Risk Factors Dashboard

Geographic concentration may unfavorably impact our operations.

The majority of our operations are concentrated in the Western and Central New York regions. The majority of our operations are concentrated in the Western and Central New York regions. As a result of this geographic concentration, our results depend largely on economic conditions in these and surrounding areas. Deterioration in economic conditions in our market, whether caused by inflation, recessionary conditions, public health emergencies, unemployment, or other factors beyond our control, could:

Generally, we make loans to small to mid-sized businesses whose success depends on the regional economy. Generally, we make loans to small to mid-sized businesses whose success depends on the regional economy. These businesses generally have fewer financial resources in terms of capital or borrowing capacity than larger entities. Adverse economic and business conditions in our market areas could reduce our growth rate, affect our borrowers’ ability to repay their loans and, consequently, adversely affect our business, financial condition and performance. For example, we place substantial reliance on real estate as collateral for our loan portfolio. A sharp downturn in real estate values in our market area could leave many of these loans inadequately collateralized. If we are required to liquidate the collateral securing a loan to satisfy the debt during a period of reduced real estate values, the impact on our results of operations could be materially adverse.

Our commercial business and commercial mortgage loans increase our exposure to credit risks. Our commercial business and commercial mortgage loans increase our exposure to credit risks.

At December 31, 2025, our portfolio of commercial business and commercial mortgage loans totaled $3.08 billion, or 66% of total loans. At December 31, 2024, our portfolio of commercial business and commercial mortgage loans totaled $1.25 billion, or 28% of total loans. We plan to continue to emphasize the origination of these types of loans, which generally expose us to a greater risk of nonpayment and loss than residential real estate or consumer loans because repayment of such loans often depends on the successful operations and income stream of the borrowers. Additionally, such loans typically involve larger loan balances to single borrowers or groups of related borrowers compared to consumer loans or residential real estate loans. A sudden downturn in the economy, or a prolonged downturn for specific industries, could result in borrowers being unable to repay their loans, thus exposing us to increased credit risk.

If our non-performing assets increase, our earnings will be adversely affected. If our non-performing assets increase, our earnings will be adversely affected.

At December 31, 2025, our non-performing assets, which consist of non-performing loans and other real estate owned, were $35.8 million, or 0.57% of total assets. At December 31, 2024, our non-performing assets, which consist of non-performing loans and other real estate owned, were $41.5 million, or 0.68% of total assets. Our non-performing assets adversely affect our net income in various ways:

If additional borrowers become delinquent and do not pay their loans and we are unable to successfully manage our non-performing assets, our losses and troubled assets could increase significantly, which could have a material adverse effect on our financial condition and results of operations.

If our regulators impose limitations on our commercial real estate lending activities, earnings could be adversely affected. If our regulators impose limitations on our commercial real estate lending activities, earnings could be adversely affected.

In 2006, the federal bank regulatory agencies issued joint guidance entitled “Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices” (the “CRE Guidance”). In 2006, the federal bank regulatory agencies issued joint guidance entitled “Concentrations in Commercial Real Estate Lending, Sound Risk Management Practices” (the “CRE Guidance”). Although the CRE Guidance did not establish specific lending limits, it provides that a bank’s commercial real estate lending exposure may receive increased supervisory scrutiny where total non-owner occupied commercial real estate loans, including loans secured by apartment buildings, investor commercial real estate and construction and land loans, represent 300% or more of an institution’s total risk-based capital and the outstanding balance of the commercial real estate loan portfolio has increased by 50% or more during the preceding 36 months. Our CRE level equaled 295% of total risk-based capital at December 31, 2025. If our regulators were to impose restrictions on the amount of commercial real estate loans we can hold in our portfolio, or require higher capital ratios as a result of the level of commercial real estate loans held, our earnings would be adversely affected.

Our indirect and consumer lending involves risk elements in addition to normal credit risk.

A portion of our lending involves the purchase of consumer automobile installment sales contracts from automobile dealers located in Western, Central and the Capital District of New York, and Northern and Central Pennsylvania prior to our planned exit from the Pennsylvania automobile market in 2024. These loans are for the purchase of new or used automobiles. We serve customers that cover a range of creditworthiness, and the required terms and rates are reflective of those risk profiles. While these loans have higher yields than many of our other loans, such loans involve risk elements in addition to normal credit risk. Additional risk elements associated with indirect lending include the limited personal contact with the borrower as a result of indirect lending through non-bank channels, namely automobile dealers. While indirect automobile loans are secured, such loans are secured by depreciating assets and characterized by loan-to-value ratios that could result in us not recovering the full value of an outstanding loan upon default by the borrower. State and federal laws may further limit our ability to recover outstanding principal balances on such loans. If the losses from our indirect loan portfolio are higher than anticipated, it could have a material adverse effect on our financial condition and results of operations.

In addition, our consumer lending activities are subject to numerous consumer protection laws and regulations, including fair lending laws. Because indirect automobile loan applications are originated by automobile dealerships, we assume the risk of unsatisfactory origination programs, including any noncompliance with federal, state, and local laws. If we are unable to comply with the regulations applicable to our consumer lending activities, our financial condition and results of operations may be adversely affected.

Lack of seasoning in portions of our loan portfolio could increase risk of credit defaults in the future. Lack of seasoning in portions of our loan portfolio could increase risk of credit defaults in the future.

As a result of our growth over the past several years, certain portions of our loan portfolio, such as the increased size of our commercial loan portfolio, are of relatively recent origin. As a result of our growth over the past several years, certain portions of our loan portfolio, such as the increased size of our commercial loan portfolio, are of relatively recent origin. Loans may not begin to show signs of credit deterioration or default until they have been outstanding for some period of time, a process referred to as “seasoning.” As a result, a portfolio of older loans will usually behave more predictably than a newer portfolio. Because these portions of our portfolio are relatively new, the current level of delinquencies and defaults may not represent the level that may prevail as the portfolio becomes more seasoned. If delinquencies and defaults increase, we may be required to increase our provision for credit losses, which could have an adverse effect on our business, financial condition and results of operations.

We accept deposits that do not have a fixed term, and which may be withdrawn by the customer at any time for any reason. We accept deposits that do not have a fixed term, and which may be withdrawn by the customer at any time for any reason.

At December 31, 2025, we had $3.52 billion of deposit liabilities, or 68% of our total deposits, that have no maturity and, therefore, may be withdrawn by the depositor at any time. At December 31, 2024, we had $3.56 billion of deposit liabilities, or 70% of our total deposits, that have no maturity and, therefore, may be withdrawn by the depositor at any time. These deposit liabilities include our checking, savings, and money market deposit accounts.

Market conditions may impact the competitive landscape for deposits in the banking industry. Market conditions may impact the competitive landscape for deposits in the banking industry. National and local economic conditions, the interest rate environment and future actions of the Federal Reserve may impact pricing and demand for deposits in the banking industry. The withdrawal of more deposits than we anticipate could have an adverse impact on our profitability as this source of funding, if not replaced by similar deposit funding, would need to be replaced with wholesale funding, the sale of interest-earning assets, or a combination of these two actions. The replacement of deposit funding with wholesale funding could cause our overall cost of funding to increase, which would reduce our net interest income. A loss of interest-earning assets could also reduce our net interest income.

