of operations.

Employment / Personnel - Risk 3

We rely on our management team and will require additional key personnel to grow our business, and the loss of key management members or key employees, or an inability to hire key personnel, could harm our business.

We believe our success has depended, and continues to depend, on the efforts and talents of our senior management, who have significant experience in the financial services and technology industries, are responsible for our core competencies and would be difficult to replace. Our future success depends on our continuing ability to attract, develop, motivate and retain highly qualified and skilled employees. Qualified individuals are usually in high demand even in an uncertain economy, and we may incur significant costs to attract and retain them. In addition, the loss of any of our senior management or key employees could materially adversely affect our ability to execute our business plan and strategy, and we may not be able to find adequate replacements on a timely basis, or at all, and our other employees may be required to take on additional responsibilities. Furthermore, many candidates evaluate year over year stock growth trends for a sense of the potential long-term value of their proposed stock awards, or have recently begun to discount the value of growth stocks on the whole. The volatility of the market price of our common stock could harm our ability to attract and retain talent. Our executive officers and other employees are at-will employees, which means they may terminate their employment relationship with us at any time, and their knowledge of our business and industry would be extremely difficult to replace. We cannot ensure that we will be able to retain the services of any members of our senior management or other key employees. If we do not succeed in attracting well-qualified employees or retaining and motivating existing employees, our business could be materially and adversely affected.

Employment / Personnel - Risk 4

The job market and the optimization of our workforce creates a challenge and potential risk as we strive to attract and retain a highly skilled workforce.

Competition for certain of our employees, including highly skilled technology and product professionals responsible for the design, engineering and operation of systems, is competitive, which can present a risk as we compete for experienced candidates, especially if the competition is able to offer more attractive financial terms of employment. This risk extends to our current employee population. We also invest significant time and expense in engaging and developing our employees, which also increases their value to other companies that may seek to recruit them. Turnover can result in significant replacement costs and lost productivity. In addition, from time to time, we implement organizational changes to pursue greater efficiency and realign our business and strategic priorities. For example, in the recent past, we laid off a relatively small number of employees even though we intend to continue to hire in other areas. As our organization continues to evolve, and we are required to implement and optimize our business and organizational structures, we may find it difficult to maintain the benefits of our corporate culture, including our ability to quickly develop and launch new and innovative products. This could negatively affect our business performance. See also "We transitioned to a flexible-first workforce model, which could subject us to increased business continuity and cyber risks, as well as other operational challenges and risks that could significantly harm our business and operations" for more information on the impact of a flexible workforce model on corporate culture and employee retention. In addition, U.S. immigration policy has made it more difficult for qualified foreign nationals to obtain or maintain work visas under the H-1B classification. These H-1B visa limitations make it more difficult and/or more expensive for us to hire the skilled professionals we need to execute our growth strategy, especially engineering, data analytics and risk management personnel, and may adversely impact our business.

Employment / Personnel - Risk 5

We transitioned to a flexible-first workforce model, which could subject us to increased business continuity and cyber risks, as well as other operational challenges and risks that could significantly harm our business and operations.

We offer most of our employees the choice of working full time in the office, a hybrid approach, or full-time remote. In 2023 we announced an increase in in-office collaboration for non-remote employees who are returning to the office for a specified number of days per month, varying by business team. This return to the office for non-remote employees is limited, and we expect many employees to continue to work remotely for a number of days per week. As a result, we expect to continue to be subject to the challenges and risks of having a remote workforce, as well as new challenges and risks from operating with a hybrid workforce. For example, our employees are accessing our servers remotely through home or other networks to perform their job responsibilities. Such security systems may be less secure than those used in our offices, which may subject us to increased security risks, including cybersecurity-related events, and expose us to risks of data or financial loss and associated disruptions to our business operations. Additionally, employees who access company data and systems remotely may not have access to technology that is as robust as that in our offices, which could place additional pressure on our user infrastructure and third parties that are not easily mitigated. These risks include home internet availability affecting work continuity and efficiency, and additional dependencies on third-party communication tools, such as instant messaging and online meeting platforms. We may also be exposed to risks associated with the locations of remote employees, including compliance with local laws and regulations or exposure to compromised internet infrastructure. Allowing our employees to work remotely may create intellectual property risk if employees create intellectual property on our behalf while residing in a jurisdiction with unenforced or uncertain intellectual property laws. Further, if employees fail to inform us of changes in their work location, we may be exposed to additional risks without our knowledge. While most of our operations can be performed remotely and we believe have operated effectively, there is no guarantee that this will continue or that we will continue to be as effective while operating a flexible-first workforce model because our team is dispersed. Additionally, operating our business with both remote and in-person workers, or workers who work in flexible locations and on flexible schedules, could have a negative impact on our corporate culture, decrease the ability of our workforce to collaborate and communicate effectively, decrease innovation and productivity, or negatively affect workforce morale. If we are unable to manage the cybersecurity and other risks of a flexible-first workforce model, and maintain our corporate culture and workforce morale, our business could be harmed or otherwise adversely impacted.

Supply Chain1 | 1.3%

Supply Chain - Risk 1

Changed

We service all of the personal loans we originate and credit cards we issue, as well as other loans, and have limited servicing experience, and we rely on third-party service providers to service the student loans and home loans we originate, and to perform various other functions in connection with the origination and servicing of certain loans. If we or a third-party service provider fails to properly perform these functions, our business and our ability to service our loans may be adversely affected.

