Risk Factors Dashboard

22

Table of Contents

We have significant credit exposure in CRE, which may expose us to additional credit risks, and may adversely affect our business, financial condition, and results of operations.

Our CRE portfolio consists primarily of non-owner-operated properties and other commercial properties. These types of loans are generally viewed as having more risk of default than residential real estate loans and depend on cash flows from the owner’s business or the property’s tenants to service the debt. The borrower’s cash flows may be affected significantly by general economic conditions, a downturn in the local economy or in occupancy rates in the market where the property is located, any of which could increase the likelihood of default. CRE loans also typically have larger loan balances, and, therefore, the deterioration of one or a few of these loans could cause a significant increase in the percentage of our non-performing loans. An increase in non-performing loans could result in a loss of earnings from these loans, an increase in the provision for loan losses, and an increase in charge-offs, all of which could have a material adverse effect on our business, financial condition, and results of operations.

The banking regulatory agencies have expressed concerns about weaknesses in the CRE market.The banking regulatory agencies have recently expressed concerns about weaknesses in the current CRE market. Banking regulators generally give CRE lending greater scrutiny and may require banks with higher levels of CRE loans to implement enhanced risk management practices, including stricter underwriting, internal controls, risk management policies, more granular reporting, and portfolio stress testing, as well as possibly higher levels of allowances for losses and capital levels as a result of CRE lending growth and exposures. If our banking regulators determine that our CRE lending activities are particularly risky and are subject to such heightened scrutiny, we may incur significant additional costs or be required to restrict certain of our CRE lending activities. Furthermore, failures in our risk management policies, procedures and controls could adversely affect our ability to manage this portfolio going forward and could result in an increased rate of delinquencies in, and increased losses from, this portfolio, which could have a material adverse effect on our business, financial condition, and results of operations. Furthermore, failures in our risk management policies, procedures and controls could adversely affect our ability to manage this portfolio going forward and could 29 Table of Contentsresult in an increased rate of delinquencies in, and increased losses from, this portfolio, which could have a material adverse effect on our business, financial condition, and results of operations.

Our loan portfolio contains construction and development loans, which may expose us to additional credit risks, and may adversely affect our results of operations and financial condition.

Construction and development loans are generally viewed as having more risk than residential real estate loans. Risk of loss on a construction and development loan depends largely upon whether our initial estimate of the property’s value at completion of construction equals or exceeds the cost of the property construction (including interest), the availability of permanent take-out financing and the builder’s ability to ultimately sell or rent the property. During the construction phase, a number of factors can result in delays and cost overruns. If estimates of value are inaccurate or if actual construction costs exceed estimates, the value of the property securing the loan may be insufficient to ensure full repayment when completed through a permanent loan or by seizure of collateral. Our construction and development loans are primarily secured by real estate, and we believe that, for the majority of these loans, the real estate collateral by itself may not be a sufficient source for repayment of the loan if real estate values decline. If we are required to liquidate the collateral securing a construction and development loan to satisfy the debt and such collateral is not a sufficient source of repayment, our earnings and capital may be adversely affected.

Our commercial and industrial loans are a significant component of our loan portfolio, which may expose us to additional credit risks, and may adversely affect our results of operations and financial condition.Our commercial and industrial loans have contributed significantly to our loan growth, which may expose us to additional credit risks, and may adversely affect our results of operations and financial condition.

We make commercial and industrial loans to support our borrowers’ need for short-term or seasonal cash flow and equipment/vehicle purchases. These loans are typically based on the borrowers’ ability to repay the loans from the cash flow of their businesses. These loans may involve greater risk because the availability of funds to repay each loan depends substantially on the success of the business itself, and, therefore, these loans are more susceptible to a risk of loss during a downturn in the business cycle. In addition, the assets securing these loans may depreciate over time, may be difficult to appraise and liquidate, and may fluctuate in value based on the success of the business. This type of collateral may not yield substantial recovery in the event a default occurs, and the business is liquidated, which could have a material adverse effect on our business, financial condition, and results of operations.

The loans we make through federal programs are dependent on the federal government’s continuation and support of these programs and on our compliance with program requirements.

We participate in various U.S. government agency loan guarantee programs, including programs operated by the SBA. If we fail to follow any applicable regulations, guidelines or policies associated with a particular guarantee program, these loans may lose the associated guarantee, exposing us to credit risk we would not otherwise be exposed to or have

Table of Contents

underwritten, or result in our inability to continue originating loans under such programs, either of which could have a material adverse effect on our business, financial condition, or results of operations.

We use independent appraisals and other valuation techniques in evaluating and monitoring loans secured by real estate and other real estate owned, which may not accurately describe the net value of the asset.

A significant portion of our loan portfolio consists of loans secured by real estate. In considering whether to make a loan secured by real estate, we generally require an appraisal of the property. An appraisal, however, is only an estimate of the value of the property at the time the appraisal is made and, as real estate values may change significantly in relatively short periods of time (especially in periods of heightened economic uncertainty), this estimate may not accurately describe the net value of the real estate after the loan is made. However, an appraisal is only an estimate of the value of the property at the time the appraisal is made and, as real estate values may change significantly in relatively short periods of time (especially in periods of heightened economic uncertainty), this estimate may not accurately describe the net value of the real estate after the loan is made. Independent appraisers may also make mistakes of fact or judgment that adversely affect the reliability of their appraisals. In addition, we rely on appraisals and other valuation techniques to establish the value of our other real estate owned that we acquire through foreclosure proceedings and to determine certain loan impairments. If any of these valuations are inaccurate, our consolidated financial statements may not reflect the correct value of our other real estate owned, and our ACL may not reflect accurate loan impairments. Additionally, if a default occurs on a loan secured by real estate that is less valuable than originally estimated, we may not be able to recover the outstanding balance of the loan. This could have an adverse effect on our business, financial condition, and results of operations.

​

If we fail to effectively manage credit risk, our business and financial condition will suffer.

We must effectively manage credit risk. There are risks inherent in making any loan and extending loan commitments and letters of credit, including risks with respect to the period of time over which the loan may be repaid, risks relating to proper loan underwriting and guidelines, risks resulting from changes in economic and industry conditions, risks inherent in dealing with individual borrowers and risks resulting from uncertainties as to the future value of collateral. There is no assurance that our credit risk monitoring and loan underwriting and approval procedures are or will be adequate or will reduce the inherent risks associated with lending. To manage credit risk successfully, we maintain disciplined and prudent underwriting standards and ensure that our lenders follow those standards. The weakening of these standards for any reason may result in loan defaults, foreclosures and additional charge-offs and may necessitate that we significantly increase our ACL, each of which could adversely affect our net income. Any failure to manage such credit risks may adversely affect our business, financial condition, and results of operations.

​

Our lending to small to mid-sized community-based businesses may increase our credit risk.

Our loan portfolio includes loans to small business or middle market customers. These businesses generally have fewer financial resources in terms of capital or borrowing capacity than larger entities, frequently have smaller market share than their competitors, may be more vulnerable to economic downturns, often need substantial additional capital to expand or compete, and may experience substantial volatility in operating results, any of which, individually or in the aggregate, may impair their ability as a borrower to repay their loans, which could adversely affect our business, results of operations, and financial condition. Moreover, we made some of these loans in recent years, and the borrowers may not have experienced a complete business or economic cycle. Any deterioration of the borrowers’ businesses may hinder their ability to repay their loans, which could have a material adverse effect on our business, financial condition, and results of operations.

Nonperforming assets take significant time to resolve and may adversely affect our business, results of operations, and financial condition.

Our nonperforming assets adversely affect our net income in various ways. We do not record interest income on nonaccrual loans, which adversely affects our income and increases loan administration costs. When we receive collateral through foreclosures and similar proceedings, we are required to mark the related loan to the then fair market value of the collateral less estimated selling costs, which may result in a loss. An increase in the level of nonperforming assets also increases our risk profile and may affect the minimum capital levels our regulators believe are appropriate for us in light of such risks. We use various techniques such as workouts, restructurings, and loan sales to manage problem assets. Increases in or negative adjustments to the value of these problem assets, the underlying collateral, or in the borrowers’ performance or financial condition, could adversely affect our business, results of operations, and financial condition. In addition, the resolution of nonperforming assets requires significant commitments of time from management and staff, which can be detrimental to the performance of their other responsibilities. There can be no

Table of Contents

assurance that we will not experience increases in our nonperforming assets in the future, or that our nonperforming assets will not result in losses in the future.

Our mortgage revenue is cyclical and sensitive to interest rates, changes in economic conditions, decreased economic activity, and slowdowns in the housing market, any of which could adversely impact our profits.

We originate residential mortgage loans, largely for sale into the secondary mortgage markets, under the Atlantic Union Home Loans Division brand of the Bank, which lends to borrowers nationwide. The success of our mortgage business depends on our ability to originate loans and sell them to investors, in each case at or near current volumes. Loan production levels are sensitive to changes in the level of interest rates and changes in economic conditions. Any sustained period of decreased activity caused by fewer refinancing transactions, higher interest rates, housing price pressure, or loan underwriting restrictions would adversely affect our mortgage originations and, consequently, could significantly reduce our income from mortgage activities. As a result, these conditions would also adversely affect our results of operations.

We may be required to repurchase mortgage loans or indemnify buyers against losses in some circumstances, which could harm our liquidity, results of operations and financial condition.

