Nonperforming assets take significant time to resolve and adversely affect the Company’s results of operations and financial condition.

The Company’s nonperforming assets adversely affect its net income in various ways. The Company’s nonperforming assets adversely affect its net income in various ways. The Company does not record interest income on nonaccrual loans, which adversely affects its income and increases credit administration costs. When the Company receives collateral through foreclosures and similar proceedings, it is required to mark the related asset to the then fair market value of the collateral less estimated selling costs, which may, and often does, result in a loss. An increase in the level of nonperforming assets also increases the Company’s risk profile and may impact the capital levels regulators believe are appropriate in light of such risks. The Company utilizes various techniques such as workouts and restructurings to manage problem assets. Increases in or negative adjustments in the value of these problem assets, the underlying collateral, or in the borrowers’ performance or financial condition, could adversely affect the Company’s business, results of operations and financial condition. In addition, the resolution of nonperforming assets requires significant commitments of time from management and staff, which can be detrimental to the performance of their other responsibilities, including generation of new loans. There can be no assurance that the Company will avoid increases in nonperforming loans in the future. There can be no assurance that the Company will avoid further increases in nonperforming loans in the future.

The Company relies upon independent appraisals to determine the value of the real estate which secures a significant portion of its loans, and the values indicated by such appraisals may not be realizable if the Company is forced to foreclose upon such loans. 11 Table of Contents The Company relies upon independent appraisals to determine the value of the real estate which secures a significant portion of its loans, and the values indicated by such appraisals may not be realizable if the Company is forced to foreclose upon such loans.

A significant portion of the Company’s loan portfolio consists of loans secured by real estate. A significant portion of the Company’s loan portfolio consists of loans secured by real estate. The Company relies upon independent appraisers to estimate the value of such real estate. Appraisals are only estimates of value and the independent appraisers may make mistakes of fact or judgment which adversely affect the reliability of their appraisals. In addition, events occurring after the initial appraisal may cause the value of the real estate to increase or decrease. As a result of any of these factors, the real estate securing some of the Company’s loans may be more or less valuable than anticipated at the time the loans were made. If a default occurs on a loan secured by real estate that is less valuable than originally estimated, the Company may not be able to recover the outstanding balance of the loan and will suffer a loss.

MARKET RISK

If competition increases, our business could suffer, which could result in loan losses and adversely affect the Company’s financial condition and results of operations.

The financial services industry is highly competitive, with a number of commercial banks, credit unions, insurance companies, stockbrokers, financial technology companies and other nonbank financial service providers seeking to do business with our customers. The financial services industry is highly competitive, with a number of commercial banks, credit unions, insurance companies, stockbrokers, financial technology companies and other nonbank financial service providers seeking to do business with our customers. If there is additional competition from new business or if our existing competitors focus more attention on our market, we could lose customers and our business could suffer.

Consumers may increasingly decide not to use the Bank to process their financial transactions, which would have a material adverse impact on the Company’s financial condition and operations.

Technology and other changes are allowing parties to complete financial transactions through alternative methods that historically have involved banks. Technology and other changes are allowing parties to complete financial transactions through alternative methods that historically have involved banks. For example, consumers can now maintain funds that would have historically been held as bank deposits in brokerage accounts, mutual funds or general-purpose reloadable prepaid cards. Consumers can also complete transactions such as paying bills and/or transferring funds directly without the assistance of banks. The process of eliminating banks as intermediaries could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. The loss of these revenue streams and the lower cost of deposits as a source of funds could have a material adverse effect on the Company’s financial condition and results of operations.

INTEREST RATE RISK

The Company's business is subject to interest rate risk and variations in interest rates and inadequate management of interest rate risk may negatively affect financial performance.

Changes in the interest rate environment may reduce the Company’s profits. It is expected that the Company will continue to realize income from the differential or “spread” between the interest earned on loans, securities, and other interest-earning assets, and interest paid on deposits, borrowings, and other interest-bearing liabilities. Net interest spreads are affected by the difference between the maturities and repricing characteristics of interest-earning assets and interest-bearing liabilities. Loan and deposit volumes, yields, and costs are affected by market interest rates on these products, and there is substantial competition for loans and deposits that affect rates on these products. Additionally, short-term rates are driven by actions of the Federal Reserve, and movements in such rates may have a significant effect on the Company’s interest rate risk. The Company’s management cannot ensure that it can minimize interest rate risk. If the interest rates paid on deposits and other borrowings increase at a faster rate than the interest rates received on loans and other investments, the Company’s net interest income, and therefore earnings, could be adversely affected. Earnings could also be adversely affected if the interest rates received on loans and other investments fall more quickly than the interest rates paid on deposits and other borrowings. Further, shifts in the Company’s mix of interest-earning assets or interest-bearing liabilities could adversely affect yields

on assets or costs of funds, respectively. Accordingly, changes in levels of market interest rates or management thereof could materially and adversely affect the net interest spread, loan and deposit volumes, and the Company’s overall profitability.

LIQUIDITY RISK

Liquidity could be impaired by an inability to access the capital markets or an unforeseen outflow of cash.

Liquidity is essential to the Company’s business. Access to funding sources in amounts adequate to finance the Company’s activities or on terms that are acceptable to us could be impaired by factors that affect us specifically or the financial services industry or economy generally. Factors that could reduce the Company’s access to liquidity sources include a downturn in the economy, difficult credit markets or the liquidity needs of our depositors. A substantial majority of the Company’s liabilities are demand, savings, interest checking and money market deposits, which are payable on demand or upon several days’ notice, while a substantial portion of our assets are loans, which cannot be called or sold in the same time frame. The Company may not be able to replace maturing deposits and advances as necessary in the future, especially if a large number of our depositors sought to withdraw their accounts, regardless of the reason. The Company’s access to deposits may be negatively impacted by, among other factors, changes in interest rates which could promote increased competition for deposits, including from new financial technology competitors, or provide customers with alternative investment options. Additionally, negative news about the Company or the banking industry in general could negatively impact market and/or customer perceptions of the Company, which could lead to a loss of depositor confidence and an increase in deposit withdrawals, particularly among those with uninsured deposits. Furthermore, as many regional banking organizations experienced in 2023, the failure of other financial institutions may cause deposit outflows as customers spread deposits among several different banks so as to maximize their amount of FDIC insurance coverage, move deposits to banks deemed “too big to fail” or remove deposits from the banking system entirely. As of December 31, 2025, approximately 41.7% of the Company’s deposits were uninsured. Uninsured deposits include municipal deposits, which have additional security from bonds pledged as collateral, in accordance with state regulation. Of the Company’s non-municipal deposits, approximately 19.75% are uninsured. We rely on deposits for liquidity. A failure to maintain adequate liquidity could have a material adverse effect on the Company’s business, financial condition and results of operations.

Unrealized losses in the Company’s securities portfolio could affect liquidity.

As market interest rates increased in 2022 and 2023, the Company experienced significant unrealized losses on our available for sale securities portfolio. Unrealized losses related to available for sale securities are reflected in accumulated other comprehensive loss in the Company’s consolidated balance sheets and reduce the level of our book capital and tangible common equity. However, such unrealized losses do not affect the Company’s regulatory capital ratios. The Company actively monitors the available for sale securities portfolio and we do not currently anticipate the need to realize material losses from the sale of securities for liquidity purposes. Furthermore, the Company believes it is unlikely that we would be required to sell any such securities before recovery of their amortized cost bases, which may be at maturity. Nonetheless, the Company’s access to liquidity sources could be affected by unrealized losses if securities must be sold at a loss; tangible capital ratios continue to decline from an increase in unrealized losses or realized credit losses; the Federal Home Loan Bank of Atlanta (“FHLB”) or other funding sources reduce capacity; or bank regulators impose restrictions on us that impact the level of interest rates we may pay on deposits or our ability to access brokered deposits. Additionally, significant unrealized losses could negatively impact market and/or customer perceptions of our company, which could lead to a loss of depositor confidence and an increase in deposit withdrawals, particularly among those with uninsured deposits.

CYBERSECURITY RISK

Our information systems may experience an interruption or security breach.

We rely heavily on communications and information systems to conduct our business. We rely heavily on communications and information systems to conduct our business. Any failure, interruption or breach in security of these systems could result in failures or disruptions of our internet banking, deposit, loan and other systems. While we have policies and procedures designed to prevent or limit the effect of the possible failure, interruption or security breach of our information systems, there can be no assurance that any such failure, interruption or security breach will not occur or, if it does occur, that it will be adequately addressed.

In the ordinary course of business, the Company collects and stores sensitive data, including proprietary business information and personally identifiable information of its customers and employees, in systems and on networks. In the ordinary course of business, the Company collects and stores sensitive data, including proprietary business information and personally identifiable information of its customers and employees, in systems and on networks. The secure processing, maintenance and use of this information is critical to the Company’s operations and business strategy. The Company has invested in industry-accepted technologies, and annually reviews its processes and practices that are designed to protect its networks, computers and data from damage or unauthorized access. Despite these security measures, a cyber breach of any kind could compromise systems and the information stored there could be accessed, damaged or disclosed. The occurrence of any failure, interruption or security breach of our communications and information systems could damage our reputation, result in a loss of customer business, subject us to additional regulatory scrutiny or expose us to civil litigation and possible financial liability.

Cybersecurity attacks may disarm and/or bypass system safeguards that are used by us and our vendors and service providers, and allow unauthorized access and misappropriation of financial data and assets.

As a financial institution, we are vulnerable to and are the target of cybersecurity attacks that attempt to access our digital technology systems, disarm and/or bypass system safeguards, access customer data and ultimately increase the risk of economic and reputational loss. As a financial institution, we are vulnerable to and are the target of cybersecurity attacks that attempt to access our digital technology systems, disarm and/or bypass system safeguards, access customer data and ultimately increase the risk of economic and reputational loss. The Company believes its cybersecurity risk management program reasonably addresses the risk from cybersecurity attacks. However, it is not possible to fully eliminate exposure. We may experience human error or have unknown susceptibilities that allow our systems to become victim to a highly-sophisticated cyber-attack. If hackers gain entry to our systems, they may disable other safeguards that limit loss, including limits on the number, amount and frequency of ATM withdrawals, as well as other loss-prevention or detection measures.

We also face risks related to cybersecurity attacks and security breaches in connection with the use, transmission and storage of sensitive information regarding us and our customers by various vendors and service providers. We also face risks related to cybersecurity attacks and security breaches in connection with the use, transmission and storage of sensitive information regarding us and our customers by various vendors and service providers. Some of these vendors and service providers have been the target of cybersecurity attacks or suffered security breaches, and because they use systems that we do not control or secure, future cyber-attacks or security breaches affecting any of these vendors and service providers could impact us through no fault of our own. In some cases, we may have exposure and suffer losses relating to these companies. Although we assess the security of our higher risk vendors and service providers, we cannot be sure that the information security protocols of all companies we do business with are sufficient to withstand cyber-attacks or other security breaches.

Insurance may not cover losses from cybersecurity attacks. Insurance may not cover losses from cybersecurity attacks.

The Company has invested in insurance related to cybersecurity. The Company has invested in insurance related to cybersecurity. Insurance policies are necessary to protect the Company from major losses but may be written in such a way as to limit the protection from certain risks, including cyber risks. If the insurance carrier denies coverage of losses, the Company may litigate. Because of policy technicalities, litigation may not result in a favorable outcome for the Company and litigation will result in additional legal expense. Because of policy technicalities, litigation may not result in a favorable outcome for the Company.

OPERATIONAL RISK

The Company is subject to a variety of operational risks, including reputational, legal, and compliance risk, and the risk of fraud or theft by employees, directors, or outsiders.

The Company is exposed to many types of operational risks, including reputational, legal, and compliance risk, the risk of fraud or theft by employees, directors or outsiders, unauthorized transactions by employees, operational errors, clerical or record-keeping errors, and errors resulting from faulty or disabled computer or communications systems.

Reputational risk, or the risk to the Company’s earnings and capital from negative public opinion, could result from the Company’s actual or alleged conduct in any number of activities, including lending practices, corporate governance, and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect the Company’s ability to attract and keep customers and employees and can expose it to litigation and further regulatory action.

Further, if any of the Company’s financial, accounting, or other data processing systems fail or have other significant issues, the Company could be adversely affected. The Company depends on internal systems and outsourced technology to support these data storage and processing operations. The Company’s inability to use or access these information systems at critical points in time could unfavorably impact the timeliness and efficiency of the Company’s business operations. It could be adversely affected if one of its employees causes a significant operational break-down or failure, either as a result of human error or where an individual purposefully sabotages or fraudulently manipulates its operations or systems. The Company is also at risk of the impact of natural disasters, terrorism, and international hostilities on its systems and from the effects of outages or other failures involving power or communications systems operated by others. The Company may also be subject to disruptions of its operating systems arising from events that are wholly or partially beyond its control (for example, computer viruses, or electrical or communications outages), which may give rise to disruption of service to customers and to financial loss or liability. In addition, there have been instances where financial institutions have been victims of fraudulent activity in which criminals pose as customers to initiate wire and automated clearinghouse transactions out of customer accounts. Although the Company has policies and procedures in place to verify the authenticity of its customers, it cannot guarantee that such policies and procedures will prevent all fraudulent transfers. Such activity can result in financial liability and harm to the Company’s reputation. If any of the foregoing risks materialize, it could have a material adverse effect on the Company’s business, financial condition, and results of operations.

The Company is dependent on key personnel and the loss of one or more of those key personnel may materially and adversely affect the Company’s operations and prospects.

The Company currently depends on the services of a number of key management personnel. The Company currently depends on the services of a number of key management personnel. The loss of key personnel could materially and adversely affect the results of operations and financial condition. The Company’s success also depends in part on the ability to attract and retain additional qualified management personnel. Competition for such personnel is strong and the Company may not be successful in attracting or retaining the personnel it requires.

The Company relies on other companies to provide key components of the Company’s business infrastructure. The Company relies on other companies to provide key components of the Company’s business infrastructure.

Third parties provide key components of the Company’s business operations such as data processing, recording and monitoring transactions, online banking interfaces and services, internet connections and network access. Third parties provide key components of the Company’s business operations such as data processing, recording and monitoring transactions, online banking interfaces and services, internet connections and network access. While the Company has selected these

third party vendors carefully, it does not control their actions. Any problem caused by these third parties, including those resulting from disruptions in communication services provided by a vendor, failure of a vendor to handle current or higher volumes, failures of a vendor to provide services for any reason or poor performance of services, could adversely affect the Company’s ability to deliver products and services to its customers and otherwise conduct its business. Financial or operational difficulties of a third party vendor could also hurt the Company’s operations if those difficulties interface with the vendor’s ability to serve the Company. Replacing these third party vendors could also create significant delay and expense and damage the Company’s ability to service its customers, resulting in a loss of customer goodwill. Accordingly, use of such third parties creates an unavoidable inherent risk to the Company’s business operations.

The Company’s ability to operate profitably may be dependent on its ability to integrate or introduce various technologies into its operations. The Company’s ability to operate profitably may be dependent on its ability to integrate or introduce various technologies into its operations.

The market for financial services, including banking and consumer finance services, is increasingly affected by advances in technology, including developments in telecommunications, data processing, computers, automation, online banking and tele-banking. The market for financial services, including banking and consumer finance services, is increasingly affected by advances in technology, including developments in telecommunications, data processing, computers, automation, online banking and tele-banking. The Company’s ability to compete successfully in its market may depend on the extent to which it is able to exploit such technological changes. If the Company is not able to afford such technologies, properly or timely anticipate or implement such technologies, or effectively train its staff to use such technologies, its business, financial condition or results of operations could be adversely affected.

COMPLIANCE AND REGULATORY RISK

The Company operates in a highly regulated industry, and the laws and regulations that govern the Company’s operations, including changes in them or the Company’s failure to comply with them, and regulatory actions implementing such laws and regulations, may adversely affect the Company.

The Company is subject to extensive regulation and supervision that govern almost all aspects of its operations. These laws and regulations, and regulatory actions implementing such laws and regulations, among other matters, prescribe minimum capital requirements, impose limitations on the Company’s business activities, limit the dividends or distributions that it can pay, and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in its capital than GAAP.

Changes to laws, regulations, or regulatory policies, or supervisory guidance, including changes in interpretation or implementation of laws, regulations, policies, or supervisory guidance, could affect the Company in substantial and unpredictable ways. Regulatory responses in connection with unforeseen stress events, including failures of banks and other financial institutions, often lead to increased regulatory scrutiny and heightened supervisory expectations and could adversely impact the Company’s business, financial condition, and results of operations, or alter or disrupt the Company’s planned future strategies and actions. The Company’s failure to comply with these laws and regulations could subject it to restrictions on its business activities, fines, and other penalties, any of which could adversely affect the Company’s results of operations, capital base, and the price of its securities. Compliance with laws and regulations, and regulatory actions implementing such laws and regulations, can be difficult and costly, and changes to laws and regulations could make compliance more difficult or expensive or otherwise adversely affect the Company’s business and financial condition.

Regulatory capital standards may have an adverse effect on the Company’s profitability, lending, and ability to pay dividends.

The Company is subject to capital adequacy guidelines and other regulatory requirements specifying minimum amounts and types of capital that the Company and the Bank must maintain. From time to time, regulators implement changes to these regulatory capital adequacy guidelines. If the Company fails to meet these minimum capital guidelines and/or other regulatory requirements, its financial condition would be materially and adversely affected. The Basel III Capital Rules require bank holding companies and their subsidiaries to maintain significantly more capital as a result of higher required capital levels and more demanding regulatory capital risk weightings and calculations. While the Company is exempt from these capital requirements under the Statement, the Bank is not exempt and must comply. The Bank must also comply with the capital requirements set forth in the “prompt corrective action” regulations pursuant to Section 38 of the Federal Deposit Insurance Act, as amended. Satisfying capital requirements may require the Company to limit its banking operations, retain net income or reduce dividends to improve regulatory capital levels, which could negatively affect its business, financial condition and results of operations.

Changes in accounting standards could impact reported earnings.

The authorities who promulgate accounting standards, including the Financial Accounting Standards Board (“FASB”), SEC, and other regulatory authorities, periodically change the financial accounting and reporting standards that govern the preparation of the Company’s consolidated financial statements. These changes are difficult to predict and can materially impact how the Company records and reports its financial condition and results of operations. In some cases, the Company could be required to apply a new or revised standard retroactively, resulting in the restatement of consolidated financial statements for prior periods. Such changes could also require the Company to incur additional personnel or technology costs.

Failure to maintain effective systems of internal and disclosure controls could have a material adverse effect on the Company's results of operation and financial condition.

Effective internal and disclosure controls are necessary for the Company to provide reliable financial reports and effectively prevent fraud and to operate successfully as a public company. Effective internal controls also are a deterrent to fraud. Pursuant to Section 404

of the SOX, the Company is required to include in its Annual Reports on Form 10-K management’s assessment of the effectiveness of internal controls over financial reporting. If the Company cannot provide reliable financial reports or reasonably prevent fraud, its reputation and operating results would be harmed. As part of its ongoing monitoring of internal controls, the Company may discover material weaknesses or significant deficiencies in its internal controls that require remediation. A “material weakness” is a deficiency, or a combination of deficiencies, in internal controls over financial reporting, such that there is a reasonable possibility that a material misstatement of a company’s annual or interim financial statements will not be prevented or detected on a timely basis.

Compliance with the requirements of Section 404 of SOX, including the costs of remediation efforts relating to weaknesses, is expensive and time-consuming. The Company’s inability to maintain operating effectiveness of the internal controls over financial reporting could result in a material misstatement to financial statements or other disclosures, which could have an adverse effect on its business, financial condition, and results of operations. In addition, any failure to remediate and maintain effective controls or to timely effect any necessary improvement of internal and disclosure controls could, among other things, result in losses from fraud or error, reputational damage, subject the Company to regulatory scrutiny, or cause investors to lose confidence in reported financial information, all of which could have a material adverse effect on the Company’s financial condition and results of operations. Whether customer claims and legal action related to the performance of the Company’s fiduciary responsibilities are founded or unfounded, if such claims and legal actions are not resolved in a manner favorable to the Company, they may result in significant financial liability and/or adversely affect the market perception of the Company and its products and services, as well as impact customer demand for those products and services.

The Company’s ability to pay dividends depends upon the results of operations of its subsidiaries. The Company’s ability to pay dividends depends upon the results of operations of its subsidiaries.

The Company is a financial holding company and a bank holding company that conducts substantially all of its operations through NBB. As a result, the Company’s ability to make dividend payments on its common stock depends primarily on certain federal regulatory considerations and the receipt of dividends and other distributions from NBB. There are various regulatory restrictions on the ability of NBB to pay dividends or make other payments to the Company. Although the Company has historically paid a cash dividend to the holders of its common stock, regulatory or economic factors may cause the Company’s Board of Directors to consider, among other things, the reduction of dividends paid on the Company’s common stock. Although the Company has historically paid a cash dividend to the holders of its common stock, holders of the common stock are not entitled to receive dividends, and regulatory or economic factors may cause the Company’s Board of Directors to consider, among other things, the reduction of dividends paid on the Company’s common stock.

The Company is subject to laws regarding the privacy, information security, and protection of personal information and any violation of these laws or another incident involving personal, confidential, or proprietary information of individuals could damage the Company’s reputation and otherwise adversely affect its business.

The Company’s business requires the collection and retention of large volumes of customer data, including personally identifiable information (“PII”), in various information systems that the Company maintains and in those maintained by third-party service providers. The Company also maintains important internal company data such as PII about its employees and information relating to its operations. The Company is subject to complex and evolving laws and regulations governing the privacy and protection of PII of individuals (including customers, employees and other third parties). For example, the Company’s business is subject to the GLBA, which, among other things: (i) imposes certain limitations on the Company’s ability to share nonpublic PII about its customers with nonaffiliated third parties; (ii) requires that the Company provide certain disclosures to customers about its information collection, sharing, and security practices and afford customers the right to “opt out” of any information sharing by it with nonaffiliated third parties (with certain exceptions); and (iii) requires that the Company develop, implement, and maintain a written comprehensive information security program containing appropriate safeguards based on the Company’s size and complexity, the nature and scope of its activities, and the sensitivity of customer information it processes, as well as plans for responding to data security breaches. Various federal and state banking regulators and states have also enacted data breach notification requirements with varying levels of individual, consumer, regulatory, or law enforcement notification in the event of a security breach. Ensuring that the Company’s collection, use, transfer, and storage of PII complies with all applicable laws and regulations can increase the Company’s costs. Furthermore, the Company may not be able to ensure that customers and other third parties have appropriate controls in place to protect the confidentiality of the information that they exchange with it, particularly where such information is transmitted by electronic means. If personal, confidential, or proprietary information of customers or others were to be mishandled or misused, the Company could be exposed to litigation or regulatory sanctions under privacy and data protection laws and regulations. Concerns regarding the effectiveness of the Company’s measures to safeguard PII, or even the perception that such measures are inadequate, could cause the Company to lose customers or potential customers and thereby reduce its revenues. Accordingly, any failure, or perceived failure, to comply with applicable privacy or data protection laws and regulations may subject the Company to inquiries, examinations, and investigations that could result in requirements to modify or cease certain operations or practices or result in significant liabilities, fines, or penalties, and could damage the Company’s reputation and otherwise adversely affect its operations, financial condition, and results of operations.

Climate change may result in operational changes and expenditures that could negatively impact the Company’s business.

The current and anticipated effects of climate change are creating concern for the state of the global environment. The lack of empirical data surrounding the credit and other financial risks posed by climate change render it impossible to predict how specifically climate change may impact the Company’s financial condition and results of operations; however, the physical effects of climate change may also directly impact the Company. Specifically, unpredictable and more frequent weather disasters may adversely impact the value of real property securing the loans in the Company’s loan portfolio. Additionally, if insurance obtained by borrowers is insufficient to cover any losses sustained to the collateral, or if insurance coverage is otherwise unavailable to borrowers, the collateral securing loans may be negatively impacted by climate change, which could impact the Company’s financial condition and results of operations. Further, the effects of climate change may negatively impact regional and local economic activity, which could lead to an adverse effect on customers and impact the communities in which the Company operates.

The federal banking regulators have been focused on the physical and financial risks to financial institutions associated with climate change. Expectations with respect to these matters has been changing, and it is difficult to predict changes in priorities and requirements with respect to these matters, including any changes in compliance costs relating to such changes. To the extent that regulatory initiatives lead to the promulgation of new regulations or supervisory guidance applicable to the Company, the Company would likely experience increased compliance costs and other compliance-related risks. To the extent that these initiatives lead to the promulgation of new regulations or supervisory guidance applicable to the Company, the Company would likely experience increased compliance costs and other compliance-related risks.

LEGAL RISK

The Company is subject to claims and litigation pertaining to fiduciary responsibility.

From time to time, customers make claims and take legal action pertaining to the performance of the Company’s fiduciary responsibilities. Whether customer claims and legal action related to the performance of the Company’s fiduciary responsibilities are founded or unfounded, if such claims and legal actions are not resolved in a manner favorable to the Company, they may result in significant financial liability and/or adversely affect the market perception of the Company and its products and services, as well as impact customer demand for those products and services. Any financial liability or reputation damage could have a material adverse effect on the Company’s business, which, in turn, could have a material adverse effect on the Company’s financial condition and results of operations.

GENERAL RISK

Changes in funding for local universities could materially affect our business.

Two major employers in the Company’s market area are Virginia Tech and Radford University, both state-supported institutions. Two major employers in the Company’s market area are Virginia Tech and Radford University, both state-supported institutions. If federal or state support for public colleges and universities wanes, our business may be adversely affected from declines in university programs, capital projects, employment, enrollment, sporting and cultural events, and other related factors.

If the economy suffers a recession, our credit risk will increase and there could be greater loan losses. If the economy suffers a recession, our credit risk will increase and there could be greater loan losses.

If the economy suffers a recession, it is likely to result in a higher rate of business closures and increased job losses in the region in which we do business. If the economy suffers a recession, it is likely to result in a higher rate of business closures and increased job losses in the region in which we do business. These factors would increase the likelihood that more of our customers would become delinquent or default on their loans. A higher level of loan defaults could result in higher loan losses, which could adversely affect our results of operations and financial condition.

While the Company’s common stock is currently traded on the Nasdaq Capital Market, it has less liquidity than stocks for larger companies quoted on a national securities exchange. While the Company’s common stock is currently traded on the Nasdaq Capital Market, it has less liquidity than stocks for larger companies quoted on a national securities exchange.

The trading volume in the Company’s common stock on the Nasdaq Capital Market has been relatively low when compared with larger companies listed on the Nasdaq Capital Market or other stock exchanges. There is no assurance that a more active and liquid trading market for the common stock will exist in the future. Consequently, stockholders may not be able to sell a substantial number of shares for the same price at which stockholders could sell a smaller number of shares. In addition, the Company cannot predict the effect, if any, that future sales of its common stock in the market, or the availability of shares of common stock for sale in the market, will have on the market price of the common stock. Sales of substantial amounts of common stock in the market, or the potential for large amounts of sales in the market, could cause the price of the Company’s common stock to decline, or reduce the Company’s ability to raise capital through future sales of common stock.

Natural disasters, acts of war or terrorism, geopolitical instability, the impact of public health issues and other adverse external events could detrimentally affect our financial condition and results of operations. Natural disasters, acts of war or terrorism, the impact of public health issues and other adverse external events could detrimentally affect our financial condition and results of operations.

Natural disasters, acts of war or terrorism, geopolitical instability, the impact of public health issues and other adverse external events could have a significant negative impact on our ability to conduct business or upon third parties who perform operational services for us or our customers. Such events also could affect the stability of our deposit base, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, impair the value of our investment portfolio, result in lost revenue or cause us to incur additional expenses. Such events also could affect the stability of our deposit base, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, result in lost revenue or cause us to incur additional expenses.

Although the Company has business continuity plans and other safeguards in place, there is no assurance that such plans and safeguards will be effective. Although the Company has business continuity plans and other safeguards in place, there is no assurance that such plans and safeguards will be effective. In the event of a natural disaster, acts of war or terrorism, public health issues or other adverse external events, our business, services, asset quality, financial condition and results of operations could be adversely affected. In the event of a natural disaster, acts of war or terrorism, the impact of public health issues or other adverse external events, our business, services, asset quality, financial condition and results of operations could be adversely affected.

The development and use of Artificial Intelligence (“AI”) presents risks and challenges that may adversely impact our business.

We or our third-party vendors, clients, or counterparties may develop or incorporate AI technology in certain business processes, services, or products. The development and use of AI presents a number of risks and challenges to our business. The legal and regulatory environment relating to AI is uncertain and rapidly evolving, and includes regulatory schemes targeted specifically at AI as well as provisions in intellectual property, privacy, consumer protection, employment, and other laws applicable to the use of AI. These evolving laws and regulations could require changes in our implementation of AI technology and increase our compliance costs and the risk of non-compliance. AI models, particularly generative AI models, may produce outputs or take actions that are incorrect, that reflect biases included in the data on which they are trained, that result in the release of private, confidential, or proprietary information, that infringe on the intellectual property rights of others, or that are otherwise harmful. In addition, the complexity of

many AI models makes it difficult to understand why they are generating particular outputs. This limited transparency increases the challenges associated with assessing the proper operation of AI models, understanding and monitoring the capabilities of the AI models, reducing erroneous outputs, eliminating bias, and complying with regulations that require documentation or explanation of the basis on which decisions are made. Further, we may rely on AI models developed by third parties, and, to that extent, would be dependent in part on the manner in which those third parties develop and train their models, including risks arising from the inclusion of any unauthorized material in the training data for their models and the effectiveness of the steps these third parties have taken to limit the risks associated with the outputs of their models, matters over which we may have limited visibility. Any of these risks could expose us to liability or adverse legal or regulatory consequences and harm our reputation and the public perception of our business or the effectiveness of our security measures.

Item 1B. Unresolved Staff Comments

There are no unresolved staff comments.