We service all of the personal loans we originate as well as certain loans originated by third-parties and, in all material respects, all of the credit cards we issue, and we have limited experience with such servicing. We may begin servicing the student loans that we originate at some time in the future. We rely on sub-servicers to service all of our student loans and our home loans that we deliver to GSEs and do not sell servicing-released, and to perform certain back-up servicing functions with respect to our personal loans. In addition, we rely on third-party service providers to perform various functions relating to our loan origination and servicing business, including fraud detection, marketing, operational functions, cloud infrastructure services, information technology, telecommunications and processing remotely created checks. While we oversee these service providers to ensure they service our loans in accordance with our agreements and regulatory requirements, we do not have control over the operations of any of the third-party service providers that we utilize. In the event that a third-party service provider for any reason fails to perform such functions, including through negligence, willful misconduct or fraud, our ability to process payments and perform other operational functions for which we currently rely on such third-party service providers will suffer and our business, cash flows and future prospects may be negatively impacted. Such third-party service provider failures could also result in, among other things, increased regulatory scrutiny of our third-party service provider oversight, costly investigations, required corrective action and remediation, regulatory enforcement actions, class action lawsuits, and harm to our reputation. Any failure on our part or on the part of third parties on whom we rely to perform functions related to our servicing activities to properly service our loans or the loans originated by third-parties could result in us being removed as the servicer on the loans, including loans financed by our warehouse facilities or sold into our whole loan sales channel and securitization transactions. If we fail to monitor our student loan sub-servicer and ensure that such sub-servicer complies with its obligations under state laws that require student loan servicers to be licensed, we may face civil claims for damages under such state laws. Because we receive revenue from such servicing activities, any such removal as the servicer or master servicer, could adversely affect our business, operating results, financial condition or prospects, as would the cost of onboarding a new servicer. Furthermore, we have agreed in our servicing agreements to service loans in accordance with the standards set forth therein, and may be obligated to repurchase loans or indemnify the buyer of any such loans if we fail to meet those standards. Additionally, if one or more key third-party service providers were to cease to exist, to become a debtor in a bankruptcy or an insolvency proceeding or to seek relief under any debtor relief laws or to terminate its relationship with us, there could be delays in our ability to process payments and perform other operational functions for which we are currently relying on such third-party service provider, and we may not be able to promptly replace such third-party service provider with a different third-party service provider that has the ability to promptly provide the same services in the same manner and on the same economic terms. As a result of any such delay or inability to replace such key third-party service provider, our ability to process payments and perform other business functions could suffer and our business, cash flows and future prospects may be negatively impacted.

Costs1 | 1.3%

Costs - Risk 1

If one or more of our warehouse facilities, on which we are highly dependent, is terminated or otherwise becomes unavailable, we may be unable to find replacement financing on favorable terms, or at all, which would have a material adverse effect on our business and financial condition.

We require a significant amount of short-term funding capacity for loans we originate. Consistent with industry practice, our existing warehouse facilities generally require periodic renewal. If any of our committed warehouse facilities are terminated or are not renewed or our uncommitted facilities are not honored, we may be unable to find replacement financing on favorable terms, or at all, and we might not be able to originate an acceptable or sustainable volume of loans, which would have a material adverse effect on our business. Additionally, as our business continues to expand, including our home loan business, we may need additional warehouse funding capacity for the loans we originate. There can be no assurance that, in the future, we will be able to obtain additional warehouse funding capacity on favorable terms, on a timely basis, or at all. If we fail to meet or satisfy any of the financial or other covenants included in our warehouse facilities, we would be in default under one or more of these facilities and our lenders could elect to declare all amounts outstanding under the facilities to be immediately due and payable, enforce their interests against loans pledged under such facilities and restrict our ability to make additional borrowings. Certain of these facilities also contain cross-default provisions. These restrictions may interfere with our ability to obtain financing or to engage in other business activities, which could materially and adversely affect us. There can be no assurance that we will maintain compliance with all financial and other covenants included in our warehouse facilities in the future. In addition, our agreements with our warehouse lenders contain various concentration limits and triggers, including related to excess spread. As high interest rates place pressure on our net cost of funds for loans held at SoFi Lending Corp., which do not benefit from deposit funding through SoFi Bank, the likelihood of reaching an excess spread limit increases. A breach of such limits or other similar terms of such agreements could result in an inability to place loans in the relevant warehouse facilities and require us to pursue other forms of financing. If we are unable to find replacement financing on favorable terms, or at all, our operations could be impacted materially.

Macro & Political

Total Risks: 6/79 (8%)Below Sector Average

Economy & Political Environment3 | 3.8%

Economy & Political Environment - Risk 1

Our business and results of operations have in the past and may in the future be adversely affected by the financial markets, fiscal, monetary, and regulatory policies, and economic conditions generally.

