$FCNCA Risk Factor changes from 00/02/24/23/2023 to 00/02/21/25/2025

Item 1A. Risk Factors. As a financial services organization, certain elements of risk are inherent in our transactions and operations and are present in the business decisions we make. We encounter risks as part of the normal course of our business, and our success is dependent on our ability to identify, understand and manage the risks presented by our business activities. We categorize risks in this Item 1A. Risk Factors into the following areas, and the principal risks and uncertainties that management believes make an investment in us speculative or risky are summarized within their respective areas:•Strategic Risks: The risk to our current and projected financial condition arising from adverse business decisions, poor implementation, or lack of responsiveness to changes in the industry and operating environment.▪We encounter significant competition that may reduce our market share and profitability and our financial performance depends upon our ability to attract and retain customers for our products and services, which may be adversely impacted by weakened consumer or business confidence and by any inability on our part to predict and satisfy customers’ needs and demands. ▪We face significant operational risks in our businesses and may fail to maintain appropriate operational infrastructure and oversight.▪We depend on the effectiveness and integrity of employees, and the systems and controls for which they are responsible, to manage operational risks. ▪If we fail to effectively manage credit risk, our business and financial condition will suffer.▪Our allowance for credit losses may prove to be insufficient to absorb losses in our credit portfolios.•Market Risks: The risks to our financial condition resulting from adverse movements in domestic and international macroeconomic and political conditions, as well as economic output levels, interest and inflation rates, employment levels, prices of commodities, consumer confidence levels, and changes in consumer spending, international trade policy, and fiscal and monetary policy.20•Liquidity Risks: The risks that we will be unable to meet our obligations as they come due because of an inability to (i) liquidate assets or obtain adequate funding, or (ii) unwind or offset specific exposures without significantly lowering market prices because of inadequate market depth or market disruptions, or that we will not meet the liquidity management requirements applicable to us as a Category IV banking organization, subject to the applicable transition periods.▪We are subject to enhanced liquidity risk management requirements as a Category IV banking organization, and failure to meet these requirements could result in regulatory and compliance risks, and possible restrictions on our activities.•Capital Adequacy Risks: The risks that our capital levels become inadequate to preserve our safety and soundness, support our ongoing business operations and strategies and provide us with support against unexpected or sudden changes in the business/economic environment, or that we will not meet the capital adequacy requirements applicable to us as a Category IV banking organization, subject to the applicable transition periods.▪Our ability to grow is contingent upon access to capital, which may not be readily available to us.▪If we fail to meet regulatory guidelines, including enhanced capital adequacy, liquidity, stress testing, and capital planning requirements, or are subject to certain other legal limitations, our financial condition and ability to pay dividends or make other payments could be adversely affected.▪Increases to our level of indebtedness could adversely affect our ability to raise additional capital and to meet our obligations.•Compliance Risks: The risks of loss or reputational harm to us resulting from regulatory sanctions, fines, penalties or losses due to our failure to comply with laws, rules, regulations or other supervisory requirements applicable to us.▪We operate in a highly regulated industry, and the laws and regulations that govern our operations, taxes, corporate governance, executive compensation and financial accounting and reporting, including changes in them or our failure to comply with them, may adversely affect us.▪Information security and data privacy are areas of heightened legislative and regulatory focus.•Asset Risks: The risks that the value of our long-lived assets will be lower than expected, resulting in reduced income over the remaining life of the asset or a lower sale value.▪We may not be able to realize our entire investment in the equipment that we lease to our customers.•Financial Reporting Risks: The risks that our financial information is reported incorrectly or incompletely, including through the improper application of accounting standards or other errors or omissions.▪Accounting standards may change and increase our operating costs or otherwise adversely affect our results.▪Our accounting policies and processes are critical to the reporting of our financial condition and results of operations. They require management to make estimates about matters that are uncertain, and such estimates may be materially different from actual results.The risks and uncertainties that management believes are material to an investment in us are described below. Additional risks and uncertainties that are not currently known to management or that management does not currently deem material could also have a material adverse impact on our financial condition, the results of our operations or our business. If such risks and uncertainties were to materialize or the likelihoods of the risks were to increase, we could be adversely affected, and the market price of our securities could significantly decline. The below risk factors should be read in conjunction with the information under “Regulatory Considerations” in Item 1. Business, as well as Item 7. Financial Statements and Supplementary Data.We plan to continue to grow our business organically. However, we have pursued and expect to continue to pursue acquisition opportunities that we believe support our business strategies and may enhance our profitability. Further, changes in policies focused on bank acquisitions may interfere or impede future acquisition opportunities. The FDIC and DOJ recently revised their bank merger review standards. These agency actions have significantly modified the existing regulatory framework for bank merger transactions such that future proposed bank merger transactions by us may be subject to heightened regulatory scrutiny. Refer to Item 1. Business—Regulatory Considerations—Limitations on Mergers & Acquisitions for additional discussion on these developments. Early indications suggest that the Trump administration will encourage the agencies to return to a less restrictive approach to bank merger reviews, including possible rescission or modification of the recent pronouncements described above. In addition, we may fail to realize the anticipated benefits of our previous acquisitions and fully integrating our prior acquisitions may be more difficult, costly or time-consuming than expected. Acquisitions of financial institutions, assets of financial institutions or other operating entities involve operational risks and uncertainties, including but not limited to:•difficulties, inefficiencies, or cost overruns associated with the integration of operations, personnel, technologies, services, and products of acquired companies with ours; •inability to realize the expected revenue increases, cost savings, increases in geographic or product presence, and/or other projected benefits; •potential disruption to our business; and •the possible loss of key executive officers, employees and customers. Failure to efficiently integrate any acquired entities or assets into our existing operations could significantly increase our operating costs and consequently have material adverse effects on our financial condition and results of operations.In the past, we have acquired, and may in the future continue to acquire, certain assets and assume certain liabilities of failed banks in FDIC-assisted transactions. FDIC-assisted transactions, such as the SVBB Acquisition, present unique risks because of the limited due diligence, expedited timelines, minimal negotiation of terms required by the FDIC and the limited availability of audited financial statements of the assets acquired and liabilities assumed. To mitigate certain of those risks, including credit risks of acquired loans, FDIC-assisted transactions typically provide for FDIC assistance, including potential loss-sharing. For example, in connection with the SVBB Acquisition, FCB entered into a commercial shared loss agreement with the FDIC. Although loss sharing agreements reduce the credit risks of, and capital required for, FDIC-assisted transactions, these transactions often require additional resources and time to service acquired problem loans, costs related to integration of personnel and operating systems, and the establishment of processes and internal controls to service acquired assets in accordance with applicable FDIC standards. If the covered loans are not managed in accordance with the commercial shared loss agreement, the FDIC has the right to refuse or delay payment for loan losses. Losses we experience on the assets acquired in the SVBB Acquisition that are not covered under the commercial shared loss agreement could have an adverse effect on our business, financial condition, results of operations and prospects. Further, legacy Silicon Valley Bank loans were concentrated within certain industries, including technology, life science and healthcare, and with private equity and venture capital clients. Our future success depends, in part, upon the continued ability to manage this expanded business while strengthening our reputation among the venture capital and private equity communities, and other participants in the industries that legacy Silicon Valley Bank served, which poses challenges