Municipal deposits are price sensitive and could result in an increase in interest expense or funding fluctuations. Municipal deposits are price sensitive and could result in an increase in interest expense or funding fluctuations.

Municipal deposits are a significant source of funds for our lending and investment activities. Municipal deposits are a significant source of funds for our lending and investment activities. At December 31, 2025, $1.09 billion, or 21% of our total deposits, consisted of municipal deposits from local government entities such as towns, cities, school districts and other municipalities, which are collateralized by letters of credit from the FHLB of New York (“FHLBNY”) and investment securities. These deposits may be more volatile than other deposits. If a significant amount of these deposits were withdrawn in a short period of time, it could have a negative impact on our short-term liquidity and have an adverse impact on our liquidity, business, financial condition and results of operations.

Given our dependence on high-average balance municipal deposits as a source of funds, our inability to retain such funds could significantly and adversely affect our liquidity. Given our dependence on high-average balance municipal deposits as a source of funds, our inability to retain such funds could significantly and adversely affect our liquidity. Further, our municipal deposits are primarily demand deposit accounts and are therefore more sensitive to interest rate risk. If we are forced to pay higher rates on our municipal accounts to retain those funds, or if we are unable to retain such funds and we are forced to resort to other sources of funds for our lending and investment activities, such as borrowings from the FHLBNY, the interest expense associated with these other funding sources may be higher than the rates we are currently paying on our municipal deposits, which would adversely affect our net income.

We are subject to environmental liability risk associated with our lending activities.

A significant portion of our loan portfolio is secured by real property. A significant portion of our loan portfolio is secured by real property. During the ordinary course of business, we may foreclose on and take title to properties securing certain loans. There is a risk that hazardous or toxic substances could be found on properties we have foreclosed upon. If hazardous or toxic substances are found, we may be liable for remediation costs, as well as for personal injury and property damage regardless of whether we knew, had reason to know of, or caused the release of such substance. Environmental laws may require us to incur substantial expenses and may materially reduce the affected property’s value or limit our ability to use or sell the affected property. In addition, future laws or more stringent interpretations or enforcement policies with respect to existing laws may increase our exposure to environmental liability. The remediation costs and any other financial liabilities associated with an environmental hazard could have a material adverse effect on our financial condition and results of operations.

We operate in a highly competitive industry and market area.

We face substantial competition in all areas of our operations from a variety of different competitors, many of which are larger and may have more financial resources than us. We face substantial competition in all areas of our operations from a variety of different competitors, many of which are larger and may have more financial resources than us. Such competitors primarily include national, regional and internet banks within the markets in which we operate. We also face competition from many other types of financial institutions, including, without limitation, savings and loan associations, credit unions, finance companies, brokerage firms, insurance companies and other financial intermediaries. The financial services industry could become even more competitive as a result of legislative, regulatory and technological changes and continued consolidation. Banks, securities firms and insurance companies can merge under the umbrella of an FHC, which can offer virtually any type of financial service, including banking, securities underwriting, insurance (both agency and underwriting), and merchant banking. Technology has lowered barriers to entry and made it possible for non-banks to offer products and services traditionally provided by banks, such as automatic transfer and automatic payment systems. More recently, peer to peer lending has emerged as an alternative borrowing source for our customers and many other non-banks offer lending and payment services, such as consumer credit through buy now–pay later offerings, in competition with banks. Many of these competitors have fewer regulatory constraints and may have lower cost structures. Additionally, due to their size, many of our larger competitors may be able to achieve economies of scale and, as a result, may offer a broader range of products and services than we can at competitive prices or with low or no fees.

Our ability to compete successfully depends on a number of factors, including, among other things:

Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect our growth and profitability, which, in turn, could have a material adverse effect on our financial condition and results of operations. Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect our growth and profitability, which, in turn, could have a material adverse effect on our financial condition and results of operations.

Legal and Regulatory Risks

Legal and regulatory proceedings and related matters could adversely affect us and the banking industry in general.

We have been, and may in the future be, subject to various legal and regulatory proceedings, including class action litigation. We have been, and may in the future be, subject to various legal and regulatory proceedings, including class action litigation. It is inherently difficult to assess the outcome of these matters, and there can be no assurance that we will prevail in any proceeding or litigation. Legal and regulatory matters of any degree of significance could result in substantial cost and diversion of our efforts, which by itself could have a material adverse effect on our financial condition and operating results.

We establish reserves for legal claims when payments associated with the claims become probable and the costs can be reasonably estimated. We may still incur legal costs for a matter even if we have not established a reserve. In addition, due to the inherent subjectivity of the assessments and unpredictability of the outcome of legal proceedings, the actual cost of resolving a legal claim may be substantially higher than any amounts reserved for that matter. The ultimate resolution of a pending legal proceeding, depending on the remedy sought and granted, could adversely affect our results of operations and financial condition.

For more information with respect to our legal proceedings, please refer to Note 12, Commitments and Contingencies, of the notes to the consolidated financial statements included in Part II, Item 8, of this Annual Report on Form 10-K. For more information with respect to our legal proceedings, please refer to Note 12, Commitments and Contingencies, of the notes to the consolidated financial statements included in Part II, Item 8, of this Annual Report on Form 10-K.

Any future FDIC insurance premium increases may adversely affect our earnings. Any future FDIC insurance premium increases may adversely affect our earnings.

The amount that is assessed by the FDIC for deposit insurance is set by the FDIC based on a variety of factors. The amount that is assessed by the FDIC for deposit insurance is set by the FDIC based on a variety of factors. These include the depositor insurance fund’s reserve ratio, the Bank’s assessment base, which is equal to average consolidated total assets minus average tangible equity, and various inputs into the FDIC’s assessment rate calculation.

If there are financial institution failures, we may be required to pay higher FDIC premiums or special assessments. For example, in 2023, the FDIC issued a special assessment applicable for banks with total uninsured deposits in excess of $5 billion in order to recover losses sustained by the DIF as a result of the March 2023 failures of Silicon Valley Bank and Signature Bank. Such increases of FDIC insurance premiums may adversely impact our earnings. See the section captioned “Supervision and Regulation” included in Part I, Item 1 “Business” for more information about FDIC insurance premiums.

We are highly regulated, and any adverse regulatory action may result in additional costs, loss of business opportunities, and reputational damage. - 24 - Table of Contents We are highly regulated, and any adverse regulatory action may result in additional costs, loss of business opportunities, and reputational damage.

As described in the section captioned “Supervision and Regulation” included in Part I, Item 1, “Business,” we are subject to extensive supervision, regulation and examination. As described in the section captioned “Supervision and Regulation” included in Part I, Item 1, “Business,” we are subject to extensive supervision, regulation and examination. The various regulatory authorities with jurisdiction over us have significant latitude in addressing our compliance with applicable laws and regulations including, but not limited to, those governing consumer credit, fair lending, anti-money laundering, anti-terrorist financing, capital adequacy, asset quality and risk, management ability and performance, earnings, liquidity, and various other factors affecting us. As part of this regulatory structure, we are subject to policies and other guidance developed by the regulatory agencies with respect to, among other things, capital levels, the timing and amount of dividend payments, the classification of assets and the establishment of adequate loan loss reserves for regulatory purposes. Our regulators have broad discretion to impose monetary fines or restrictions and limitations on our operations if they determine, for any reason, that our operations are unsafe or unsound, fail to comply with applicable law or are otherwise inconsistent with laws and regulations or with the supervisory policies of these agencies.