Our business, results of operations and reputation are directly affected by elements beyond our control, including general economic, political, social and health conditions in the U.S. and in countries abroad. These elements can arise suddenly and the full impact can remain unknown or result in adverse effects, including, but not limited to, extreme volatility in credit, equity and foreign currency markets, changes to buying patterns of our members and prospective members or reductions in the credit quality of our members, and changes to the financial condition of our technology platform clients and prospective clients. In particular, markets in the U.S. or abroad have been and may in the future be affected by the level and volatility of interest rates, availability and market conditions of financing, recessionary pressures, inflation and hyperinflation, supply chain disruptions, changes in consumer spending, employment levels, labor shortages, federal government shutdowns, developments related to the U.S. federal debt ceiling, changes in legislation, regulations or policy, energy prices, home prices, commercial property values, bankruptcies, a default by a significant market participant or class of counterparties, market volatility, liquidity of the global financial markets, the growth of global trade and commerce, exchange rates, trade policies, the availability and cost of capital and credit, disruption of communication, transportation or energy infrastructure and investor sentiment and confidence. Additionally, global markets have been and may in the future be adversely affected by the current or anticipated impact of climate change, extreme weather events or natural disasters, the emergence or continuation of widespread health emergencies or pandemics, cyberattacks or campaigns, military conflict, (e.g., the escalating conflict in the Middle East and the ongoing war in Ukraine), terrorism or other geopolitical events, including the upcoming changes to the United States presidential administration, which may affect our results of operations. For example, although we do not have operations in the locations impacted by these conflicts, the ongoing war in these locations has led and could in the future lead to macroeconomic effects, including volatility in commodity prices and the supply of energy resources, instability in financial markets, supply chain interruptions, political and social instability, as well as an increase in cyberattacks and espionage. Also, any sudden or prolonged market downturn in the U.S. or abroad, as a result of the above factors or otherwise, could adversely affect our business, results of operations and financial condition, including capital and liquidity levels. We are not able to predict with any certainty the ultimate impact that any of these events, as well as any other future events, may have on our business. Significant downturns in the securities markets or in general economic and political conditions may also decrease the demand for our products and services and could also result in our members reducing their engagement with our platform. In addition, such significant downturns may cause default rates on our loans to increase and cause funding and liquidity concerns for our current and prospective technology platform clients reducing their adoption and use of our platform as a service products and services. Conversely, significant upturns in the securities markets or in general economic and political conditions may cause individuals to be less proactive in seeking ways to improve the returns on their trading or investment decisions and, thus, decrease the demand for our products and services. Any of these changes could cause our future performance to be uncertain or unpredictable, and could have an adverse effect on our business, financial condition and results of operations. In addition, a prolonged weakness in the U.S. equity markets or a general extended economic downturn could cause our members or technology platform clients to incur losses, which in turn could cause our brand and reputation to suffer. If our reputation is harmed, the willingness of our existing members or technology platform clients and potential new members or clients to do business with us could be negatively impacted, which would adversely affect our business, financial condition and results of operations. Our business is sensitive to interest rates and interest rates are highly sensitive to many factors that are beyond our control, including global, domestic and local economic conditions and the policies of various governmental and regulatory agencies and, in particular, the Federal Reserve. The Federal Reserve increased interest rates throughout 2022 and multiple times in 2023, and we are unable to predict whether it will continue to raise rates further or continue to lower rates. Further changes to prevailing interest rates could influence not only the interest we receive on loans and investments and the amount of interest we pay on deposits and borrowings, but such changes have in the past and could in the future also affect (i) our ability to originate loans at competitive rates and obtain deposits; (ii) the fair value of our financial assets and liabilities; (iii) the average duration of our loan portfolios and other interest-earning assets; (iv) the mix of lending products we originate which is influenced by demand for refinancing products; and (v) the competition faced by our SoFi Money deposit product from other investment products which may become more attractive as interest rates rise. See "Changing expectations for inflation and deflation and corresponding fluctuations in interest rates could decrease demand for our lending products and negatively affect loan performance, as well as increase certain operating costs, such as employee compensation" for additional information on the risks of interest rate fluctuations to our business. Interest rate changes and other actions, including balance sheet management, lending facilities, and the Federal Reserve's exit from quantitative easing, and similar actions taken by the Federal Reserve or other central banks, are beyond our control and difficult to predict. These actions affect interest rates and the value of financial instruments, increase the likelihood of a more volatile market, a further appreciating U.S. dollar and negative growth in gross domestic product, and affect other assets and liabilities and can impact our members and technology platform clients. Any such downturn, especially in the regions in which we operate, may adversely affect our asset quality, deposit levels, loan demand and results of operations. Changes to existing laws, regulations and policies and evolving priorities, including those related to financial regulation, taxation, international trade, fiscal policy, cybersecurity and privacy, digital assets, climate change (including any required reduction of greenhouse gas emissions) and healthcare, may adversely impact U.S. or global economic activity and our members, our technology platform clients, our counterparties and our earnings and operations. For example, changes, or proposed changes, to certain U.S. trade and international investment policies, particularly with important trading partners (including China and the European Union (the "EU")) have in recent years negatively impacted financial markets. Actions taken by other countries, particularly China, to restrict the activities of businesses, could also negatively affect financial markets. An escalation of tensions, such as a further escalation in conflict in the Middle East, could lead to further measures that adversely affect financial markets, disrupt world trade and commerce and lead to trade retaliation, including through the use of duties and tariffs, foreign exchange measures or the large-scale sale of U.S. Treasury Bonds. Any of these developments could adversely affect our business, our members, our technology platform clients, the value of our loan portfolios, our level of charge-offs and provision for credit losses, our capital levels, our liquidity and our results of operations.