When mortgage loans are sold, whether as whole loans or pursuant to a securitization, we are required to make customary representations and warranties to purchasers, guarantors, and insurers, including the government-sponsored enterprises, about the mortgage loans and the manner in which they were originated.31 Table of ContentsWhen mortgage loans are sold, whether as whole loans or pursuant to a securitization, we are required to make customary representations and warranties to purchasers, guarantors, and insurers, including the government-sponsored enterprises, about the mortgage loans and the manner in which they were originated. Whole loan sale agreements require repurchase or substitute mortgage loans, or indemnify buyers against losses, in the event we breach these representations or warranties. In addition, we may be required to repurchase mortgage loans as a result of early payment default of the borrower on a mortgage loan. If repurchase and indemnity demands increase and such demands are valid claims and are in excess of our provision for potential losses, our liquidity, results of operations, and financial condition may be adversely affected.

We are subject to environmental risks.

We own certain of our properties, and a significant portion of our loan portfolio is secured by real property. In the ordinary course of business, we may foreclose on and take title to properties, securing certain loans. As a result, we could be subject to environmental liabilities with respect to these properties. If hazardous or toxic substances are found, we may be liable for remediation costs, as well as for personal injury and property damage. Environmental laws may require us to incur substantial expenses and may materially reduce the affected property’s value or limit our ability to use or sell the affected property. In addition, future laws or more stringent interpretations or enforcement policies with respect to existing laws may increase our exposure to environmental liability. Although we have policies and procedures to obtain an environmental study during the underwriting process for certain CRE loan originations and to perform an environmental review before initiating any foreclosure action on real property, these reviews may not be sufficient to detect all potential environmental hazards. The remediation costs and any other financial liabilities associated with an environmental hazard could have a material adverse effect on our business, financial condition, and results of operations.

Risks Related to Our Business, Industry, Markets, and Market Interest Rates

Our business and results of operations may be adversely affected by the financial markets, fiscal, monetary, and regulatory policies, developments impacting the financial services industry specifically and economic conditions generally.

​

General economic, political, social and health conditions in the U.S. and abroad affect markets in the U.S. and our business. In particular, markets in the U.S. may be affected by the level and volatility of interest rates, availability and market conditions of financing, unexpected changes in gross domestic product, economic growth or its sustainability, inflation, supply chain disruptions, consumer spending, employment levels, labor shortages, wage stagnation, federal government shutdowns, developments related to the U.S. federal debt ceiling, energy prices, home prices, commercial property values, bankruptcies, a default by a significant market participant or class of counterparties, fluctuations or other significant changes in both debt and equity capital markets and currencies, liquidity of the global financial markets, the growth of global trade and commerce, trade policies, tariffs, a U.S. withdrawal from or significant renegotiation of trade agreements, trade wars, the availability and cost of capital and credit, disruption of communication, transportation or energy infrastructure and investor sentiment and confidence. Markets may also be adversely affected by the current or

Table of Contents

anticipated impact of climate change, extreme weather events or natural disasters, the emergence or continuation of widespread health emergencies or pandemics, cyberattacks or campaigns, military conflict, acts of war or terrorism, or other geopolitical events. Market fluctuations may impact net interest margin and affect our business liquidity. Also, any sudden or prolonged market downturn in the U.S., as a result of the above factors or otherwise, could result in a decline in net interest income and noninterest income and adversely affect our results of operations and financial condition, including capital and liquidity levels. Events in the financial services industry have in the past, and may in the future, also cause concern and uncertainty about the financial services industry generally, which may result in sudden deposit outflows, increased borrowing and funding costs, and increased competition for liquidity, any of which could have a material adverse impact on our business, financial condition, and results of operations.

Our financial performance generally, and in particular, the ability of borrowers to pay interest on and repay the principal of outstanding loans and the value of collateral securing those loans, as well as demand for loans and other products and services we offer and whose success we rely on to drive our growth, is also highly dependent on the business environment in the primary markets where we operate. Unlike larger financial institutions that are more geographically diversified, we are a regional bank that focuses on providing banking and financial services to customers primarily in Virginia, Maryland, Washington, D. Unlike larger financial institutions that are more geographically diversified, we are a regional bank that focuses on providing banking and financial services to customers primarily in Virginia, and in certain markets in Maryland, North Carolina, South Carolina, and Washington, D. C., North Carolina, and South Carolina. The economic conditions in these markets may be different from, and in some instances worse than, the economic conditions in the United States as a whole. An economic downturn or prolonged recession can result in a deterioration of our credit quality, an increase in the number of loan delinquencies, defaults and charge-offs, foreclosures, additional provisions for loan losses, adverse asset values and a reduction in deposits and assets under management or administration. An economic downturn or prolonged recession can result in a deterioration of our credit 32 Table of Contentsquality, an increase in the number of loan delinquencies, defaults and charge-offs, foreclosures, additional provisions for loan losses, adverse asset values and a reduction in deposits and assets under management or administration. Unlike many larger institutions, we are not able to spread the risks of unfavorable local economic conditions across a large number of diversified economies. An economic downturn could, therefore, result in losses that materially and adversely affect our business.

We may not be able to maintain a strong core deposit base or access other low-cost funding sources

We rely on bank deposits to be a low cost and stable source of funding. In addition, our future growth will largely depend on our ability to maintain and grow a strong core deposit base. If we are unable to continue to attract and retain core deposits, to obtain third party financing on favorable terms, or to have access to interbank or other liquidity sources, we may not be able to grow our assets as quickly. Deposit levels may be affected by various industry factors, including general interest rate levels, returns available to customers on alternative investments, conditions in the financial services industry specifically and general economic conditions that impact the amount of liquidity in the economy and savings levels, and also by factors that impact customers’ perception of our financial condition and capital and liquidity levels. If a large number of our depositors or depositors with a high concentration of deposits sought to withdraw their deposits suddenly, we could encounter difficulty meeting such a significant deposit outflow, which could negatively impact our profitability, reputation, and liquidity. Significant unanticipated deposit outflows have occurred at other financial institutions, and may occur in the future, compounded by advances in technology that increase the speed at which deposits can be moved from bank to bank or outside the banking system, as well as the speed and reach with which information, concerns, and rumors can spread through media, in each case potentially exacerbating liquidity concerns. While we believe our funding sources are adequate to meet any significant unanticipated deposit withdrawal, we may not be able to manage the risk of deposit volatility effectively, which could have a material adverse effect on our liquidity, business, financial condition, and results of operations. We also compete with banks and other financial services companies for deposits. If our competitors raise the rates, they pay on deposits in response to interest rate changes initiated by the FOMC or for other reasons of their choice, our funding costs may increase, either because we raise our rates to retain deposits or because of deposit outflows that require us to rely on more expensive sources of funding. Higher funding costs could reduce our net interest margin and net interest income. Any decline in available funding could adversely affect our ability to continue to implement our business strategy which could have a material adverse effect on our liquidity, business, financial condition, and results of operations. Any decline in available funding could adversely affect our ability to continue to implement our business strategy which could have a material adverse effect on our liquidity, business, financial condition, and results of operations.

We face substantial competition that could adversely affect our growth and/or operating results.

We operate in a competitive market for financial services and face intense competition from other financial institutions both in making loans and attracting deposits, which can greatly affect pricing for our products and services and could adversely affect our cost of funds. Our primary competitors include community, regional, national and internet banks, as well as credit unions and mortgage companies. Many of these financial institutions are significantly larger and have established customer bases, greater financial resources, and higher lending limits. In addition, credit unions are exempt from corporate income taxes, providing a significant competitive pricing advantage compared to banks. In addition, as customer preferences and expectations continue to evolve, technology has lowered barriers to entry and made it possible

Table of Contents

for nonbanks to offer products and services traditionally provided by banks, such as automatic transfer and automatic payment systems. In addition, many of these nonbank competitors are not subject to the same extensive federal regulations that govern bank holding companies and federally insured banks. As a result, some of our competitors can offer products and services that we are unable to offer or to offer such products and services at more competitive rates. As a result, some of our competitors have the ability to offer products and services that we are unable to offer or to offer such products and services at more competitive rates.

Consumers may increasingly decide not to use banks to complete their financial transactions, which could materially adversely affect our business, financial condition, and results of operations.

Technology and other changes are allowing parties to complete financial transactions through alternative methods that have historically involved banks. For example, consumers can now maintain funds that would have historically been held as bank deposits in brokerage accounts, mutual funds, or general-purpose reloadable prepaid cards. Consumers can also complete transactions such as paying bills and/or transferring funds directly without the assistance of banks. We face increasing competition from fintech companies, as trends toward digital financial transactions have accelerated. There has also been a significant increase in digital asset adoption globally over the past several years. For example, the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 (the “GENIUS Act”), which was enacted in July 2025, provides a legal framework for stablecoins and their issuers in the United States. Depending on consumer and business interest in payment stablecoins, and the characteristics and utility of payment stablecoins, the passage of the GENIUS Act could result in increased competition with respect to our deposit products. However, the GENIUS Act requires the U.S. Treasury Department and federal regulators to issue regulations on numerous topics to interpret and implement the statute, so the effect of the GENIUS Act will depend on what those regulations provide.