for management, including challenges related to the management and monitoring of new and expanded operations and associated increased costs and complexity.We encounter significant competition that may reduce our market share and profitability and our financial performance depends upon our ability to attract and retain customers for our products and services, which may be adversely impacted by weakened consumer or business confidence and by any inability on our part to predict and satisfy customers’ needs and demands.Our profitability depends on our ability to compete successfully. We operate in a highly competitive industry, and we expect competition to intensify. We compete with other banks and specialized financial services providers in our market areas for customers, sources of revenue, capital, services, qualified employees and other essential business resources. Some of our non-bank competitors operate in less stringent regulatory environments, and certain competitors are not subject to federal or state income taxes. The fierce competitive pressures that we face adversely affect pricing and other terms for many of our products and services, and we could lose business to competitors or be forced to price products and services on less advantageous terms to retain or attract clients, either of which would adversely affect our profitability.We also compete with banks and other financial services companies for deposits. If competitors raise the rates they pay on deposits, our funding costs may increase, either because we raise rates to avoid losing deposits or because we lose deposits and must rely on more expensive sources of funding. In addition, checking and savings account balances and other forms of customer deposits may decrease when customers perceive alternative investments, such as the stock market, as providing a better risk/return trade-off. Our bank customers could take their money out of FCB and put it in alternative investments, causing us to lose a lower-cost source of funding.Additionally, technology and other changes are allowing parties to complete financial transactions that historically have involved banks through alternative methods without involving banks. For example, consumers can now maintain funds that would have historically been held as bank deposits in brokerage accounts, mutual funds or virtual accounts. Consumers can also complete transactions, such as paying bills or transferring funds directly without the assistance of banks. Transactions utilizing digital assets, including cryptocurrencies, stablecoins and other similar assets, have increased substantially. Certain characteristics of digital asset transactions, such as the speed with which such transactions can be conducted, the ability to transact without the involvement of regulated intermediaries, the ability to engage in transactions across multiple jurisdictions, and the anonymous nature of the transactions, are appealing to certain consumers. A recent Executive Order issued by President Trump states that the policy of the Administration will be to support the responsible growth of digital assets, blockchain technology and related technologies across the U.S. economy. The Executive Order includes a prohibition on the creation of a central bank digital currency and states a policy of promoting the development of dollar denominated stablecoins. Further, new leadership of the SEC and FDIC has indicated that each agency will pursue initiatives to promote innovation and technology adoption by institutions under their supervision, including by establishing a more transparent supervisory framework for digital assets and digital asset-related activities. Further, the CFPB’s Open Banking rule is designed to facilitate the transfer of customer information at the direction of the customer to other financial institutions as further detailed in Item 1. Business—Regulatory Considerations—Privacy, Data Protection, and Cybersecurity, which could lead to greater competition for products and services among banks and nonbanks. A fragile, weakening or changing economy, or ambiguity surrounding the economic future, may lessen the demand for our products and services. Our performance may also be negatively impacted if we fail to attract and retain customers because we are not able to successfully anticipate, develop and market products and services that satisfy market demands. Such events could impact our performance through fewer loans, reduced fee income and fewer deposits, each of which could result in reduced net income. Certain provisions in our Certificate of Incorporation, Bylaws and certain statutes and regulations may make it more difficult for a third party to change our management or acquire control of us, even if stockholders might consider the change in management or change in control to be in their best interests.We are a BHC incorporated in the state of Delaware. Certain anti-takeover provisions under Delaware law and certain provisions contained in our Amended and Restated Certificate of Incorporation (our “Certificate of Incorporation) and Amended and Restated Bylaws (our “Bylaws”) could delay or prevent the removal of our directors and other management. As of December 31, 2024, approximately 60% of the outstanding shares of Class B common stock and approximately 20% of the outstanding Class A common stock may be deemed to be beneficially owned or controlled by the Holding family members expected to be identified in the 2025 Proxy Statement as principal stockholders of ours. These provisions, as well as certain statutes and regulations as discussed in Item 1. Business—Regulatory Considerations—Limitations on Mergers & Acquisitions or otherwise, may discourage bids for our common stock at a premium over market price, adversely affecting the price that could be received by our stockholders for our common stock and render the removal of our board of directors and management more difficult. Additionally, the fact that the Holding family members expected to be identified in the 2025 Proxy Statement as principal stockholders of ours as of December 31, 2024 may be deemed to beneficially own or control shares representing over 40% of the voting power of our common stock and, together with other Holding family members and entities related to them, may be deemed to beneficially own or control shares in excess of 50% of our voting power of our common stock, may discourage potential takeover attempts and bids for our common stock at a premium over market price. This could limit our stockholders’ ability to obtain a favorable judicial forum for disputes with us or our directors, officers, or employees or stockholders.These choice of forum provisions may limit a stockholder’s ability to bring a claim in a judicial forum of its choosing for disputes with us or our directors, officers or other employees or agents, which may discourage lawsuits against us and our directors, officers and other employees or agents. 24There is some uncertainty as to whether a court would enforce our exclusive forum provisions. Even if we are successful in defending against these claims, litigation could result in substantial costs and be a distraction to management and other employees.The Parent Company relies on dividends from FCB for returning capital to stockholders, paying dividends on its common and preferred stock and servicing its debt obligations, and FCB’s ability to pay the Parent Company dividends may be restricted.The Parent Company is a separate legal entity from FCB, but the Parent Company derives most of its revenue and cash flow from dividends paid by FCB. These dividends are the primary source from which the Parent Company returns capital to stockholders, whether through the payment of dividends on its common and preferred stock or the repurchase of shares pursuant to a share repurchase program (“SRP”). In addition, these dividends are the primary source for paying interest and principal on its debt obligations. Refer to Item 1. Business—Regulatory Considerations—Limitations on Dividends and Other Payments for additional information. Among other things, we are required to submit an annual capital plan to the Federal Reserve that includes any planned dividends or equity repurchases over a set planning horizon. The Federal Reserve could prohibit or limit the Parent Company’s payment of dividends, redemptions, or stock repurchases if it determines that payment of the dividend or such equity repurchase would constitute an unsafe or unsound practice.The financial services industry is continually undergoing rapid technological change with frequent introduction of new technology-related products and services. The effective use of technology increases efficiency and enables financial institutions to better serve customers and to reduce costs. The rapid growth of new digital technologies related to the digitization of banking services and capabilities, including through internet services, smart phones and other mobile devices, requires us to continuously evaluate our product and service offerings to ensure they remain competitive. These trends were accelerated by more employees that work-from-home, which has increased demand for mobile banking solutions. Our success depends in part on our ability to adapt and deliver our products and services in a manner responsive to evolving industry standards and consumer preferences. New technologies by banks and non-bank service providers may create risks if our products and services are no longer competitive with then-current standards, and could negatively affect our ability to attract or maintain a loyal customer base. In addition, our utilization of new technologies may also create risks that our customers may not be ready for or may not adopt such technologies. We are subject to reputational risks that could harm our business and prospects. If we were subject to reputational harm, it could have a material adverse impact on our business, financial condition and results of operations.Maintaining our reputation is important to our business and our brand.