Economy & Political Environment - Risk 2

Changing expectations for inflation and deflation and corresponding fluctuations in interest rates could decrease demand for our lending products and negatively affect loan performance, as well as increase certain operating costs, such as employee compensation.

The U.S. economy has remained strong despite facing certain headwinds, including, but not limited to, changing U.S. consumer spending patterns, elevated and fluctuating inflation and interest rates, reduced consumer discretionary spending, and weakening wage growth and employment levels, but there is no guarantee that future changes will not have an impact. For example, the Federal Reserve increased interest rates throughout 2022 and 2023, and in September and November 2024 lowered them. We are unable to predict whether the Federal Reserve will continue to reduce rates, as it has signaled it may do. Continued elevated interest rates may decrease borrower demand for certain of our lending products, even as inflation places pressure on consumer spending, borrowing and saving habits as consumers evaluate their prospects for future income growth and employment opportunities in the current economic environment, and as borrowers face uncertainty about the impact of elevated prices on their ability to repay a loan. A change in demand for our lending products and any steps we may take to mitigate such change could impact our credit quality and overall growth. For example, we have experienced lower demand for our home loans in an elevated interest rate environment, as our historical demand has primarily resulted from refinancing, which is less attractive in a higher interest rate environment. We have also focused on personal loan originations to offset the lower demand in other lending products. Personal loans are a higher risk product than home loans or student loans and we have seen an increase in the amount of personal loans that we originate which may increase the inherent risk in our overall portfolio. In addition, fluctuating interest rates may increase our cost of capital and ability to offer a competitive interest rate on our loans. Although we closely monitor these increased risks, there is no guarantee we will make the correct adjustments to our originations or make adjustments quickly enough. Furthermore, economic pressure resulting in the inability of a borrower to repay a loan could translate into increased loan defaults, foreclosures and charge-offs and negatively affect our business, financial condition, results of operations, cash flows and future prospects. Additionally, an inflationary environment combined with a healthy labor market and decreases in the market value of our equity awards could make it more costly for us to attract or retain employees. In order to meet the compensation expectations of our prospective and current employees due to inflationary and other factors, we have in the past and may in the future be required to increase our operating costs or risk losing skilled workers to competitors. See "Personnel and Business Continuity Risks-The job market and the optimization of our workforce creates a challenge and potential risk as we strive to attract and retain a highly skilled workforce" for more information on the risks posed by a competitive labor market.

Economy & Political Environment - Risk 3

We operate in a cyclical industry. In an economic downturn, member default rates may increase, there may be decreased demand for our products, and there may be adverse impacts to our business.

Recent macroeconomic factors, such as elevated interest rates, global events and market volatility, may cause the economy to enter into a period of slower economic growth or a recession, the length and severity of which cannot be predicted. Such uncertainty and negative trends in general economic conditions can have a significant negative impact on our ability to generate adequate revenue and to absorb expected and unexpected losses. Many factors, including factors that are beyond our control, may result in higher default rates by our members and non-payment by our technology platform clients, a decline in the demand for our products, and potentially impact our ability to make accurate credit assessments, lending decisions or technology platform client selections. Any of these factors could have a detrimental impact on our financial performance and liquidity. Our Lending and Financial Services segments may be particularly negatively impacted by worsening economic conditions that place financial stress on our members resulting in loan defaults or charge-offs. If a loan charges off while we are still the owner, the loan either enters a collections process or is sold to a third-party collection agency and, in either case, we will receive less than the full outstanding interest on, and principal balance of, the loan. Declining economic conditions may also lead to either decreased demand for our loans or demand for a higher yield on our loans, and consequently lower prices or a lower advance rate, from institutional whole loan purchasers, securitization investors and warehouse lenders on whom we rely for liquidity. The longevity and severity of a downturn or recession will also place pressure on lenders under our debt warehouses, whole loan purchasers and investors in our securitizations, each of whom may have less available liquidity to invest in our loans, and long-term market disruptions could negatively impact the securitization market as a whole. Although certain of our debt warehouses contain committed terms, there can be no assurance that our financing arrangements will remain available to us through any particular business cycle or be renewed on the same terms. The timing and extent of a downturn may also require us to change, postpone or cancel our strategic initiatives or growth plans to pursue shorter-term sustainability. The longer and more severe an economic downturn, the greater the potential adverse impact on us. Our Technology Platform segment is also susceptible to worsening economic conditions that place financial stress on our current clients using our platform as a service products and services and potential new clients interested in such services. These clients and potential clients may experience liquidity and other financial issues or strategically slowdown growth, any of which could lead them to decrease or terminate their use of our technology platform services or delay or reject implementation of new or expanded products and services. Any such actions with respect to our technology platform products and services could have an adverse impact on our business. There can be no assurance that economic conditions will be favorable for our business, that interest in purchasing our loans by financial institutions or investment by clients in our platform as a service products and services will remain at current levels, or that default rates by our members or instances of non-payment by our technology platform clients will not increase. Reduced demand, lower prices or a lower advance rate for our loan products from institutional whole loan purchasers, securitization investors and warehouse lenders, increased default rates by our members, and reduced demand, lower prices and increased non-payment by our technology platform clients, may limit our access to capital, including debt warehouse facilities, securitizations and secured and unsecured borrowing facilities, and negatively impact our profitability. These impacts, in addition to limiting our access to capital and negatively impacting our profitability, could also, in turn, increase the volatility of the mark-to-market methodology we use to determine the fair value of the loans and credit card receivables we hold on balance sheet and consequently have a material adverse effect on our revenues, results of operations, capital requirements, liquidity and cash flows.