Certain characteristics of digital asset transactions, such as the speed with which such transactions can be conducted, the ability to transact without the involvement of regulated intermediaries, the ability to engage in transactions across multiple jurisdictions, and the anonymous nature of the transactions, are appealing to certain consumers notwithstanding the various risks posed by such transactions. Accordingly, digital asset service providers, which, at present, are not subject to the same degree of scrutiny and oversight as bank holding companies and federally insured banks, are becoming active competitors, and customers could move their deposits from traditional federal insured banks into digital currencies, which would have a negative effect on our liquidity, results of operations and financial condition. If a federal banking agency determines that our or the Bank’s AML/CFT compliance program are ineffective, we could be subject to liability, including civil money penalties and regulatory restrictions, such as limitations on our ability to pay dividends, requirements to obtain regulatory approval before proceeding with certain aspects of our business plan and restrictions on our growth and assets.

The process of eliminating banks as intermediaries, known as “disintermediation,” could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. The loss of these revenue streams and the higher cost of deposits as a source of funds could have a material adverse effect on our business, financial condition, and results of operations. The loss of these revenue 33 Table of Contentsstreams and the higher cost of deposits as a source of funds could have a material adverse effect on our business, financial condition, and results of operations.

Changes in interest rates could adversely affect our income and cash flows.

Our income and cash flows depend to a great extent on the difference between the interest rates earned on interest-earning assets, such as loans and investment securities, and the interest rates paid on interest-bearing liabilities, such as deposits and borrowings. These rates are highly sensitive to many factors beyond our control, including general economic conditions and the policies of the Federal Reserve and other governmental and regulatory agencies. In late 2024, the Federal Reserve’s interest rate policy shifted as inflationary pressure began to ease and economic growth moderated. In 2024, the Federal Reserve’s interest rate policy shifted as inflationary pressure began to ease and economic growth moderated. The FOMC reduced the target range for the Federal Funds rate by a total of 100 bps from September 2024 to December 2024 and by another 75 bps from September 2025 to December 2025, resulting in a target range of 3.50% to 3.75%. In January 2026, the FOMC held the target range for the Federal Funds rate at 3.50% to 3.75%, but noted that uncertainty about the economic outlook remains elevated. We are currently operating in an environment in which the Federal Reserve has shifted toward reducing interest rates, although modestly. However, the economic and inflationary outlook continues to remain uncertain, and if the Federal Reserve were to reverse course and rapidly increase the target Federal Funds rate, the increase could constrain our interest rate spread and may adversely affect our business forecasts. Alternatively, an acceleration in the rate of decreases may negatively impact our net interest margin or may result in a change in the mix of noninterest and interest-bearing accounts.

Our net interest margin is the difference between the yield we earn on our assets and the interest rate we pay for deposits and our other sources of funding. We generally seek to maintain a neutral position in terms of the volume of assets and liabilities that mature or re-price during any period so that we may reasonably maintain our net interest margin; however, interest rate fluctuations, loan and securities prepayments, loan production, deposit flows, and competitive pressures are constantly changing and influence our ability to maintain a neutral position. Generally, our earnings will be more sensitive to fluctuations in interest rates depending on the variance in volume of assets and liabilities that mature and
​

Table of Contents

re-price in any period. The extent and duration of the sensitivity will depend on the cumulative variance over time, the velocity and direction of changes in interest rates, shape and slope of the yield curve, and whether we are more asset sensitive or liability sensitive. Accordingly, our net interest margin may be adversely affected. In addition, our ability to reflect such interest rate changes in the pricing of our products is influenced by competitive pressures. We may not be able to reflect changes in interest rates in rates charged on loans or paid on deposits due to competitive pressures, which would negatively impact our financial condition and results of operations.

We may incur losses if asset values decline, including due to changes in interest rates and prepayment speeds.

​

We have a large portfolio of financial instruments, including derivative assets and liabilities, debt securities, loans and loan commitments, and certain other assets and liabilities that we measure at fair value that are subject to valuation and impairment assessments. We determine these values based on applicable accounting guidance, which, for financial instruments measured at fair value, requires an entity to base fair value on exit price and to maximize the use of observable inputs and minimize the use of unobservable inputs in fair value measurements. The fair values of these financial instruments include adjustments for market liquidity, credit quality, funding impact on certain derivatives and other transaction-specific factors, where appropriate.

​

Gains or losses on these instruments can have a direct impact on our results of operations, unless we have effectively hedged our exposures. If interest rates decrease, then prepayment speeds of certain assets may increase, and therefore, may adversely affect net income. Decreases in interest rates may increase prepayment speeds of certain assets, and, therefore, may adversely affect net interest income. If interest rates increase, then we could have continuing changes in spreads that may adversely impact the fair value of securities and, accordingly, for debt securities classified as available for sale, may adversely affect accumulated other comprehensive income and, thus, capital levels. If interest rates continue to rise, then we could have continuing changes in spreads that may adversely impact the fair value of securities and, accordingly, for debt securities classified as available for sale, may adversely affect accumulated other comprehensive income and, thus, capital levels.

Fair values may be impacted by declining values of the underlying assets or the prices at which observable market transactions occur and the continued availability of these transactions or indices. The financial strength of counterparties, with whom we have economically hedged some of our exposure to these assets, also will affect the fair value of these assets. Sudden declines and volatility in the prices of assets may curtail or eliminate trading activities in these assets, which may make it difficult to sell, hedge or value these assets. The inability to sell or effectively hedge assets reduces our ability to limit losses in such positions, and the difficulty in valuing assets may increase our risk-weighted assets, which requires us to maintain additional capital and increases our funding costs.

Risks Related to Our Operations

A failure and/or breach of our operating or securities systems or infrastructure, or those of our third-party vendors and other service providers, including because of cyber-attacks, could disrupt our business, result in a disclosure or misuse of confidential or proprietary information, damage our reputation, increase our costs and cause losses.

Operational risk exposures could adversely impact our results of operations, liquidity and financial condition, as well as cause reputational harm. The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. We depend on our ability to process, record and monitor a large number of client transactions on a continuous basis. As client, public, and regulatory expectations regarding operational and information security have increased, we continue to safeguard and monitor our operational systems and infrastructure for potential failures, disruptions, and breakdowns. As client, public, and regulatory expectations regarding operational and information security have increased, we must continue to safeguard and monitor our operational systems and infrastructure for potential failures, disruptions, and breakdowns. Although we have information and data security, business continuity plans and other safeguards in place, our business operations may be adversely affected by significant and widespread disruption to our physical infrastructure or operating systems that support our businesses and clients.

For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. In addition, our ability to implement backup systems and other safeguards with respect to third-party systems is more limited than with respect to our own systems. Our financial, accounting, data processing, backup or other operating or security systems and infrastructure may fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions or provide services. Such events may include: sudden increases in customer transaction volume; electrical, telecommunications or other major physical infrastructure outages; natural disasters such as tornadoes, hurricanes and floods; pandemics; and events arising from local or larger scale political or social matters, including wars and terrorist acts. In addition, we may need to take our

Table of Contents

systems offline if they become infected with malware or a computer virus or as a result of another form of cyber-attack. In the event that backup systems are used, they may not process data as quickly as our primary systems and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. We frequently update our systems to support our operations and growth and to remain compliant with all applicable laws, rules and regulations. This updating entails significant costs and creates risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems, security monitoring and retaining and training personnel required to operate our systems also entail significant costs. While we have insurance to cover our operations, it may not be adequate to compensate for losses from a major interruption.

Any failure or interruption in the operation of our communications and information systems could impair or prevent the effective operation of our customer relationship management, general ledger, deposit, lending or other functions. While we have policies and procedures designed to prevent or limit the effect of a failure or interruption in the operation of our information systems, there can be no assurance that any such failures or interruptions will not occur or, if they do, that they will be adequately addressed. The occurrence of any failures or interruptions impacting our information systems could damage our reputation, result in a loss of customer business, and expose us to additional regulatory scrutiny, civil litigation, and possible financial liability, any of which could have a material adverse effect on our business, financial condition, and results of operations.

We face information security risks, including denial of service attacks, hacking, social engineering attacks targeting our employees and customers, malware intrusion or data corruption attempts, terrorist activities, identity theft, that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure.

Our computer systems and network infrastructure and those of third parties, on which we are highly dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, social engineering attacks targeting our employees and customers, malware intrusion or data corruption attempts, terrorist activities or identity theft. Our business relies on the secure processing, transmission, storage and retrieval of confidential, proprietary and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks. In addition, to access our network, products and 35 Table of Contentsservices, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks.

We, our customers, regulators and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks. These cyber-attacks include computer viruses, malicious or destructive code, phishing attacks, denial of service attacks, ransomware, improper access by employees or service providers, attacks on personal email of employees, ransom demands to not expose security vulnerabilities in our systems or the systems of third parties or other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information of ours, our employees, our customers or of third parties, damage our systems or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies, and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement guaranteed preventive measures against such security breaches. Cyber threats are rapidly evolving, and we may not be able to anticipate or prevent all such attacks and could be held liable for any security breach or loss.

