Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - INBK
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors
Cybersecurity Risk Management and Strategy
In the last three fiscal years, the Company has not experienced any material cybersecurity incidents. Despite our efforts, there can be no assurance that our cybersecurity risk management processes and measures described will be fully implemented, complied with, or effective in protecting our systems and information. Despite our efforts, there can be no assurance that our cybersecurity risk management processes and measures will be fully implemented, complied with, or effective in protecting our systems and information. We face risks from certain cybersecurity threats that, if realized, are reasonably likely to materially affect our business strategy, result of operations or financial condition. Please see Part I, Item 1A Risk Factors for further discussion of the risks associated with an interruption or breach in our information systems or infrastructure.
Our Board of Directors keeps apprised of and oversees technology risk and cybersecurity of the Company. The Board receives updates from the Company’s Chief Information Officer or Information Security Officer (“ISO”) on a quarterly basis and receives cybersecurity training on at least an annual basis. While the entire Board receives reporting and training, the Board has delegated certain specific responsibility for overseeing cybersecurity threats, among other things, to its Risk Committee. Our ISO and Chief Risk Officer provide the Risk Committee and the Company’s internal Enterprise Risk Management Committee periodic and as needed reports on our cybersecurity risks and cybersecurity incidents, if any.
The Risk Committee and the entire Board review and approve the Company’s information security policies and certain other relevant policies on at least an annual basis. Our ISO and Chief Information Officer , who share the responsibility of overseeing and managing the Information Security Program, collectively have decades of experience in the system, network, and cybersecurity space. The Chief Information Officer serves on the Enterprise Risk Management Committee, which is chaired by our Chief Risk Officer. They are supported by our team of technology professionals, who are responsible for information technology security monitoring and for managing the controls designed to identify, detect, protect against, respond to and recover from cybersecurity threats and cybersecurity incidents.
Risk factors which could cause actual results to differ from our expectations and which could negatively impact our financial condition and results of operations are discussed below and elsewhere in this report. Additional risks and uncertainties not presently known to us or that are currently not believed to be significant to our business may also affect our actual results and could harm our business, financial condition and results of operations. If any of the risks or uncertainties described below or any additional risks and uncertainties actually occur, our business, results of operations and financial condition could be materially and adversely affected.
Business, Strategic, and Reputational Risks
A failure of, or interruption in, the communications and information systems on which we rely to conduct our business could adversely affect our revenues and profitability.
We rely heavily upon communications and information systems to conduct our business. Although we have built a level of redundancy into our information technology infrastructure and update our business continuity plan annually, any failure or interruption of our information systems, or the third-party information systems on which we rely, as a result of inadequate or failed processes or systems, human errors or external events, could adversely affect our digital-based operations and slow or temporarily halt the processing of applications, loan servicing, deposit-related transactions, and our general banking operations. In addition, our communication and information systems may present security risks and could be susceptible to hacking or other unauthorized access. The occurrence of any of these events could have a material adverse effect on our business, financial condition and results of operations.
Economic conditions have affected and could continue to adversely affect our revenues and profits.
Our success depends, to a certain extent, upon favorable economic and political conditions, local and national, as well as governmental monetary policies. Conditions such as recession, unemployment, trade wars and tariffs, changes in interest rates, inflation, money supply, and other factors beyond the Company’s control may adversely affect deposit levels, costs, loan demand and/or asset quality and, therefore, our earnings. Further, any economic downturn could result in financial stress on our borrowers that would adversely affect consumer confidence, a reduction in general business activity and increased market volatility. The resulting economic pressure on consumers and businesses and the lack of confidence in the financial markets could adversely affect our business, financial condition, results of operations and stock price. Our ability to properly assess the creditworthiness of our customers and to estimate the losses inherent in our credit exposure would be made more complex by difficult or rapidly changing market and economic conditions. Accordingly, if market conditions worsen, we may experience increases in foreclosures, delinquencies, net charge-offs and customer bankruptcies, as well as more restricted access to funds.
The competitive nature of the banking and financial services industry could negatively affect our ability to increase or maintain our market share and retain long-term profitability.
Competition in the banking and financial services industry is strong. We compete with commercial banks, savings institutions, credit unions, finance companies, fintechs, mutual funds, insurance companies and securities brokerage and investment banking firms operating locally and nationwide. Some of our competitors have greater financial resources, name recognition and market presence than we do and offer certain services that we do not or cannot provide. Further, our credit union competitors benefit from competitive advantages, including the credit union exemption from paying federal income tax and can, therefore, more aggressively price many products and services. In addition, larger competitors may be able to price loans and deposits more aggressively than we do, which could affect our ability to increase our market share and remain profitable on a long-term basis.
11
Negative developments in the banking industry could adversely affect our current and future business operations and financial condition.
Bank failures and related negative media attention have caused significant market trading volatility among publicly traded bank and financial holding companies, particularly for regional and community banks. These developments have negatively impacted customer confidence in smaller banks, which could prompt customers to move their deposits to larger financial institutions. Further, competition for and costs of deposits has similarly increased, putting pressure on net interest margin.