International Operations1 | 1.3%

International Operations - Risk 1

We may continue to expand operations abroad where we have limited operating experience and may be subject to increased business, economic and regulatory risks that could adversely impact our financial results.

In April 2020, we undertook our first international expansion by acquiring 8 Limited, an investment business in Hong Kong. Additionally, with the acquisition of Galileo in May 2020, we gained clients in Canada, Mexico and Colombia and, with the acquisition of Technisys in March 2022, we further expanded our operations into Latin America. We may, in the future, continue to pursue further international expansion of our business operations, either organically or through acquisitions, in new international markets where we have limited or no experience in marketing, selling and deploying our products and services. If we fail to deploy or manage our operations in these countries successfully, our business and operations may suffer. In addition, we are subject to a variety of risks inherent in doing business internationally, including: - political, social and/or economic instability or military conflict;- risks related to governmental regulations in foreign jurisdictions, including regulations relating to privacy, and unexpected changes in regulatory requirements and enforcement;- fluctuations in currency exchange rates and global market volatility;- higher levels of credit risk and fraud;- enhanced difficulties of integrating foreign acquisitions;- burdens of enforcing and complying with a variety of foreign laws;- reduced protection for intellectual property rights in some countries;- difficulties in staffing and managing global operations and the increased travel, infrastructure and legal compliance costs associated with multiple international locations and subsidiaries;- different regulations and practices with respect to employee/employer relationships, existence of workers' councils and labor unions, and other challenges caused by distance, language, and cultural differences, making it harder to do business in certain international jurisdictions;- compliance with statutory equity requirements; and - management of tax consequences. If we are unable to manage the complexity of global operations successfully, our financial performance and operating results could suffer. Credit Market Related Risks

Natural and Human Disruptions2 | 2.5%

Natural and Human Disruptions - Risk 1

Changed

Our financial condition and results of operations have been and may in the future be adversely impacted by an epidemic or pandemic.

Occurrences of epidemics or pandemics, depending on their scale, may cause different degrees of disruption to the regional, state and local economies in which we offer our products and services. For example, the COVID-19 pandemic caused changes in consumer and student behavior, as well as economic disruptions. Any future pandemic or public health crisis may result in, among other impacts, worker shortages, supply chain issues, inflationary pressures, and the reinstatement and subsequent lifting of restrictions and health and safety related measures. Any COVID-19 resurgences or future epidemics or pandemics or other public health crises could adversely affect our business, operations and financial condition, as well as the business, operations and financial conditions of our members, other customers and partners. See "Our business and results of operations have in the past and may in the future be adversely affected by the financial markets, fiscal, monetary, and regulatory policies, and economic conditions generally" and "Management's Discussion and Analysis of our Financial Condition and Results of Operations-Key Business Metrics" and "-Consolidated Results of Operations" for further discussion of the impact of macroeconomic conditions in recent periods on our business and operating results. Strategic and New Product Risks

Natural and Human Disruptions - Risk 2

Our business is subject to the risks of natural disasters, power outages, telecommunications failures and similar events, including public health crises, and to interruptions by human-made problems such as terrorism, cyberattacks, and other actions, which may impact the demand for our products or our members' ability to repay their loans.

Events beyond our control may damage our ability to maintain our platform and provide services to our members. Such events include, but are not limited to, hurricanes, earthquakes, fires, floods and other natural disasters, public health crises, power or other outages, telecommunications failures and similar events. Despite any precautions we may take, system interruptions and delays could occur if there is a natural disaster, if a third-party provider closes a facility we use without adequate notice for financial or other reasons, or if there are other unanticipated problems at our leased facilities. Because we rely heavily on our servers, computer and communications systems and the Internet to conduct our business and provide high-quality service to our members, disruptions could harm our ability to effectively run our business. Moreover, our members and customers face similar risks, which could directly or indirectly impact our business. We currently use AWS and would be unable to switch instantly to another system in the event of failure to access AWS. This means that an outage of AWS could result in our system being unavailable for a significant period of time. Terrorism, cyberattacks and other criminal, tortious or unintentional actions could also give rise to significant disruptions to our operations. In addition, the long-term effects of climate change on the global economy and our industry in particular are unclear, however we recognize that there are inherent climate-related risks wherever business is conducted. For example, our offices may be vulnerable to the adverse effects of climate change. We have large offices located in the San Francisco Bay Area and Salt Lake City, Utah, regions that are prone to events such as seismic activity and severe weather, that have experienced and may continue to experience, climate-related events and at an increasing rate. Examples include drought and water scarcity, warmer temperatures, wildfires and air quality impacts and power shut-offs associated with wildfire prevention. The increasing intensity of drought throughout California and Utah and annual periods of wildfire danger increase the probability of planned power outages. Although we maintain a disaster response plan and insurance, such events could disrupt our business, the business of our partners or third-party suppliers, and may cause us to experience losses and additional costs to maintain and resume operations. Our business interruption insurance may not be sufficient to compensate us for losses that may result from interruptions in our service as a result of system failures or other disruptions. Comparable natural and other risks may reduce demand for our products or cause our members to suffer significant losses and/or incur significant disruption in their respective operations, which may affect their ability to satisfy their obligations towards us. All of the foregoing could materially and adversely affect our business, results of operations and financial condition.