Cybersecurity risks for banking organizations have significantly increased in recent years, in part because of the proliferation of new technologies and the use of the internet and telecommunications technologies to conduct financial transactions. Cybersecurity risks have also significantly increased in recent years in part due to the increased sophistication and activities of organized crime affiliates, terrorist organizations, hostile foreign governments, disgruntled employees or service providers, activists, and other external parties, including those involved in corporate espionage. Targeted social engineering attacks and “spear phishing” attacks are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce employees, customers, or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. In addition, our customers access our products and services using personal devices that are necessarily external to our

Table of Contents

security control systems. There has also been a significant proliferation of consumer information available on the internet resulting from breaches of third-party entities, including personal information, log-in credentials, and authentication data. While we were not directly involved in these third-party breach events, the stolen information can create a threat for our customers if their Bank log-in credentials are the same as or similar to the credentials that have been compromised on other internet sites. This threat could include the risk of unauthorized account access, data loss and fraud. The use of artificial intelligence, “bots” or other automation software can increase the velocity and efficacy of these types of attacks. As our employees are generally continuing to operate under our hybrid work model, our remote interaction with service providers, partners and other third parties on systems, networks, and environments over which we have less control increases our cybersecurity risk exposure. We will likely face an increasing number of attempted cyber-attacks as we expand our mobile and other internet-based products and services, as well as our usage of mobile and cloud technologies and as we provide more of these services to a greater number of retail banking customers. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched and may not be recognized until well after a breach has occurred. The risk of a security breach caused by a cyber-attack at a service provider or by unauthorized service provider access has also increased in recent years. Additionally, the existence of cyber-attacks or security breaches at third-party service providers with access to our data may not be disclosed to us in a timely manner.

We also face indirect technology, cybersecurity and operational risks relating to the customers, clients and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators, providers of critical infrastructure such as internet access and electrical power, and software providers. As a result of increasing consolidation, interdependence and complexity of financial entities and technology systems, a technology failure, cyber-attack or other information or security breach that significantly degrades, deletes, or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack or other information or security breach, termination or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk or expand our business. In addition, we, our employees and our customers, are increasingly transitioning our and their computing infrastructure to cloud-based computing, storage, data processing, networking and other services, which may increase these security risks.

Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, significant business disruption to our operations and business, misappropriation or destruction of our confidential information and/or that of our customers and/or other third parties, or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable privacy laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional remediation and/or compliance costs, increased insurance premiums and could adversely impact our results of operations, liquidity, and financial condition.

Although to date we have not experienced any material losses related to cyber-attacks or other information security breaches, there can be no assurance that we will not suffer such losses in the future.

Our business strategy includes continued growth, and our financial condition and results of operation could be negatively affected if we fail to grow or fail to manage our growth effectively.

We intend to continue pursuing a growth strategy for our business. Our ability to continue to grow successfully will depend on a variety of factors, including economic conditions in the markets in which we operate as well as in the U.S. and globally, continued availability of desirable business opportunities, and competitive responses from other financial and non-financial institution competitors in our market areas. In addition, our ability to manage growth successfully depends on a variety of factors, including whether we can maintain adequate capital levels, maintain cost controls, effectively manage asset quality, effectively manage increasing regulatory compliance requirements, and successfully integrate any businesses acquired into our organization. Following our acquisition of Sandy Spring, the size of our

Table of Contents

company increased significantly, and our continued success will depend, in part, upon our ability to manage this expanded business. This may pose challenges for management related to managing and monitoring the acquired operations, the cost and complexity of the acquired operations, and increased regulatory scrutiny related to our expanded business, increased complexity or rate of growth.

While we believe we have the management and other resources and internal systems in place to successfully manage our future growth, there can be no assurance growth opportunities will be available, or growth will be successfully managed. As consolidation within the financial services industry continues, the competition for growth opportunities, including through strategic acquisition, may increase, and many of our competitors for growth opportunities will have greater financial resources than us. In addition, if we are unable to successfully manage future expansion in our operations, we may experience compliance and operational problems, have to slow the pace of growth, or have to incur additional expenses to support such growth, any of which could adversely affect our business. Particularly in light of prevailing economic and competitive conditions, we cannot assure you we will be able to expand our market presence in our existing markets or successfully enter new markets or that any such expansion will not adversely affect our results of operations. Failure to manage our growth effectively could have a material adverse effect on our business, prospects, financial condition, or results of operations, and could adversely affect our ability to successfully implement our business strategy. Failure to manage our growth effectively could have a material adverse effect on our business, future prospects, financial condition, or results of operations, and could adversely affect our ability to successfully implement our business strategy. Also, if our growth occurs more slowly than anticipated or declines, our operating results could be materially adversely affected.

We may be adversely affected by risks associated with future mergers and acquisition, including execution risk which could disrupt our business and dilute shareholder value.

​

Our business growth, profitability, and market share has been enhanced by us engaging in strategic mergers and acquisitions, such as our mergers with American National and Sandy Spring, either within or contiguous to our existing footprint. We expect to continue to evaluate merger and acquisition opportunities that are presented to us in our current and expected markets and conduct due diligence related to those opportunities, as well as negotiating to acquire or merge with other institutions. We have in the past, and may in the future, issue equity securities, including common stock and securities convertible into shares of our common stock in connection with future acquisitions. We also may issue debt to finance one or more transactions, including subordinated debt issuances, which could cause us to become more susceptible to economic downturns and competitive pressures. Generally, acquisitions of financial institutions involve the payment of a premium over book and market values, resulting in dilution of our book value and fully diluted earnings per share, as well as dilution to our existing shareholders.

Our merger and acquisition activities could involve a number of additional risks, including, among others, the risks of:

​

There is no assurance that, following any future mergers or acquisitions our integration efforts will be successful or that we, after giving effect to the acquisition, will achieve the strategic objectives, operating efficiencies, increased revenues comparable to or better than our historical experience, or other benefits expected in the acquisition, and failure to realize

Table of Contents

such strategic objectives, operating efficiencies, expected revenue increases, cost savings, increases in market presence or other benefits could have a material adverse effect on our business, financial condition, and results of operations.

The carrying value of goodwill and other intangible assets may be adversely affected.

When we complete an acquisition, goodwill and other intangible assets are often recorded on the date of acquisition as an asset. Current accounting guidance requires goodwill to be tested for impairment, in aggregate and at a reportable segment level, and we perform this impairment analysis at least annually. A significant adverse change in our expected future cash flows or a sustained adverse change in the price of our common stock, at the reportable segment level and/or the aggregate level, could require our goodwill and other intangible assets to become impaired. If goodwill is impaired, we would incur a charge to earnings that would have a significant impact on our results of operations. If impaired, we would incur a charge to earnings that would have a significant impact on our results of operations. The carrying value of our goodwill and net amortizable intangibles were approximately $1.7 billion and $315.5 million, respectively, at December 31, 2025.

Our risk-management framework may not be effective in mitigating risks and/or losses.

We maintain an enterprise risk management program that is designed to identify, assess, mitigate, monitor, and report the risks that we face. These risks include: strategic, credit, market, liquidity, operational, compliance, legal, and technology. These risks include: strategic, credit, market (including interest-rate, capital, and liquidity), operational, regulatory (compliance), legal, and technology. While we assess and seek to improve this program on an ongoing basis, there can be no assurance that our risk management framework and related controls will effectively mitigate all risk and limit losses in our business. If conditions or circumstances arise that expose flaws or gaps in our risk-management program, or if our controls break down, our results of operations and financial condition may be adversely affected. We must also develop and maintain a culture of risk management among our employees, as well as manage risks associated with third parties, and we could fail to do so effectively. If our risk management framework is not effective, we could suffer unexpected losses and become subject to litigation, negative regulatory consequences, or reputational damage among other adverse consequences, which could materially adversely affect our business, financial condition, results of operations, and prospects.

We use models in our business, and we could be adversely affected if our design, implementation, or use of models is flawed.

​

The use of statistical and quantitative models and other quantitatively based analyses is central to bank decision-making and regulatory compliance processes, and the employment of such analyses is becoming increasingly widespread in our operations. We use quantitative models to price products and services, measure risk, calculate the quantitative portion of our allowance for loan losses, estimate asset and liability values, assess capital and liquidity, manage our balance sheet, create financial forecasts, and otherwise conduct our business and operations. We anticipate that model-derived insights will penetrate further into bank decision-making, and particularly risk management efforts. While these quantitative techniques and approaches improve our decision-making, they also create the possibility that faulty data or flawed quantitative approaches could yield adverse outcomes or regulatory scrutiny. Additionally, because of the complexity inherent in these approaches, misunderstanding or misuse of their outputs could similarly result in suboptimal decision-making. Some models we use employ methodologies based on artificial intelligence or machine learning. These models may have unique complexities when compared to more traditional models, such as the need for large and representative datasets for training, the increased potential for bias, and the difficulty in interpreting model decisions and implementing model adjustments. We also rely on model inputs that are provided by third parties. We also rely on model inputs that are provided by third parties. To the extent that any flawed models or inaccurate model outputs are used in reports to banking agencies or the public, we could be subjected to supervisory actions, private litigation, and other proceedings that may adversely affect our business, financial condition, and results of operations. To the extent that any flawed models or inaccurate model outputs are used in reports to banking agencies or the public, we could be subjected to supervisory actions, private litigation, and other proceedings that may adversely affect our business, financial condition, and results of operations. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning or other business or financial decisions.

​

We have an enterprise-wide model risk management program designed to identify, measure, monitor and manage model risk (including model governance and validation, model inventory and establishing model control standards and risk metrics). This model risk management program may not function effectively or as intended and, if our strategies for managing the risks associated with our use of models are not effective or reliable, our business, financial condition, results of operations and risk exposure may be adversely affected.

Table of Contents

Failure to keep pace with technological change could adversely affect our business and ability to remain competitive, and we may experience operational challenges when implementing new technologies.