This supervisory framework could materially impact the conduct, growth and profitability of our operations. Any failure on our part to comply with current laws, regulations, other regulatory requirements or safe and sound banking, insurance, or investment advisory practices or concerns about our financial condition, or any related regulatory sanctions or enforcement actions against us, could increase our costs or restrict our ability to expand our business and result in damage to our reputation.

Non-compliance with the USA PATRIOT Act, the BSA, OFAC sanction regulations, or other applicable state and federal laws could subject us to fines, penalties, or other regulatory actions.

The USA PATRIOT Act and the BSA require financial institutions to maintain a written anti-money laundering program, including customer identification procedures, customer due diligence, ongoing monitoring, and the filing of suspicious activity reports with FinCEN when suspicious activity is identified. OFAC regulations prohibit U.S. financial institutions from engaging in transactions with sanctioned parties or jurisdictions. To comply with these obligations, institutions screen customers and transactions against OFAC’s sanctions lists and are required to block or reject prohibited transactions and submit required reports to OFAC.

Failure to adequately design, implement, and maintain our BSA/AML and OFAC compliance programs could result in supervisory criticism, enforcement actions, monetary penalties, restrictions on acquisitions or new branches, reputational harm, or other regulatory consequences that could have a material adverse effect on our business, financial condition, or results of operations. Non-compliance with other applicable state or federal laws and regulations could also expose us to fines, penalties, or other negative actions.

We are subject to the CRA and fair lending laws, and failure to comply with these laws could lead to material penalties. We are subject to the CRA and fair lending laws, and failure to comply with these laws could lead to material penalties.

The Community Reinvestment Act (the “CRA”), the Equal Credit Opportunity Act, the Fair Housing Act and other fair lending laws and regulations impose nondiscriminatory lending requirements on financial institutions. The Community Reinvestment Act (the “CRA”), the Equal Credit Opportunity Act, the Fair Housing Act and other fair lending laws and regulations impose nondiscriminatory lending requirements on financial institutions. With respect to the Bank, the NY DFS, FRB, the United States Department of Justice and other federal and state agencies are responsible for enforcing these laws and regulations. A successful regulatory challenge to an institution’s performance under the CRA or fair lending laws and regulations could result in a wide variety of sanctions, including the required payment of damages and civil money penalties, injunctive relief, imposition of restrictions on mergers and acquisitions activity and restrictions on expansion. Private parties may also have the ability to challenge an institution’s performance under fair lending laws in private class action litigation. Such actions could have a material adverse effect on our business, financial condition and results of operations.

The policies of the Federal Reserve have a significant impact on our earnings. The policies of the Federal Reserve have a significant impact on our earnings.

The policies of the Federal Reserve impact us significantly. The policies of the Federal Reserve impact us significantly. The Federal Reserve regulates the supply of money and credit in the United States. Its policies directly and indirectly influence the rate of interest earned on loans and paid on borrowings and interest-bearing deposits and can also affect the value of financial instruments we hold. Those policies determine, to a significant extent, our cost of funds for lending and investing and impact our net interest income, our primary source of revenue. Changes in those policies are beyond our control and are difficult to predict. Federal Reserve policies can also affect our borrowers, potentially increasing the risk that they may fail to repay their loans. For example, a tightening of the money supply by the Federal Reserve could reduce the demand for a borrower’s products and services. This could adversely affect the borrower’s earnings and ability to repay their loan, which could have a material adverse effect on our financial condition and results of operations. This could adversely affect the borrower’s earnings and ability to repay its loan, which could have a material adverse effect on our financial condition and results of operations.

We offer financial services to a limited number of New York State-licensed cannabis businesses under New York State’s regulatory framework, with supporting policy and procedures, enhanced due diligence, monitoring, and required regulatory reporting. While federal law continues to classify cannabis as illegal, the risk of strict federal enforcement remains uncertain. Any significant change in federal enforcement posture could affect our ability to continue services these customers and could increase our legal, regulatory, or compliance-related obligations.

Offering financial products and services to the cannabis industry presents a unique set of regulatory risks due to the conflict between state and federal laws. Offering financial products and services to the cannabis industry presents a unique set of regulatory risks due to the conflict between state and federal laws. While the possession and sale of recreational marijuana is legal for adults aged 21 and older in New York State, cannabis remains classified as a Schedule I controlled substance under the federal Controlled Substances Act. In January 2018, under the first Trump administration, the DOJ rescinded the “Cole Memo” and related memoranda which characterized the enforcement of the Controlled Substances Act against persons and entities complying with state regulatory systems permitting the use, manufacture and sale of medical marijuana as an inefficient use of their prosecutorial resources and discretion. The impact of the DOJ’s rescission of the Cole Memo and related memoranda is unclear. The impact of the DOJ’s rescission of the Cole Memo and related memoranda is unclear, but in the future may result in increased enforcement actions against the regulated cannabis industry generally. Enforcement policies and practices may be highly variable between political administrations. In addition, federal prosecutors have significant discretion and there can be no assurance that the federal prosecutor for any district in which we or our customers operate will not choose to strictly enforce the federal laws governing cannabis.

Any enforcement action against a cannabis-related business customer of ours could affect our results of operation and financial condition. Any enforcement action against a cannabis-related business customer of ours could affect our results of operation and financial condition. Additionally, as the possession and use of cannabis remains illegal under the Controlled Substances Act, we may be deemed to be aiding and abetting illegal activities through the services that we provide to such customers and could have legal action taken against us by the federal government, including imprisonment and fines. The FinCEN published guidelines in 2014 for financial institutions servicing state-legal cannabis businesses. These guidelines clarify how financial institutions can provide services to marijuana-related businesses in a “manner consistent with their obligations to know their customers and to report possible criminal activity.” The Bank has and will continue to follow this and other FinCEN guidance in the areas of cannabis banking. However, there can be no assurance that compliance with FinCEN’s guidelines will protect us from federal prosecution or other regulatory sanctions. Any change in position or potential action taken against us could result in significant financial damage to us and our stockholders.

Additionally, while we believe our Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) policies and practices for our cannabis banking program are sufficient, the recreational cannabis business is considered high-risk, and our BSA/AML program will be subject to increased regulatory scrutiny. Additionally, while we believe our Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) policies and practices for our cannabis banking program are sufficient, the recreational cannabis business is considered high-risk, and our BSA/AML program will be subject to increased regulatory scrutiny. Any real or perceived shortcomings in our BSA/AML program may result in regulatory action against us and may prevent us from undertaking mergers and acquisitions or other expansion activities.

Risks Related to Non-Banking Activities

Our investment advisory and wealth management operations are subject to risk related to the regulation of the financial services industry and market volatility.

The financial services industry is subject to extensive regulation at the federal and state levels. The financial services industry is subject to extensive regulation at the federal and state levels. It is very difficult to predict the future impact of the legislative and regulatory requirements affecting our business. The securities laws and other laws that govern the activities of our registered investment advisor are complex and subject to change. The activities of our investment advisory and wealth management operations are subject primarily to provisions of the Advisers Act and the Employee Retirement Income Act of 1940, as amended (“ERISA”). We are a fiduciary under ERISA. Our investment advisory services are also subject to state laws including anti-fraud laws and regulations.