Tech & Innovation

Total Risks: 4/79 (5%)Below Sector Average

Trade Secrets1 | 1.3%

Trade Secrets - Risk 1

It may be difficult and costly to protect our intellectual property rights, and we may not be able to ensure their protection.

Our ability to provide our products and services to our members and technology platform clients depends, in part, upon our proprietary technology. We may be unable to protect our proprietary technology effectively, which would allow competitors to duplicate our business processes and know-how, and adversely affect our ability to compete with them. A third party may attempt to reverse engineer or otherwise obtain and use our proprietary technology without our consent. The pursuit of a claim against a third party for infringement of our intellectual property could be costly, and there can be no guarantee that any such efforts would be successful. In addition, our platform or those of third-party service providers that we utilize may infringe upon claims of third-party intellectual property, and we may face intellectual property challenges from such other parties. We may not be successful in defending against any such challenges or in obtaining licenses to avoid or resolve any intellectual property disputes, or in receiving amounts due to us under indemnification obligations from third-party service providers. The costs of defending any such claims or litigation could be significant and, if we are unsuccessful, could result in a requirement that we pay significant damages or licensing fees, which would negatively impact our financial performance. If we cannot protect our proprietary technology from intellectual property challenges, our ability to maintain our platform could be adversely affected.

Cyber Security1 | 1.3%

Cyber Security - Risk 1

Changed

Cyberattacks and other security breaches and compromises could have an adverse effect on our business, harm our reputation and expose us to liability and adversely affect our ability to collect payments and maintain accurate accounts. Efforts to prevent and respond to these attacks and breaches are costly.

In the normal course of business, we collect, process and retain non-public and confidential information regarding our members, prospective members, technology platform clients and the customers of our technology platform clients. We also have arrangements in place with certain third-party service providers that require us to share consumer information. We likely will not be able to anticipate or prevent all security breaches or compromises even if we have implemented the required preventive measures, in which case there would be an increased risk of fraud or identity theft, and we have in the past and may in the future experience losses on, or delays in the collection of amounts owed. Although we devote significant resources and management focus to work to ensure the integrity of our systems through information/cybersecurity and business continuity programs, our facilities and systems, and those of third-party service providers, have been and will likely continue to be targeted by external or internal threats, security breaches, acts of vandalism, including other intentional acts by employees or third-party service providers that we are unable to predict and protect against or that compromise our security systems, computer viruses, misplaced or lost data, programming or human errors, and other similar events. In addition, the digital nature of our platform may make it lucrative for hacking and potentially vulnerable to computer viruses, physical or electronic break-ins and similar disruptions. We and third-party service providers have experienced such attempts in the past and expect to continue to experience them in the future. Security breaches or compromises could occur from outside our company, and also from the actions of persons inside our company who may have authorized or unauthorized access to our technology systems, despite the required investment in security controls. We also face security threats from malicious threat actors that could obtain unauthorized access to our systems and networks, which threats we anticipate will continue to grow in scope and complexity over time. In addition, security threats may increase as a result of geopolitical events, such as in connection with escalating conflict in the Middle East and the ongoing war in Ukraine, and upcoming changes to the United States presidential administration. These events could interrupt our business or operations, result in significant legal and financial exposure, supervisory liability, damage to our reputation and a loss of confidence in the security of our systems, products and services. Although the impact to date from these events has not had a material adverse effect on us, no assurance is given that this will continue to be the case in the future. Cybersecurity risks in the financial services industry have increased, in part because of new technologies, the use of the Internet and telecommunications technologies (including mobile devices) to conduct financial and other business transactions and the increased sophistication and activities of organized criminals, perpetrators of fraud, hackers, terrorists and others. In addition to cyberattacks and other security breaches and compromises involving the theft of non-public and confidential information, hackers have engaged in attacks that are designed to disrupt key business services, such as consumer-facing websites. We may not be able to anticipate or implement effective preventive measures against all security breaches and compromises, especially because the techniques used change frequently and because attacks can originate from a wide variety of sources. We employ detection and response mechanisms designed to contain and mitigate security incidents, but there are no assurances that these mechanisms will be effective and early detection efforts may be thwarted by sophisticated attacks and malware designed to avoid detection. Despite our investments in detection strategy and a 24/7/365 security operations center, we also may fail to detect the existence of a security breach related to the information of our members. Cybersecurity risks have also subjected us to additional regulation. For example, in July 2023, the SEC proposed new rules and amendments to address certain conflicts of interest associated with the use of predictive data analytics by broker-dealers and investment advisers in investor interactions. If adopted, the proposed rules would require broker-dealers and investment advisers to evaluate and determine whether their use of certain technologies in investor interactions such as analytical, technological or computational functions, algorithms, models, correlation matrices or similar methods or processes that direct or optimize for investment related behavior, involves a conflict of interest that results in the broker-dealer or investment adviser's interests being placed ahead of investors' interests. To the extent we determined there were conflicts of interest, we would be required to eliminate, or neutralize the effect of, any such conflicts. The proposed rules would also require us to have written policies and procedures reasonably designed to achieve compliance with the proposed rules and to make and keep books and records related to these requirements. The access by unauthorized persons to, or the improper disclosure by us of, confidential information regarding our members, prospective members, technology platform clients and the customers of our technology platform clients, or our proprietary information, software, methodologies and business secrets could interrupt our business or operations, result in significant legal and financial exposure, supervisory liability, damage to our reputation or a loss of confidence in the security of our systems, products and services, all of which could have a material adverse impact on our business. Because each loan that we originate involves, in part, our proprietary automated underwriting process, any failure of our computer systems involving our automated underwriting process and any technical or other errors contained in the software pertaining to our automated underwriting process could compromise our ability to accurately evaluate potential members, which could negatively impact our results of operations. Furthermore, any failure of our computer systems could cause an interruption in operations and result in disruptions in, or reductions in the amount of, collections from the loans we make to our members. Additionally, if hackers were able to access our secure files, they might be able to gain access to the personal information of our members, prospective members, technology platform clients and the customers of our technology platform clients. If we are unable to prevent such activity, we may be subject to significant liability, negative publicity and a material loss of members or technology platform clients, all of which may negatively affect our business. In addition, there have in the past been a number of well-publicized attacks or breaches affecting companies in the financial services industry that have heightened concern by consumers, which could also intensify regulatory focus, cause users to lose trust in the security of the industry in general and result in reduced use of our services and increased costs, all of which could also have a material adverse effect on our business.