The financial services industry is continually undergoing technological change with frequent introductions of new technology-driven products and services, including digital assets and payment systems, and we anticipate that new technologies will continue to emerge.The financial services industry is continually undergoing technological change with frequent introductions of new technology-driven products and services, and we anticipate that new technologies will continue to emerge. Our continued success depends, in part, on our ability to address the needs of our customers by using technology to provide products and services that satisfy customer demands and create efficiencies in our operations. Developing or acquiring access to new technologies and incorporating those technologies into our products and services, or using them to expand our products and services, may require significant investments, may take considerable time to complete, and ultimately may not be successful. Also, certain new technologies, such as digital assets and payments systems, are subject to continued regulatory uncertainty, making it more difficult for highly-regulated institutions, such as us, to adopt such new technologies as compared to other entities that are not subject to the same level of regulation. If we fail to maintain or enhance our competitive position with respect to technology, whether because of a failure to anticipate customer expectations, substantially fewer resources to invest in technological improvements than our larger competitors, or because our technological developments fail to perform as desired or are not rolled out in a timely manner, we may lose market share or incur additional expense. In addition, any future implementation of technological changes and upgrades to maintain current systems may cause operational and customer challenges upon implementation and for some time afterwards. Key challenges include service interruptions, transaction processing errors and system conversion delays, which may cause us to lose customers or fail to comply with applicable laws, and may cause us to incur additional expenses, which may be substantial and could have a material adverse effect on our business, financial condition, results of operations, and future prospects.

Recently, the financial services industry has experienced rapid developments in artificial intelligence, including agentic artificial intelligence. The use of artificial intelligence models developed by third parties introduces risks related to how those models are developed, trained, and deployed, including unauthorized material in training data and limited visibility into risk mitigation steps. The legal and regulatory environment for artificial intelligence is uncertain and rapidly involving, potentially increasing compliance costs and risks of noncompliance. We may be exposed to the risk that generative artificial intelligence models may produce incorrect outputs, release confidential information, reflect biases, or otherwise cause harm. Their complexity may make it challenging to understand all outputs and comply with documentation or explanation requirements. Any of these risks could adversely affect our business, expose us to liability or other adverse legal or regulatory consequences, or otherwise adversely affect our financial results.

The implementation of new lines of business or new products and services may subject us to additional risk.

We continuously evaluate our service offerings and, from time to time, may implement new lines of business or offer new products and services within existing lines of business. There are substantial risks and uncertainties associated with these efforts, particularly in instances where the markets are not fully developed. In developing and marketing new lines of business and/or new products and services, we may invest significant time and resources. Initial timetables for the introduction and development of new lines of business and/or new products or services may not be achieved, and price and profitability targets may not prove feasible. External factors, such as competitive alternatives and shifting market preferences, may also impact the successful implementation of a new line of business and/or a new product or service. Furthermore, strategic planning remains important as we adopt innovative products, services, and processes in response to the evolving demands for financial services and the entrance of new competitors, such as out-of-market banks and fintech companies. Any new line of business and/or new product or service could have a significant impact on the effectiveness of our system of internal controls, so we must responsibly innovate in a manner that is consistent with sound risk management and is aligned with our overall business strategies. Failure to successfully manage these risks in the development and implementation of new lines of business and/or new products or services could have a material adverse effect on our business, results of operations, and financial condition.

Our business could be adversely affected by the operational functions of business counterparties over which we have limited or no control.

Multiple major U.S. retailers and a major consumer credit reporting agency have experienced data systems incursions in recent years reportedly resulting in the thefts of credit and debit card information, online account information, and other personal and financial data of hundreds of millions of individuals. Retailer incursions affect cards issued and deposit accounts maintained by many banks, including us. Although our systems are not breached in retailer incursions, these incursions can still cause customers to be dissatisfied with us and otherwise adversely affect our reputation. Although our systems are not breached in retailer incursions, these 39 Table of Contentsincursions can still cause customers to be dissatisfied with us and otherwise adversely affect our reputation. These events

Table of Contents

can also cause us to reissue a significant number of cards and take other costly steps to avoid significant theft or loss to us and our customers. In some cases, we may be required to reimburse customers for the losses they incur. Credit reporting agency intrusions affect our customers and can require these customers and us to increase account monitoring and take remedial action to prevent unauthorized account activity or access. Other possible points of intrusion or disruption not within our control include internet service providers, electronic mail portal providers, social media portals, distant-server (“cloud”) service providers, electronic data security providers, telecommunications companies, and smart phone manufacturers.

We rely on other companies to provide key components of our business infrastructure.

Third parties provide key components of our business infrastructure, such as data processing, recording, and monitoring transactions, online banking interfaces and services, core processing, internet connections, and network access. Any disruption in the services provided by these third parties or any failure of these third parties to handle current or higher volumes of use could adversely affect our ability to deliver products and services to our customers and otherwise conduct our business. Financial, technological or operational difficulties of a third-party service provider could also negatively impact our operations if those difficulties result in the interruption or discontinuation of services provided by that party. In addition, one or more of our third-party service providers may become subject to cyber-attacks or information security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss of destruction of our or our client’s confidential, proprietary and other information, or otherwise disrupt our or our clients’ or other third parties’ business operations. While we have processes in place to monitor our third-party service providers’ data and information security safeguards, we do not control such service providers’ day-to-day operations and a successful attack or security breach at one or more of such third-party service providers is not within our control. The occurrence of any such breaches, disruption in services provided by such third parties or other failures could damage our reputation, result in a loss of customer business, and expose us to additional regulatory scrutiny, civil litigation, and possible financial liability, any of which could have a material adverse effect on our financial condition and results of operations. We may not be insured against all types of losses from third-party failures, and our insurance coverage may not be adequate to cover all losses resulting from system failures, third-party breaches, or other disruptions. We may not be insured against all types of losses from third-party failures and our insurance coverage may not be adequate to cover all losses resulting from system failures, third-party breaches, or other disruptions. Replacing these third-party service providers could also create significant delays and expense. Accordingly, the use of such third parties creates an unavoidable inherent risk to our business operations. Additionally, we are exposed to the risk that a service disruption at a common service provider to our third-party service providers could impede their ability to provide service to us. Additionally, we are exposed to the risk that a service disruption at a common service provider to our third-party service providers could impede their ability to provide service to us. Notwithstanding any attempts to diversify our reliance on third parties, we may not be able to effectively mitigate operational risks relating to our vendors’ use of common service providers.

We depend on the accuracy and completeness of information about clients and counterparties, and our financial condition could be adversely affected if we rely on misleading information.

In deciding whether to extend credit or to enter into other transactions with clients and counterparties, we may rely on information furnished to us by or on behalf of clients and counterparties, including financial statements and other financial information, which we do not independently verify. We also may rely on representations of clients and counterparties as to the accuracy and completeness of that information and, with respect to financial statements, on reports of independent auditors. For example, in deciding whether to extend credit to clients, we may assume that a customer’s audited financial statements conform to GAAP and present fairly, in all material respects, the financial condition, results of operations, and cash flows of the borrower. Our earnings are significantly affected by our ability to properly originate, underwrite and service loans. Our financial condition and results of operations could be negatively impacted to the extent we incorrectly assess the creditworthiness of borrowers due to our reliance on financial statements that do not comply with GAAP or are materially misleading.

We are subject to losses due to errors, omissions or fraud by our employees, clients, counterparties or other third parties.

We are exposed to many types of operational risk, including the risk of fraud by third parties, customers and employees, clerical recordkeeping errors, and transactional errors. Such fraudulent activity may take many forms including check fraud, electronic fraud, wire fraud, social engineering, phishing and other dishonest acts. While our procedures are designed to follow customary, industry-specific security precautions and while we provide employees with ongoing training and regular communications and guidance to combat fraud, our efforts might not be successful in mitigating or reducing fraudulent attempts resulting in financial losses, increased litigation risk and reputational harm.

Table of Contents

Our business also depends on our employees, as well as third-party service providers, to process a large number of increasingly complex transactions. We could be materially and adversely affected if employees, clients, counterparties, or other third parties caused an operational breakdown or failure, either from human error, fraudulent manipulation, or purposeful damage to any of our operations or systems.

Competition for talent is substantial. If we are unable to attract, retain, develop and motivate our human capital, our business, results of operations, and prospects could be adversely affected.

We are a customer-focused and relationship-driven organization, and our performance is heavily dependent on the talents and efforts of our management team and other key employees. Our future success depends on our continuing ability to attract, develop, motivate and retain highly qualified and skilled employees. The loss of any of our senior management or key employees could materially and adversely affect our ability to build on the efforts that they have undertaken and to execute our business plan, and we may not be able to find adequate replacements. From time-to-time, we also experience retirements and other changes in our senior management. Our future performance depends on a smooth transition, including finding and training highly qualified replacements. We are currently completing a chief financial officer transition. Management transitions may create uncertainty and involve a diversion of resources and management attention, be disruptive to our daily operations or impact public or market perception, any of which could negatively impact our ability to operate effectively or execute our strategies and result in a material adverse impact on our business, financial condition, results of operations or cash flows. If a federal banking agency determines that our or the Bank’s AML/CFT compliance program are ineffective, we could be subject to liability, including civil money penalties and regulatory restrictions, such as limitations on our ability to pay dividends, requirements to obtain regulatory approval before proceeding with certain aspects of our business plan and restrictions on our growth and assets. Additionally, the loss of personnel with extensive customer relationships may also lead to the loss of business if the customers were to follow that employee to a competitor. The loss of personnel with extensive customer relationships may also lead to the loss of business if the customers were to follow that employee to a competitor. Our ability to attract and retain employees could also be impacted by changing workforce concerns, expectations, practices, and preferences, including remote work and hybrid work preferences, and increasing labor shortages and competition for labor, which could increase labor costs. If we do not succeed in attracting well-qualified employees or developing, retaining and motivating our employees, our business, results of operations, and prospects could be adversely affected.