In addition, the broker-dealer services provided by Courier Capital are subject to Regulation Best Interest, which requires a broker-dealer to act in the best interest of a retail customer when making a recommendation to that customer of any securities transaction or investment strategy involving securities. The regulation imposes heightened standards on broker-dealers and will require us to review and modify the policies and procedures of our wealth management operations, as well as associated supervisory and compliance controls.

Any claim of noncompliance, regardless of merit or ultimate outcome, could subject us to investigation by the SEC or other regulatory authorities or harm our reputation and customer relationships. Any claim of noncompliance, regardless of merit or ultimate outcome, could subject us to investigation by the SEC or other regulatory authorities or harm our reputation and customer relationships. Our compliance processes may not be sufficient to prevent assertions that we failed to comply with any applicable law, rule or regulation. If our investment advisory and wealth management operations are subject to investigation by the SEC or other regulatory authorities or if litigation is brought by clients based on our failure to comply with applicable regulations, our results of operations could be materially adversely affected.

Our investment advisory revenue may decrease as a result of poor investment performance, in either relative or absolute terms, which could decrease our revenues and net income. Our investment advisory revenue may decrease as a result of poor investment performance, in either relative or absolute terms, which could decrease our revenues and net income.

Our investment advisory business derives a significant amount of its revenues from investment management fees based on assets under management. Our ability to maintain or increase assets under management is subject to a number of factors, including our clients’ evaluation of the past performance of our investment advisory business, in either relative or absolute terms, general market and economic conditions, and competition from other investment management firms. A decline in the fair value of the assets under management would decrease our investment advisory revenue.

Investment performance is one of the most important factors in retaining existing investment advisory clients and competing for new investment advisory clients. Poor investment performance could reduce our investment advisory revenues and impede the growth of our investment advisory business in the following ways: existing clients may withdraw funds from our investment advisory business in favor of better performing products or firms; asset-based management fees could decline from a decrease in assets under management; our ability to attract funds from existing and new clients might diminish; and the investment advisory personnel may depart to join a competitor or otherwise.

Strategic and Operational Risks

We make certain assumptions and estimates in preparing our financial statements that may prove to be incorrect, which could significantly impact our results of operations, cash flows and financial condition, and we are subject to new or changing accounting rules and interpretations, and the failure by us to correctly interpret or apply these evolving rules and interpretations could have a material adverse effect.

Accounting principles generally accepted in the United States require us to use certain assumptions and estimates in preparing our financial statements, including in determining credit loss reserves and reserves related to litigation, among other items. Accounting principles generally accepted in the United States require us to use certain assumptions and estimates in preparing our financial statements, including in determining credit loss reserves and reserves related to litigation, among other items. Certain of our financial instruments, including available-for-sale securities and certain loans, require a determination of their fair value in order to prepare our financial statements. Where quoted market prices are not available, we may make fair value determinations based on internally developed models or other means, which ultimately rely to some degree on management judgment. Some of these and other assets and liabilities may have no direct observable price levels, making their valuation particularly subjective, as they are based on significant estimation and judgment. In addition, sudden illiquidity in markets or declines in prices of certain loans and securities may make it more difficult to value certain balance sheet items, which may lead to the possibility that such valuations will be subject to further change or adjustment. If assumptions or estimates underlying our financial statements are incorrect, we may experience material losses that would impact our results of operations, cash flows and financial condition.

As indicated in Note 1, Summary of Significant Accounting Policies—Accounting Standards Recently Adopted or Issued, to the consolidated financial statements included in Part II, Item 8, of this Annual Report on Form 10-K, the regulations, rules, standards, policies, and interpretations underlying GAAP are constantly evolving and may change significantly over time. If we fail to interpret any one or more of these GAAP provisions correctly, or if our methodology in applying them to our financial reporting or disclosures is at all flawed, our financial statements may contain inaccuracies that, if severe enough, could warrant a later restatement by us, which in turn could result in a material adverse event.

The value of our goodwill and other intangible assets may decline in the future. The value of our goodwill and other intangible assets may decline in the future.

As of December 31, 2025, we had $58.1 million of goodwill and $2.2 million of other intangible assets. As of December 31, 2024, we had $58.1 million of goodwill and $2.6 million of other intangible assets. Significant and sustained declines in our stock price and market capitalization, significant declines in our expected future cash flows, significant adverse changes in the business climate or slower growth rates may necessitate our taking charges in the future related to the impairment of our goodwill. Future regulatory actions could also have a material impact on assessments of goodwill for impairment. If the fair value of our net assets improves at a faster rate than the market value of our reporting units, or if we were to experience increases in book values of a reporting unit in excess of the increase in fair value of equity, we may also have to take charges related to the impairment of our goodwill. If we were to conclude that a future write-down of our goodwill is necessary, we would record the appropriate charge, which could have a material adverse effect on our results of operations.

Identifiable intangible assets other than goodwill consist of other intangible assets (primarily customer relationships). Adverse events or circumstances could impact the recoverability of these intangible assets including significant losses of customer accounts and/or balances, increased competition or adverse changes in the economy. Adverse events or circumstances could impact the recoverability of these intangible assets including loss of core deposits, significant losses of customer accounts and/or balances, increased competition or adverse changes in the economy. To the extent these intangible assets are deemed unrecoverable, a non-cash impairment charge would be recorded which could have a material adverse effect on our results of operations.

We may be unable to successfully implement our growth strategies, including the integration and successful management of newly acquired businesses. We may be unable to successfully implement our growth strategies, including the integration and successful management of newly-acquired businesses.

Our current growth strategy is multi-faceted. Our current growth strategy is multi-faceted. We seek to expand our branch network into nearby areas, continue to invest in our digital banking strategy, make strategic acquisitions of loans, portfolios, other regional banks and non-banking firms whose businesses we feel may be complementary with ours, and to continue to organically grow our core deposits. Any failure by us to effectively implement any one or more of these growth strategies could have several negative effects, including a possible decline in the size or the quality, or both, of our loan portfolio or a decrease in profitability caused by an increase in operating expenses.

We hope to continue an active merger and acquisition strategy. We hope to continue an active merger and acquisition strategy. However, even if we use our common stock as the predominant form of consideration, we may need to raise capital to negotiate a transaction on terms acceptable to us and there can be no assurance that we will be able to raise a sufficient amount of capital to enable us to complete an acquisition. It is also possible that even with adequate capital we may still be unable to complete an acquisition on favorable terms, causing us to miss opportunities to increase our earnings and expand or diversify our operations.

Our growth strategy is also dependent upon the successful integration of new businesses and any future acquisitions into our existing operations. While our senior management team has had extensive experience in acquisitions and post-acquisition integration, there is no guarantee that our current or future integration efforts will be successful, and if our senior management is forced to spend a disproportionate amount of time on integrating recently-acquired businesses, it may distract their attention from operating our business or pursuing other growth opportunities.

Acquisitions may disrupt our business and dilute shareholder value. Acquisitions may disrupt our business and dilute shareholder value.