Technology2 | 2.5%

Technology - Risk 1

Some aspects of our platform include open source software, and any failure to comply with the terms of one or more of these open source licenses could negatively affect our business.

We incorporate open source software into our proprietary platform and into other processes supporting our business. Such open source software may include software covered by licenses like the GNU General Public License and the Apache License or other open source licenses. The terms of various open source licenses have not been interpreted by U.S. courts, and there is a risk that such licenses could be construed in a manner that limits our use of the software, inhibits certain aspects of our platform and negatively affects our business operations. Some open source licenses contain requirements that we make available source code for modifications or derivative works we create based upon the type of open source software we use. If portions of our proprietary platform are determined to be subject to an open source license, or if the license terms for the open source software that we incorporate change, we could be required to publicly release the affected portions of our source code, re-engineer all or a portion of our platform or change our business activities. In addition to risks related to license requirements, the use of open source software can lead to greater risks than the use of third-party commercial software, as open source licensors generally do not provide warranties or controls on the origin of the software. Many of the risks associated with the use of open source software cannot be eliminated and could adversely affect our business.

Technology - Risk 2

Disruptions in the operation of our computer systems and third-party data centers and service providers could have an adverse effect on our business.

Our ability to deliver products and services to our members and clients, and otherwise operate our business and comply with applicable laws, depends on the efficient and uninterrupted operation of our computer systems and third-party data centers, as well as third-party service providers. Our computer systems and third-party providers may encounter service interruptions at any time due to system or software failure or errors, employee misconfiguration of resources or misdirected communications, natural disasters, severe weather conditions, health pandemics, terrorist attacks, cyberattacks or other events. For example, in September 2023, the SoFi Invest platform experienced a service interruption that resulted in some of our members being unable to view certain of their account information and unable to buy and sell securities and other financial products on our platform for a period of time. Any such events, including persistent interruptions or perceptions of such interruptions whether true or not, in our products and services could cause members to believe that our products and services are unreliable, leading them to switch to our competitors or to otherwise avoid our products and services, and otherwise have a negative effect on our business and technology infrastructure (including our computer network systems), which could lead to member dissatisfaction or long-term disruption of our operations. Additionally, our insurance policies might be insufficient to cover a claim made against us by any such members affected by any disruptions, outages, or other performance or infrastructure problems. Additionally, our reliance on third-party providers may mean that we will not be able to resolve operational problems internally or on a timely basis, as our operations will depend upon such third-party service providers communicating appropriately and responding swiftly to their own service disruptions through industry standard best practices in business continuity and/or disaster recovery. As a last resort, we may rely on our ability to replace a third-party service provider if it experiences difficulties that interrupt operations for a prolonged period of time or if an essential third-party service terminates. If these service arrangements are terminated for any reason without an immediately available substitute arrangement, our operations may be severely interrupted or delayed. If such interruption or delay were to continue for a substantial period of time, our business, prospects, financial condition and results of operations could be adversely affected. The implementation of technology changes and upgrades to maintain current and integrate new systems may cause service interruptions, transaction processing errors or system conversion delays and may cause us to fail to comply with applicable laws, all of which could have a material adverse effect on our business. We have made and expect to continue to make substantial and increasing investments in "observability", or the monitoring of our systems, but limitations or failures in those systems may exacerbate other problems by preventing us from anticipating or quickly detecting issues. In addition, our ability to monitor third party services and service providers is limited, and so our ability to anticipate, detect, and remediate anomalies in those services is also more limited when compared to our internal systems monitoring. Although our current use of artificial intelligence and machine learning is limited, our systems and those of our partners are increasingly reliant on artificial intelligence machine learning systems, which are complex and may have errors or inadequacies that are not easily detectable. These systems may inadvertently reduce the efficiency of our systems, or may cause unintentional or unexpected outputs that are incorrect, do not match our business goals, do not comply with our policies, or otherwise are inconsistent with our brands, guiding principles and mission. Errors or breakdowns in our machine learning systems could also result in damage to our reputation, loss of members, loss of revenue or liability for damages, any of which could adversely affect our growth prospects and our business. We expect that new technologies and business processes applicable to the financial services industry will continue to emerge and that these new technologies and business processes may be better than those we currently use. There is no assurance that we will be able to successfully adopt new technology as critical systems and applications become obsolete and better ones become available. A failure to maintain and/or improve current technology and business processes could cause disruptions in our operations or cause our solution to be less competitive, all of which could have a material adverse effect on our business.