Our internal controls and procedures may fail or be circumvented, which could have a material adverse effect on our business, financial condition, and results of operation.

Maintaining and adapting our internal controls over financial reporting, disclosure controls and procedures and effective corporate governance policies and procedures (“controls and procedures”) is expensive and requires significant management attention. Moreover, as we continue to grow, our controls and procedures may become more complex and require additional resources to ensure they remain effective amid dynamic regulatory and other guidance. Failure to implement effective controls and procedures or circumvention of our controls and procedures could, among other things, cause us to fail to meet our public reporting obligations, harm our reputation, or cause investors to lose confidence in our reported financial information, all of which could have a material adverse effect on our business, financial condition, results of operation, and the trading price of our securities.

Our business needs and future growth may require us to raise additional capital, but that capital may not be available or may be dilutive.

We are required by federal and state regulatory authorities to maintain adequate levels of capital to support our operations. We may need to raise additional capital in the future to have sufficient capital resources and liquidity to meet our commitments and fund our business needs and future growth, particularly if our asset quality or earnings were to deteriorate significantly, or if we develop an asset concentration that requires the support of additional capital. Our ability to raise capital, if needed, in the future to meet capital needs or otherwise will depend on conditions in the capital markets at that time, which are outside our control, and on our financial performance. Accordingly, there is no assurance as to our ability to raise additional capital if needed on terms acceptable to us. If we cannot raise additional capital when needed, our ability to further expand our operations through internal growth and acquisitions could be materially impaired. In addition, if we decide to raise additional equity capital, our current shareholders’ interests could be diluted.

We are or may become party from time to time to various claims and lawsuits incidental to our business. Litigation is subject to many uncertainties such that the expenses and ultimate exposure with respect to many of these matters cannot be ascertained.

​

From time to time, we, our directors, and our management are, or may become, the subject of various claims and legal actions by customers, employees, shareholders and others. Whether such claims and legal actions are legitimate or

Table of Contents

unfounded, if such claims and legal actions are not resolved in our favor, they may result in significant financial liability and/or adversely affect our reputation and our products and services, as well as impact customer demand for those products and services. In light of the potential cost and uncertainty involved in litigation, we have in the past and may in the future settle matters even when we believe we have a meritorious defense. Certain claims may seek injunctive relief, which could disrupt the ordinary conduct of our business and operations or increase our cost of doing business. Our insurance or indemnities may not cover all claims that may be asserted against us. In addition, we may not be able to obtain appropriate types or levels of insurance in the future or be able to obtain adequate replacement policies with acceptable terms. In addition, we may not be able to 41 Table of Contentsobtain appropriate types or levels of insurance in the future or be able to obtain adequate replacement policies with acceptable terms. Any judgments or settlements in any pending litigation or future claims, litigation or investigation could have a material adverse effect on our business, reputation, financial condition, and results of operations.

We are or may become involved from time to time in information-gathering requests, investigations, and proceedings by governmental and self-regulatory agencies that may lead to adverse consequences.

From time to time, we are, or may become, the subject of self-regulatory agency information-gathering requests, reviews, investigations and proceedings, and other forms of regulatory inquiry, including by bank regulatory agencies, the SEC and law enforcement authorities. The results of such proceedings could lead to significant civil or criminal penalties, including monetary penalties, damages, adverse judgments, settlements, fines, injunctions, restrictions on the way we conduct our business, or reputational harm.

We may not be able to generate sufficient taxable income to fully realize our deferred tax assets.

We have net operating loss carryforwards and other tax attributes that relate to our deferred tax assets. In assessing the realizability of our deferred tax assets, management considers whether it is more likely than not that we will realize our deferred tax assets, based on management’s expectation that we will generate taxable income in future years sufficient to absorb substantially all of our net operating loss carryforwards and other tax attributes. If we are unable to generate sufficient taxable income, we may not be able to fully realize our deferred tax assets and would be required to record an additional valuation allowance against these assets. Any additional valuation allowance would also be recorded as income tax expense and would adversely affect our net income. Conversely, if we were to determine that we would be able to realize our deferred tax assets in the future in excess of the net carrying amounts, we would decrease the recorded valuation allowance through a decrease in income tax expense in the period in which that determination was made. Conversely, if we were to determine that we would be able to realize our deferred tax assets in the future in excess of the net carrying amounts, we would decrease the recorded valuation allowance through a decrease in income tax expense in the period in which that determination was made.

Challenges to our tax positions could result in tax liability.

We are subject to federal and applicable state and local tax laws and regulations. Tax laws and regulations are often complex and require significant judgment, including with respect to the allocation of income among tax jurisdictions, intercompany allocations, and the application of federal, state and local tax credits. For example, we may have exposure to certain state income tax filing obligations where we potentially have established a nexus, but do not currently file income tax returns. Our determination of our tax liability is subject to review by applicable tax authorities, who have in the past and may in the future challenge our tax positions. The challenges made by taxing authorities may result in adjustments to the timing or amount of taxable income or deductions, or the allocation of income among tax jurisdictions. Any such challenges that are not resolved in our favor could result in us being required to pay additional taxes, interest and penalties and may adversely affect our effective tax rate, tax payments or financial condition. If we are required to liquidate the collateral securing a construction and development loan to satisfy the debt and such collateral is not a sufficient source of repayment, our earnings and capital may be adversely affected. We continue to monitor state tax developments and filing requirements for compliance and to manage related risks.

Risks Related to the Regulatory Environment

​

We are subject to extensive regulation that could limit or restrict our activities.

We operate in a highly regulated industry and are subject to examination, supervision, and comprehensive regulation by various federal and state agencies, including the Federal Reserve, the CFPB, the FDIC, and the Bureau of Financial Institutions, a division of the Virginia State Corporation Commission. In addition, because we exceed $10 billion in total assets, we are subject to additional regulatory requirements compared to financial institutions with less than $10 billion in total assets, including, among other things, potentially higher FDIC assessment rates, a cap on the interchange fees that we can charge on debit card transactions and enhanced supervision as a larger financial institution. This regulation is imposed primarily to protect depositors, the FDIC Deposit Insurance Fund, consumers, and the banking system as a whole. We also are regulated by the SEC and the Financial Industry Regulatory Authority, which regulation is designed to protect investors. The financial services industry also faces stricter and more aggressive enforcement of laws at

Table of Contents

federal, state, and local levels—particularly in connection with business and other practices that may harm or appear to harm consumers or affect the financial system more broadly. In addition, financial institutions often are less inclined to litigate with governmental authorities because of the regulatory and supervisory framework.

Our compliance with these regulations is costly and potentially restricts certain of our activities, including payment of dividends, mergers and acquisitions, investments, loans, and interest rates charged, interest rates paid and deposits and locations of our offices. We are also subject to capital guidelines established by our regulators, which require us to maintain sufficient capital to support our growth. The laws, regulations and interpretations applicable to the banking industry, as well as the supervision, examination and enforcement priorities and policies of the federal banking agencies, could change at any time, including as a result of changes in the leadership and senior staffs of the agencies. The extent and timing of any regulatory reform as well as any effect on our business and financial results, are uncertain. Additionally, legislation or regulation may impose unexpected or unintended consequences, the impact of which is difficult to predict. Because government regulation greatly affects the business and financial results of all commercial banks and bank holding companies, our cost of compliance could adversely affect our ability to operate profitably.

Laws and regulations addressing consumer privacy and data use and security could increase our costs and failure to comply with such laws and regulation could impact our business, financial condition, and reputation.Current and to-be-effective laws and regulations addressing consumer privacy and data use and security could increase our costs and failure to comply with such laws and regulation could impact our business, financial condition, and reputation.

We are subject to a number of laws concerning consumer privacy and data use and security, including information safeguard rules under the Gramm-Leach-Bliley Act. These rules require that financial institutions develop, implement, and maintain a written, comprehensive information security program containing safeguards that are appropriate to the financial institution’s size and complexity, the nature and scope of the financial institution’s activities, and the sensitivity of any customer information at issue. The United States has experienced a heightened legislative and regulatory focus on privacy and data security, including requiring consumer notification in the event of a data breach. In addition, most states have enacted security breach legislation requiring varying levels of consumer notification in the event of certain types of security breaches, and certain states, including Virginia, have enacted significant new consumer data privacy protections that can significantly limit a company’s use of customer financial data and impose significant compliance burdens on companies that collect or use that data. Additional new regulations in these areas may increase compliance costs, which could negatively impact our earnings. In addition, failure to comply with these privacy and data use and security laws and regulations, including by reason of inadvertent disclosure of confidential information, could result in fines, sanctions, penalties, or other adverse consequences and loss of consumer confidence, which could materially adversely affect our business, results of operations, and reputation.

We are required to maintain capital to meet regulatory requirements, and if we fail to maintain sufficient capital, whether due to losses, an inability to raise capital or otherwise, our financial condition, liquidity, and results of operations, as well as our ability to maintain regulatory compliance, would be adversely affected.