We intend to continue to pursue a growth strategy for our business by expanding our branch network into communities within or complementary to markets where we currently conduct business. We intend to continue to pursue a growth strategy for our business by expanding our branch network into communities within or complementary to markets where we currently conduct business. We may consider acquisitions of loans or securities portfolios, lending or leasing firms, commercial and small business lenders, residential lenders, direct banks, banks or bank branches, wealth and investment management firms, securities brokerage firms, specialty finance or other financial services-related companies. We may be unsuccessful in expanding our non-banking subsidiaries through acquisition because of the growing interest in our industry in acquiring insurance brokers and wealth management firms, which could make it more difficult for us to identify appropriate targets and could make such acquisitions more expensive. Even if we are able to identify appropriate acquisition targets, we may not have sufficient capital to fund acquisitions or be able to execute transactions on favorable terms. If we are unable to pursue our growth strategy, we may not be able to achieve all of the expected benefits of our historical acquisitions, which could adversely affect our results of operations and financial condition.

Acquiring other banks, businesses, or branches involves potential adverse impact to our financial results and various other risks commonly associated with acquisitions, including, among other things:

Our tax strategies and the value of our deferred tax assets and liabilities could adversely affect our operating results and regulatory capital ratios. Our tax strategies and the value of our deferred tax assets and liabilities could adversely affect our operating results and regulatory capital ratios.

Our tax strategies are dependent upon our ability to generate taxable income in future periods. Our tax strategies are dependent upon our ability to generate taxable income in future periods. Our tax strategies will be less effective in the event we fail to generate taxable income. Our deferred tax assets are subject to an evaluation of whether it is more likely than not that they will be realized for financial statement purposes. In making this determination, we consider all positive and negative evidence available including the impact of recent operating results, reversals of existing taxable temporary differences, tax planning strategies and projected earnings within the statutory tax loss carryover period. If we were to conclude that a significant portion of our deferred tax assets were not more likely than not to be realized, the required valuation allowance could adversely affect our financial position, results of operations and regulatory capital ratios. In addition, the value of our deferred tax assets could be adversely affected by a change in statutory rates.

Liquidity is essential to our business. Liquidity is essential to our businesses.

We must maintain sufficient cash flow and liquid assets to satisfy current and future financial obligations, including demand for loans and deposit withdrawals, funding operating costs, and for other corporate purposes, as well as meeting regulatory requirements and supervisory expectations. We must maintain sufficient cash flow and liquid assets to satisfy current and future financial obligations, including demand for loans and deposit withdrawals, funding operating costs, and for other corporate purposes, as well as meet regulatory requirements and supervisory expectations. We rely on customer deposits to be a reasonable cost and stable source of funding for the loans we make and the operations of our business. Customer deposits, which include noninterest-bearing deposits, interest-bearing transaction accounts, savings deposits and time deposits of $250,000 or less, have historically provided us with a sizeable source of stable and low-cost funds. In addition to customer deposits, sources of liquidity include brokered deposits and borrowings from securities dealers, the FHLBNY and the FRB of New York, as well as the debt and equity capital markets.

If we are unable to continue to fund assets through customer bank deposits or access funding sources on reasonable terms or if we suffer an increase in borrowing costs or otherwise fail to manage liquidity effectively, our liquidity, operating margins, financial condition and results of operations may be materially adversely affected. Reduced liquidity may arise due to circumstances that we may be unable to control, such as a general market disruption or an operational problem that affects third parties or us. Our efforts to monitor and manage liquidity risk may not be successful or sufficient to deal with dramatic or unanticipated reductions in our liquidity. In such events, our cost of funds may increase, thereby reducing our net interest income, or we may need to sell a portion of our investment and/or loan portfolio, which, depending upon market conditions, could result in us realizing a loss.

We rely on dividends from our subsidiaries for most of our revenue. We rely on dividends from our subsidiaries for most of our revenue.

We are a separate and distinct legal entity from our subsidiaries. We are a separate and distinct legal entity from our subsidiaries. A substantial portion of our revenue comes from dividends from our Bank subsidiary. These dividends are the principal source of funds we use to pay dividends on our common and preferred stock, and to pay interest and principal on our debt. Federal and/or state laws and regulations limit the amount of dividends that our Bank subsidiary may pay to us. Also, our right to participate in a distribution of assets upon a subsidiary’s liquidation or reorganization is subject to the prior claims of the subsidiary’s creditors. In the event our Bank subsidiary is unable to pay dividends to us, we may not be able to service debt, pay obligations, or pay dividends on our common and preferred stock. The inability to receive dividends from our Bank subsidiary could have a material adverse effect on our business, financial condition, and results of operations.

If our risk management framework does not effectively identify or mitigate our risks, we could suffer losses. If our risk management framework does not effectively identify or mitigate our risks, we could suffer losses.

Our risk management framework seeks to mitigate risk and appropriately balance risk and return. Our risk management framework seeks to mitigate risk and appropriately balance risk and return. We have established processes and procedures intended to identify, measure, monitor and report the types of risk to which we are subject, including credit risk, operations risk, compliance risk, reputation risk, strategic risk, market risk, and liquidity risk. We seek to monitor and control our risk exposure through a framework of policies, procedures and reporting requirements. Management of our risks in some cases depends upon the use of analytical and/or forecasting models. If the models used to mitigate these risks are inadequate, we may incur losses. In addition, there may be risks that exist, or that develop in the future, that we have not appropriately anticipated, identified or mitigated. If our risk management framework does not effectively identify or mitigate our risks, we could suffer unexpected losses and could be materially adversely affected.

Market Risks

We are subject to interest rate risk, and fluctuations in market interest rates may affect our interest margins and income, demand for our products, defaults on loans, loan prepayments and the fair value of our financial instruments.

Our earnings and cash flow depend largely upon our net interest income. Our earnings and cash flows depend largely upon our net interest income. Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions and policies of governmental and regulatory agencies, particularly the Federal Reserve. Changes in monetary policy, including changes in interest rates, could influence the interest we receive on loans and investments and the amount of interest we pay on deposits and borrowings, which may affect our net interest margins. Such changes could also affect (i) demand for our products and services and price competition, in turn affecting our ability to originate loans and obtain deposits; (ii) the fair value of our financial assets and liabilities; (iii) the average duration of our mortgage-backed securities portfolio and other interest-earning assets; (iv) levels of defaults on loans; and (v) loan prepayments.

If the interest rates paid on deposits and other borrowings increase at a faster rate than the interest rates received on loans and other investments, our net interest income, and therefore earnings, could be adversely affected. In addition, our net interest margin may contract in a rising rate environment because our funding costs may increase faster than the yield we earn on our interest-earning assets. In a rising rate environment, demand for loans may decrease and loans with adjustable interest rates are more likely to experience a higher rate of default. Additionally, changes in interest rates also affect the fair value of the securities portfolio. Generally, the value of securities moves inversely with changes in interest rates. The combination of these events may adversely affect our financial condition and results of operations.

Earnings could also be adversely affected if the interest rates received on loans and other investments fall more quickly than the interest rates paid on deposits and other borrowings. Earnings could also be adversely affected if the interest rates received on loans and other investments fall more quickly than the interest rates paid on deposits and other borrowings. In addition, in a falling or low rate environment, loans may be prepaid sooner than we expect, which could result in a delay between when we receive the prepayment and when we are able to redeploy the funds into new interest-earning assets and in a decrease in the amount of interest income we are able to earn on those assets. If we are unable to manage these risks effectively, our financial condition and results of operations could be materially adversely affected.

Any substantial, unexpected or prolonged change in market interest rates could have a material adverse effect on our financial condition and results of operations. - 29 - Table of Contents Any substantial, unexpected or prolonged change in market interest rates could have a material adverse effect on our financial condition and results of operations. Also, our interest rate risk modeling techniques and assumptions likely may not fully predict or capture the impact of actual interest rate changes on our balance sheet.