From time to time, we may experience increased regulatory scrutiny – in the course of routine examinations and otherwise – and new regulations directed towards banks of similar size to the Bank designed to respond to negative developments in the banking industry and/or changing regulatory focus, all of which may increase our costs of doing business and reduce our profitability. Among other things, there may be increased focus by both regulators and investors on deposit composition, the level of uninsured deposits, brokered deposits, unrealized losses in securities portfolios, liquidity, CRE composition and concentration, capital, third party risk management and general oversight and control of the foregoing. The Bank could face increased scrutiny or be viewed as higher risk by regulators and/or the investor community due to changing regulatory focus and/or the failures of other financial institutions, which could negatively affect our future results of operations and financial condition.
Small Business Administration lending and other government guaranteed lending is an important part of our business. Our government guaranteed lending programs are dependent upon the U.S. federal government, and we face specific risks associated with originating SBA and other government guaranteed loans.
Our SBA lending program is dependent upon the U.S. federal government. As an approved participant in the SBA Preferred Lender’s Program (an "SBA Preferred Lender"), we enable our customers to obtain SBA loans without being subject to the potentially lengthy SBA approval process necessary for lenders that are not SBA Preferred Lenders. The SBA periodically reviews the lending operations of participating lenders to assess, among other things, whether the lender exhibits prudent risk management. When weaknesses are identified, the SBA may request corrective actions or impose enforcement actions, including revocation of the lender’s SBA Preferred Lender status. If we lose our status as an SBA Preferred Lender, we may lose some or all of our customers to lenders who are SBA Preferred Lenders, and as a result we could experience a material adverse effect to our financial results. Any changes to the SBA program, changes to program-specific rules impacting volume eligibility under the guaranty program, as well as changes to the program amounts authorized by Congress, may also have a material adverse effect on our business. In addition, any default by the U.S. government on its obligations or any prolonged government shutdown could impede our ability to originate SBA loans or other government guaranteed loans or sell such loans in the secondary market, which could materially adversely affect our business, results of operations, and financial condition.
Generally, we sell the guaranteed portion of our SBA 7(a) loans in the secondary market. These sales result in premium income for us at the time of sale and create a stream of future servicing income, as we retain the servicing rights to these loans. For the reasons described above, we may not be able to continue originating these loans or sell them in the secondary market. Furthermore, even if we are able to continue to originate and sell SBA 7(a) loans in the secondary market, we might not continue to realize premiums upon the sale of the guaranteed portion of these loans, or the premiums may decline due to economic and competitive factors. When we originate SBA loans, we incur credit risk on the non-guaranteed portion of the loans, and if a customer defaults on a loan, we share any loss and recovery related to the loan pro-rata with the SBA. If the SBA establishes that a loss on an SBA guaranteed loan is attributable to significant technical deficiencies in the manner in which the loan was originated, funded, or serviced by us, the SBA may seek recovery of the principal loss related to the deficiency from us. Generally, we do not maintain reserves or loss allowances for such potential claims and any such claims could materially adversely affect our business, financial condition, or results of operations.
The laws, regulations and standard operating procedures that are applicable to government guaranteed loan products may change in the future, particularly in light of the changes being made and scrutiny being given to government funded programs under the current U.S. presidential administration. We cannot predict the effects of these changes on our business and profitability. Because government regulation greatly affects the business and financial results of all commercial banks and bank holding companies and especially our organization, changes in the laws, regulations and procedures applicable to government guaranteed loans could adversely affect our ability to operate profitably.
12
Societal, legislative and regulatory responses to environmental, social and governance (ESG) concerns, and anti-ESG concerns, as well as diversity, equity, and inclusion (DEI) and anti-DEI concerns, could adversely affect our business and performance, including indirectly through impacts on our customers.
Our business faces increasing public, investor, activist, legislative and regulatory scrutiny related to ESG and anti-ESG, DEI and anti-DEI developments. We risk damage to our brand and reputation in certain sectors if we fail to act in response to ESG concerns, such as diversity, equity and inclusion, environmental stewardship, human capital management, support for our local communities, corporate governance and transparency, or fail to consider ESG factors in our business operations. Concerns over the long-term impacts of climate change have led and will likely continue to lead to global governmental efforts to mitigate those impacts. Consumers and businesses also may change their behavior and operations as a result of these concerns. The Company and its customers may need to respond to new laws and regulations as well as consumer and business preferences resulting from climate change concerns. We and our customers may face cost increases, asset value reductions and operating process changes. The impact on our customers will likely vary depending on their specific circumstances, including a significant presence in areas that are vulnerable to natural and man-made disasters that may be exacerbated by climate change, or reliance upon or a role in carbon intensive activities. Among the impacts to the Company could be a drop in demand for our products and services, particularly in certain sectors. In addition, we could face reductions in creditworthiness on the part of some customers or in the value of assets securing loans. Our efforts to take these risks into account may not be effective in protecting us from the negative impact of new laws and regulations or changes in consumer or business behavior. In response to ESG developments (including, in particular DEI initiatives), there are increasing instances of anti-ESG legislation and anti-DEI executive orders, adverse media coverage, regulation, and litigation that could have unintended impacts on ordinary banking operations and increase litigation or reputational risk related to actions we choose to take and impact the results of our operations. If legislatures in the states in which we operate adopt legislation intended to protect certain industries by limiting or prohibiting consideration of business and industry factors in lending activities, certain portions of our lending operations may be impacted.
New lines of business, and new products and services, may result in exposure to new risks; and the value and earnings related to existing lines of business are subject to market conditions.
The Bank has introduced, and in the future, may introduce new products and services to differing markets either alone or in conjunction with third parties, including programs and products introduced as part of our fintech partnership initiatives. New lines of business, products or services could have a significant impact on the effectiveness of our system of internal controls or the controls of third parties and could reduce our revenues and potentially generate losses. There are material inherent risks and uncertainties associated with offering new products and services, especially when new markets are not fully developed or when the laws and regulations regarding a new product are not mature. New products and services, or entrance into new markets, are carefully scrutinized by regulatory agencies and may require substantial time, resources and capital, and profitability targets may not be achieved. Factors outside of our control, such as developing laws and regulations, regulatory orders, competitive product offerings and changes in commercial and consumer demand for products or services may also materially impact the successful launch and implementation of new products or services. Failure to manage these risks, or failure of any product or service offerings to be successful and profitable, could have a material adverse effect on our financial condition and results of operations.
Significant external events, including continued spread or outbreak of a highly contagious disease, could adversely affect our business and results of operations.
We could experience other external events such as severe weather, natural disasters, acts of war, terrorism, civil unrest or widespread public health issues, including pandemics or epidemics caused by highly contagious or infectious disease, that could impair the ability of our customers to repay outstanding loans; impair the value of collateral, if any, securing outstanding loans; negatively impact our deposit base, loan originations or general demand for our services; cause significant property damage; result in loss of revenue or cause us to incur additional expenses or losses. We could also be adversely affected if key personnel or a significant number of employees were to become unavailable due to external events affecting the places they live. Although we have business continuity plans and other safeguards in place, there is no assurance that such plans and safeguards will completely mitigate the adverse impacts of any significant external event. The occurrence or continuation of any such event could materially adversely impact our business, our ability to provide our services, demand for our services, asset quality, financial condition and results of operations.
13
Anti-takeover provisions could negatively impact our shareholders.
Provisions of Indiana law and provisions of our articles of incorporation could make it more difficult for a third party to acquire control of us or have the effect of discouraging a third party from attempting to acquire control of us. We are subject to certain anti-takeover provisions under the Indiana Business Corporation Law. Additionally, our articles of incorporation authorize our Board of Directors to issue one or more classes or series of preferred stock without shareholder approval and such preferred stock could be issued as a defensive measure in response to a takeover proposal.
Although these provisions do not preclude a takeover, they may have the effect of discouraging, delaying or deferring a tender offer or takeover attempt that a shareholder might consider in his or her best interest, including those attempts that might result in a premium over the market price of our common stock. Such provisions will also render the removal of the Board of Directors and of management more difficult and, therefore, may serve to perpetuate current management. These provisions could potentially adversely affect the market price of our common stock.
Credit Risks
Our business depends on our ability to successfully manage credit risk.
The operation of our business requires us to manage credit risk. As a lender, we are exposed to the risk that our borrowers may be unable to repay their loans according to their terms, and that the collateral securing repayment of their loans, if any, may not be sufficient to ensure repayment. In addition, there are risks inherent in making any loan, including risks with respect to the period of time over which the loan may be repaid, risks relating to proper underwriting, risks resulting from changes in economic and industry conditions and risks inherent in dealing with individual borrowers, including the risk that a borrower may not provide information to us about its business in a timely manner, and/or may present inaccurate or incomplete information to us, and risks relating to the value of collateral. In order to manage credit risk successfully, we must, among other things, maintain disciplined and prudent underwriting standards. The weakening of these standards for any reason, a lack of discipline or diligence in underwriting and monitoring loans, the inability to adequately adapt policies and procedures to changes in economic or any other conditions affecting borrowers and the quality of our loan portfolio, may result in defaults, foreclosures and additional charge-offs and may necessitate that we significantly increase our allowance for credit losses, each of which could adversely affect our net income. As a result, our inability to successfully manage credit risk could have a material adverse effect on our business, financial condition, or results of operations.
Our commercial loan portfolio exposes us to higher credit risks than residential real estate loans, including risks relating to the success of the underlying business and conditions in the market or the economy and concentrations in our commercial loan portfolio.Credit RisksOur commercial loan portfolio exposes us to higher credit risks than residential real estate loans, including risks relating to the success of the underlying business and conditions in the market or the economy and concentrations in our commercial loan portfolio.
Our commercial loans totaled $2.9 billion, or 78.4% of our total loan portfolio as of December 31, 2025. These loans generally involve higher credit risks than residential real estate loans and are dependent upon our lenders and service providers maintaining close relationships with the borrowers. Payments on these loans are often dependent upon the successful operation and management of the underlying business or assets, and repayment of such loans may be influenced to a great extent by conditions in the market or the economy. Commercial loans typically involve larger loan balances than residential real estate loans and could lead to concentration risks within our commercial loan portfolio. In addition, our C&I, specialty finance and small business loans have primarily been extended to small to medium-sized businesses that generally have fewer financial resources in terms of capital or borrowing capacity than larger entities. Our failure to manage this commercial loan growth and the related risks could have a material adverse effect on our business, financial condition and results of operations.
In addition, with respect to CRE, federal and state banking regulators are examining CRE lending activity with heightened scrutiny and may require banks with higher levels of CRE loans to implement more stringent underwriting, internal controls, risk management policies and portfolio stress testing, as well as possibly higher levels of allowances for credit losses and capital levels as a result of CRE lending growth and exposures. If we were required to maintain higher levels of capital than we would otherwise be expected to maintain, our ability to leverage our capital may be limited, and could have a material adverse effect on our business, financial condition, results of operations and prospects.
We are subject to risks arising from conditions in the real estate market, as a significant portion of our loans are secured by real estate.
At December 31, 2025, approximately 49.8% of our loans held for investment portfolio was comprised of commercial, residential mortgage and home equity loans with real estate as the primary component of collateral. Our real estate lending
14
activities, and our exposure to fluctuations in real estate collateral values, are significant and may increase as our assets increase. The market value of real estate can fluctuate significantly in a relatively short period of time as a result of market conditions in the geographic area in which the real estate is located; in response to factors such as economic downturns and changes in the economic health of industries heavily concentrated in a particular area; and in response to changes in market interest rates, which influence capitalization rates used to value revenue-generating commercial real estate. If the value of real estate serving as collateral for our loans declines materially, a significant part of our loan portfolio could become under-collateralized and losses incurred upon borrower defaults would increase. Conditions in certain segments of the real estate industry, including homebuilding, lot development and mortgage lending, may have an effect on values of real estate pledged as collateral for our loans. The inability of purchasers of real estate, including residential real estate, to obtain financing may weaken the financial condition of our borrowers who are dependent on the sale or refinancing of property to repay their loans. Changes in the economic health of certain industries can have a significant impact on other sectors or industries which are directly or indirectly associated with those industries, and may impact the value of real estate in areas where such industries are concentrated.
If our allowance for credit losses is not sufficient to cover actual credit losses, our earnings could decrease.
We maintain an allowance for credit losses (“ACL”) on loans and held-to-maturity debt securities. The ACL represents the Bank’s best estimate of probable losses within the existing portfolio of loans and held-to-maturity debt securities. Additionally, related to off-balance-sheet credit exposures, we maintain a liability reserve account reported as an other liability in our balance sheet. The amount of each allowance account represents management's best estimate of current expected credit losses on these financial instruments considering available information, from internal and external sources, relevant to assessing exposure to credit loss over the contractual term of the instrument. Relevant available information includes historical credit loss experience, current conditions and reasonable and supportable forecasts. As a result, the determination of the appropriate level of the ACL inherently involves a high degree of subjectivity and requires us to make significant estimates related to current and expected future credit risks and trends, all of which may undergo material changes. Continuing deterioration in economic conditions affecting borrowers; new information regarding existing loans and loan commitments; and identification of additional problem loans, ratings down-grades and other factors, both within and outside of our control, may require an increase in the ACL. In addition, if any charge-offs related to loans or off-balance sheet credit exposures in future periods exceed our ACL or reserve for off-balance sheet credit exposures, we will need to recognize additional provision for credit losses. Material additions to the ACL would decrease our net income and may have a material adverse effect on our financial condition, results of operations and capital.
Market, Interest Rate, and Liquidity Risks
The market value of some of our investments could decline and adversely affect our financial position.
In assessing the impairment of investment securities, we consider the length of time and extent to which the fair value has been less than cost, the financial condition and near-term prospects of the issuers, whether the market decline was affected by macroeconomic conditions and whether we have the intent to sell the security or will be required to sell the security before its anticipated recovery. We also use economic models to assist in the valuation of some of our investment securities. If our investment securities experience a decline in value, we would need to determine whether we would be required to record a write-down of the investment and a corresponding charge to our earnings.
Changes in interest rates could adversely affect the Company’s results of operations and financial condition.
The Company’s earnings depend substantially on the Company’s interest rate spread, which is the difference between (i) the rates the Bank earns on loans, securities, and other earning assets and (ii) the interest rates the Bank pays on deposits and other borrowings, and its costs of capital. These rates are highly sensitive to many factors beyond the Company’s control, including general economic conditions and the policies of various governmental and regulatory authorities. If market interest rates rise, especially at the pace they did in 2022 and 2023, the Company will face competitive pressure to increase the rates the Bank pays on deposits, which could negatively affect net interest margin. In addition, the interest rate on the Company’s other subordinated debt have, and are scheduled to change in 2026, from fixed to floating rates. These changes could result in a decrease of net interest income. If market interest rates decline, the Bank could experience fixed-rate loan prepayments and higher investment portfolio cash flows, resulting in a lower reinvestment yield on earning assets. Earnings can also be impacted by the spread between short-term and long-term market interest rates.
15
The Bank may not be able to pay us dividends.
The ability of the Bank to pay dividends to us is limited by state and federal law and depends generally on the Bank’s ability to generate net income. If we are unable to comply with applicable provisions of these statutes and regulations, the Bank may not be able to pay dividends to us, we may not be able to pay dividends on our outstanding common stock and our ability to service our debt may be materially impaired.
We may need additional funding resources in the future, and these funding resources may not be available when needed or at all, without which our financial condition, results of operations and prospects could be materially impaired.
As a part of our liquidity management, we use a number of funding sources in addition to core deposit growth and repayments and maturities of loans and investments. These sources include brokered deposits and FHLB advances. Further, in the past, we have raised additional capital in the public debt and equity markets to support balance sheet growth, refinance existing debt obligations, or explore strategic alternatives which may include additional asset, deposit or revenue generation channels. Our ability to source deposits and raise future capital, if needed, will depend upon our financial performance and conditions in the capital markets, as well as economic conditions generally. Further, if we need to raise capital in the future, we may have to do so when many other financial institutions are also seeking to raise capital and would then have to compete with those institutions for investors. Accordingly, such financing may not be available to us on acceptable terms or at all. If we cannot raise additional capital when needed, it could have a material adverse effect on our business, financial condition and results of operations.
The recognition of gains on the sale of loans and servicing asset valuations reflect certain assumptions.
We continue to expect that gains on the sale of U.S. government guaranteed loans will continue to comprise a significant component of our revenue. The determination of these gains is based on assumptions regarding the value of unguaranteed loans retained, servicing rights retained and deferred fees and costs, and net premiums paid by purchasers of the guaranteed portions of U.S. government guaranteed loans. The value of retained unguaranteed loans and servicing rights are determined based on market-derived factors such as prepayment rates, current market conditions and recent loan sales. Deferred fees and costs are determined using internal analysis of the cost to originate loans. Significant errors in assumptions used to compute gains on sale of loans or servicing asset valuations could result in material revenue misstatements, which may have a material adverse effect on our business, results of operations and profitability. In addition, if such valuations are not reflective of fair market value, then our business, results of operations and financial condition may be materially and adversely affected.
The Company’s stock price can be volatile.
The Company’s stock price can fluctuate widely in response to a variety of factors, including without limitation: actual or anticipated variations in the Company’s quarterly operating results; recommendations by securities analysts; significant acquisitions or business combinations; strategic partnerships, joint ventures or capital commitments; operating and stock price performance of other companies that investors deem comparable to the Company; new technology used or services offered by the Company’s competitors; news reports relating to trends, concerns and other issues in the banking and financial services industry; and changes in government regulations. General market fluctuations, industry factors and general economic and political conditions and events, including terrorist attacks, increased inflation, economic slowdowns or recessions, interest rate changes, credit loss trends or currency fluctuations, could also cause the Company’s stock price to decrease, regardless of the Company’s operating results.
Operational Risks
Because our business is highly dependent on technology that is subject to rapid change and transformation, we are subject to risks of obsolescence.
The Bank conducts its deposit gathering activities and a significant portion of its lending activities through digital channels.The Bank conducts its deposit gathering activities and a portion of its lending activities through digital channels. The financial services industry is undergoing rapid technological change, and we face constant evolution of customer demand for technology-driven financial and banking products and services. Many of our competitors have substantially greater resources to invest in technological improvement and product development, marketing and implementation. Any failure to successfully keep pace with and fund technological innovation could have a material adverse effect on our business, financial condition and results of operations.
16
We rely on our management team and could be adversely affected by the unexpected loss of key officers.
Our future success and profitability are substantially dependent upon our management and the abilities of our senior executives. We believe that our future results will also depend in part upon our ability to attract and retain highly skilled and qualified management. Competition for senior personnel is intense, and we may not be successful in attracting and retaining such personnel. Changes in key personnel and their responsibilities may be disruptive to our business and could have a material adverse effect on our business, financial condition and results of operations.
A failure in or breach of our operational or security systems or infrastructure, or those of our third-party vendors and other service providers, including as a result of cyber-attacks, could disrupt our business and lead to unauthorized disclosure of customers’ personal information, theft or misuse of confidential or proprietary information, damage to our reputation, and increases in our costs or financial losses.
We depend upon our ability to process, record and monitor our client transactions on a continuous basis. As customer, public and regulatory expectations regarding data privacy and information security have increased, our operational systems and infrastructure must continue to be safeguarded and monitored for potential failures, disruptions and breakdowns. Our business, financial, accounting and data processing systems, or other operating systems and facilities, may stop operating properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control. For example, there could be electrical or telecommunications outages; natural disasters such as earthquakes, tornadoes and hurricanes; pandemics; events arising from local or larger-scale political or social matters, including terrorist acts; and, as described below, cyber-attacks. Although we have business continuity plans and other safeguards in place, our business operations may be adversely affected by significant and widespread disruption to our physical infrastructure or operating systems that support our business.
Information security risks for financial institutions such as ours have generally increased in recent years in part because of the proliferation of new technologies, the use of digital technologies to conduct financial transactions, and the increased sophistication and activities of organized crime, hackers, terrorists, activists and other external parties. As noted above, our operations rely on the secure processing, transmission and storage of confidential information in our computer systems and networks. Our business relies on digital technologies, computer and email systems, software and networks to conduct its operations. In addition, to access our products and services, our customers may use smartphones, tablets, personal computers and other mobile devices that are beyond our control systems. Although we have information security procedures and controls in place, our technologies, systems, networks and our customers’ devices may become the target of cyber-attacks or information security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of our or our customers’ confidential, proprietary and other information, or otherwise disrupt our or our customers’ or other third parties’ business operations.
Third parties with whom we do business or that facilitate our business activities, including financial intermediaries or vendors that provide services or security solutions for our operations, could also be sources of operational and information security risk to us, including from breakdowns or failures of their own systems or capacity constraints. Although to date we have not experienced any material losses relating to cyber-attacks or other information security breaches, like other companies, we and our vendors face a wide range of ongoing cyber threats that include phishing emails and social engineering schemes, ransomware threats, and criminal re-use of credentials sold on the dark web. There can be no assurance that we will not suffer such material losses in the future. Our risk and exposure to these matters remains heightened because of the evolving nature of these threats. As a result, cybersecurity and the continued development and enhancement of our controls, processes and practices designed to protect our systems, computers, software, company data, networks, and customer information from attack, damage or unauthorized access remain a focus for us. As threats continue to evolve, we may be required to expend additional resources to continue to modify or enhance our protective measures or to investigate and remediate information security vulnerabilities.
Disruptions or failures in the physical infrastructure or operating systems that support our business and clients, or cyber-attacks or security breaches of the networks, systems or devices that our clients use to access our products and services, could result in client attrition, regulatory fines, penalties or intervention, breach investigation and notification expenses, reputational damage, claims or litigation, reimbursement or other compensation costs and/or additional compliance costs, any of which could materially and adversely affect our business, financial condition and results of operations.
17
Our business may be adversely affected by fraud.
As a financial institution, we are inherently exposed to risk in the form of theft and other fraudulent activities by customers, employees, or other third parties targeting us or our customers or data. Such activity may take many forms, including check fraud, electronic fraud, wire fraud, phishing, social engineering, spoofing, and other dishonest acts. Although we devote substantial resources to maintaining effective policies and internal controls to identify and prevent such incidents, given the increasing sophistication of possible perpetrators, we may experience financial losses or reputational harm as a result of fraud. Further, as a result of the increased sophistication of fraud activity, we continue to invest in systems, resources, and controls to detect and prevent fraud. This will result in continued ongoing investments and costs. This will result in continued ongoing investments in the future.
Legal and Regulatory Risks
We operate in a highly regulated environment, which could restrain our growth and profitability.
We are subject to extensive laws and regulations that govern almost all aspects of our operations. These laws and regulations, and the supervisory framework that oversees the administration of these laws and regulations, are primarily intended to protect depositors, the DIF, and the banking system as a whole, and not shareholders. These laws and regulations, among other matters, affect our lending practices, capital structure, investment practices, dividend policy, operations and growth. Compliance with the myriad laws and regulations applicable to our organization can be difficult and costly. In addition, these laws, regulations and policies are subject to continual review by governmental authorities, and changes to these laws, regulations and policies, including changes in interpretation, implementation, or priorities in enforcement of these laws, regulations and policies, could affect us in substantial and unpredictable ways and often impose additional compliance costs. The application of more stringent capital requirements for both the Company and the Bank could, among other things, result in lower returns on equity, require the raising of additional capital, and/or result in regulatory actions constraining us from paying dividends or repurchasing shares if we were to be unable to comply with such requirements, any of which could have a material adverse effect on our business and profitability.
Further, any new laws, rules and regulations could make compliance more difficult or expensive. All of these laws and regulations, and the supervisory framework applicable to our industry, could have a material adverse effect on our business, financial condition and results of operations.
Federal and state regulators periodically examine our business, and we may be required to remediate adverse examination findings.
The Federal Reserve, the FDIC and the DFI periodically examine our business, including our compliance with laws and regulations. If, as a result of an examination, a federal or state banking agency were to determine that our financial condition, capital resources, asset quality, earnings prospects, management, liquidity or other aspects of any of our operations had become unsatisfactory, or that we were in violation of any law or regulation, it may take a number of different remedial actions as it deems appropriate. These actions include the power to enjoin “unsafe or unsound” practices, to require action to correct any conditions resulting from any violation or practice, to commence a formal or informal enforcement action or issue an administrative order that can be judicially enforced, to direct an increase in our capital, to restrict our growth, to assess civil monetary penalties against our officers or directors, to remove officers and directors and, if it is concluded that such conditions cannot be corrected or there is an imminent risk of loss to depositors, to terminate our deposit insurance and place us into receivership or conservatorship. Regulatory action against us could have a material adverse effect on our business, financial condition and results of operations.
Our FDIC deposit insurance premiums and assessments may increase, which would reduce our profitability.
The deposits of the Bank are insured by the FDIC up to legal limits and, accordingly, subject to the payment of FDIC deposit insurance assessments. The Bank’s regular assessments are determined by its risk classification, which is based on a number of factors, including regulatory capital levels, asset growth and asset quality. In order to maintain a strong funding position and restore the reserve ratios of the DIF, the FDIC may increase deposit insurance assessment rates and may charge a special assessment to FDIC-insured financial institutions. Further increases in assessment rates or special assessments may occur in the future, especially if there are significant additional financial institution failures. Any future special assessments, increases in assessment rates or required prepayments in FDIC insurance premiums could reduce our profitability or limit our ability to pursue certain business opportunities, which could have a material adverse effect on our business, financial condition and results of operations.
18
We are subject to numerous laws designed to protect consumers, including the CRA and fair lending laws, and failure to comply with these laws could lead to a wide variety of sanctions.
The CRA, the Equal Credit Opportunity Act, the Fair Housing Act and other fair lending laws and regulations impose nondiscriminatory lending requirements on financial institutions. The Department of Justice and other federal agencies are responsible for enforcing these laws and regulations. A successful regulatory challenge to an institution’s performance under the CRA or fair lending laws and regulations could result in a wide variety of sanctions, including damages and civil money penalties, injunctive relief, restrictions on mergers and acquisitions activity, restrictions on expansion and restrictions on entering new business lines. Private parties may also have the ability to challenge an institution’s performance under fair lending laws in private class action litigation. Such actions could have a material adverse effect on our business, financial condition and results of operations.
We are subject to evolving and expensive regulations and requirements. Our failure to adhere to these requirements or the failure or circumvention of our controls and procedures could seriously harm our business.
We are subject to extensive regulation as a financial institution and are also required to follow the corporate governance and financial reporting practices and policies required of a company whose stock is registered under the Exchange Act and listed on the Nasdaq Global Select Market. Compliance with these requirements means we incur significant legal, accounting and other expenses. Compliance also requires a significant diversion of management time and attention, particularly with regard to disclosure controls and procedures and internal control over financial reporting. Although we have reviewed, and will continue to review, our disclosure controls and procedures in order to determine whether they are effective, our controls and procedures may not be able to prevent errors or fraud in the future. Faulty judgments, simple errors or mistakes, or the failure of our personnel to adhere to established controls and procedures may make it difficult for us to ensure that the objectives of the control system will be met. A failure of our controls and procedures to detect other than inconsequential errors or fraud could seriously harm our business and results of operations.
We face risk under the BSA and other anti-money laundering statutes and regulations, as well as general fund transfer and payments-related risk.
The BSA, the USA PATRIOT Act and other laws and regulations require financial institutions, among other duties, to institute and maintain an effective anti-money laundering program and file suspicious activity and currency transaction reports as appropriate. The federal Financial Crimes Enforcement Network is authorized to impose significant civil money penalties for violations of those requirements and has engaged in coordinated enforcement efforts with the individual federal banking regulators, as well as the U.S. Department of Justice, Drug Enforcement Administration and Internal Revenue Service. We are also subject to increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures and systems are deemed deficient, we would be subject to liability, including fines and regulatory actions, which may include restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain aspects of our business plans. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. Any of these results could have a material adverse effect on our business, financial condition and results of operations.
In addition, financial institutions, including ourselves, bear fund transfer risks of different types which result from large transaction volumes and large dollar amounts of incoming and outgoing money transfers. Loss exposure may result if money is transferred from the Bank before it is received, or legal rights to reclaim monies transferred are asserted. Such exposure results from payments which are made to merchants for payment clearing, while customers have statutory periods to reverse their payments. It also results from funds transfers made prior to receipt of offsetting funds, as accommodations to customers. Transfers could also be made in error. Additionally, as with other financial institutions, we may incur legal liability or reputational risk, if we unknowingly process payments for companies in violation of money laundering laws or regulations or immoral activities.
Our introduction of new products and programs in partnership with fintechs has increased account and transaction volume at the Bank and thereby increased the foregoing risks, the results of which could have a material adverse effect on our business, financial condition and results of operations.
19
We may be subject to potential liability and business risk from actions by our regulators related to supervision of third parties.
Our regulators and auditors have required us to increase the level and manner of our oversight of third parties that provide marketing and other services through which we offer products and services, whether in connection with our introduction of new programs and products, or otherwise. Although we have significant compliance staff and have used outside consultants, our internal and external compliance examiners continually evaluate our practices and must be satisfied with the results of our third-party oversight activities. We cannot assure you that we will satisfy all related requirements. Not maintaining a risk and compliance management system which is deemed adequate could result in sanctions or other action against the Bank. Our ongoing review and analysis of our compliance management system and implementation of any changes resulting from that review and analysis will likely result in increased non-interest expense.
Federal banking laws limit the acquisition, ownership and repurchase of our common stock.
Because we are a bank holding company, any purchaser of certain specified amounts of our common stock may be required to file a notice with or obtain the approval of the Federal Reserve under the BHCA, as amended, and the Change in Bank Control Act of 1978, as amended. Specifically, under regulations adopted by the Federal Reserve, (1) any other bank holding company may be required to obtain the approval of the Federal Reserve before acquiring 5% or more of our common stock and (2) any person may be required to file a notice with and not be disapproved by the Federal Reserve to acquire 10% or more of our common stock. Further, recently enacted laws impose an excise tax on a public company’s repurchase of its own stock.
Changes in accounting policies or in accounting standards could materially affect how we report our financial condition and results of operations.
The preparation of consolidated financial statements in conformity with U.S generally accepted accounting principles (“GAAP”), including the accounting rules and regulations of the SEC and the FASB, requires management to make significant estimates and assumptions that impact our financial statements by affecting the value of our assets or liabilities and results of operations. Some of our accounting policies are critical because they require management to make difficult, subjective and complex judgments about matters that are inherently uncertain and because materially different amounts may be reported if different estimates or assumptions are used. If such estimates or assumptions underlying our financial statements are incorrect, our financial condition and results of operations could be adversely affected.
From time to time, the FASB and the SEC change the financial accounting and reporting standards or the interpretation of such standards that govern the preparation of our external financial statements. These changes are beyond our control, can be difficult to predict, may require extraordinary efforts or additional costs to implement and could materially impact how we report our financial condition and results of operations. Additionally, we may be required to apply a new or revised standard retrospectively, resulting in the restatement of prior period financial statements in material amounts.
Shares of our common stock are not insured deposits and may lose value.
Shares of our common stock are not savings accounts, deposits or other obligations of any depository institution and are not insured or guaranteed by the FDIC or any other governmental agency or instrumentality, any other deposit insurance fund or by any other public or private entity, and are subject to investment risk, including the possible loss of principal.
The costs and effects of litigation, investigations or similar matters involving us or other financial institutions or counterparties, or related adverse facts and developments, could materially affect our business, operating results and financial condition.
We may be involved from time to time in a variety of litigation, investigations, inquiries, or similar matters arising out of our business. Furthermore, litigation against banks tend to increase during economic downturns and periods of credit deterioration, which may occur or worsen as a result of current economic uncertainty. Most recently there has been an increase in class action lawsuits filed claiming deceptive practices or violations of account terms in connection with non-sufficient fees or overdraft charges. We manage these risks through internal controls, personnel training, insurance, litigation management, our compliance and ethics processes, and other means. However, the commencement, outcome, and magnitude of litigation cannot be predicted or controlled with any certainty.
20
We establish reserves for legal claims when payments associated with the claims become probable and the losses can be reasonably estimated. However, our insurance may not cover all claims that may be asserted against us and indemnification rights to which we are entitled may not be honored, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation. Should the ultimate judgments or settlements in any litigation or investigation significantly exceed our insurance coverage, they could have a material adverse effect on our business, financial condition, and results of operations. In addition, premiums for insurance covering the financial and banking sectors are rising. We may not be able to obtain appropriate types or levels of insurance in the future, nor may we be able to obtain adequate replacement policies with acceptable terms or at historic rates, if at all.
Item 1B. Unresolved Staff Comments
None.
Item 1C. Cybersecurity
The Company’s information security program is designed to protect the confidentiality, integrity, and availability of our critical systems and information, including customer information. The program is comprised of policies, procedures, and programs, and is informed by and intended to align with the interagency guidance issued by banking regulators as well as the NIST Cybersecurity Framework (the “Information Security Program”). The program is comprised of policies, procedures, and programs, and is informed by and intended to align with the interagency guidance issued by banking regulators as well as the FFIEC Information Security Booklet and Cybersecurity Assessment Tool (the “Information Security Program”). This does not imply that we meet any particular technical standards, specifications, or requirements, but rather that we use the guidance to help us identify, assess, and manage cybersecurity risks relevant to our business.
We are a digital bank. As such, data security is a foundational pillar of our business strategy. We’ve therefore integrated our Information Security Program into the Enterprise Risk Management program, meaning it shares common methodologies, reporting channels and governance processes that apply to other areas of enterprise risk, including legal, compliance, strategic, operational, and financial risk. Key elements of our Information Security Program include:
•risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise information technology environment are conducted on at least an annual basis;
•internal testing of our security controls and our response to cybersecurity incidents;
•the use of external service providers, to assess, test or otherwise assist with aspects of our security controls;
•training and awareness programs for all employees that include periodic and ongoing assessments to drive adoption and awareness of cybersecurity processes and controls;
•a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;
•maintenance and regular testing of a Business Continuity Plan that includes redundant back-up systems for critical functions;
•a physical security program that is tested regularly;
•obtaining and maintaining cyber insurance; and
•a third-party risk management program for service providers, suppliers, and vendors, that provides for the assessment, monitoring and management of cybersecurity risk presented by the Company’s use of such third parties, as well as contractual protections related to cybersecurity incidents affecting third party vendors and service providers.
The Company engages in a continuous risk monitoring process that seeks to identify the likelihood and impact of internal and external threats to our information security systems and data and assesses the sufficiency of the controls in place to mitigate these threats to acceptable levels. Incidents are reported to and handled under our Incident Response Policy, which designates an incident response team and includes procedures and processes to identify, assess, respond to, mitigate and report on cybersecurity incidents.
21
Cybersecurity Governance
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| APT | 3 hours ago |
| IBO | 3 hours ago |
| DAIC | 3 hours ago |
| AEAQ | 3 hours ago |
| NUWE | 3 hours ago |
| KDK | 3 hours ago |
| SKYT | 3 hours ago |
| CRWE | 3 hours ago |
| CWBC | 3 hours ago |
| EXOD | 3 hours ago |
| DMRC | 3 hours ago |
| MNTK | 3 hours ago |
| BLLN | 3 hours ago |
| INBK | 3 hours ago |
| DSP | 3 hours ago |
| TGT | 4 hours ago |
| CDXS | 4 hours ago |
| THM | 4 hours ago |
| TNYA | 4 hours ago |
| PLRX | 4 hours ago |
| HPK | 4 hours ago |
| SST | 4 hours ago |
| TTGT | 4 hours ago |
| GRDN | 4 hours ago |
| FCHS | 4 hours ago |
| FHTX | 4 hours ago |
| CCNE | 4 hours ago |
| LCNB | 4 hours ago |
| VGZ | 4 hours ago |
| MRVL | 4 hours ago |
| FWRD | 4 hours ago |
| ACU | 4 hours ago |
| TZOO | 4 hours ago |
| PEBK | 5 hours ago |
| TH | 5 hours ago |
| PKBK | 5 hours ago |
| MG | 6 hours ago |
| BWEN | 6 hours ago |
| PGC | 6 hours ago |
| INRE | 7 hours ago |
| SSSS | 10 hours ago |
| RCKY | 12 hours ago |
| TG | 12 hours ago |
| VRCA | 12 hours ago |
| NERV | 12 hours ago |
| KPLT | 12 hours ago |
| SGMT | 13 hours ago |
| ATEK | 13 hours ago |
| LAFA | 23 hours ago |
| GBLI | 1 day, 3 hours ago |