The Company and the Bank each must meet regulatory capital requirements and maintain sufficient liquidity. Banking organizations experiencing growth, especially those making acquisitions, are expected to hold additional capital above regulatory minimums. From time to time, regulators implement changes to these regulatory capital adequacy guidelines. In addition, regulators may require us to maintain higher levels of regulatory capital based on our condition, risk profile, or growth plans or conditions in the banking industry or economy.

The application of more stringent capital requirements could, among other things, result in lower returns on equity, require us to raise additional capital, and result in regulatory actions if we were unable to comply with such requirements. Our failure to remain “well capitalized” for bank regulatory purposes could affect customer confidence, our ability to grow, our costs of funds and FDIC insurance costs, our ability to pay dividends on our common and preferred stock and make distributions on our trust preferred securities, our ability to make acquisitions, and our business, financial condition, and results of operations. Under regulatory rules, if the Bank ceases to be a “well capitalized” institution for bank regulatory purposes, the interest rates that it pays and its ability to accept brokered deposits may be restricted. Under regulatory rules, if the Bank ceases to be a “well 43 Table of Contentscapitalized” institution for bank regulatory purposes, the interest rates that it pays and its ability to accept brokered deposits may be restricted.

We are subject to the CFPB’s broad regulatory and enforcement authority and new regulations, and new approaches to regulation or enforcement by the CFPB could adversely impact us.

The CFPB has examination and enforcement authority over us and has broad rulemaking authority to administer and carry out the purposes and objectives of federal consumer financial protection laws. Among other things, the CFPB is

Table of Contents

authorized to issue rules identifying and prohibiting acts or practices that are unfair, deceptive, or abusive in connection with any transaction with a consumer for a consumer financial product or service, or the offering of a consumer financial product or service. The CFPB has broad discretion to interpret the term “abusive” to cover a wide range of acts or practices. New regulations, or new approaches to regulation or enforcement by the CFPB could adversely impact our deposit, consumer lending, mortgage lending, loan collection or overdraft coverage programs and, as a result, could have a material adverse effect on our business, financial condition and results of operations. There is ongoing uncertainty as to the CFPB’s regulations and approach to enforcement and supervision; although the current leadership of the CFPB has indicated intentions to rescind or revise many regulations, as well as to narrow its enforcement and supervision. We cannot currently predict the impact of such changes on our business, financial condition and results of operations.

The Bank is subject to the Bank Secrecy Act and its implementing regulations and U.S. economic sanctions, and any issues with respect to the Bank’s compliance with the Bank Secrecy Act and its implementing regulations, and U.S. economic sanctions could result in significant civil penalties and have a material adverse effect on our business strategy.

The Bank Secrecy Act, as amended, and its implementing regulations require the Bank to, among other things, implement and maintain an effective AML/CFT compliance program and file suspicious activity reports, when appropriate. The Bank is also required to comply with U.S. economic sanctions, which are administered by OFAC. U.S. economic sanctions may include: (1) restrictions on trade with or investment in a sanctioned country, including prohibitions on U.S. persons engaging in financial transactions relating to, making investments in, or providing investment-related advice or assistance to, a sanctioned country; and (2) blocking assets in which certain sanctioned foreign governments, entities or individuals have an interest, by prohibiting transfers of property subject to U.S. jurisdiction, including property in the possession or control of U.S. persons. The federal banking agencies routinely examine banks for compliance with the Bank Secrecy Act and its implementing regulations and U.S. economic sanctions. If a federal banking agency determines that our or the Bank’s AML/CFT compliance program are ineffective, we could be subject to liability, including civil money penalties and regulatory restrictions, such as limitations on our ability to pay dividends, requirements to obtain regulatory approval before proceeding with certain aspects of our business plan and restrictions on our growth and assets. Noncompliance with the Bank Secrecy Act and its implementing regulations could also cause a federal banking agency to prohibit us from closing a transaction to acquire another bank or to prohibit such a transaction even if formal approval is not required. Failure to maintain and implement effective AML/CFT and sanctions compliance programs could also have serious reputational consequences for us.

We are subject to numerous laws designed to protect consumers, including the Community Reinvestment Act and fair lending laws, and failure to comply with these laws could lead to material penalties and other sanctions.

The CRA, Equal Credit Opportunity Act, Fair Housing Act, and other fair lending laws and regulations impose nondiscriminatory lending requirements on financial institutions. The U.S. Department of Justice and other federal agencies are responsible for enforcing these laws and regulations. A successful regulatory challenge to an institution’s performance under the CRA or fair lending laws and regulations could result in a wide variety of sanctions, including damages and civil money penalties, injunctive relief, restrictions on mergers and acquisitions activity, restrictions on expansion, and restrictions on entering new business lines. Private parties may also have the ability to challenge an institution’s performance under fair lending laws in private class action litigation. Such actions could have a material adverse effect on our business, financial condition, results of operations, and future prospects.

The Federal Reserve may require us to commit capital resources to support the Bank.

Applicable law and the Federal Reserve require a bank holding company to act as a source of financial and managerial strength to a subsidiary bank and to commit resources to support such subsidiary bank. Under the “source of strength” doctrine, the Federal Reserve may require a bank holding company to make capital injections into a troubled subsidiary bank and may charge the bank holding company with engaging in unsafe and unsound practices for failure to commit resources to such a subsidiary bank. Under these requirements, in the future, we could be required to provide financial assistance to our Bank if the Bank experiences financial distress.

A capital injection may be required at times when we do not have the resources to provide it, and therefore we may be required to borrow the funds. In the event of a bank holding company’s bankruptcy, the bankruptcy trustee will assume any commitment by the holding company to a federal bank regulatory agency to maintain the capital of a subsidiary bank. Moreover, bankruptcy law provides that claims based on any such commitment will be entitled to a priority of

Table of Contents

payment over the claims of the holding company’s general unsecured creditors, including the holders of its note obligations. Thus, any borrowing that must be done by the holding company in order to make the required capital injection becomes more difficult and expensive and will adversely impact the holding company’s cash flows, financial condition, results of operations and prospects.

Risks Related to Our Securities

Our ability to pay dividends is limited, and we may be unable to pay dividends in the future.

Our ability to pay dividends is limited by regulatory restrictions and the need to maintain sufficient consolidated capital. In addition, the Company is a financial holding company that conducts substantially all of its operations through the Bank and other subsidiaries. As a result, the Company relies on dividends from its subsidiaries, particularly the Bank, for substantially all of its revenues. The ability of the Bank to pay dividends to us is limited by its obligations to maintain sufficient capital and by other general restrictions on its dividends that are applicable to state member banks that are regulated by the Federal Reserve and the Bureau of Financial Institutions, a division of the Virginia State Corporation Commission. For information on these regulatory restrictions on the right of the Bank to pay dividends to us and on the right of the Company to pay dividends to its shareholders, see Part I—Item 1—“Supervision and Regulation—Limits on Dividend and Other Payments.” If we do not satisfy these regulatory requirements, or if the Bank does not have sufficient earnings to make payments to us while maintaining adequate capital levels, we will be unable to pay dividends on our common stock or depositary shares, which represent a fractional interest in the Company’s Series A preferred stock, and may be unable to service debt or pay obligations, causing our business, financial condition and results of operations to be materially adversely affected.

Any declaration and payment of dividends on our common stock will depend upon our earnings and financial condition, liquidity and capital requirements, the general economic and regulatory climate, our ability to service any equity or debt obligations senior to the common stock, including our depositary shares, and other factors deemed relevant by the board of directors. Furthermore, consistent with our business plans, growth initiatives, capital availability, projected liquidity needs, and other factors, we have made, and will continue to make, capital management decisions and policies that could adversely impact the amount of dividends, if any, paid to our shareholders. Although we currently expect to continue to pay quarterly dividends, any future determination relating to our dividend policy will be made by our board of directors and will depend on a number of factors.

The trading volumes in our common stock may not provide adequate liquidity for investors.

Shares of our common stock are listed on the NYSE; however, the average trading volume is less than that of other larger financial institutions. A public trading market having the desired characteristics of depth, liquidity and orderliness depends on the presence in the marketplace of a sufficient number of willing buyers and sellers of our common stock at any given time. This presence depends on the individual decisions of investors and general economic and market conditions over which we have no control. Given these factors, a shareholder may have difficulty selling shares of our common stock at an attractive price (or at all). Additionally, shareholders may not be able to sell a substantial number of our common stock shares for the same price at which shareholders could sell a smaller number of shares. Additionally, shareholders may not be able to sell a substantial number of 45 Table of Contentsour common stock shares for the same price at which shareholders could sell a smaller number of shares. Given the current daily average trading volume of our common stock, significant sales of our common stock in a brief period of time, or the expectation of these sales, could cause a significant decline in the price of our common stock.

Future capital needs could result in shareholder dilution and may adversely affect the market price of our common stock and preferred stock (or depositary shares representing a fractional interest in our preferred stock).

We are generally not restricted from issuing additional shares of our common stock or preferred stock up to the number of shares authorized in our articles of incorporation. We may issue additional shares of our common stock, preferred stock (or depositary shares representing a fractional interest in our preferred stock), or securities convertible into common stock, in the future for a number of reasons, including to finance our operations and business strategy (including mergers and acquisitions), to adjust our ratio of debt to equity, to address regulatory capital concerns, or to satisfy our obligations upon the exercise of outstanding stock awards. If we choose to raise capital by selling shares of our common stock, preferred stock (or depositary shares representing a fractional interest in our preferred stock) or securities convertible into common stock for any reason, the issuance would have a dilutive effect on the holders of our

Table of Contents

common stock, preferred stock (or depositary shares representing a fractional interest in our preferred stock) and could have a material negative effect on the market price of such securities and could be dilutive to shareholders.

Holders of our indebtedness and of depositary shares related to our Series A preferred stock have rights that are senior to those of our common shareholders.

​

At December 31, 2025, we had outstanding subordinated notes, trust preferred securities and accompanying subordinated debentures and preferred stock totaling $772.0 million. Payments of the principal and interest on the subordinated notes and the subordinated debentures accompanying the trust preferred securities and dividends on the preferred stock are senior to payments with respect to shares of our common stock. We also conditionally guarantee payments of the principal and interest on the trust preferred securities. As a result, we must make payments on these debt instruments (including the related trust preferred securities) and preferred shares before any dividends can be paid on our common stock and, in the event of bankruptcy, dissolution or liquidation, the holders of the debt and preferred shares must be satisfied before any distributions can be made on our common stock. We have the right to defer distributions on the subordinated debentures related to the trust preferred securities (and the related guarantee of payments on the trust preferred securities) for up to five years, during which time no dividends may be paid on our common stock. If our financial condition deteriorates or if we do not receive required regulatory approvals, we may be required to defer distributions on the subordinated debentures related to the trust preferred securities (and the related guarantee of payments on the trust preferred securities).

We may from time to time issue or acquire additional senior or subordinated indebtedness or preferred stock that would have to be repaid before our shareholders would be entitled to receive any of our assets.

Our governing documents and the provisions of Virginia law to which we are subject contain certain provisions that could have an anti-takeover effect and may delay, make more difficult or prevent an attempted acquisition of the Company that you may favor.

Our articles of incorporation and bylaws and the Virginia Stock Corporation Act contain certain provisions designed to enhance the ability of our board of directors to respond to attempts to acquire control of the Company. These provisions and the ability to set the voting rights, preferences, and other terms of any series of preferred stock that may be issued, may be deemed to have an anti-takeover effect and may discourage takeovers (which certain shareholders may deem to be in their best interest). To the extent that such takeover attempts are discouraged, temporary fluctuations in the market price of our common stock resulting from actual or rumored takeover attempts may be inhibited. These provisions also could discourage or make more difficult a merger, tender offer, or proxy contest, even though you may favor such transactions, and could potentially adversely affect the market price of our common stock.

Our stock price may be volatile, which could result in losses to our investors and litigation against us.

​

Stock price volatility may make it more difficult for you to resell your common stock or depositary shares when you want and at prices you find attractive. Our stock price can fluctuate significantly in response to a variety of factors, some of which are unrelated to our financial performance, including, among other things:

Table of Contents

​

General market fluctuations, including real or anticipated changes in the strength of the local economy; industry factors and general economic and political conditions and events, such as economic slowdowns or recessions; interest rate changes, oil price volatility or credit loss trends could also cause our stock price to decrease regardless of our operating results.

Moreover, in the past, securities class action lawsuits have been instituted against some companies following periods of volatility in the market price of its securities. We could in the future be the target of similar litigation. Securities litigation could result in substantial costs and divert management’s attention and resources from our normal business.

General Risk Factors

Our ability to maintain our reputation is critical to the success of our business, and the failure to do so may materially adversely affect our performance.

Our reputation is critical to the success of our business. As such, we strive to conduct our business in a manner that enhances our reputation. We do this, in part, by recruiting, hiring and retaining employees who share our core values of being an integral part of the communities we serve; delivering superior service to our customers; and caring about our customers and employees. Damage to our reputation could undermine the confidence of our current and potential customers in our ability to provide financial services. Such damage could also impair the confidence of our counterparties and business partners and ultimately affect our ability to effect transactions. Maintenance of our reputation depends not only on our success in maintaining our core values and controlling and mitigating the various risks described herein, but also on our success in identifying and appropriately addressing issues that may arise in areas such as potential conflicts of interest, anti-money laundering, client personal information and privacy issues, record-keeping, regulatory investigations and any litigation that may arise from the failure or perceived failure of us to comply with legal and regulatory requirements. Additionally, whereas negative publicity once was driven primarily by adverse news coverage in traditional media, the widespread use of social media platforms by us, our employees, third parties, and others, facilitates the rapid dissemination of information or misinformation, which may increase the risk of negative publicity and potential harm to our reputation. If our reputation is negatively affected, by the actions of our employees or otherwise, our business and, therefore, our operating results may be materially adversely affected. Further, negative public opinion can expose us to litigation and regulatory action as we seek to implement our growth strategy, which could adversely affect our business, financial condition and results of operations. Further, negative public opinion can expose us to litigation and regulatory action as we seek to implement our growth strategy, which could adversely affect our business, financial condition and results of operations.

Changes in accounting standards could impact reported earnings.

The authorities that promulgate accounting standards, including the FASB, SEC, and other regulatory authorities, periodically change the financial accounting and reporting standards that govern the preparation of our consolidated financial statements. These changes are difficult to predict and can materially impact how we record and report our financial condition and results of operations. In some cases, we could be required to apply a new or revised standard retrospectively to financial statements for prior periods. Such changes could also require us to incur additional personnel or technology costs.

We are subject to physical and financial risks associated with climate change and other weather and natural disaster impacts.

​

We are subject to the risk of climate change. Among the risks associated with climate change are more frequent severe weather events. Severe weather events such as hurricanes, tropical storms, tornados, winter storms, flooding, and other large-scale weather catastrophes in our markets subject us to significant risks and more frequent severe weather events magnify those risks. Severe weather events such as hurricanes, tropical storms, tornados, winter storms, freezes, flooding and other large-scale weather catastrophes in our markets subject us to significant risks and more frequent severe weather events magnify those risks. Large-scale weather catastrophes or other significant climate change effects that either damage or destroy residential or multifamily real estate underlying mortgage loans or real estate collateral, could decrease the value of our real estate collateral or increase our delinquency rates in the affected areas and thus diminish the value of our loan portfolio. In addition, the effects of climate change may have a significant effect on our geographic markets and could disrupt our operations or the operations of our customers, third party service providers, or supply chains more generally. Those disruptions could result in declines in economic conditions in our geographic markets or industries in which our borrowers operate and impact their ability to repay loans or maintain deposits. Climate change could also impact our assets or employees directly or lead to changes in customer preferences that could negatively affect our growth or business strategies. In addition, our reputation and customer relationships could be damaged due to our practices related

Table of Contents

to climate change, including our or our customers’ involvement in certain industries or projects. In recent years, the federal banking regulators have focused on the physical and financial risks to financial institutions associated with climate change, although, expectations with respect to these matters has been changing, and it is difficult to predict changes in priorities and requirements with respect to these matters, including any changes in compliance costs relating to such changes. In recent years, the federal banking regulators have focused on the physical and financial risks to financial institutions associated with climate change, which may result in increased requirements regarding the disclosure and management of climate risks and related lending activities, as well as increased compliance costs, although some initial indications from the Trump administration are that this focus may begin to decline.

We are subject to environmental, social and governance, or ESG, risks that could adversely affect our reputation, the trading price of our common stock and/or our business, operations, and earnings.

We have multiple stakeholders, among them shareholders, customers, employees, federal and state regulatory authorities, and political entities.49 Table of ContentsWe have multiple stakeholders, among them shareholders, customers, employees, federal and state regulatory authorities, and political entities. Often those stakeholders have differing, and sometimes conflicting, priorities and expectations regarding ESG issues. In addition, certain federal and state laws and regulations related to ESG issues may include provisions that conflict with other laws and regulations, which may increase our costs or limit our ability to conduct business in certain jurisdictions. Specifically, changing views against certain ESG and corporate diversity, equity and inclusion matters has gained momentum across the United States at national, state and local levels, which are referred to by some as “anti-ESG” efforts. Several states have proposed or enacted anti-ESG policies, legislation and initiatives, which may conflict with other regulatory requirements or our various stakeholders’ expectations. For example, there is an increasing number of state-level anti-ESG initiatives in the US that may conflict with other regulatory requirements or our various stakeholders’ expectations. Corporate ESG practices also have come under increasing scrutiny, including with the issuance of executive orders regarding certain ESG policies and practices in the private sector. Such divergent, sometimes conflicting views on ESG-related matters increase the risk that any action or lack thereof by us on such matters will be perceived negatively by some stakeholders. Such divergent, sometimes conflicting views on ESG-related matters increase the risk that any action or lack thereof by us on such matters will be perceived negatively by some stakeholders. Failing to comply with legal or regulatory requirements or expectations and standards from investors, customers, regulators, policymakers and other stakeholders regarding ESG-related issues, or taking action in conflict with one or another of those stakeholder’s expectations, could also lead to loss of business, adverse publicity, an adverse impact on our reputation, customer complaints, or public protests, as well as governmental enforcement or private litigation.

Any adverse publicity or adverse impact on our reputation in connection with ESG, any shifts in investing priorities among investors, or any loss of business resulting from any of the foregoing, may result in adverse effects on the trading price of our common stock and/or our business, operations and earnings.

ITEM 1B. UNRESOLVED STAFF COMMENTS.

We have no unresolved staff comments to report.

Table of Contents

Table of Contents

Table of Contents