We are subject to reputational risks that could harm our business and prospects and arise from numerous sources, including those discussed further in this Annual Report on Form 10-K. Sources of reputational risks have included and may in the future include, among others, cyberattacks, legal claims and regulatory action, fraudulent activities aimed at us or parties with whom we do business, inaccurate or incomplete data, insufficient operational infrastructure or oversight, employee misconduct, non-compliance with applicable law or regulatory policies by us or parties with whom we do business, any inability to provide reliable financial reports or maintain effective internal controls, failure of our environmental, social and governance (“ESG”) practices to meet investor or stakeholder expectations, or public perceptions of our business practices, including our deposit pricing and acquisition activity.Our reputation may also be damaged by adverse publicity or negative information regarding us, whether or not true, that may be published or broadcast by the media or posted on social media, non-mainstream news services or other parts of the internet. This risk can be magnified by the speed and pervasiveness with which information is disseminated through those channels. Because we conduct most of our businesses under the “First Citizens” brand, negative public opinion about one business could affect our other businesses.25Reputational harm may lead to, among other things, a decline in our deposit balances and an increased risk that we become subject to litigation and regulatory action.Safely conducting and growing our business requires that we create and maintain an appropriate operational and organizational control infrastructure. In addition, our railcars are used to transport a variety of products including, but not limited to, cement, energy products, chemicals and coal. An accidental derailment of these railcars could result in personal injury and property damage, which could be significant, as well as potential environmental remediation and restoration obligations and penalties. Failure to maintain appropriate operational infrastructure and oversight or to safely operate our business can lead to loss of service to customers, reputational harm, legal actions and noncompliance with various laws and regulations, all of which could have a material adverse impact on our business, financial condition and results of operations. A cyberattack, information or security breach, or a technology outage of ours or of a third-party could adversely affect our ability to conduct our business, manage our exposure to risk, result in the disclosure or misuse of confidential customer or employee data or proprietary information, and increase our costs to maintain and update our operational and security systems and infrastructure. Our businesses are highly dependent on the security and efficacy of our infrastructure, computer and data management systems, as well as those of third parties with whom we interact or on whom we rely. Our businesses rely on the secure processing, transmission, storage and retrieval of confidential, proprietary and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks, which may provide a point of entry for adverse effects on our own network environment. We, as well as our customers, regulators, third-party service providers, and other third parties with whom we do business, have been subject to, and are likely to continue to be the target of, cyberattacks. We could continue to experience cyberattacks, and we acknowledge that we cannot implement guaranteed preventive measures against all security threats. Additionally, a security breach may be difficult to detect, even after it occurs, which may compound the issue related to such breach.Continued geopolitical and geographical turmoil, including the ongoing conflicts in Ukraine and the Middle East, as well as increasing tensions in the South China Sea, has heightened the risk of cyberattacks and has created new risks for cybersecurity.S. In addition, the U.S. government has warned that Iran may pose an increased cyber threat to U.S. critical infrastructure, such as the financial services sector, as the conflicts in the Middle East continue. The impact of the conflict and retaliatory measures is continually evolving and cannot be predicted with certainty. FCB has a higher risk of being impacted by geopolitical events due to FCB’s expanded geographic footprint and increased prominence. Our Enterprise Cyber Security Office (“ECSO”) continues in its efforts to closely monitor changes in the threat landscape. 26Cybersecurity risks for large banking institutions, such as FCB, have significantly increased in recent years in part because of the proliferation of new technologies, including generative AI, the use of the internet and mobile banking to conduct financial transactions, and the increased sophistication of criminal activities. In March 2024, the U.S. Treasury cautioned financial institutions with respect to AI vulnerabilities and threat-actor capabilities, and in September 2024, the DOJ updated guidance to prosecutors in their investigations of corporations, including an expectation of corporations having conducted risk assessments regarding use of new technologies like AI. Refer to Item 1. Business—Regulatory Considerations—Artificial Intelligence for additional information. Cyberattacks involving LFIs, including distributed denial of service attacks designed to disrupt external customer-facing services, nation state cyberattacks and ransomware attacks designed to deny organizations access to key internal resources or systems or other critical data, as well as targeted social engineering and phishing email and text message attacks designed to allow unauthorized persons to obtain access to an institution’s information systems and data or that of its customers, are becoming more common and increasingly sophisticated. In particular, there has been an observed increase in the number of distributed denial of service attacks against the financial sector in recent years, which increase is believed to be partially attributable to politically motivated attacks as well as financial demands coupled with extortion. Even the most advanced control environment may be vulnerable to compromise given the possibility of employee error, failures to follow security procedures or malfeasance. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our layers of defense or to investigate and remediate any information security vulnerabilities. Furthermore, past and future business transactions (such as acquisitions or integrations) could expose us to additional cybersecurity risks and vulnerabilities, as our systems could be negatively affected by vulnerabilities present in acquired or integrated entities’ systems and technologies. Any third-party technology failure, cyberattack or other information or security breach, termination or constraint could, among other things, adversely affect our ability to effect transactions, service our customers, manage our exposure to risk or expand our businesses. Cyberattacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. In addition, such penetration or circumvention could result in a violation of applicable data privacy and protection laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs and additional compliance costs. The consequences and results of any such penetration or circumvention could adversely impact our results of operations, liquidity and financial condition. Additionally, insurance coverage may not be available for such losses or, where available, such losses may exceed insurance limits.We depend on the effectiveness and integrity of employees, and the systems and controls for which they are responsible, to manage operational risks.We rely on our employees to design, manage and operate our systems and controls to assure that we properly enter into, record and manage processes, transactions and other relationships with customers, suppliers and other parties with whom we do business. In some cases, we may rely on employees of third parties to perform these tasks. We also depend on employees and the systems and controls for which they are responsible to assure that we identify and mitigate the risks that are inherent in our business, relationships and activities, including compliance, risk management and fraud prevention. 27As a result of our necessary reliance on employees, whether ours or those of third parties, to perform these tasks and manage resulting risks, we are subject to human vulnerabilities. These may range from innocent human error to misconduct or malfeasance, potentially leading to operational breakdowns or other failures. Our controls and procedures may not be adequate to prevent problems resulting from human involvement in our business, including risks of employee misconduct or malfeasance as well as risk associated with the design, operation and monitoring of systems and controls, whether manual or automated. We may also fail to adequately maintain a culture of risk management among our employees. These concerns are increased when we introduce new products or services, acquire or invest in a business or implement new technologies, or change systems, processes or procedures (including in connection with strategic efforts to streamline the information technology operating environment and improve data infrastructure), as we may fail to adequately identify or manage operational risks resulting from such changes. These concerns may be further exacerbated by employee turnover and labor shortages. In addition, while we use automation in design of manual systems and controls to help reduce some risks, we continue to rely on many manual systems and controls. Use of automation also may present its own risks, including potential outages or other problems, and does not eliminate the need for effective design, operation and remediation by employees. The outcomes of such cases are always uncertain until finally adjudicated or resolved.In the course of our business, we may foreclose on and take title to real estate that contains or was used in the manufacture or processing of hazardous materials or that is subject to other environmental risks. In addition, we may lease equipment to our customers that is used to mine, develop, and process hazardous materials, and our railcars may be used to transport hazardous materials. As a result, we could be subject to environmental liabilities or claims for negligence, property damage or personal injury with respect to these properties or equipment. We may be held liable to a governmental entity or to third parties for property damage, personal injury, investigation and clean-up costs incurred by these parties in connection with environmental contamination, accidents or other hazardous risks, or may be required to investigate or clean up hazardous or toxic substances or chemical releases at a property. The costs associated with investigation or remediation activities could be substantial. In addition, if we are the owner or former owner of a contaminated site or equipment involved in a hazardous incident, we may be subject to common law claims by third parties based on damages and costs resulting from environmental contamination, property damage, personal injury or other hazardous risks emanating from the property or related to the equipment.We establish reserves for legal claims when payments associated with the claims become probable and our liability can be reasonably estimated. We may still incur legal costs for a matter even if we have not established a reserve. In addition, the actual amount paid in resolution of a legal claim may be substantially higher than any amounts reserved for the matter. The ultimate resolution of a legal proceeding, depending on the remedy sought and any relief granted, could materially adversely affect our results of operations and financial condition.Substantial legal claims or significant regulatory action against us or that involve matters for which we have