Ability to Sell

Total Risks: 2/79 (3%)Below Sector Average

Demand1 | 1.3%

Demand - Risk 1

Demand for our products may decline if we do not continue to innovate or respond to evolving technological or other changes.

We operate in a dynamic industry characterized by rapidly evolving technology, frequent product introductions, and competition based on pricing and other differentiators. We continue to explore new product offerings and may rely on our proprietary technology to make our platform available to members, to service member accounts, to provide our technology platform as a service to clients and to introduce new products, which both fosters innovation and introduces new potential liabilities and risks. In addition, we may increasingly rely on technological innovation as we introduce new types of products, expand our current products into new markets, and continue to streamline our platform. For example, while we do not currently rely heavily on artificial intelligence, we expect to integrate more artificial intelligence into our technology in the future especially to improve the experience of our members. Even if we enhance our current products or release new products that incorporate artificial intelligence, there can be no assurance that our products will be successful or that we will innovate effectively to keep pace with the rapid evolution of artificial intelligence. Our ability to integrate artificial intelligence or other new technologies may also be limited by new laws or regulatory guidance. The process of developing new technologies and products is complex, and if we are unable to successfully innovate and continue to deliver a superior member and technology platform client experience, members' and clients' demand for our products may decrease and our growth and operations may be harmed.

Sales & Marketing1 | 1.3%

Sales & Marketing - Risk 1

We are unable to finance all of the receivables that we originate or other assets that we hold, and that illiquidity could result in a negative impact on our financial condition.

We have the option of pursuing a gain-on-sale origination model, the success of which is tied to our ability to finance the assets that we originate. Certain of our assets, however, are ineligible for sale to a whole loan buyer or securitization trust, or are ineligible for, or are subject to a lower advance rate under, warehouse funding, each of which has specific eligibility criteria for receivables it purchases or holds as collateral. Ineligible receivables include, among others, those in default or that are delinquent, receivables with defects in their origination or servicing, including fraud, or receivables generated under origination guidelines and credit policies that are no longer in effect. In addition, many of our warehouse funding sources contain excess concentration limits for loans in forbearance or with specific loan level characteristics such as time-to-maturity or loan type. Once these limits have been exceeded, the advance rate applied to those receivables becomes less advantageous to us. If we are unable to sell or reasonably fund these receivables, we are required to hold them on our consolidated balance sheet which, in sufficient volume, negatively impacts our financial condition. In addition to the receivables described above, we also hold on our consolidated balance sheet certain risk retention assets with respect to which we have a reduced ability to receive financing. These risk retention assets include residuals from our securitization trusts that are either ineligible for transfer or are subject to EU regulations. The illiquidity of these positions may negatively impact our financial condition.

See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?

Risk factors are any situations or occurrences that could make investing in a company risky.

The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.

They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.

It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.

How do companies disclose their risk factors?

Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.

Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.

Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.

According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.

How can I use TipRanks risk factors in my stock research?

Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.

You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.

Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.

A simplified analysis of risk factors is unique to TipRanks.

What are all the risk factor categories?

TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.

1. Financial & Corporate

Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.

2. Legal & Regulatory

Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
Regulation – risks related to compliance, GDPR, and new legislation.
Environmental / Social – risks related to environmental regulation and to data privacy.
Taxation & Government Incentives – risks related to taxation and changes in government incentives.

3. Production

Costs – risks related to costs of production including commodity prices, future contracts, inventory.
Supply Chain – risks related to the company’s suppliers.
Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.

4. Technology & Innovation

Innovation / R&D – risks related to innovation and new product development.
Technology – risks related to the company’s reliance on technology.
Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.

5. Ability to Sell

Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
Competition – risks related to the company’s competition including substitutes.
Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
Brand & Reputation – risks related to the company’s brand and reputation.

6. Macro & Political

Economy & Political Environment – risks related to changes in economic and political conditions.
Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
International Operations – risks related to the global nature of the company.
Capital Markets – risks related to exchange rates and trade, cryptocurrency.

Become an Expert with TipRanks Premium

What am I Missing?

Make informed decisions based on Top Analysts' activity

Know what industry insiders are buying

Get actionable alerts from top Wall Street Analysts

Find out before anyone else which stock is going to shoot up

Get powerful stock screeners & detailed portfolio analysis

Subscribe Now See Plans & Pricing