The soundness of other financial institutions could adversely affect us.

Financial services institutions are interrelated as a result of trading, clearing, counterparty, or other relationships. Financial services institutions are interrelated as a result of trading, clearing, counterparty, or other relationships. We have exposure to many different industries and counterparties, and we routinely execute transactions with counterparties in the financial services industry, including commercial banks, brokers and dealers, investment banks, and other institutional clients. Many of these transactions expose us to credit risk in the event of a default by our counterparty or client. In addition, our credit risk may be exacerbated when the collateral held by us cannot be realized or is liquidated at prices not sufficient to recover the full amount of the credit or derivative exposure due us. Any such losses could have a material adverse effect on our financial condition and results of operations.

We may need to raise additional capital in the future and such capital may not be available on acceptable terms or at all. We may need to raise additional capital in the future and such capital may not be available on acceptable terms or at all.

We may need to raise additional capital in the future to provide sufficient capital resources and liquidity to meet our commitments and business needs. We may need to raise additional capital in the future to provide sufficient capital resources and liquidity to meet our commitments and business needs.

In addition, we are highly regulated, and our regulators could require us to raise additional common equity in the future. In addition, we are highly regulated, and our regulators could require us to raise additional common equity in the future. We and our regulators perform a variety of analyses of our assets, including the preparation of stress case scenarios, and as a result of those assessments we could determine, or our regulators could require us, to raise additional capital.

Our ability to raise additional capital, if needed, will depend on our financial performance and, among other things, conditions in the capital markets at that time, which are outside of our control. Our ability to raise additional capital, if needed, will depend on our financial performance and, among other things, conditions in the capital markets at that time, which are outside of our control. We may not be able to access required capital on acceptable terms or at all. Any occurrence that may limit our access to the capital markets, such as a decline in the confidence of debt purchasers, depositors of the Bank or counterparties participating in the capital markets, or a downgrade of our debt rating, may adversely affect our capital costs and ability to raise capital and, in turn, our liquidity. An inability to raise additional capital on acceptable terms when needed could have a material adverse impact on our business, financial condition, results of operations or liquidity.

Technology and Cybersecurity Risks

Emerging technology, including cloud computing and artificial intelligence (“AI”), introduces new risks while possibly being essential to support business strategy.

The financial services market continues to see rapid changes with steady and frequent introductions of new technology-driven products and services. The financial services market continues to see rapid changes with steady and frequent introductions of new technology-driven products and services. Our future success may depend, in part, on our ability to leverage emerging technology to provide feature-rich products and services that provide value to our customers and our operations. At the same time, emerging technologies present new risks directly associated with adoption or indirectly by third-party service provider adoption. The continued expansion of cloud computing services has drastically increased the risk of dependency on our third-party service providers to implement effective controls to manage the risk of cloud service reliability and security. The continued expansion of cloud computing services has drastically increased the adoption risk as we depend on our third-party service providers to implement effective controls to manage new risk. While cloud computing services typically support improved availability, performance and elasticity, it also presents increased risk of system and data compromise. And, while improved availability is a goal of cloud computing, service outages can be more significantly impactful. Cloud computing services are rapidly evolving as are the technology solutions running in cloud services. Cloud and associated technology have influenced the opportunity for rapid change, which inherently increases change management risk. While the heightened pace of change is often desirable, it may lead to undesirable outcomes impacting operational risk, financial risk, reputations risk and sometimes, regulatory risk. As such, the adoption of cloud services must include comprehensive assessment and risk management.

The emergence of AI is an example of an emerging technology providing significant value to operations and service, although the mere existence of AI capabilities presents a myriad of risks for consideration. The recent emergence of artificial intelligence (“AI”) is a recent example of an emerging technology providing significant value to operations and service, although the mere existence of AI capabilities presents a myriad of risks for consideration. Regardless of AI adoption by the Company, we face the risk of associates utilizing unauthorized publicly sourced AI tools to complete business functions. Regardless of direct AI adoption by the Company, we face the risk of associates utilizing unauthorized publicly sourced AI tools to complete business functions. Unauthorized use of AI tools could lead to the unintended exposure of confidential data, use of inaccurate results, and a number of other risks. Additionally, third-party service providers are quickly embedding AI capabilities in their technology to provide more robust and efficient services. Some embedded AI capabilities could risk the exposure of confidential Company data if being used in a multi-tenant environment or being used to train AI systems.

We rely on third parties to provide critical business services and protect the confidentiality, integrity, and availability of confidential data. We rely on third parties to provide critical business services and protect the confidentiality, integrity, and availability of confidential data.

Third-party vendors provide key components of our business infrastructure, such as infrastructure service delivery, application delivery, and a growing volume of managed service functions. Third-party vendors provide key components of our business infrastructure, such as infrastructure service delivery, application delivery, and an increased volume managed service functions. While we select these third-party vendors carefully, we relinquish many aspects of control and rely on oversight processes to minimize risk. Issues induced by these third parties, including a service disruption or poor service performance, could adversely affect our ability to deliver products and services to our customers or otherwise conduct our business efficiently, effectively, and in accordance with the expectations of our customers and regulators. Replacing these third-party providers could also entail significant time and expense, further emphasizing the need for stringent vendor due diligence processes.

Each year, more third-party service providers perform significant operational services on our behalf. These third-party vendors are subject to similar risks as us relating to cybersecurity, technology infrastructure, processes and talent. One or more of our vendors may experience a cybersecurity event or operational disruption and, if any such event does occur, it may not be adequately addressed, either operationally or financially, by the third-party vendor causing direct impact to our business. And, with the increased volume of cloud computing, our business could be directly impacted if similar disruptions are experienced by fourth-party vendors, which has been a growing trend in recent years. And, with the increased volume of cloud computing, our business could be directly impacted if similar disruptions are experienced by fourth-party vendors. Some of our vendors may have limited indemnification obligations or may not have the financial capacity to satisfy their indemnification obligations. Financial or operational difficulties of a vendor could also impair our operations if those difficulties interfere with the vendor’s ability to serve us. If a critical vendor is unable to meet our needs in a timely manner or if the services or products provided by such a vendor are terminated or otherwise delayed and if we are not able to develop alternative sources for these services and products quickly and cost-effectively, it could have a material adverse effect on our business. Due to significant levels of dependency, critical services may require redundant service providers to reduce vendor risk, although this inherently increases financial risk a third-party risk with the redundant vendor and cost.

We, or our service providers, may experience a cyber-attack, system failure, natural disaster, or other uncontrollable events that may disrupt business operations. We, or our service providers, may experience a cyber-attack, system failure, natural disaster, or other uncontrollable events that may disrupt business operations.