indemnification obligations or other retained liabilities could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. We may be exposed to substantial uninsured legal liabilities and regulatory actions which could adversely affect our results of operations and financial condition. Financial Statements and Supplementary Data, Note 23—Commitments and Contingencies.28We depend on qualified personnel for our success and may not be able to retain or attract such personnel.As a human capital-intensive business, our success largely depends on our ability to attract, develop, and retain highly skilled and qualified executive officers and management, financial, compliance, technical, operations, risk management, sales, and support employees. Attracting and retaining key talent is of heightened importance due to the significant expansion of the size, geographic reach and operational scope of our business that occurred in connection with the CIT Merger and SVBB Acquisition. We face significant competition in the recruitment of qualified executive officers and employees. We may also be limited by other factors in our ability to retain executive officers and employees, which may result in, among other things, departures following or in connection with our mergers and acquisition activity. However, implementation could be incomplete or ineffective. In order to be successful in developing and retaining current executive officers and other key personnel we recognize that it is important to execute on our talent management and succession planning process to maintain personnel to support current operations, as well as retain talent to continue to execute growth, expansion and acquisition strategies.Our compensation practices are subject to review and oversight by the Federal Reserve, the FDIC and other regulators. The federal banking agencies have issued joint guidance on executive compensation designed to help ensure that a banking organization’s incentive compensation policies do not encourage imprudent risk taking and are consistent with the safety and soundness of the organization. We have also adopted a clawback policy applicable to certain incentive compensation received by our executive officers as required by SEC rules and Nasdaq listing standards. Refer to Item 1. Business—Regulatory Considerations—Compensation for additional information.We are exposed to losses related to fraud.29Our business and financial performance could be impacted by natural or man-made disasters, global pandemics, acts of war or terrorist activities, climate change or other adverse external events. We could also suffer adverse results to the extent that disasters, wars, terrorist activities, riots or civil unrest affect the broader markets or economy or our operations specifically. Our ability to minimize the consequences of such events is in significant measure reliant on the quality of our disaster recovery planning and our ability, if any, to forecast the events, and such quality and ability may be inadequate. Refer to Item 1. Business—Regulatory Considerations—Climate for additional information. We would expect to experience increased compliance costs and other compliance-related risks associated with complying with all such laws and regulations, and guidance applicable to our operations. Moreover, this could result in increased management time and attention to ensure we are compliant with the regulations and expectations. Such climate change-related measures may also result in the imposition of taxes and fees, the required purchase of emission credits or the implementation of significant operational changes, each of which may require us to expend significant capital and incur compliance, operating, maintenance and remediation costs. Additionally, many of our suppliers and business partners may be subject to similar requirements, which may augment or create additional risks.As a banking organization, the physical effects of climate change may present certain unique risks to us, our customers, collateral, or third parties on which we rely. For example, an increase in the frequency or magnitude of natural disasters, shifts in local climates and other disruptions related to climate change may adversely affect the value of real properties securing our loans, which could diminish the value of our loan portfolio. Such events have in the past and may in the future cause reductions in regional and local economic activity that have had and in the future may have an adverse effect on our customers.Third party vendors provide key components of our business infrastructure, including certain data processing and information services. Their services could be difficult to quickly replace in the event of failure or other interruption in service. Third party vendors also present information security risks to us, both directly and indirectly through our customers.30The quality of our data could deteriorate and cause financial or reputational harm to FCB. Incomplete, inconsistent, or inaccurate data could lead to non-compliance with regulatory requirements and result in fines. Additionally, adverse impacts on customers could result in reputational harm and customer attrition. Inaccurate or incomplete data presents the risk that business decisions relying on such data will prove inefficient, ineffective or harmful to us. Additionally, information we provide to our investors and regulators may be negatively impacted by inaccurate or incomplete data, which could have a wide range of adverse consequences such as legal liability and reputational harm.Deposit insurance premiums levied against banks, including FCB, may increase if the number of bank failures increase or the cost of resolving failed banks increases.The FDIC maintains the DIF to protect insured depositors in the event of bank failures. The DIF is funded by insurance premiums assessed on IDIs including FCB. Future insurance premiums paid by banks, including FCB, will depend on FDIC rules, which are subject to change, the level of the DIF and the magnitude and cost of future bank failures. For example, the FDIC began collecting a special assessment to recover the loss to the DIF associated with the bank failures in spring of 2023, beginning with the first quarterly assessment period of 2024. Refer to Item 1. Business—Regulatory Considerations—FDIC Insurance for additional information on insurance premiums, as well as payment of the special assessment. We may be required to pay significantly higher insurance premiums if market developments change such that the DIF balance is reduced or the FDIC changes its rules to require higher premiums.Changes being proposed and implemented by the Trump administration are expected to fundamentally alter the size and scope of the federal government through reduction of the federal work force and the potential reduction, change in direction or possible elimination of, various government agencies and programs.The Trump administration is proposing and seeking to implement significant changes to the size and scope of the federal government. These changes, if implemented and taken as a whole, appear unprecedented and may have impacts on the economy as a whole or different regions or segments of the economy or asset classes which are difficult to predict at this time. Accordingly, it is possible that such comprehensive changes may be materially adverse to our customers, business, financial condition and results of operation.Effectively managing credit risks is essential for the operation of our business. There are credit risks inherent in making any loan, including risks of repayment, risks with respect to the period of time over which the loan may be repaid, risks relating to proper loan underwriting and guidelines, risks resulting from changes in economic and industry conditions, risks in dealing with individual borrowers and risks resulting from uncertainties as to the future value of collateral. Our loan approval procedures and our credit risk monitoring may be or become inadequate to appropriately manage the inherent credit risks associated with lending. Our credit administration personnel, policies and procedures may not adequately adapt to changes in economic or other conditions affecting customers and the quality of our loan portfolio. Any failure to manage such credit risks may materially adversely affect our business, consolidated results of operations and financial condition because it may lead to loans that we make not being paid back in part or in full on a timely basis or at all. 31Our allowance for credit losses may prove to be insufficient to absorb losses in our credit portfolios. The ALLL may not be sufficient to cover actual credit losses, and future provisions for credit losses could materially and adversely affect our operating results. Accounting measurements related to asset impairment and the ALLL require significant estimates that are subject to uncertainty and revisions due to new information and changing circumstances. The significant uncertainties surrounding our borrowers’ abilities to conduct their businesses successfully through changing economic environments, competitive challenges and other factors complicate our estimates of the risk and amount of loss on any loan. Due to the degree of uncertainty and the susceptibility to change, the actual losses may vary substantially from current estimates. We also expect fluctuations in the ALLL due to economic changes nationally as well as locally within the states in which we conduct business.As an integral part of their examination process, our banking regulators periodically review the ALLL and may require us to increase it by recognizing additional provisions for credit losses charged to expense or to decrease the allowance by recognizing loan charge-offs, net of recoveries. Any such required additional credit loss provisions or loan charge-offs could have a material adverse effect on our financial condition and results of operations.Our loans and leases include concentrations in certain industries in healthcare, such as medical and dental industries, as well as the Rail segment. A significant portion of the loans are concentrated within certain industries, including technology, life science and healthcare, and with private equity and venture capital clients, areas in which we did not have significant exposure prior to the SVBB Acquisition. Although we believe our combined loan portfolio is diversified, borrowers in certain industries may have a heightened vulnerability to negative economic conditions. For example, statutory or regulatory changes relevant to the medical and dental industries, or economic conditions in the market generally, could negatively impact these borrowers’ businesses and their ability to repay their loans with us. Additionally, smaller practices such as those in the dental industry generally have fewer financial resources in terms of capital or borrowing capacity than larger entities, and generally have a heightened vulnerability to negative economic conditions. Repayment of loans in the innovation banking portfolios for early-stage and mid-stage privately held companies, may depend upon receipt by those borrowers of additional financing from venture capitalists or others, or, in some cases, a successful sale to a third-party, public offering or other form of liquidity event. If such events occur, our levels of nonperforming assets and charge-offs may increase, and we may be required to increase our ALLL through additional provisions on our income statement, which would reduce reported net income and could have an adverse effect on our business, financial condition, results of operations and prospects.32Deteriorating credit quality and our reliance on junior liens may adversely impact our business and our results of operations. Credit losses are inherent in the business of making loans and entering into other financial arrangements. Factors that influence our credit losses include overall economic conditions affecting businesses and consumers, generally, but also residential and commercial real estate (“CRE”) valuations. CRE loans may involve a higher risk of default compared to our other types of loans as a result of several factors, including, but not limited to, prevailing economic conditions and volatility in real estate markets, occupancy, rental collections, interest rates, and collateral value. Recent trends including the growth of e-commerce, and work-from-home arrangements, as well as high interest rate levels over the past two years, have had an adverse impact on the CRE sector, including retail stores, hotels and office buildings, creating greater risk exposure for our CRE loan portfolio. Inadequate collateral values, rising interest rates and unfavorable economic conditions could result in greater delinquencies, write-downs or charge-offs in future periods, which could have a material adverse impact on our results of operations and capital adequacy.The soundness and stability of many financial institutions may be closely interrelated as a result of credit, trading, clearing, counterparty and other relationships between the institutions. As a result, concerns about, or a default or threatened default by, one institution could lead to significant market-wide liquidity and credit problems, losses or defaults by other institutions. For example, the failures of several high-profile banking institutions in early 2023 caused significant market volatility, regulatory uncertainty, and decreased confidence in the U.S. banking system. In response to these bank failures, the U.S. government has proposed a variety of measures and new regulations designed to strengthen capital levels, liquidity standards, and risk management practices and otherwise restore confidence in financial institutions. Any reforms, if adopted, could have a significant impact on banks and BHCs, including us. Changes in U.S. trade policies, including the imposition of tariffs and retaliatory tariffs, may adversely impact our business, financial condition, and results of operations. The Trump administration has signaled the potential imposition of tariffs and retaliatory tariffs against U.S. trading partners. During his campaign, President Trump indicated that he would seek to impose a 25% tariff against all goods imported from Canada and Mexico, a 60% tariff on goods from China and a blank tariff of 10% to 20% on other imports to the U.S. On February 1, 2025, President Trump issued an Executive Order imposing tariffs on imports from Canada, Mexico, and China in response to a declared national emergency to address the “extraordinary threat posed by illegal aliens and drugs.” The newly imposed tariffs have resulted in immediate threats of retaliatory tariffs against U.S. goods and negotiations which have delayed the tariffs on Canada and Mexico for 30 days, and may result in other negotiated agreements with one or more of the countries affected. These and other potential tariffs and trade restrictions may cause the prices of our customers’ products to increase, which could reduce demand for such products, or reduce our customers’ margins, and adversely impact their revenues, financial results, and ability to service debt. This, in turn, could adversely affect our financial condition and results of operations. At this time, it remains unclear what the U.S. government or foreign governments will or will not do with respect to additional tariffs that may be imposed or international trade agreements and policies. 33Market RisksFailure to effectively manage our interest rate sensitivity within our defined risk appetite could adversely affect our earnings. Our results of operations and cash flows are highly dependent upon net interest income (“NII”). Interest rates are highly sensitive to many factors that are beyond our control, including general economic and market conditions and policies of various governmental and regulatory agencies, particularly the actions of the Federal Reserve’s Federal Open Market Committee (“FOMC”). Changes in monetary policy, including changes in interest rates, could influence interest income, interest expense, and the fair value of our financial assets and liabilities.The FOMC reduced its target for the federal funds rate three times in 2024, although it kept the target the same at its meeting in January 2025. If indicators show signs that inflation is stabilizing in the future, the FOMC may continue to reduce interest rates further over the next 12 months. Our portfolio is generally in a net asset-sensitive position whereby our assets reprice faster than our liabilities, which is generally concentrated at the short end of the yield curve. While our interest expense may decline, the impact on our interest-rate sensitive assets may be greater, resulting in a potential decrease to our NII. To the extent banks and other financial services providers compete for interest-bearing deposit accounts through higher interest rates, our deposit base could be reduced if we are unwilling to pay those higher rates. Additionally, higher interest rates may impact our ability to originate new loans. Increases in interest rates could adversely affect the ability of our borrowers to meet higher payment obligations. If this occurred, it could cause an increase in nonperforming assets and net charge-offs.We cannot control or predict with certainty changes in interest rates. Actual interest rate movements may differ from our forecasts, and unexpected actions by the FOMC may have a direct impact on market interest rates. Over the past year, the Federal Reserve has steadily reduced the target range for the federal funds rate, reaching a range of 4.25% to 4.50% as of December 18, 2024. The Federal Reserve did not further change interest rates at its January 2025 meeting. Although the Chairman of the Federal Reserve has indicated that the target funds rate will most likely decline in small periodic increments and more recently stated that the Federal Reserve does not need to hurry to lower rates further, it remains uncertain whether the FOMC will continue to reduce the federal funds rate, the extent and frequency of any such reductions, whether the FOMC will leave the rate at its current level for a lengthy period of time or whether FOMC will increase the targeted federal funds rate should inflation return to elevated levels.The higher interest rate environment of recent periods, and our offerings of higher rates to attract or maintain deposits, has increased the cost of deposits, and may continue to do so, dependent on the FOMC actions. In addition, the high interest rate environment has increased costs on our other funding sources, and may continue to do so, in the event we may need to issue debt.Our business is subject to periodic fluctuations based on international, national, regional and local economic conditions. These fluctuations are not predictable, cannot be controlled and have had and may continue to have or further have a material adverse impact on our operations and financial condition. Our banking operations are primarily located within several states but are locally oriented and community-based. Our retail and commercial banking activities are primarily concentrated within the same geographic footprint. The markets in which we have the greatest presence are North Carolina, South Carolina, California, Texas, New York, Massachusetts and Florida. We also do business in Canada, primarily related to our rail portfolio. Worsening economic conditions within our markets, particularly within those with our greatest presence, could have a material adverse effect on our financial condition, results of operations and cash flows.We conduct limited business operations in certain foreign jurisdictions, and we engage in certain cross border lending and leasing transactions. An economic recession or downturn or business disruption associated with the political or economic environments in the international markets in which we operate could similarly adversely affect us.U.S.The level of United States debt and global economic conditions can have a destabilizing effect on financial markets. For example, a U.S. government debt default, threatened default, or downgrade of the sovereign credit ratings of the United States by credit rating agencies, could have an adverse impact on the financial markets, interest rates and economic conditions in the United States and worldwide. The U.S. debt ceiling and budget deficit concerns in recent years have increased the possibility of U.S. government shutdowns, forced federal spending reductions, debt defaults, credit-rating downgrades and an economic slowdown or recession in the United States. Political tensions may make it difficult for the U.S. Congress to agree on any further increases to or suspension of the debt ceiling in a timely manner or at all, which may lead to a default by the U.S. government or downgrades of its credit ratings. Many of the investment securities held in FCB’s portfolio are issued by the U.S. government and government agencies and sponsored entities, which are generally viewed as among the most conservative investment options. While the likelihood may be remote, a government default or threat of default would impact the price and liquidity of U.S. government securities. A debt default or further downgrade to the U.S. government’s sovereign credit rating or its perceived creditworthiness could also adversely affect the ability of the U.S. government to support the financial stability of the Federal National Mortgage Association and the Federal Home Loan Mortgage Corporation, commonly known as Fannie Mae and Freddie Mac, respectively, as well as the Federal Home Loan Banks (“FHLBs”). Since banks are sensitive to the risk of downturns, the stock prices of all banks typically decline, sometimes substantially, if the market believes that a downturn has become more likely or is imminent. This effect can and often does occur indiscriminately, initially without much regard to different risk postures of different banks. Weakness in any of our market areas could have an adverse impact on our earnings, and consequently, our financial condition and capital adequacy.The performance of equity securities and corporate bonds in our investment securities portfolio could be adversely impacted by the soundness and fluctuations in the market values of other financial institutions.Our investment securities portfolio contains certain equity securities and corporate bonds of other financial institutions. As a result, a portion of our investment securities portfolio is subject to fluctuation due to changes in the financial stability and market value of other financial institutions, as well as interest rate sensitivity to economic and market conditions. Such fluctuations could reduce the value of our investment securities portfolio and consequently have an adverse effect on our results of operations. The value of our goodwill may decline in the future.Our goodwill could become impaired in the future. We test goodwill for impairment at least annually, comparing the estimated fair value of a reporting unit with its net book value. These tests may result in a write-off of goodwill deemed to be impaired, which could have a significant impact on our financial results.Although publicly traded, our common stock, particularly our Class B common stock, has less liquidity and public float than many other large, publicly traded financial services companies. Lower liquidity increases the price volatility of our common stock and could make it difficult for our stockholders to sell or buy our common stock at specific prices. Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities for additional information with respect to variation in total returns in our Class A common stock in recent years and the volume of our Class A common stock repurchases under our SRP.Our deposit base represents our primary source of core funding and balance sheet liquidity. In addition, the speed in which information is able to be shared electronically, such as through social media or online news sources, provides an environment for accelerated changes in liquidity. Also, in connection with the SVBB Acquisition, FCB issued a five-year note of approximately $35 billion payable to the FDIC (the “Purchase Money Note”) due March 2028, which was subsequently amended and restated to adjust the principal amount to approximately $36. While scheduled principal payments are not required under the Purchase Money Note until maturity, FCB may voluntarily prepay principal without premium or penalty. We will continue to monitor the interest rate environment and assess whether any voluntary prepayments are prudent considering the fixed rate of 3.50% on the Purchase Money Note. Potential sources that could fund voluntary prepayments of the Purchase Money Note or the amount due at maturity include excess liquidity (primarily comprised of interest-earning deposits at banks and proceeds from maturities and paydowns of investment securities), FHLB advances, deposit growth, and issuance of unsecured debt or other borrowings. At the time of voluntary prepayment or maturity, the interest rates for the potential interest-bearing sources of repayment could be higher than the 3.50% rate on the Purchase Money Note.In circumstances where our ability to generate needed liquidity is impaired, we may need to access other sources of funding such as borrowings from the FHLBs and the Federal Reserve, federal funds purchased lines, and brokered deposits, or other sources of liquidity including capital markets. In addition, our ability to access the capital markets may be impacted by unforeseen market forces or interruptions or a lack of market or customer confidence in us or in the banking sector generally.36We are subject to enhanced liquidity risk management requirements as a Category IV banking organization, and failure to meet these requirements could result in regulatory and compliance risks, and possible restrictions on our activities. As a Category IV banking organization, subject to the applicable transition provisions, we are subject to enhanced liquidity risk management requirements that applies to banking organizations with $100 billion or more in total consolidated assets, including reporting, liquidity stress testing, and tailored liquidity risk management requirements. We are also subject to resolution and contingency planning at the bank-level under the CIDI Rule, as well enhanced enterprise risk management requirements. Refer to Item 1. Business—Regulatory Considerations—Enhanced Prudential Standards for additional information. As we grow, were we to meet or exceed the asset thresholds for a Category III banking organization, we would become subject to additional liquidity requirements including the LCR and NSFR requirements. However, we would become subject to modified LCR and NSFR requirements as a Category IV banking organization if it has $50 billion or more, but less than $75 billion, in average weighted short-term wholesale funding under the current Tailoring Rules. Refer to Item 1. Business—Regulatory Considerations—Enhanced Prudential Standards—Category III Requirements. Failure to develop and maintain adequate systems and controls designed to comply with all requirements applicable to us under current regulations or as otherwise imposed by our regulators may lead to regulatory and compliance risks, including adverse regulatory action (including possible restrictions on our activities), along with inadequate liquidity.Our primary capital sources have been retained earnings and debt issued through both private and public markets. Rating agencies regularly evaluate our creditworthiness and assign credit ratings to us and FCB. The ratings of the agencies are based on a number of factors, some of which are outside our control. In addition to factors specific to our financial strength and performance, the rating agencies also consider conditions generally affecting the financial services industry. We may not be able to maintain our current credit ratings. Rating reductions could adversely affect our access to funding sources and increase the cost of obtaining funding.Based on existing capital levels, we and FCB are well capitalized under current leverage and risk-based capital standards.If we fail to meet regulatory guidelines, including enhanced capital adequacy, liquidity, stress testing, and capital planning requirements, or are subject to certain other legal limitations, our financial condition and ability to pay dividends or make other payments could be adversely affected.We are subject to enhanced capital adequacy, liquidity, stress testing, and capital planning requirements as a banking organization with over $100 billion in total consolidated assets. Regulators have implemented and may, from time to time, implement changes to these regulatory capital adequacy and liquidity requirements. The Parent Company and FCB are subject to bank capital rules under the Basel III framework, in addition to other capital adequacy requirements, liquidity requirements, and capital planning and stress testing requirements. The federal banking agencies have proposed enhanced capital requirements for banking organizations with $100 billion or more in total consolidated assets in connection with the finalization of the implementation of Basel III Endgame. However, the timing on the adoption of a final rule to implement Basel III Endgame is unknown, and the federal regulators have indicated that there will be a re-proposal that could include further tailoring to apply less stringent requirements to banking organizations with total consolidated assets between $100 billion and $250 billion. Failure to meet these requirements or any requirements we may become subject to in the future, or the applicability of certain other legal limitations, could adversely affect our financial condition and ability to declare dividends or make other payments or capital distributions, including equity repurchases. Refer to Item 1. Business—Regulatory Considerations—Enhanced Prudential Standards and —Regulatory Considerations—Limitations on Dividends and Other Payments for additional information.37Increases to our level of indebtedness could adversely affect our ability to raise additional capital and to meet our obligations.In connection with the SVBB Acquisition, FCB issued the Purchase Money Note and FCB also entered into an Advance Facility Agreement, dated as of March 27, 2023 and effective as of November 20, 2023 (the “Advance Facility Agreement”) with the FDIC. In 2023, the federal banking agencies released an NPR, which would require large banks with total consolidated assets of $100 billion or more to maintain a minimum amount of long-term debt that can be used, in the instance of a bank’s failure, to absorb losses and increase options to resolve the failed bank. Our existing debt, together with any future incurrence of additional indebtedness, including under the Advance Facility Agreement, the Purchase Money Note, agreements with the FRB, debt issuance indentures or otherwise, could have consequences that are materially adverse to our business, financial condition or results of operations. For example, it could: (i) limit our ability to obtain additional financing for working capital, capital expenditures, debt service requirements, acquisitions and general corporate or other purposes; (ii) restrict us from making strategic acquisitions or cause us to make non-strategic divestitures; (iii) restrict us from paying dividends to our stockholders; (iv) increase our vulnerability to general economic and industry conditions; or (v) require a substantial portion of cash flow from operations to be dedicated to the payment of principal and interest on our indebtedness and dividends on the preferred stock, thereby reducing our ability to use cash flows to fund our operations, capital expenditures and future business opportunities.We operate in a highly regulated industry and are subject to many laws, rules, and regulations at both the federal and state levels. These broad-based laws, rules, and regulations impact the products and services we may offer and how we may offer them, the ways we may operate and the risks that we may take, the corporate and financial actions that may be taken, and the information we must publicly disclose. Some examples include enhanced prudential standards, public disclosure and reporting requirements, limitations on dividends and other payments, limitations on mergers and acquisitions, restrictions on our activities as an FHC and requirements for support of FCB, CRA requirements, payment of FDIC insurance premiums, AML and OFAC regulations, various consumer laws and regulations, and privacy, data protection and cybersecurity regulations, as well as laws that apply to our subsidiaries, including laws applicable to broker dealers, investment advisers, insurers and certain specialty businesses. Refer to Item 1. Business—Regulatory Considerations for additional information. These laws and others impact, among other things, our operations, taxes, corporate governance, executive compensation and financial accounting and reporting.Compliance with the extensive laws and regulations applicable to BHCs and banks can be difficult and costly. In addition, changes to statutes, regulations, or regulatory policies, including changes in interpretation or implementation of statutes, regulations, or policies, could affect us in substantial and unpredictable ways, including increased compliance costs that may limit our ability to pursue business opportunities and result in a material adverse impact on our financial condition and results of operations. In addition to the other limitations described herein, the ability of our bank and its subsidiaries to guarantee our debt may be restricted and certain regulatory requirements may be imposed that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital under United States Generally Accepted Accounting Principles (“GAAP”).Information security and data privacy are areas of heightened legislative and regulatory focus.Data privacy and security risks have become the subject of increasing legislative and regulatory focus in recent years. 38We collect, process, maintain, and store personal information of customers, prospects and employees. We employ data security and technology solutions to support adherence to our data protection obligations and risk mitigation efforts. The collection, sharing, use, disclosure, and protection of these types of information are governed by federal and state law. The U.S. Refer to Item 1. Business—Regulatory Considerations—Privacy, Data Protection, and Cybersecurity for additional information.We continue to monitor developments and changes to applicable privacy and information security regulations and adapt our current practices to changing requirements. Failure to meet regulatory requirements may subject us to fines, litigation, or regulatory enforcement actions. We acknowledge that changes to our business practices, policies, or systems, unplanned or otherwise, may also adversely impact our operating results.We face heightened compliance risks related to certain specialty commercial business lines.S. Department of Transportation, the Federal Railroad Administration, the Association of American Railroads, the Maritime Administration, the U.S. Coast Guard, and the U.S. Environmental Protection Agency. We are also subject to regulation by governmental agencies in foreign countries in which we do business. Our business operations and our equipment financing and leasing portfolios may be adversely impacted by rules and regulations promulgated by governmental and industry agencies, which could require substantial modification, maintenance, or refurbishment of our railcars, ships or other equipment, or could potentially make such equipment inoperable or obsolete. Failure to comply with these laws, rules and regulations could result in sanctions by regulatory agencies (including potential limitations on our future acquisitions or operations, or requirements to forfeit assets), civil money penalties, or reputation damage. Additionally, we may incur significant expenses in our efforts to comply with these laws, rules and regulations.We are subject to enhanced prudential standards and will be subject to further requirements as we grow, and the federal banking agencies are considering further requirements. Because we have over $100 billion in total consolidated assets, we are subject to certain enhanced prudential standards as a Category IV banking organization, subject to the applicable transition provisions. We will be subject to further requirements as we grow if we meet or exceed certain other thresholds for asset size and other risk-based factors, including those under the federal banking agencies’ Tailoring Rules for banking organizations with $250 billion or more in total consolidated assets. Refer to Item 1. Business—Regulatory Considerations—Enhanced Prudential Standards. Along with our growth, expectations are heightened to maintain strong risk management. If we fail to develop and maintain at a reasonable cost the systems and processes necessary to comply with the standards and requirements imposed by these rules, it could have a material adverse effect on our business, financial condition or results of operations. 39We are subject to certain laws and regulations designed to protect consumers in transactions with banks, many of which are enforced by the CFPB through rulemaking and enforcement of the prohibitions against unfair, deceptive and abusive business practices and compliance with such laws and regulations may impact our business operations and profitability.We are subject to consumer financial protection laws and regulations, and the CFPB is the federal agency responsible for rulemaking under and enforcement of such laws, as well as supervision of financial institutions with $10 billion or more in total consolidated assets. Refer to Item 1. Business—Regulatory Considerations—Consumer Laws and Regulations for additional information. The CFPB is generally authorized to prevent any institution under its authority from engaging in an unfair, deceptive, or abusive act or practice in connection with consumer financial products and services, and to take supervisory and enforcement action against banks and other financial services companies under the agency’s jurisdiction that fail to comply with federal consumer financial protection laws. Enforcement actions may include imposition of substantial monetary penalties and nonmonetary requirements.A number of regulatory authorities may enforce consumer financial protection laws and regulations. In addition to the CFPB, the Dodd-Frank Act recognizes that states may adopt consumer protection laws stricter than those adopted at the federal level, and in certain circumstances allows state attorneys general to enforce compliance with federal consumer financial protection laws and regulations. Additionally, the FDIC has backup enforcement authority over a holding company of an insured depositary institution if the conduct or threatened conduct of such holding company poses a risk to the DIF, if the holding company is generally not in sound condition, or if it poses a foreseeable and material risk to the DIF.We may be adversely affected by changes in United States and foreign tax laws and other tax laws and regulations.Corporate tax rates affect our profitability and capital levels. We are subject to the income tax laws of the United States, its states and their municipalities and to those of the foreign jurisdictions in which we do business. These tax laws are complex and may be subject to different interpretations. We must make judgments and interpretations about the application of these tax laws when determining our provision for income taxes, our deferred tax assets and liabilities and our valuation allowance. Changes to the tax laws, administrative rulings or court decisions could increase our provision for income taxes and reduce our net income. The United States corporate tax code may be reformed by the U.S. Congress and additional guidance may be issued by the U.S. Treasury. Further changes in tax laws and regulations, and income tax rates in particular, could have an adverse impact on our financial condition and results of operations.We are subject to ESG risks such as climate risk, hiring practices, diversity, racial and social justice issues, including in relation to our counterparties, which may adversely affect our reputation and ability to retain employees and customers. ESG matters include, but are not limited to, climate risk, hiring practices, the diversity of our work force, and racial and social justice issues involving our personnel, customers and third parties with whom we otherwise do business. ESG, and particularly Diversity, Equity, and Inclusion (“DEI”), initiatives have become increasingly polarized issues, with strong opponents and proponents. If our ESG practices do not meet (or are viewed as not meeting) investor or other industry stakeholder expectations and standards, which continue to evolve, our reputation and employee and customer retention may be negatively impacted. Moreover, management may incur additional costs and will likely have to dedicate an increased amount of time and attention to ESG matters to monitor the rapidly changing regulatory landscape and to comply with the regulations and expectations. For example, President Trump has issued multiple Executive Orders revoking many of the Executive Orders issued by his predecessors, including an Executive Order mandating the withdrawal of the United States from the Paris Agreement, and other climate-focused international agreements and commitments. In addition, some states have introduced or passed bills to restrict, regulate, or prohibit DEI initiatives. Our failure to comply with any applicable rules or regulations with respect to ESG practices could lead to penalties and adversely impact our access to capital and employee retention and could also impact third parties on which we rely, which could have an adverse effect on our business, financial condition, or results of operations. 40Fee revenues from overdraft and NSF programs have been and may continue to be subject to increased supervisory scrutiny. In recent years, the CFPB has been focused on enforcement and rulemaking aimed at eliminating or restricting a number of fees assessed by financial institutions such as overdraft and NSF fees as well as other transaction- and account management-related fees deemed by the CFPB to be “junk fees.” Refer to Item 1. Business—Regulatory Considerations—Consumer Laws and Regulations for additional information. In response to this and other legislative and regulatory scrutiny, in January 2022, we announced an elimination of NSF fees on consumer accounts and a decrease in overdraft fees. On December 12, 2024, the CFPB adopted its final overdraft rule, effective October 1, 2025, that provides for an overdraft fee cap or imposes legal and compliance requirements applicable for other loans. Refer to Item 1. Business—Regulatory Considerations—Consumer Laws and Regulations for additional information. Despite our ongoing compliance efforts, we may become subject to regulatory enforcement actions with respect to our programs and practices related to overdraft fees. In addition, as supervisory expectations and industry practices regarding overdraft fee programs change, our continued charging of overdraft fees may result in negative public opinion and increased reputation risk. The realization of equipment values (residual values) during the life and at the end of the term of a lease is an important element in the profitability of our leasing business. At the inception of each lease, we record a residual value for the leased equipment based on our estimate of the future value of the equipment at the end of the lease term or end of the equipment’s estimated useful life. If the market value of leased equipment decreases at a rate greater than we projected, whether due to rapid technological or economic obsolescence, unusual wear and tear on the equipment, excessive use of the equipment, recession or other adverse economic conditions impacting supply and demand, it could adversely affect the current values or the residual values of such equipment. The rate at which those discounts are accreted is unpredictable and the result of various factors including prepayments and estimated credit losses.Financial Reporting RisksAccounting standards may change and increase our operating costs or otherwise adversely affect our results.The Financial Accounting Standards Board (“FASB”) and the SEC periodically modify the standards governing the preparation of our financial statements. The nature of these changes is not predictable and has impacted and could further impact how we record transactions in our financial statements, which has led to and could lead to material changes in assets, liabilities, stockholders’ equity, revenues, expenses and net income. Implementation of new accounting rules or standards could additionally require us to implement technology changes which could impact ongoing earnings.41Our accounting policies and processes are critical to the reporting of our financial condition and results of operations. They require management to make estimates about matters that are uncertain, and such estimates may be materially different from actual results.Accounting policies and processes are fundamental to how we record and report our financial condition and results of operations. Management must exercise judgment in selecting and applying many of these accounting policies and processes so they comply with GAAP. In some cases, management must select the accounting policy or method to apply from two or more alternatives, any of which may be reasonable under the circumstances, yet may result in us reporting materially different results than would have been reported under a different alternative.Management has identified certain accounting policies as being critical because they require management to make difficult, subjective or complex conclusions about matters that are uncertain. Materially different amounts could be reported under different conditions or using different assumptions or estimates. Because of the uncertainty surrounding management’s judgments and the estimates pertaining to these matters, we may be required to adjust accounting policies or restate prior period financial statements. Refer to “Critical Accounting Estimates” included in Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations.Our business is highly quantitative and requires widespread use of financial models for day-to-day operations; these models may produce inaccurate predictions that significantly vary from actual results, and we may rely on these inaccurate predictions in making decisions that ultimately adversely affect our business. Models may also be used to estimate the value of financial instruments and balance sheet items. Inaccurate or erroneous models present the risk that business decisions relying on the models will prove inefficient, ineffective or harmful to us. Additionally, information we provide to our investors and regulators may be negatively impacted by inaccurately designed or implemented models. For further information on risk monitoring, refer to the “Risk Management” section included in Item 7A.We may fail to maintain an effective system of internal control over financial reporting, which could hinder our ability to prevent fraud and provide reliable financial reports to key stakeholders.We must have effective internal controls over financial reporting in order to provide reliable financial reports, to effectively prevent fraud and to operate successfully as a public company. If we are unable to provide reliable financial reports or prevent fraud, our reputation and operating results will be harmed and we may violate regulatory requirements or otherwise become subject to legal liability. We may discover material weaknesses or significant deficiencies requiring remediation, which would require additional expense and diversion of management attention, among