We rely heavily on communications, information technology (both on-premises and via service providers) and internet service to conduct our business. We rely heavily on communications, information technology (both on-premises and via service providers) and internet service to conduct our business. Our business depends on our ability to process and monitor a large volume of daily transactions in compliance with legal, regulatory, and internal standards and specifications. In addition, a significant portion of our operations relies heavily on the secure processing, retention, disposal, and transmission of personal and confidential information of our customers and clients. In addition, a significant portion of our operations relies heavily on the secure processing, storage and transmission of personal and confidential information of our customers and clients. These risks have increased as our customers have adopted digital banking solutions, and we have migrated many former on-premises services and technology to hosted third-party service providers. The dependency on these services, provided on-premises or in hosted environments, are threatened daily by ever-evolving cyber criminals, system failures, natural disasters, and other uncontrollable events such as a global pandemic. Uncontrollable events test the operational resiliency of companies across the world, every year. Whether it be hurricanes, tornados, or wildfires, companies risk the loss of facilities, technical infrastructure and even the lives of irreplaceable talent, and the lack of quality business continuity and disaster recovery plans heightens the risk impact. The risk of failing to train and test these plans could challenge the ability to recover. Similarly, cyber-attacks also challenge our preparedness to respond and recover. The volume and impact of cyber-attacks continue to grow and regardless of security controls, every company is susceptible to a compromise, making the existence of an incident response plan critical. The volume and impact of cyber-attacks continues to grow and regardless of security controls, every company is susceptible to a compromise, making the existence of an incident response plan critical. Failure to train and test the plan periodically is a critical risk to any company. Modern cyber-attacks attempt to obtain unauthorized access to directly access financial assets or indirectly benefit by accessing confidential data for future gains. Cyber-attacks may be executed in multiple stages but generally begin with social engineering attacks which pose a significant risk to employees and customers. Such security attacks can originate from a wide variety of sources, including people who are involved with organized crime or rogue attackers taking advantage of modern schemes and services that have become readily available. Those same parties initiate social engineering attacks to fraudulently induce employees, customers or other users of our systems to disclose sensitive information in order to gain access to our data or that of our customers or clients. Those same parties may also attempt to fraudulently induce employees, customers or other users of our systems to disclose sensitive information in order to gain access to our data or that of our customers or clients. We are also subject to the risk that our employees may intercept and transmit unauthorized confidential or proprietary information. An interception, misuse or mishandling of personal, confidential or proprietary information being sent to or received from a customer or third party could result in legal liability, remediation costs, regulatory action and reputational harm, any of which could adversely affect operations and financial condition. The failure to train and periodically test for possible threats, greatly increases the risk of compromise and impact.

As the threat of cyber-attacks continue to evolve, we may be required to increase the resources dedicated to minimize and respond to these risks. Due to the complexity and interconnectedness of information technology systems, the process of enhancing our systems can itself create a risk of systems disruptions and security issues.

We are subject to evolving laws and regulations relating to cybersecurity protection and data privacy, and failure to comply could expose the Company to regulatory liability, reputational risk and financial risk.

We are subject to cybersecurity regulations promulgated by agencies such as the FRB, NY DFS, and the SEC, as well as laws, such as those under the GLBA. We are subject to cybersecurity regulations promulgated by agencies such as the FRB, NY DFS, and the SEC, as well as laws, such as those under the GLBA. Any failure by us to comply with laws and regulations could result in regulatory sanctions, public disclosure and reputational damage even if we do not experience a significant cybersecurity breach. Most regulatory agencies have enhanced cybersecurity requirements and oversight, requiring increased focus and investment in cybersecurity controls. The failure to keep up with regulatory cybersecurity requirements not only presents the risk of regulatory sanctions but also presents an ill-advised risk due to sub-standard cyber risk controls, thus increasing the risk of compromise. Insurance carriers have also enhanced their cybersecurity posture requirements and oversight. Failure to meet reasonable cybersecurity control requirements could risk the Company’s ability to obtain cyber liability insurance, which poses financial and regulatory risks, or influence significantly higher rates. Failure to meet reasonable cybersecurity control requirements could risk the Company’s ability to obtain cyber liability insurance or influence significantly higher rates.

Risks Related to our Common Stock

We may not pay or may reduce the dividends on our common stock, and our ability to pay dividends is subject to certain restrictions.

Holders of our common stock are only entitled to receive such dividends as our Board of Directors may declare out of funds legally available for such payments. Holders of our common stock are only entitled to receive such dividends as our Board of Directors may declare out of funds legally available for such payments. In addition, we are a bank holding company, and our ability to declare and pay dividends is dependent on federal regulatory considerations, including the guidelines of the Federal Reserve regarding capital adequacy and dividends. Although we have historically declared cash dividends on our common stock, we are not required to do so and may reduce or eliminate our common stock dividend in the future. Any change in the level of our dividends or the suspension of the payment thereof could have an adverse effect on the market price of our common stock.

We may issue debt and equity securities or securities convertible into equity securities, any of which may be senior to our common stock as to distributions and in liquidation, which could dilute our current shareholders or negatively affect the value of our common stock.

In the future, we may attempt to increase our capital resources by entering into debt or debt-like financing that is unsecured or secured by all or up to all of our assets, or by issuing additional debt or equity securities, which could include issuances of secured or unsecured commercial paper, medium-term notes, senior notes, subordinated notes, preferred stock or securities convertible into or exchangeable for equity securities. In the future, we may attempt to increase our capital resources by entering into debt or debt-like financing that is unsecured or secured by all or up to all of our assets, or by issuing additional debt or equity securities, which could include issuances of secured or unsecured commercial paper, medium-term notes, senior notes, subordinated notes, preferred stock or securities convertible into or exchangeable for equity securities. In the event of our liquidation, our lenders and holders of our debt and preferred securities would receive a distribution of our available assets before distributions to the holders of our common stock. For example, our outstanding shares of Series A 3% and Series B-1 8.48% Preferred Stock have a preferential right to receive dividends before holders of our common stock. We must declare and pay annual dividends of $3 per share to Series A 3% Preferred Stock holders and of $8.48 per share to Series B-1 8.48% Preferred Stock holders before any dividends or dissolution payments can be paid to holders of common stock. Because our decision to incur debt and issue securities in our future offerings will depend on market conditions and other factors beyond our control, we cannot predict or estimate the amount, timing or nature of our future offerings and debt financings. Further, market conditions could require us to accept less favorable terms for the issuance of our securities in the future. We may also issue additional shares of our common stock or securities convertible into or exchangeable for our common stock that could dilute our current shareholders and affect the value of our common stock.

Our certificate of incorporation, our bylaws, and certain banking laws may have an anti-takeover effect. Our certificate of incorporation, our bylaws, and certain banking laws may have an anti-takeover effect.

Provisions of our certificate of incorporation, our bylaws, and federal and state banking laws, including regulatory approval requirements, could make it more difficult for a third party to acquire us, even if doing so would be perceived to be beneficial to our shareholders. Provisions of our certificate of incorporation, our bylaws, and federal and state banking laws, including regulatory approval requirements, could make it more difficult for a third party to acquire us, even if doing so would be perceived to be beneficial to our shareholders. The combination of these provisions may discourage others from initiating a potential merger, takeover or other change of control transaction, which, in turn, could adversely affect the market price of our common stock.

The market price of our common stock may fluctuate significantly in response to a number of factors. The market price of our common stock may fluctuate significantly in response to a number of factors.

Our quarterly and annual operating results have varied in the past and could vary significantly in the future, which makes it difficult for us to predict our future operating results. Our quarterly and annual operating results have varied in the past and could vary significantly in the future, which makes it difficult for us to predict our future operating results. Our operating results may fluctuate due to a variety of factors, many of which are outside of our control, including the changing U.S. economic environment and changes in the commercial and residential real estate market, any of which may cause our stock price to fluctuate. If our operating results fall below the expectations of investors or securities analysts, the price of our common stock could decline substantially. Our stock price can fluctuate significantly in response to a variety of factors including, among other things:

General Risk Factors

We may not be able to attract and retain skilled people.

Our success depends, in large part, on our ability to attract and retain skilled people. Competition for highly talented people can be intense, and we may not be able to hire sufficiently skilled people or retain them. Further, the rural location of our principal executive offices and many of our bank branches make it challenging for us to attract skilled people to such locations. The unexpected loss of services of one or more of our key personnel could have a material adverse impact on our business because of their skills, knowledge of our markets, years of industry experience, and the difficulty of promptly finding qualified replacement personnel.

Loss of key employees may disrupt relationships with certain customers. Loss of key employees may disrupt relationships with certain customers.

Our customer relationships are critical to the success of our business, and loss of key employees with significant customer relationships may lead to the loss of business if the customers were to follow that employee to a competitor. Our customer relationships are critical to the success of our business, and loss of key employees with significant customer relationships may lead to the loss of business if the customers were to follow that employee to a competitor. While we believe our relationships with key personnel are strong, we cannot guarantee that all of our key personnel will remain with the organization, which could result in the loss of some of our customers and could have a negative impact on our business, financial condition, and results of operations.

We use financial models for business planning purposes that may not adequately predict future results. We use financial models for business planning purposes that may not adequately predict future results.

We use financial models to aid in planning for various purposes including our capital and liquidity needs, interest rate risk, potential charge-offs, reserves, and other purposes. We use financial models to aid in planning for various purposes including our capital and liquidity needs, interest rate risk, potential charge-offs, reserves, and other purposes. The models used may not accurately account for all variables that could affect future results, may fail to predict outcomes accurately and/or may overstate or understate certain effects. As a result of these potential failures, we may not adequately prepare for future events and may suffer losses or other setbacks due to these failures.

We depend on the accuracy and completeness of information about or from customers and counterparties. We depend on the accuracy and completeness of information about or from customers and counterparties.

In deciding whether to extend credit or enter into other transactions, we may rely on information furnished by or on behalf of customers and counterparties, including financial statements, credit reports, and other financial information. In deciding whether to extend credit or enter into other transactions, we may rely on information furnished by or on behalf of customers and counterparties, including financial statements, credit reports, and other financial information. We may also rely on representations of those customers, counterparties, or other third parties, such as independent auditors, as to the accuracy and completeness of that information. Reliance on inaccurate or misleading financial statements, credit reports, or other financial information could cause us to enter into unfavorable transactions, which could have a material adverse effect on our financial condition and results of operations.

Our business may be adversely affected by conditions in the financial markets and economic conditions generally, including macroeconomic pressures such as inflation, supply chain issues, geopolitical risks associated with international conflict. Our business may be adversely affected by conditions in the financial markets and economic conditions generally, including macroeconomic pressures such as inflation, supply chain issues, and geopolitical risks associated with international conflict.

Our financial performance generally, and in particular the ability of borrowers to pay interest on and repay principal of outstanding loans and the value of collateral securing those loans, as well as demand for loans and other products and services we offer, is highly dependent on the business environment in the markets where we operate, in the State of New York and in the United States as a whole. Our financial performance generally, and in particular the ability of borrowers to pay interest on and repay principal of outstanding loans and the value of collateral securing those loans, as well as demand for loans and other products and services we offer, is highly dependent on the business environment in the markets where we operate, in the State of New York and in the United States as a whole. Additionally, international conflict may create unfavorable or uncertain economic conditions. A favorable business environment is generally characterized by, among other factors, economic growth, efficient capital markets, low inflation, low unemployment, high business and investor confidence, and strong business earnings. Unfavorable or uncertain economic and market conditions can be caused by declines in economic growth, business activity or investor or business confidence; political instability; limitations on the availability or increases in the cost of credit and capital; increases in inflation or interest rates; tariffs and trade wars; high unemployment, natural disasters; or a combination of these or other factors. Unfavorable or uncertain economic and market conditions can be caused by declines in economic growth, business activity or investor or business confidence; limitations on the availability or increases in the cost of credit and capital; increases in inflation or interest rates; tariffs; high unemployment, natural disasters; or a combination of these or other factors. The occurrence of any of these conditions could have a material adverse effect on our financial condition and results of operations.

Severe weather, natural disasters, public health emergencies and pandemics, acts of war or terrorism, and other external events could significantly impact our business. Severe weather, natural disasters, public health emergencies and pandemics, acts of war or terrorism, and other external events could significantly impact our business.

Severe weather, natural disasters, public health emergencies and pandemics, acts of war or terrorism, geopolitical conflicts, and other adverse external events could have a significant impact on our ability to conduct business. Severe weather, natural disasters, public health emergencies and pandemics, acts of war or terrorism, geopolitical conflicts, and other adverse external events could have a significant impact on our ability to conduct business. Such events could affect the operations of our bank branches, stability of our deposit base, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, result in loss of revenue, and/or cause us to incur additional expenses. Additionally, demand for our products and services may decline; loan delinquencies, problem assets, and foreclosures may increase, resulting in increased charges and reduced income; collateral for loans may decline in value, which could increase loan losses; our allowance for credit losses may have to be increased if borrowers experience financial difficulties; a material decrease in net income could affect our ability to pay cash dividends; cybersecurity risks may be increased as the result of employees working remotely; critical services provided by third-party vendors may become unavailable; government actions and mandates may affect our workforce and infrastructure; and the Company may experience staffing shortages and unanticipated unavailability or loss of key employees. The occurrence of any such event or a combination of the foregoing factors could have a material adverse effect on our business, which, in turn, could have a material adverse effect on our financial condition and results of operations.

Negative public opinion could damage our reputation and impact business operations and revenues.

As a financial institution, our earnings and capital are subject to risk associated with negative public opinion. As a financial institution, our earnings and capital are subject to risk associated with negative public opinion. Negative public opinion could result from our actual or alleged conduct in any number of activities, including lending practices, the failure of any of our products or services to meet our clients’ expectations or applicable regulatory requirements, corporate governance and acquisitions, social media and other marketing activities, the implementation of environmental, social and governance practices or actions taken by government regulators and community organizations in response to any of the foregoing. Negative public opinion could affect our ability to attract and/or retain clients, could expose us to litigation and regulatory action, and could have a material adverse effect on our stock price or result in heightened volatility. Negative public opinion could also affect our ability to borrow funds in the unsecured wholesale debt markets.

Environmental, social and governance matters, and any related reporting obligations may impact our business.

Despite the recent changes in federal governmental leadership, state legislatures, U.S. and international regulatory agencies, investors and other stakeholders at times may be focused on environmental, social, and governance (“ESG”) matters. Additionally, shareholder activism and potential regulatory reform may lead to substantial new regulations and disclosure obligations, including with respect to ESG matters, which may lead to additional compliance costs and impact the manner in which we operate our business in ways that may materially adversely impact our results of operations and financial condition. We could also face potential negative publicity in traditional media or social media if investors determine that we have not adequately considered or addressed ESG matters or if we have placed too much emphasis on ESG matters, which may result in adverse effects on the trading price of our common stock.

ITEM 1B. UNRESOLVED STAFF COMMENTS

None.

ITEM 1C. CYBERSECURITY