other consequences. A “material weakness” is a deficiency, or a combination of deficiencies, in internal controls over financial reporting such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis.Any failure to maintain effective internal controls or to implement any necessary improvement of our internal controls in a timely manner could, among other things, result in losses from fraud or error, harm our reputation or cause investors to lose confidence in our reported financial information, each of which could have a material adverse effect on our results of operations and financial condition and the market value of our common stock.42The SVBB Acquisition has been accounted for under the purchase method of accounting and is based upon a valuation that involves significant estimates.As required by GAAP, the SVBB Acquisition was accounted for under the purchase method of accounting and is based upon a valuation that involves significant estimates that are subject to change. The opening balances of acquired assets and assumed liabilities in connection with the SVBB Acquisition were recorded at estimated fair value based on information at the time of the SVBB Acquisition and other future events that are highly subjective in nature. In developing these fair value estimates, management was required to make significant estimates involving, among other things, the assigned risk ratings to loans based on credit quality, appraisals and estimated collateral values, estimated expected cash flows and appropriate liquidity and discount rates. The loans purchased in connection with the SVBB Acquisition have credit profiles that differ from most banking companies. For example, many of the legacy Silicon Valley Bank loans acquired were made to early-stage, privately held companies with modest or negative cash flows and/or no established record of profitable operations. In addition, a significant portion of the loans were comprised of larger loans equal to or greater than $20 million, and collateral for many of the legacy Silicon Valley Bank loans in the technology, life science and healthcare industries include intellectual property and other intangible assets, which are difficult to value and not readily salable in the case of default. Furthermore, the receivables covered under the commercial shared loss agreement with the FDIC involve significant estimates that involve uncertainty. In addition, the core deposit intangibles were valued using the after-tax cost savings method under the income approach. This method estimates the fair value by discounting to present value the favorable funding spread attributable to the core deposit balances over their estimated average remaining lives. The valuation considered a dynamic approach to interest rates and alternative cost of funds. The favorable funding spread is calculated as the difference in the alternative cost of funds and the net deposit cost. The tax treatment of FDIC-assisted acquisitions is complex and subject to interpretations that may result in future adjustments of deferred taxes recorded in the SVBB Acquisition upon review by the taxing authorities. CybersecurityRisk Management and Strategy BancShares maintains robust processes for assessing, identifying, and managing material risks from cybersecurity threats that are integrated with our overall risk management program. As part of its cybersecurity risk management framework, BancShares leverages a Three Lines of Defense model (the “Three Lines Model”) to promote clarity of roles and responsibilities in managing risk. Under the Three Lines Model, the ECSO, led by our Chief Information Security Officer (the “CISO”), acts as a first line of defense and has primary responsibility for identifying, assessing, monitoring, and managing material risks from cybersecurity threats. Our CISO reports to our Chief Information and Operations Officer (“CIOO”), who reports directly to our Chief Executive Officer. Within ECSO, the Cyber Security Operation Center identifies, assesses, monitors, and manages potential cybersecurity events in coordination with the Enterprise Incident Management (“EIM”) team, escalating analysis and response to incidents and events in accordance with established procedures and the Enterprise Severity Matrix. In addition, BancShares maintains a third-party risk management team tasked with identifying, evaluating, and managing risk posed by all third-party engagements, including from cybersecurity threats. The second-line independent risk management, including compliance, enterprise risk management, and operational risk management, works with the first line ECSO to evaluate, assess, and manage material risks using an established Risk Appetite Framework. The Risk Appetite Framework requires the cybersecurity organization to document the current risk landscape and the activities undertaken to mitigate risk that exceeds enterprise risk tolerance. The third-line in the Three Lines Model is our internal audit team, which assesses the effectiveness of related controls. BancShares maintains processes for reporting and escalation from each line of defense through management to senior leadership, to management-level committees, and to committees of the Board and the Board, as appropriate. Reporting includes top and emerging risks, and other operational risk metrics. BancShares follows a defense-in-depth and layered-control framework to protect the organization against cybersecurity threats and attacks. ECSO remains committed to maintaining and improving preventative and detective controls and enhancing our defenses in response to the evolving threat landscape. This mission is supported by policy, standards, and procedures which align to industry frameworks, including the National Institute of Standards and Technology Cybersecurity Framework, and are executed through the firm’s preventive and detective controls. 43BancShares has implemented a threat awareness program that includes cross-organizational information sharing capabilities for threat intelligence and membership and engagement with intelligence communities, including but not limited to, the Financial Services Information Sharing and Analysis Center, the Financial Services Sector Coordinating Council, the Federal Bureau of Investigation, and the U.S. Department of Homeland Security. BancShares also utilizes external experts and third-party assessors to maximize its risk intelligence coverage and to enhance risk detection and remediation. BancShares engages internal auditors, external assessors, and consultants to benchmark, scale, manage, and identify cybersecurity threats. Consultants also assess BancShares’ cybersecurity systems and complete vulnerability testing. The BancShares information security program continues to operate under heightened awareness due to industry threats and recent acquisitions. For more information regarding the risks we face from cybersecurity threats, refer to Item 1A. Risk Factors. Thus far, there have been no cybersecurity incidents that we have determined to have materially affected or to be reasonably likely to materially affect us, including with respect to our business, results of operations, or financial condition. The focus continues to be on monitoring the threat landscape and integration of entities. GovernanceThe Board retains supervisory oversight responsibility for the organization and its activities, including enterprise risk management and cybersecurity risks. The Board conducts oversight of management through board committees, presentations from senior leadership, and routine Board-directed reporting to ensure management continues to operate and conduct business in alignment with Risk Appetite Statements. Oversight of cybersecurity and the ECSO organization is the responsibility of the Risk Committee. The Risk Committee oversees cybersecurity and other risks through reporting from management, including the Enterprise Risk Oversight Committee (“EROC”), as well as additional management-level subcommittees beneath the Risk Committee including the Technology & Security Risk Committee (“TSRC”) and the Operational Risk Committee (“ORC” and, together with the EROC and TSRC, the “Management Committees”). Management Committees, which include as members the CISO and other cybersecurity leadership, have clear lines of communication with the Board and its committees. The Management Committees are designed with a purpose-driven scope and decision-making authority and are required to provide the Board with regular reporting of management’s business activities and the potential risk associated with those activities. Management Committees are informed by EIM following the incident management process as per internal policies and standards. The Board may from time to time create informal working groups to enable deeper and more detailed discussions related to our technology needs and investments and inform the Board on cybersecurity risks, among other topics.In addition, the Audit Committee of the Board monitors internal audit’s coverage of cybersecurity governance, risks, and related controls, including any identified deficiencies, that could adversely affect the ability to record, process, summarize, and report financial data. The Risk Committee coordinates with the Audit Committee for review of information security matters, as needed.The CISO is responsible for assessing and managing material cyber risks. The CISO’s expertise with assessing and managing material cyber risks is based on more than 20 years of cybersecurity experience with prior roles as a CISO and Global Head of Operations. The CISO is informed about and monitors the prevention, detection, mitigation, and remediation of cybersecurity by the ECSO through regular reporting and escalations, as required. The CIOO, the CISO, and others, report information about material risks from cybersecurity threats to the Board or a committee or subcommittee of the Board, as described below.The Risk Committee receives information on cybersecurity risk, including risk appetite utilization, breaches and emerging risks, and the control environment, directly or indirectly, from various sources, including the CIOO, CISO, and each of the Management Committees. Additionally, the Risk Committee reviews BancShares’ information security policy and program with a focus on whether they are appropriate to protect data, records, and proprietary information of BancShares as well as that of its customers and employees.44.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
STX	10 hours ago
TPCS	2 days, 9 hours ago
MSFT	2 days, 10 hours ago
APLD	2 days, 10 hours ago
WOR	2 days, 12 hours ago
NEOG	2 days, 13 hours ago
WS	3 days, 9 hours ago
USAU	3 days, 11 hours ago
NORD	3 days, 11 hours ago
MMEX	3 days, 13 hours ago
GFMH	3 days, 13 hours ago
VALU	3 days, 13 hours ago
UUU	4 days, 6 hours ago
TLRY	4 days, 7 hours ago
AEHR	4 days, 10 hours ago
RGP	4 days, 10 hours ago
CTAS	4 days, 10 hours ago
CYDY	1 week ago
AXR	1 week ago
SCHL	1 week ago
RPM	1 week, 1 day ago
SOND	1 week, 2 days ago
CSBR	1 week, 2 days ago
AOGO	1 week, 2 days ago
LW	1 week, 2 days ago
MGNC	1 week, 2 days ago
ALZN	1 week, 3 days ago
CALM	1 week, 3 days ago
AIR	1 week, 4 days ago
FDX	1 week, 4 days ago
MLKN	1 week, 4 days ago
IMG	2 weeks ago
DRI	2 weeks ago
FEIM	2 weeks ago
EVTK	2 weeks ago
ANGO	2 weeks ago
DGWR	2 weeks, 1 day ago
NKE	2 weeks, 1 day ago
KMTS	2 weeks, 1 day ago
YCQH	2 weeks, 1 day ago
AVNI	2 weeks, 1 day ago
GRPS	2 weeks, 1 day ago
PTOS	2 weeks, 2 days ago
AGTX	2 weeks, 3 days ago
GRVE	2 weeks, 3 days ago
BTCY	2 weeks, 3 days ago
LVO	2 weeks, 3 days ago
FLYE	2 weeks, 3 days ago
IMAQ	2 weeks, 3 days ago
LSEB	2 weeks, 3 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - FCNCA

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$FCNCA Risk Factor changes from 00/02/24/23/2023 to 00/02/21/25/2025

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - FCNCA

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

$FCNCA Risk Factor changes from 00/02/24/23/2023 to 00/02/21/25/2025

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing