Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - NNI

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

ITEM 1A. RISK FACTORS
We and our businesses are subject to a variety of risks. This section discusses material risk factors that could have a material adverse impact on our business, financial condition, results of operations, liquidity, and an investment in us. This section discusses material risk factors that could adversely affect our financial results and condition, and an investment in us. Although this section highlights key risk factors, other risks may emerge at any time, and we cannot predict all risks or estimate the extent to which they may affect us.
Loan Portfolio
Our loan portfolios, and residual interests therein, are subject to credit risk, prepayment risk, and certain risks related to interest rates, and the derivatives we use to manage interest rate risks, each of which could reduce the expected cash flows and earnings on our portfolios.
Credit risk - loans
Our loan portfolio is subject to credit risk, including the risk that borrowers may be unable or unwilling to repay their obligations. We estimate our allowance for loan losses using a range of quantitative and qualitative factors, including repayment and delinquency status; loan program type; historical and current default trends based on internal experience and industry data; prior loss experience; trends in claims rejected by guarantors on federally insured student loans; changes to federal student loan programs; borrower FICO scores; and current and forecasted macroeconomic conditions, including unemployment levels, gross domestic product, and consumer price inflation, as well as other relevant qualitative considerations.
As of December 31, 2025, 78.8% of our loan portfolio is federally guaranteed, which substantially limits our exposure to credit losses on those loans. However, our private education and consumer loan portfolios are unsecured and expose us to the full risk of loss in the event of borrower default. We are actively expanding our acquisition of private education and consumer loan portfolios, which increases our overall exposure to credit risk.
If defaults on loans we hold are higher than anticipated, whether due to adverse economic conditions, changes in regulatory or operating environments, inaccurate underwriting assumptions, or other unforeseen factors, or if actual credit performance is significantly worse than our estimates, we may be required to increase our allowance for loan losses. Many of our consumer loans, including Pay Later receivables, are underwritten, serviced, and collected by third-parties that we do not control. Any increase in defaults would result in higher provisions for loan losses and could materially and adversely affect our consolidated results of operations and financial condition.
16

Credit risk - beneficial interest in loan securitizations
We own partial ownership in consumer, private education, and federally insured student loan third-party securitizations that are classified as "beneficial interest in loan securitizations" and included in "other investments and notes receivable, net" on our consolidated balance sheets. As of the latest remittance reports filed by the various trusts prior to or as of December 31, 2025, our ownership correlates to approximately $1.83 billion of loans included in these securitizations. As of the latest remittance reports filed by the various trusts prior to or as of December 31, 2023, the Company's ownership correlates to approximately $1.76 billion of loans included in these securitizations. As of December 31, 2025, the investment balance on our consolidated balance sheet of its beneficial interest in loan securitizations was $194.8 million.
Our partial ownership percentage in each loan securitization grants us the right to receive the corresponding percentage of cash flows generated by the securitization. The cash flows generated from the securitizations are highly subject to credit risk (defaults). If defaults are higher than management's current estimate, future cash flows and investment interest income (earnings) from these securitizations would be adversely impacted. In addition, the value of the current investment balance may not be recoverable, resulting in an adverse impact to our operating results. A change in the Company's estimate of future cash flows based on cumulative loss expectations may result in an increase to the Company's established allowance for credit losses (and related provision expense) related to these investments.
Prepayment risk
Higher rates of prepayments of loans reduces our loan interest income from our loan portfolio and investment interest income on our beneficial interest in loan securitizations.
The Higher Education Act allows borrowers to prepay FFEL Program loans at any time without penalty. Prepayments on our federally insured loan portfolio have resulted and may continue to result from consolidations of student loans by the Department through the Federal Direct Loan Program or by a lending institution through a private education or unsecured consumer loan, which historically tend to occur more frequently in low interest rate environments; from borrower defaults on federally insured loans, which will result in the receipt of a guaranty payment; and from voluntary full or partial prepayments; among other things. Prepayments have resulted and may continue to result from consolidations of student loans by the Department through the Federal Direct Loan Program or by a lending institution through a private education or unsecured consumer loan, which historically tend to occur more frequently in low interest rate environments; from borrower defaults on federally insured loans, which will result in the receipt of a guaranty payment; and from voluntary full or partial prepayments; among other things.
Beginning in late 2021, we experienced accelerated run-off of our FFELP loan portfolio as borrowers consolidated into the Federal Direct Loan Program, driven by Department initiatives under the Biden Administration and the CARES Act payment and interest pause beginning in March 2020 through August 2023. Subsequent developments, including the Supreme Court's invalidation of broad-based debt relief, withdrawal of rulemaking efforts, and litigation pausing implementation of the SAVE income-driven repayment plan, have reduced consolidation incentives. These factors have resulted in a significant decrease in FFELP borrowers consolidating their loans into the Federal Direct Program since August 2024.
While more unlikely now under the Trump Administration, if the federal government or the Department initiate additional loan forgiveness or cancellation, other repayment options or plans, or consolidation loan programs, such initiatives could increase prepayments and reduce interest income. Even if a broad debt cancellation program only applied to student loans held by the Department, such program could result in a significant increase in consolidations of FFELP loans to Federal Direct Loan Program loans and a corresponding increase in prepayments with respect to our FFELP loan portfolio, and also a decrease in our third-party FFELP loan servicing revenues.
We cannot predict how or what programs or policies will be impacted by any actions that the Trump Administration or Congress may take, the timing of when such programs or policies may be implemented, and/or the ultimate outcome thereof. 20We cannot predict how or what programs or policies will be impacted by any actions that the Administration, Congress, or the federal government may take, the timing of when such programs or policies may be implemented, and/or the ultimate outcome thereof. In addition, any changes to government programs or policies may be legally challenged, which may affect the extent and timing of these changes and the resulting impact they may have on our businesses, financial condition, or results of operations. New or modified Government programs or policies may lead to increased call volumes and have a negative effect on the level of service we are able to provide.
Sustained higher prepayment levels and/or a significant increase in prepayment levels could have a material adverse effect on our revenues, cash flows, profitability, and business outlook, and, as a result, could have a material adverse effect on our business, financial condition, or results of operations, including loan interest income in our AGM and Nelnet Bank segments, investment interest income on our beneficial interest in loan securitizations, FFELP servicing revenue in our LSS segment, investment advisory services revenue earned by WRCM on FFELP loan asset-backed securities under management, and interest income earned on our FFELP loan asset-backed securities investments.
Interest rate risk - basis and repricing risk
We fund the majority of the FFELP student loan assets in our AGM segment with 30-day or 90-day Secured Overnight Financing Rate (SOFR) indexed floating rate securities. Meanwhile, the interest earned on our FFELP student loan assets is indexed to 30-day average SOFR, three-month commercial paper, and three-month Treasury bill rates. Meanwhile, the interest earned on our FFELP student loan 21assets is indexed to 30-day average SOFR, three-month commercial paper, and three-month Treasury bill rates. The differing interest
17

rate characteristics of our loan assets versus the liabilities funding these assets result in basis risk, which impacts the excess spread earned on our loans. We also face repricing risk due to the timing of the interest rate resets on our liabilities, which may occur as infrequently as once a quarter, in contrast to the timing of the interest rate resets on our assets, which generally occur daily. In a declining interest rate environment, this may cause our variable student loan spread to compress, while in a rising interest rate environment, it may cause the variable spread to increase.
As of December 31, 2025, our AGM segment had $7.0 billion, $0.2 billion, and $0.2 billion of FFELP loans indexed to the 30-day average SOFR, three-month commercial paper, and three-month Treasury bill rate, respectively, all of which reset daily, and $1.4 billion of debt indexed to 90-day SOFR, which resets quarterly, and $5.0 billion of debt indexed to 30-day SOFR, which resets monthly. While these indices are all short term in nature with rate movements that are highly correlated over a longer period of time, the indices' historically high level of correlation may be disrupted in the future due to capital market dislocations or other factors not within our control. In such circumstances, our business, financial condition, or results of operations could be materially adversely affected.
Interest rate risk - use of derivatives
We use derivative instruments to manage interest rate sensitivity. See note 6 of the notes to consolidated financial statements included in this report for additional information on derivatives used by us to manage interest rate risk. Most of these derivatives do not qualify for hedge accounting, and changes in their fair value are recognized in earnings. As a result, movements in interest rates and shifts in the yield curve can materially affect the valuation of our derivatives and our results of operations.
Interest rate risk management is complex, and our strategies may not fully mitigate exposure. Because certain derivatives are not fully matched to specific loan pools or hedged on a notional or duration basis, we may be under or over hedged, which could result in material losses. In addition, if interest rates move differently than expected, our derivatives may generate significant mark‑to‑market losses and increase earnings volatility, which could have a material adverse effect on our business, financial condition, and results of operations.
Certain derivative transactions are subject to clearing requirements, which require us to post substantial collateral and may negatively affect liquidity or limit our ability to use derivatives, although they reduce counterparty risk. Non‑centrally cleared derivatives expose us to counterparty credit risk. Nelnet Bank’s derivatives are non‑centrally cleared and are entered into with high‑quality counterparties. If a counterparty fails to perform, we could incur a loss equal to the recorded fair value of the derivative, net of collateral. As of December 31, 2025, Nelnet Bank had $245.0 million in notional derivative contracts, with gross fair values of $0.6 million in asset positions and $1.7 million in liability positions. As of December 31, 2023, Nelnet Bank had a total notional amount of $140.0 million of derivatives outstanding, and the gross fair value of such derivatives in an asset position was $0.5 million and in a liability position was $2.0 million.
Interest rate movements also affect daily settlement payments and collateral requirements. Material adverse rate movements or additional derivatives with negative fair values could require significant margin or collateral payments, which could materially and adversely affect our results of operations, liquidity, or capital resources.
Our loan portfolios and other assets and operations could experience adverse impacts from natural disasters, widespread health crises, terrorist activities, or international hostilities.Our loan portfolios and other assets and operations could experience adverse impacts from natural disasters, widespread health crises similar to the COVID-19 pandemic, terrorist activities, or international hostilities.
Natural disasters, widespread health crises, terrorist activities, or international hostilities could affect the financial markets or the economy in general or in any particular region and could lead, for example, to an increase in loan delinquencies, borrower bankruptcies, or defaults that could result in higher levels of nonperforming assets, net charge-offs, and provisions for credit losses, as well as have adverse effects on our other assets and business operations.Natural disasters, widespread health crises similar to the COVID-19 pandemic, terrorist activities, or international hostilities, including the conflict in Ukraine, the Middle East, and similar conflicts, could affect the financial markets or the economy in general or in any particular region and could lead, for example, to an increase in loan delinquencies, borrower bankruptcies, or defaults that could result in higher levels of nonperforming assets, net charge-offs, and provisions for credit losses, as well as have adverse effects on our other assets and business operations. We cannot predict specifically when and where such events will occur, or the full nature and extent thereof, and our resiliency planning may not be sufficient to mitigate the adverse consequences of such events. We cannot predict specifically when and where such events 23will occur, or the full nature and extent thereof, and our resiliency planning may not be sufficient to mitigate the adverse consequences of such events. The adverse impact of such events could also be increased to the extent that there is insufficient preparedness on the part of national or regional emergency responders or on the part of other organizations and businesses that we transact with, particularly those that we depend upon but have no control over.
Liquidity and Funding
Our business involves risks associated with funding loan assets on our balance sheet and in our loan warehouse financing facilities, particularly market, liquidity, and credit risks, which could materially and adversely affect our financial condition, results of operations, and ability to meet our obligations.
We are exposed to market risks due to fluctuations in interest rates, credit spreads, and general market conditions. Changes in these factors may negatively impact the value of our loan portfolio and our ability to secure long-term funding on these assets. Rising interest rates, for instance, could increase the cost of funding our operations, while a widening of credit spreads could reduce the market value of our loan assets. Market volatility could also limit our ability to access the capital markets on
18

favorable terms or at all, potentially leading to a mismatch in the duration and cost of our funding sources compared to the maturity profile of our loan assets.
The majority of our portfolio of loans are funded through asset-backed securitizations that are structured to substantially match the maturities of the funded assets, and there are minimal liquidity issues related to these facilities.The majority of our portfolio of loans is funded through asset-backed securitizations that are structured to substantially match the maturities of the funded assets, and there are minimal liquidity issues related to these facilities. We also have loans funded in shorter term warehouse facilities, as described in note 5 of the notes to consolidated financial statements included in this report. The current maturities of the warehouse facilities do not match the maturity of the related funded assets. Therefore, we will need to modify and/or find alternative funding related to the loan collateral in these facilities prior to their expiration. In addition, any noncompliance with financial covenants in these facilities could result in a requirement for the immediate repayment of any outstanding borrowings thereunder.
If we are unable to obtain cost-effective funding alternatives for the loans in the warehouse facilities prior to the facilities' maturities, our cost of funds could increase, adversely affecting our results of operations. If we cannot find funding alternatives, we would have to fund the collateral using operating cash (negatively impacting our liquidity), consider the sale of assets (that could result in losses), and/or lose our collateral, including the loan assets and cash advances, related to these facilities.
Liquidity risk also arises from our need to maintain sufficient cash flows to meet our financial obligations, including debt maturities, and operational expenses. Holding loan assets funded with operating cash on our balance sheet requires us to continually monitor and manage our liquidity position. Adverse market conditions, reduced availability of funding sources, or a downgrade in our credit rating could limit our access to capital and increase our funding costs. Additionally, the illiquid nature of certain loan assets may impede our ability to sell or reallocate assets promptly, potentially resulting in losses or an inability to meet liquidity needs.
While we employ various strategies to mitigate these risks, such as diversifying our funding sources, and performing rigorous credit analysis, there can be no assurance that these measures will be effective under all circumstances. Unforeseen market conditions or systemic disruptions could limit the effectiveness of our risk management strategies and amplify the risks associated with funding loan assets.
Any failure to adequately manage market, liquidity, and credit risks could result in significant financial losses, damage to our reputation, and regulatory scrutiny. These factors may adversely affect our ability to operate effectively, raise capital, and generate sustainable returns for our stakeholders.
We are subject to economic and market fluctuations related to our investments.
We have a substantial investment in student loan and other asset-backed securities that are subject to market fluctuations.We invest a substantial portion of our excess cash in student loan and other asset-backed securities that are subject to market fluctuations. As of December 31, 2025, our amortized cost and the fair value of these investments were $1.5 billion. As of December 31, 2023, the amount of goodwill allocated to the AGM reporting unit was $41.9 million. The majority of our asset-backed securities earn floating interest rates with expected returns of approximately SOFR + 50 to 350 basis points to maturity. Our portfolio of asset-backed securities has limited liquidity, and we could incur a significant loss if the investments were sold prior to maturity at an amount less than the original purchase price.
Operations
Our largest fee-based customer, the Department of Education, represented 21% of our revenue in 2025. Our inability to consistently meet service requirements and surpass competitor performance metrics, unfavorable contract modifications or interpretations, or the loss of servicing borrower volume due to broad based debt cancellation by the Department or a decline in borrowing, could significantly lower servicing revenue in our LSS segment, hinder future service opportunities, and have a material adverse impact on our business, financial condition, or results of operations.
As of December 31, 2025, Nelnet Servicing was servicing $434.5 billion of government owned student loans for 11.4 million borrowers. For the year ended December 31, 2025, our LSS segment recognized $364.0 million in revenue from the Department, which represented 21% of our revenue. For the year ended December 31, 2023, our LSS segment recognized $412.5 million in revenue from the Department, which represented 32% of our revenue.
Nelnet Servicing provides servicing capabilities for the Department’s student aid recipients under a USDS contract, which went live on April 1, 2024. Under the USDS contract, revenue earned on a per borrower blended basis has decreased compared to our legacy contract with the Department.
New loan volume is allocated among the Department servicers based on certain service level and portfolio performance metrics established by the Department and compared among all loan servicers. The amount of future allocations of new loan volume could be negatively impacted if we are unable to consistently surpass comparable competitor and/or other performance metrics. In addition, if any current or future Department servicing contracts become subject to unfavorable modifications or interpretations by the Department, including adverse pricing changes or assessed performance penalties, servicing revenue
19

would be negatively impacted and could result in potential restructuring charges that may be necessary to re-align our cost structure with our servicing operations. Furthermore, the One Big Beautiful Bill (the "Bill") placed caps on federal lending for graduate students and parents of undergraduates, which could reduce future volumes of federal student loan borrowers, while potentially expanding the market for private student lending. In addition, if there is a lack of Federal government appropriations the Department may modify its cost under existing contracts with its servicers and accordingly reduce servicers’ required servicing activities, and such modifications could adversely impact the Company’s servicing revenue and operating results, as well as the level of service we are able to provide, that may result in additional scrutiny from federal and state government regulatory agencies and reputation damage. In addition, due to lack of Federal government appropriations the Department may modify its cost under existing contracts with its servicers and accordingly reduce servicers’ required servicing activities, and such modifications could adversely impact the Company’s servicing revenue and operating results, as well as the level of service we are able to provide, that may result in additional scrutiny from federal and state government regulatory agencies and reputation damage.
Further, we are partially dependent on our USDS contract to broaden servicing operations with the Department, other federal and state agencies, and commercial clients. The size and importance of this contract provides us the scale and infrastructure needed to profitably expand into new business opportunities. Loss of existing loan volume, whether due to re-allocation to other Department servicers, student debt cancellation to borrowers with loans held by the Department, or otherwise would adversely impact loan servicing revenue and could significantly hinder future opportunities, as well as result in potential restructuring charges that may be necessary to re-align our cost structure with our servicing operations.
The profitability and risk profile of our solar tax equity partnerships may be impacted by the terms and availability of federal incentives and regulatory uncertainty, including risks of not being able to realize tax credits which remain subject to recapture by taxing authorities. Additionally, we have risks related to solar construction contracts retained in the sale of NRE.
The financial performance of our solar tax equity partnerships are subject to and dependent upon complex federal, state, and other laws and regulations, including the Inflation Reduction Act (IRA) and the Bill and related guidance from the US Treasury and Internal Revenue Service, which regulate and, in some instances, incentivize the production of renewable energy. Any reductions or adverse modifications to, or the elimination or adverse interpretation of, governmental regulations or incentives that support the energy investment tax credit, including credit percent reductions or earlier sunsetting of policies could negatively impact these investments.
On July 4, 2025, the Bill was enacted into law. Among other substantial changes to the tax code, the Bill significantly reduces tax incentives for clean energy, eliminating or phasing out many of the environmental and clean energy tax credits for commercial projects enabled by the IRA. Prior to the enactment of the Bill, many of those credits were scheduled to remain in effect until 2032 or later. The Bill accelerates the expiration and phasing out of certain clean energy credits. Under the provisions of the Bill, commercial solar facilities must either (i) begin construction before July 4, 2026, in which case they would qualify for up to a four-year continuity safe harbor or (ii) be placed in service by December 31, 2027. The accelerated expiration and phasing out of solar tax credits implemented by the Bill will impact our ability to continue to invest in solar projects beyond the phase out periods. In addition, the Bill introduced complex new “foreign entity of concern” restrictions on solar projects that begin construction after 2025. These new restrictions may adversely impact supply chain costs and availability for solar projects, as well as compliance-related costs, which may further adversely impact solar project viability and risk. These changes in aggregate both limit the viability of solar tax equity partnerships themselves as well as the total pool of credits from which our tax equity opportunities are created.
For the majority of our solar tax equity partnerships, the HLBV method of accounting results in accelerated losses in the initial years of investment. For the majority of the Company's solar investments, the HLBV method of accounting results in accelerated losses in the initial years of investment. The HLBV method is both complex and subject to differing interpretations in relation to its application, which also creates risk relative to our accounting for these investments. In 2025 and 2024, we recognized net losses (before income taxes) on our solar tax equity partnerships of $29.0 million and $6.5 million, respectively, that included $27.9 million and $4.6 million, respectively, of losses that were attributed to noncontrolling interest partners.
Our solar tax equity partnerships are designed to generate a return primarily through the realization of federal income tax credits at the time the project is placed in service. We are subject to the risk that tax credits previously recorded by us, which remain subject to recapture by taxing authorities based on compliance features required to be met at the project level, will fail to meet certain government compliance requirements and will not be able to be realized. The inability to realize these tax credits and other tax benefits would have an adverse impact on our financial results. The risk of not realizing the tax credits, other tax benefits, and ongoing cash flow distributions from investment in the projects depends on many factors outside of our control, including changes in tax laws, the ability of the projects to continue operation, and project performance below expected or contracted levels of output or the pricing of output to offtakers being lower than anticipated.
We retained a limited number of solar construction contracts in association with our sale of NRE in November 2025. If the costs to complete such contracts exceed our estimates, we could incur additional losses related to such contracts.
20

A failure or security breach of our information technology infrastructure could disrupt our businesses, cause material financial losses, result in regulatory action and legal exposure, and damage our reputation.
We operate many different businesses in diverse markets and depend on the secure, efficient, and uninterrupted operation of our computer systems, networks, software, data centers, cloud services providers, telecommunications systems, and the rest of our information technology infrastructure to process, monitor, store, and transmit large numbers of daily transactions, some of which contain personal, confidential, and other sensitive information, in compliance with contractual, legal, regulatory, and our own standards.We operate many different businesses in diverse markets and depend on the efficient and uninterrupted operation of our computer systems, networks, software, datacenters, cloud services providers, telecommunications systems, and the rest of our information technology infrastructure to process and monitor large numbers of daily transactions in compliance with contractual, legal, regulatory, and our own standards. Such systems and infrastructure could be disrupted because of a cyberattack, unanticipated spikes in transaction volume, extended power outages, telecommunications failures, process breakdowns, degradation or loss of internet or website availability, natural disasters, political or social unrest, and terrorist acts. A significant adverse incident could damage our reputation and credibility, lead to customer dissatisfaction and loss of customers or revenue, and result in regulatory action, in addition to increased costs to service our customers and protect our network. Such an event could also result in large expenditures to repair or replace the damaged properties, networks, or information systems or to protect them from similar events in the future. System redundancy may be ineffective or inadequate, and our business continuity plans may not be sufficient for all eventualities. Any significant loss of customers or revenue, or significant increase in costs of serving those customers, could adversely affect our growth, financial condition, and results of operations. Although we take protective measures we believe to be reasonable and appropriate, our systems, networks, and software may be vulnerable to the increasingly numerous and more sophisticated cyberattacks, and our cybersecurity measures may not be entirely effective.
Information technology infrastructure risks continue to increase in part because of the proliferation of new technologies, the increased use of the internet and telecommunications technologies to support and process customer transactions, the increased number and complexity of transactions being processed, and increased instances of employees working from home and/or using personal computing devices.Information technology infrastructure risks continue to increase in part because of the proliferation of new technologies, the increased use of the internet and telecommunications technologies to support and process customer transactions, the increased number and complexity of transactions being processed, increased instances of employees working from home and/or using 26personal computing devices, and the increased sophistication and activities of organized crime, hackers, terrorists, activists, nation state threat actors, and other external parties. Also, cyberattack techniques change frequently, generally increase in sophistication, including through the use of artificial intelligence, often are not recognized until launched, sometimes go undetected even when successful, and originate from a wide variety of sources, including organized crime, hackers, terrorists, activists, disgruntled customers or consumers, unapproved use of artificial intelligence or machine learning, and hostile foreign governments.Cyberattack techniques change frequently, generally increase in sophistication, often are not recognized until launched, sometimes go undetected even when successful, and originate from a wide variety of sources, including organized crime, hackers, terrorists, activists, disgruntled customers or consumers, unapproved use of artificial intelligence or machine learning, and hostile foreign governments. Attackers may also attempt to fraudulently induce employees, customers, or other users of our systems to disclose sensitive information to gain access to our data or that of our customers, such as through “phishing” schemes and other social engineering techniques. A breach, or perceived breaches, of our information security systems, or the intentional or unintentional disclosure, alteration, or destruction by an authorized user of confidential information necessary for our operations, could result in serious negative consequences for us.
Malicious and abusive activities, such as the dissemination of destructive or disruptive software, computer hacking, denial of service attacks, and ransomware or ransom demands to not expose confidential data or vulnerabilities in systems, have become more common. These activities could have material adverse consequences on our network and our customers, including degradation of service, excessive call volume, and damage to our or our customers' equipment and data. Although to date we have not experienced a material loss relating to cyberattacks or system outage, there can be no assurance that we will not suffer such losses in the future or that there is not a current threat that remains undetected at this time. Our risk and exposure to these matters remains heightened because of, among other things, the evolving nature of these threats, and the size and scale of our services.
We could also incur material losses resulting from the risk of unauthorized access to our computer systems, the execution of unauthorized transactions by employees, unapproved use of artificial intelligence or machine learning, errors relating to transaction processing and technology, breaches of the internal control system and compliance requirements, and failures to properly execute business resumption and disaster recovery plans. In the event of a breakdown in the internal control system, improper operation of systems, or unauthorized employee actions, we could suffer material financial loss, potential legal actions, fines, or civil monetary penalties that could arise as a result of an operational deficiency or as a result of noncompliance with applicable regulatory standards, adverse business decisions or their implementation, and customer attrition due to potential negative publicity and damage to our reputation. Even though we maintain insurance coverage to offset costs related to incidents such as a cyberattack, information security breach, or extended system outage, this insurance coverage may not cover all costs of such incidents.
If we are unable to adapt to rapid technological change, take advantage of technological developments, or our software products experience quality problems and development delays, the demand for our products and services may decline.
Our long-term operating results, particularly from our LSS and ETSP segments, depend substantially upon our ability to continually enhance, develop, introduce, and market new products and services. We must continually and cost-effectively maintain and improve our information technology systems and infrastructure in order to successfully deliver competitive and cost-effective products and services to our customers. The widespread proliferation of new technologies and market demands could require substantial expenditures to enhance system infrastructure and existing products and services. If we fail to enhance
21

and scale our systems and operational infrastructure or products and services, our LSS and ETSP segments may lose their competitive advantage, which could have a material adverse impact on our business, financial condition, or results of operations.
Increased demand and competition for available skilled workers across the technology sector may impact our ability to maintain adequate technology and security staffing levels. Increased demand and competition for available skilled workers across the technology sector may impact our ability to maintain adequate technology and security staffing levels. If we are unable to retain existing talent, or recruit and hire new talent when needed, we may be unable to quickly develop and adopt new technologies, adequately adjust for contingencies, or maintain and improve our existing technology systems and infrastructure.
Our products and services are based on sophisticated software and computing systems that often encounter development delays, and the underlying software may contain undetected bugs or other defects that interfere with its intended operation. Quality problems with our software products, with transferring between systems, or with errors or delays in our processing of electronic transactions, could result in additional development costs, diversion of technical and other resources from our other development efforts, loss of credibility with current or potential clients, damage to our reputation, or exposure to liability claims.
Our development and deployment of artificial intelligence (AI) technologies has improved operational performance but these advancements also present risks that could result in reputational or competitive harm, legal liability, regulatory scrutiny, and other adverse effects on our business.
We have incorporated AI into certain aspects of our business, including assistance with handling customer inquiries, quality assurance monitoring, optical character recognition for processing and handling images, and monitoring network traffic. These advancements have significantly enhanced the efficiency and effectiveness of our operational processes, enabling faster identification and response to unique irregularities while improving our overall customer experience. As we continue to refine and expand our AI-driven initiatives, we expect these technologies to further optimize our operations and drive continued improvements in our performance. Additionally, some of our vendors use AI to enhance their products and services. Our use of AI, as well as the use by our vendors, may increase over time as the technology continues to develop. Our competitors may incorporate AI into their products or operations more quickly and effectively than we do, which could impair our ability to compete effectively. In addition, the pace of innovation in AI technologies is rapid and accelerating, and if we fail to anticipate, respond to, or implement new AI capabilities in a timely and effective manner, our products, services, or internal processes could become less competitive or obsolete.
Our use of AI carries inherent risks related to data privacy and security, such as intended, unintended, or inadvertent transmission of proprietary, personal, or sensitive information, as well as challenges related to implementing and maintaining AI models and tools, such as developing and maintaining appropriate datasets. Ineffective or inadequate use of AI by us or our vendors could produce deficient, inaccurate, or biased outputs, impacting decision making and customer interactions, and prevent us from detecting quality or network security issues. Ineffective or inadequate use of AI by us or our vendors could produce deficient, inaccurate, or biased analyses or customer responses and prevent us from detecting quality or network security issues. Additionally, developing and maintaining appropriate datasets, validating models, and ensuring proper oversight are complex and resource intensive. Failing to manage these processes effectively could result in operational disruptions or compliance failures. Our ability to develop, deploy, and effectively manage AI technologies also depends on our ability to attract, retain, and train employees with specialized technical expertise in AI, data science, and related disciplines. Competition for such talent is intense, and any inability to hire or retain qualified personnel, or to upskill our existing workforce, could delay or impair our AI initiatives and increase our operating costs.
We also increasingly use, or may use in the future, AI‑enabled tools to assist with software code development, testing, and code review. While these tools may improve efficiency and productivity, they may generate inaccurate, insecure, or non‑compliant code, fail to identify defects or vulnerabilities, or incorporate third‑party intellectual property or open‑source components in a manner that creates legal, security, or licensing risks. Reliance on AI‑generated or AI‑reviewed code could result in software defects, cybersecurity vulnerabilities, service disruptions, or increased remediation costs, and may not be detected prior to deployment.
We are also subject to existing legal and regulatory frameworks that apply to AI. In the United States alone, legislatures have advanced an accelerating volume of AI‑specific requirements, in addition to the broader set of traditional privacy, consumer protection, and civil rights laws that increasingly apply to AI systems. Beyond state activity, the federal government may also enact AI‑related legislation or issue executive actions, which could create new compliance obligations or operational impacts across our business lines. Federal regulators, such as the Federal Trade Commission and CFPB, have issued guidance on the ethical use of AI under existing laws, emphasizing the importance of fairness, transparency, and accountability in AI applications. Furthermore, comprehensive privacy laws, such as the California Consumer Privacy Act, include provisions that address regulating automated decision-making and profiling. In addition to existing regulations, there is increased attention to the enactment of new AI-specific laws which could prevent or limit our use of AI and require us to change our business practices. Internationally, jurisdictions are similarly advancing AI governance frameworks, contributing to a growing global
22

patchwork of regulatory requirements that may affect our technology deployment, product development, and vendor management practices. Together, these developments reflect an increasingly complex and rapidly evolving AI regulatory environment that may require ongoing enhancements to our internal controls, risk‑management practices, and oversight of AI‑enabled products and services.
Any of these risks could result in regulatory action, loss of confidence from clients and customers, legal liability, and reputational harm, which could have a material adverse effect on our business, financial condition, and results of operations.
We rely on third parties for a wide array of services for our customers, and to meet our contractual obligations. The failure of a third party with which we work could adversely affect our business performance and reputation.
We rely on third parties for many critical operational services, technology, software development, data center hosting facilities, cloud computing platforms, and software. We also rely upon data from external sources to maintain our proprietary databases, including data from customers, business partners, and various government sources. Our third-party service providers may be vulnerable to damage or interruption from natural disasters, power loss, cyberattacks, telecommunications failures, geopolitical disruption, breakdowns or failures of their systems, employee negligence or misconduct, supply chain disruptions, acts of terrorism, and similar events. Our third-party service providers may be vulnerable to damage or interruption from natural disasters, power loss, cyberattacks, telecommunications failures, geopolitical 28disruption, breakdowns or failures of their systems, employee negligence or misconduct, supply chain disruptions, acts of terrorism, and similar events. They may also be subject to sabotage, vandalism, and similar misconduct, as well as regulatory actions, changes to legal requirements, and litigation to stop, limit, or delay operations. Our ability to implement backup systems and other safeguards with respect to third-party systems is limited. Furthermore, an attack on, or failure of, a third-party system may not be revealed to us in a timely manner, which could compromise our ability to respond effectively.
If a third-party service provider’s services are disrupted, we may temporarily lose the ability to conduct certain business activities, which could impact our ability to serve our customers and meet our contractual, legal, or regulatory compliance obligations, and/or result in the loss or compromise of our information or the information of our customers. Our businesses would also be harmed if our customers and potential customers believe our services are unreliable. Some of our third-party service providers may engage vendors of their own as they provide services or technology solutions for our operations, which introduces the same risks that these “fourth parties” could be the sources of operational and cybersecurity failures.
Due to our use of Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Computing Services for a significant amount of our technology products and services, as well as the dependence of many of our third-party service providers on these platforms, the stability and availability of these platforms is critical to our business.Due to our use of Amazon Web Services (AWS) and Microsoft 365 for a significant amount of our technology products and services, as well as the dependence of many of our third-party service providers on AWS and Microsoft 365, the stability and availability of AWS and Microsoft 365 is critical to our business.
If we fail to comply with the requirements to maintain the federal guarantees for the FFELP loans we service for us and for third parties, we may lose our guarantees or incur penalties.
As of December 31, 2025, we serviced $11.6 billion of FFELP loans that maintained a federal guarantee, of which $6.5 billion and $5.1 billion were owned by us and third parties, respectively.As of December 31, 2023, we serviced $17.5 billion of FFELP loans that maintained a federal guarantee, of which $10.2 billion and $7.3 billion were owned by us and third parties, respectively. We must meet various requirements in order to maintain the federal guarantee on these federally insured loans, which is conditional based on compliance with origination, servicing, and collection policies set by the Department and guaranty agencies. If we misinterpret Department guidance, or incorrectly apply the Higher Education Act, the Department could determine that we are not in compliance. FFELP loans that are not originated, disbursed, or serviced in accordance with Department and guaranty agency regulations may be subject to partial or complete loss of the guarantee. If we experience servicing deficiencies, it could result in the loan guarantee being revoked or denied. Although in most cases, we may cure deficiencies by following a prescribed cure process which usually involves obtaining the borrower's reaffirmation of the debt, not all deficiencies can be cured. As FFELP loan holders, servicers, and guaranty agencies exit the FFEL Program and consolidation within the industry takes place, this increases the complexity of servicing and claim filing due to the amount of loan servicing and loan guaranty transfers and the opportunity for errors at the time a claim is filed.
Failure to comply with Department and guaranty agency regulations may also result in fines, other penalties, expenses required to cure servicing deficiencies, suspension or termination of the right to participate as a FFELP servicer, negative publicity, and potential legal claims, including claims by our servicing customers if they lose the federal guarantee or SAP benefits on loans that we service for them. If we are subjected to significant fines, or loss of insurance or guarantees on a material number of FFELP loans, or if we lose our ability to service FFELP loans, it could have a material adverse impact on our business, financial condition, or results of operations.
Our Department of Education servicing contract and our third-party FFELP loan servicing business involve additional risks inherent in government contracts and programs.
The federal government could engage in a prolonged debate linking the federal deficit, debt ceiling, government shutdown, and other budget issues. If U.S. lawmakers fail to reach agreement on these issues, the federal government could modify terms on current agreements or delay payment on its obligations, which could adversely impact our business, financial condition, or
23

results of operations. Further, legislation to address the federal deficit and spending could impose changes that would adversely affect the Federal Direct Loan Program and FFELP servicing businesses.
We contract with the Department to administer loans held by the Department in both the FFEL and Federal Direct Loan Program, we own a portfolio of FFELP loans, and we service our FFELP loans as well as FFELP loans for third parties. These loan programs are authorized by the Higher Education Act and are subject to periodic reauthorization and changes to the programs by the Presidential Administration and Congress. Any changes could have a material impact on our cash flows from servicing, interest income, and operating margins.
Government entities in the U.S. often reserve the right to audit contract costs and conduct inquiries and investigations of business practices. These entities also conduct reviews and investigations and make inquiries regarding systems, including systems of third parties, used in connection with the performance of the contracts. Negative findings could adversely affect our future revenues and profitability. Negative findings could adversely affect the contractor’s future revenues and profitability. If improper or illegal activities are found, we could become subject to various civil and criminal penalties, including those under the civil U.S. False Claims Act. Additionally, we may be subject to administrative sanctions, which may include termination or non-renewal of contracts, forfeiture of profits, suspension of payments, fines and suspensions, or debarment from doing business with other agencies of that government.
The government could change governmental policies, programs, regulatory environments, spending sentiment, and many other factors and conditions, some of which could adversely impact our businesses, results of operations, and financial condition. We cannot predict how or what programs or policies will be changed by the federal government. The conditions described above could impact not only our contract with the Department, but also other existing or future contracts with government or commercial entities, and could have a material adverse impact on our business, financial condition, or results of operations.
Our ability to continue to grow and maintain our contracts with commercial businesses and government agencies is partly dependent on our ability to maintain compliance with various laws, regulations, and industry standards applicable to those contracts.
We are subject to various laws, regulations, and industry standards related to our commercial and government contracts. In most cases, these contracts are subject to termination rights, audits, and investigations. The laws and regulations that impact our operating segments are outlined in Part I, Item 1, “Regulation and Supervision.” Additionally, our LSS segment contracts with the federal government require that we maintain internal controls in accordance with the National Institute of Standards and Technologies and our LSS and ETSP segments that utilize payment cards are subject to the Payment Card Industry Data Security Standards. If we fail to comply with the contract provisions or applicable laws, regulations, or standards, or the counterparty exercises its termination or other rights for that or other reasons, our reputation could be negatively affected, and our ability to compete for new contracts or maintain existing contracts could diminish, which in turn could have an adverse impact on our results of operations from existing contracts and future opportunities for new contracts.
Failure to safeguard the privacy of personal information could result in significant legal and reputational harm.The failure to safeguard the privacy of personal information could result in significant legal and reputational harm.
We are subject to complex and evolving laws and regulations, both inside and outside of the U.S., governing the privacy and protection of personal information of individuals. Ensuring the handling and use of personal information complies with applicable laws and regulations in relevant jurisdictions can increase operating costs, impact the development of new products or services, and reduce operational efficiency. Any mishandling or misuse of personal information by us or a third-party affiliate could expose us to litigation or regulatory fines, penalties, or other sanctions. Additional risks could arise if we or an affiliated third party do not provide adequate disclosure or transparency to our customers about the personal information obtained from them and its use; fail to receive, document, and honor the privacy preferences expressed by customers; fail to protect personal information from unauthorized disclosure; or fail to maintain proper training on privacy practices. Concerns about the effectiveness of our measures to safeguard personal information and abide by privacy preferences, or even the perception that those measures are inadequate, could cause the loss of existing or potential customers and thereby reduce our revenue. In addition, any failure or perceived failure to comply with applicable privacy or data protection laws and regulations could result in requirements to modify or cease certain operations or practices, and/or significant liabilities, regulatory fines, penalties, and other sanctions. The regulatory framework for privacy issues is evolving, which is likely to continue. Because the interpretation and application of privacy and data protection laws and privacy standards are still uncertain, it is possible that these laws or privacy standards may be interpreted and applied in a manner that is inconsistent with our practices. Any inability to adequately address privacy concerns, even if unfounded, or to comply with applicable privacy or data protection laws, regulations, and privacy standards, could result in additional cost and liability for us, damage our reputation, and harm our businesses.
24

Nelnet Bank may not be able to achieve its business objectives and effectively deploy loan and deposit strategies in accordance with regulatory requirements.
The banking industry is highly regulated, and the regulatory framework, together with any future legislative changes, may have a significant adverse effect on Nelnet Bank’s operations. The regulatory landscape surrounding industrial banks continues to be scrutinized and banking policy changes may be difficult to predict in advance. Nelnet Bank’s current product offerings are primarily concentrated in loan products for higher education and unsecured consumer lending. Such concentrations and the competitive environment for those products subject the bank to risks that could adversely affect its financial condition. Consumer access to alternative means of financing, the costs of education, interest rates, economic conditions, and other factors may reduce demand for, or adversely affect Nelnet Bank’s ability to originate new and/or retain private education loans. Consumer access to alternative means of financing, the costs of education, interest rates, and other factors may reduce demand for, or adversely affect Nelnet Bank’s ability to, retain private education loans and the bank’s ability to originate new loans.
Nelnet Bank has FDIC-required agreements with Nelnet, Inc. and Michael S. Dunlap (Nelnet, Inc.’s controlling shareholder) in connection with Nelnet, Inc.’s role as a source of financial strength for Nelnet Bank. For additional information, see the MD&A - “Liquidity and Capital Resources - Sources and Needs of Liquidity - Nelnet Bank.” However, any failure to meet minimum capital requirements and FDIC regulations can initiate certain mandatory and possibly additional discretionary actions by regulators that, if undertaken, could have a material adverse impact on our business, financial condition, or results of operations.
In our reinsurance business, we depend on the insurance carriers’ evaluations of the risks associated with their insurance underwriting, which may subject us to reinsurance losses.In our reinsurance business, we depend on our clients’ evaluations of the risks associated with their insurance underwriting, which may subject us to reinsurance losses. If actual claims exceed our claims and claim adjustment expense reserves (“loss reserves”), our financial results could be materially and adversely affected.
In our reinsurance business, in which we assume an agreed percentage of each underlying insurance contract being reinsured, or quota share contracts, we do not separately evaluate each of the original individual risks assumed under these reinsurance contracts. Therefore, we are largely dependent on the original underwriting decisions made by ceding companies. We are subject to the risk that our ceding partners may not have adequately evaluated the insured risks and that the premiums ceded may not adequately compensate us for the risks we assume. We are subject to the risk that our clients may not have adequately evaluated the insured risks and that the premiums ceded may not adequately compensate us for the risks we assume. We also do not separately evaluate each of the individual claims made on the underlying insurance contracts under quota share arrangements, though we maintain rights to audit claim files and practices of the ceding companies. Therefore, we are dependent on the original claims decisions made by our ceding partners.
Our results of operations and financial condition depend upon our ability to accurately assess the potential losses associated with the risks we reinsure.Our results of operations and financial condition will depend upon our ability to accurately assess the potential losses associated with the risks we reinsure. Reserves are estimates at a given time of claims an insurer ultimately expects to pay, generally utilizing actuarial expertise and projection techniques based upon facts and circumstances then known, predictions of future events, estimates of future trends in claim severity, and other variable factors. Reserves are estimates at a given time of claims an insurer ultimately expects to pay, based upon facts and circumstances then known, predictions of future events, estimates of future trends in claim severity, and other variable factors. The process of estimating reserves involves a high degree of judgment and is subject to a number of variables. These variables can be affected by both internal and external events, such as: changes in claims handling procedures completed by ceding companies, including automation; adverse changes in loss cost trends, including inflationary pressures, technology, or other changes that may impact medical, auto, and home repair costs (e.g., more costly technology in vehicles, labor shortages, higher costs of used vehicles and parts, and increased demand and decreased supply for raw materials, all of which results in increased severity of claims); economic conditions, including general and wage inflation; legal trends, including adverse changes in the tort environment that have continued to persist at elevated levels for a number of years (e.g., increased and more aggressive attorney involvement in insurance claims, increased litigation, expanded theories of liability, higher jury awards, lawsuit abuse, and third-party litigation finance, among others); labor shortages, which can result in companies hiring less experienced workers; and legislative changes, among others. The impact of many of these items on ultimate costs for loss reserves could be material and is difficult to estimate.
The inherent uncertainties of estimating loss reserves are generally greater for reinsurance companies as compared to direct primary insurers, primarily due to (i) the lapse of time from the occurrence of an event to the reporting of the claim and the ultimate resolution or settlement of the claim; (ii) the diversity of development patterns among different types of reinsurance treaties; and (iii) the necessary reliance on the ceding company for information regarding claims. The inherent uncertainties of estimating loss reserves are generally greater for reinsurance companies as compared to primary insurers, primarily due to (i) the lapse of time from the occurrence of an event to the reporting of the claim and the ultimate resolution or settlement of the claim; (ii) the diversity of development patterns among different types of reinsurance treaties; and (iii) the necessary reliance on the ceding company for information regarding claims.
Due to the inherent uncertainty underlying loss reserve estimates, the final resolution of the estimated liability for claims and claim adjustment expenses will likely be higher or lower than the related loss reserves at the reporting date. In addition, our estimate of claims and claim adjustment expenses may change. These additional liabilities or increases in estimates, or a range of either, could vary significantly from period to period and could materially and adversely affect our results of operations and/or our financial position.
Our estimation of reserves may be less reliable than the reserve estimations of a reinsurer with a greater volume of business and an established loss history. Our actual losses paid may deviate substantially from the estimates of our loss reserves and could negatively affect our results of operations. If our loss reserves are later found to be inadequate, we would increase our loss reserves with a corresponding reduction in our net income and capital in the period in which we identify the deficiency. We
25

refine our loss reserve estimates as part of a regular, ongoing process as historical loss experience develops, additional claims are reported and settled, and the legal, regulatory, and economic environment evolves. Business judgment is applied throughout the process, including the application of various individual experiences and expertise to multiple sets of data and analyses.
In addition, we have entered into arrangements to cede a portion of our exposure to a third party. Retrocession reinsurance treaties do not relieve us from our obligation to direct writing companies. Failure of retrocessionaires to honor their obligations could result in losses to us.
Climate change manifesting as physical, transition, and regulatory risks could have a material adverse impact on our operations, vendors, and customers.Climate change manifesting as physical or transition risks could have a material adverse impact on our operations, vendors, and customers.
Our businesses, including our reinsurance business, and the activities of our vendors and customers, could be impacted by climate change. Climate change could manifest as a financial risk to us either through changes in the physical climate or from the process of transitioning to a low‑carbon economy, including changes in climate policy, disclosure obligations, or regulation of businesses with respect to risks posed by climate change.

Climate-related physical risks may include altered distribution and intensity of rainfall; prolonged droughts or flooding; increased frequency and severity of wildfires, hurricanes, and tornadoes; rising sea levels; and a rising heat index. Climate-related physical risks may include altered distribution and intensity of rainfall; prolonged droughts or flooding; increased frequency and severity of wildfires, hurricanes, and tornadoes; rising sea levels; and a rising heat index. In our reinsurance business, high levels of catastrophe losses, including as a result of factors such as increased concentrations of insured exposure in catastrophe-prone areas and changing climate conditions, could materially and adversely affect our availability and cost of reinsurance, our results of operations, our financial position, and/or liquidity, which may be limited based on aggregate limits of indemnification.

In addition to possible changes in climate policy and regulation, potential transition risks may include economic and other changes engendered by the development of low‑carbon technological advances and/or changes in consumer and business preferences toward low‑carbon goods and services. In addition to possible changes in climate policy and regulation, potential transition risks may include economic and other changes engendered by the development of low-carbon technological advances and/or changes in consumer and business preferences toward low-carbon goods and services. Regulatory transition risks also include the enactment and implementation of new climate‑related disclosure, reporting, and assurance requirements, including recently adopted California climate disclosure laws and similar or additional ESG‑related reporting regimes that may be adopted by other states or jurisdictions. These requirements may obligate us to collect, verify, and publicly disclose extensive climate‑related data, including greenhouse gas emissions and climate‑related financial risks, across our operations and value chain.

Compliance with such requirements could result in increased operational complexity, costs, and resource demands; reliance on data from third parties over whom we have limited control; heightened exposure to regulatory enforcement actions, fines, penalties, or private litigation; and reputational risks if our disclosures are perceived as incomplete, inaccurate, or inconsistent. The evolving nature of these regulations, differences across jurisdictions, and the potential for overlapping or conflicting requirements could further increase compliance burdens and uncertainty. Additionally, if other states or regulators adopt more expansive, accelerated, or prescriptive ESG or climate‑related disclosure standards, our compliance costs and risks could increase materially.

These climate‑related physical, transition, and regulatory risks could have a financial impact on us, and on our vendors and customers, including declines in asset values; cost increases; reduced availability and/or increased cost of insurance; reduced demand for certain goods and services; increased loan delinquencies, bankruptcies, events of default, and force majeure events; increased interruptions to business operations and services; adverse supply chain impacts; negative consequences to business models; and the need to make changes in response to those consequences, any of which could materially and adversely affect our business, results of operations, financial position, and liquidity.

Failure to successfully manage acquired businesses and assets, as well as other interests, including in venture capital and real estate, could have a material adverse effect on our businesses, financial condition, or results of operations.Our failure to successfully manage acquired businesses and assets, as well as other investments, including venture capital and real estate investments, could have a material adverse effect on our businesses, financial condition, or results of operations.
We have expanded our services and products through business and asset acquisitions, and we anticipate making additional acquisitions to obtain new or enhance existing businesses, products, and services, as well as other deployments of capital, including venture capital and real estate, to further diversify us both within and outside of our historical education-related businesses.We have expanded our services and products through business and asset acquisitions, and we anticipate making additional acquisitions to obtain new or enhance existing businesses, products, and services, as well as other investments, including venture capital and real estate investments, to further diversify us both within and outside of our historical education-related businesses. Any acquisition or other use of capital is subject to a number of risks. Any acquisition or investment is subject to a number of risks. Such risks may include diversion of management time and resources, disruption of our ongoing businesses, difficulties in integrating acquisitions (including potential delays or errors in converting loan servicing portfolio acquisitions to our servicing platform), loss of key employees, degradation of services, difficulty expanding information technology systems and other business processes to incorporate the acquired businesses, extensive regulatory requirements, dilution to existing shareholders if our common stock is issued as consideration, incurring or assuming indebtedness or other liabilities in connection with an acquisition, unexpected declines in real estate values or the failure to realize expected benefits from real estate development projects, lack of familiarity with new
26

markets, and difficulties in supporting new product lines. Our failure to successfully manage acquisitions or other interests, or successfully integrate acquisitions, could have a material adverse effect on our businesses, financial condition, or results of operations. Our failure to successfully manage acquisitions or investments, or successfully integrate acquisitions, could have a material adverse effect on our businesses, financial condition, or results of operations.
We have a significant interest in Hudl. Hudl’s sports performance analysis business is subject to risks related to global market and macroeconomic conditions, competition, advancements in technology, cybersecurity threats, retention of key personnel, and continued demand for its products and services. Hudl’s sports performance analysis business is subject to risks related to global market conditions, new competition, advancements in technology, and continued demand for its products and services. The operating results of any of our interests, including Hudl, could impact the valuation on our financial statements of our interest in them, and we may not be able to fully monetize these investments without a liquidation event.
Reliance on financial models, tools, or third-party data may expose us to risks of inaccurate forecasting, decision-making, and incorrect estimates and assumptions used by management in connection with the preparation of our consolidated financial statements.
We use financial models, analytical tools, and third-party data to support our business operations and to make critical accounting estimates and assumptions, including pricing, credit underwriting, investment analysis, reinsurance actuarial assumptions, allowance for loan losses, financial reporting, and strategic decision-making. These models and tools are inherently limited by their assumptions and may not accurately capture all potential risks, market dynamics, or correlations. Furthermore, unexpected changes in market conditions, inaccurate data inputs, reliance on investment partner or third-party data, or flawed assumptions could result in model outputs that differ significantly from actual outcomes.
The reliance on these models also exposes us to operational risks, including human error, inadequate validation, or lack of proper governance over model and tool use. Any material inaccuracies or failures in our financial models could lead to incorrect estimates or assumptions, suboptimal decision-making, financial losses, or damage to our reputation. Additionally, evolving regulatory standards and scrutiny over the use of models could increase compliance costs and operational challenges, further impacting our ability to effectively use these models.
Regulatory and Legal
Federal and state laws and regulations and changes in the regulatory environment can restrict our businesses and increase compliance costs, and noncompliance could result in penalties, litigation, reputation damage, and a loss of customers.
Our operating segments are heavily regulated by federal and state government regulatory agencies. See Part I, Item 1, "Regulation and Supervision." These agencies and the laws and regulations enforced by them are for the protection of consumers and the applicable industry as a whole, and compliance with these laws and regulations can be difficult and costly. Although we endeavor to comply with our obligations and have procedures and controls in place to monitor compliance with regulatory requirements, these laws and regulations are complex, differ between jurisdictions, and are often subject to interpretation. If we fail to comply with these laws and regulations, even if our failed efforts were in good faith or a result of a difference in interpretation, we could be subject to restrictions on our business activities, incur fines or penalties, lose existing or new customer contracts or other business, become subject to litigation, and suffer damage to our reputation. New laws and regulations or changes to existing laws and regulations can significantly alter our business environment, limit business operations, and increase costs of doing business, and we cannot predict the impact such changes may have on our profitability.
The Trump Administration has advanced efforts to limit the responsibilities of the Department of Education. While we expect that the federal government will continue to provide for the implementation of statutorily authorized programs and functions, any administrative changes to the Department’s programs and functions could have material adverse effect on our profitability.
The CFPB has historically exercised oversight of student loan servicers and continues to retain authority to supervise and enforce compliance with applicable consumer protection laws. Changes in regulatory priorities, enforcement activity, or agency structure may occur over time. If the CFPB were to determine that we are not in compliance with applicable laws, regulations, or guidance, we could be subject to material adverse consequences, including restitution to consumers.
The Trump Administration has expressed an aversion to diversity, equity, and inclusion policies, including instructing government agencies to identify companies to investigate for their diversity, equity, and inclusion policies. The current administration’s views on diversity, equity, and inclusion policies may conflict with stakeholder initiatives on such matters and we may experience conflicts between federal governmental regulations and state government or stakeholder expectations, which could impose additional costs on our business and negatively impact investor and customer sentiment.

Many states have enacted laws regulating and monitoring the activity of loan servicers and require loan servicers to obtain licenses and submit to examinations and ongoing supervision.Many states have enacted laws regulating and monitoring the activity of student loan servicers. Elimination or reduction of federal government regulation by the Trump Administration may increase state regulations and monitoring activities. The rapidly evolving state regulatory landscape
27

increases compliance complexity and costs and creates risk of inconsistent or conflicting requirements. Failure to comply with applicable state laws could result in loss of licenses, enforcement actions, contractual breaches, and litigation.
As a result of the discontinuation of new FFELP loan originations in 2010, our existing FFELP loan portfolio will continue to decline over time.” 32As a result of the discontinuation of new FFELP loan originations in 2010, the existing FFELP loan portfolios in our AGM segment will continue to decline over time.
New loan originations under the FFEL Program were discontinued in 2010, and all subsequent federal student loan originations must be made under the Federal Direct Loan Program. Although this did not alter or affect the terms and conditions of existing FFELP loans, interest income related to existing FFELP loans will decline over time as existing FFELP loans are paid down, refinanced, or repaid by guaranty agencies after default. If we are unable to grow or develop new revenue streams, our consolidated revenue and operating margin will decrease as a result of the decline in FFELP loan volume outstanding.
As of December 31, 2025, the amount of goodwill allocated to the FFELP portfolio reporting unit, part of the AGM operating segment, was $41.9 million. As a result of the FFELP portfolio declining over time, goodwill impairment will be triggered for the AGM operating segment due to the passage of time and depletion of projected cash flows.
International operations expose us to significant regulatory, operational, and geopolitical risks.
Our international operations expose us to legal, regulatory, operational, and geopolitical risks that may adversely affect our business, financial condition, and results of operations. We must comply with diverse and evolving foreign laws governing financial services, payments, sanctions, anti-money laundering and counter-terrorism financing, consumer protection, data privacy, and technology infrastructure, many of which differ from or exceed U.S. requirements. Failure to comply with these obligations, or delays in obtaining necessary licenses or approvals, could result in investigations, penalties, or limits on our ability to operate in certain markets.
International regulations relating to data localization, crossborder data transfers, and privacy may require changes to our systems or processes. We also face exposure to foreign tax regimes, restrictions on repatriating earnings, and currency exchange volatility that can affect revenue, settlement, and operating costs. Our global footprint increases reliance on foreign vendors, cloud providers, partner banks, and payment networks, where differences in regulatory expectations or operational practices may increase compliance, cybersecurity, and continuity risks.
As our international workforce grows, we are increasingly subject to employment laws outside the United States that may be more complex, restrictive, or burdensome. These regulations, including rules on employee classification, notice and severance, collective bargaining, working time, data privacy, mandatory benefits, and limits on fixed term or temporary labor, can materially differ from U.S. requirements.
Operating internationally also heightens exposure to fraud, identity verification challenges, and varying consumer protection rules. In addition, geopolitical and macroeconomic developments including political instability, trade restrictions, capital controls, public health events, and armed conflict may disrupt operations, impact customer behavior, or impair financial markets and payments infrastructure.
Any of these risks, individually or in combination, could increase our costs, limit our ability to conduct business internationally, or negatively impact our operating results.
Exposure related to certain tax issues could decrease our net income.
International, federal, and state tax laws and regulations are often complex and require interpretation. From time to time, we engage in transactions for which the tax consequences are uncertain, and significant judgment is required in assessing and estimating the tax consequences of these transactions. We prepare and file tax returns based on the interpretation of tax laws and regulations and our tax returns are subject to examination by various taxing authorities. Such examinations may result in future tax and interest assessments. In accordance with applicable accounting guidance, we establish reserves for tax contingencies related to deductions and credits that we may be unable to sustain. Differences between these reserves and the amounts ultimately owed are recorded in the period they become known, and adjustments to our reserves could have a material effect on our financial statements. We may also be impacted by changes in tax laws, including tax rate changes, new laws, and subsequent interpretations by applicable authorities. In addition, several states are in a deficit position. Accordingly, states may look to expand their taxable base, alter their tax calculation, or increase tax rates, which could result in additional costs to us.
In addition, as both a lender and servicer of student loans, we must report interest received and cancellation of indebtedness to individuals and the Internal Revenue Service on an annual basis. The statutory and regulatory guidance regarding the calculations, recipients, and timing are complex, and we know that interpretations of these rules vary across the industry. The
28

complexity and volume associated with these informational forms creates a risk of error which could result in penalties or damage to our reputation.
The provisions of our articles of incorporation requiring exclusive forum in the Nebraska state courts and the federal district courts of the United States for certain types of lawsuits may have the effect of discouraging certain lawsuits by limiting plaintiffs’ ability to bring a claim in a judicial forum that they find favorable.
Our articles of incorporation provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, a specifically designated Nebraska state court located in Lincoln, Nebraska (or, if that court does not have jurisdiction, the federal district court for the District of Nebraska located in Lincoln, Nebraska) will be the sole and exclusive forum for: (i) any derivative action or proceeding brought on behalf or in the right of us; (ii) any action asserting a claim of breach of a fiduciary duty owed by any of our directors, officers, or employees to us or our shareholders; (iii) any action asserting a claim arising under any provision of the Nebraska Model Business Corporation Act or our articles of incorporation or bylaws (as each may be amended from time to time); or (iv) any action asserting a claim governed by the internal affairs doctrine.
Additionally, our articles of incorporation provide that, unless we consent in writing to the selection of an alternative forum, to the fullest extent permitted by law, the federal district courts of the United States of America will be the sole and exclusive forum for the resolution of any complaint asserting a cause of action arising under the Securities Act of 1933, as amended.
These exclusive forum provisions may limit the ability of our shareholders to commence litigation in a forum that they prefer, which may discourage such lawsuits against us and our current or former directors, officers, and employees.
Principal Shareholder and Related Party Transactions
Our Executive Chairman beneficially owns 78.6% of the voting rights of our shareholders and effectively has control over all of our matters.
Michael S. Dunlap, our Executive Chairman, beneficially owns 78.6% of the voting rights of our shareholders. Accordingly, each member of the Board of Directors and each member of management has been elected or effectively appointed by Mr. Dunlap and can be removed by him. As a result, Mr. Dunlap has control over all of our matters and has the ability to take actions that benefit him, but may not benefit other minority shareholders, and may otherwise exercise his control in a manner with which other minority shareholders may not agree or which they may not consider to be in their best interest.
Furthermore, as a "controlled company" within the meaning of the NYSE rules, we qualify for and, in the future may opt to rely on, exemptions from certain corporate governance requirements, including having a majority of independent directors, as well as having nominating and corporate governance and compensation committees composed entirely of independent directors. If in the future we choose to rely on such exemptions, the interests of Mr. Dunlap may differ from those of our other stockholders and the other stockholders may not have the same protections afforded to stockholders of companies that are subject to all of the corporate governance rules for NYSE-listed companies. Our status as a controlled company could make our Class A common stock less attractive to some investors or otherwise harm our stock price.
Our contractual arrangements and transactions with Union Bank, which is under common control with us, present conflicts of interest and pose risks to our shareholders that the terms may not be as favorable to us as we could receive from unrelated third parties.
Union Bank is controlled by Farmers & Merchants Investment Inc. (F&M), which is controlled by certain grantor retained annuity trusts established by Mr. Dunlap, his spouse, and Angela L. Muhleisen, a sister of Mr. Dunlap. Mr. Dunlap serves as a Director and Co-Chairperson of F&M, and as a Director of Union Bank. Ms. Muhleisen serves as a Director and Co-Chairperson of F&M and as a Director, Chairperson, and member of the executive committee of Union Bank. Union Bank is deemed to beneficially own a significant number of our shares because it serves in the capacity of trustee or account manager for various trusts and accounts holding our shares and may share voting and/or investment power with respect to such shares. Union Bank is deemed to beneficially own a significant number of our shares because it serves in a capacity of trustee or account manager for various trusts and accounts holding our shares and may share voting and/or investment power with respect to such shares. As of December 31, 2025, Union Bank was deemed to beneficially own 5.6% of the voting rights of our shareholders, and Mr. Dunlap and Ms. Muhleisen beneficially owned 78.6% and 7.6%, respectively, of the voting rights of our shareholders (with certain shares deemed under SEC rules to be beneficially owned by each Union Bank, Mr. Dunlap, and Ms. Muhleisen).
We have entered into, and intend to continue entering into, certain contractual arrangements with Union Bank, including for loan purchases, servicing, participations, banking and lending services, Educational 529 College Savings Plan administration services, lease arrangements, trustee services, and various other investment and advisory services. The net aggregate impact on our consolidated statements of income for the years ended December 31, 2025 and 2024, related to the transactions with Union Bank was income (before income taxes) of $13.8 million and $12.3 million, respectively. The net aggregate impact on our consolidated statements of income for the years ended December 31, 2023, 2022, and 2021 related to the transactions with Union Bank was income (before income taxes) of $9.4 million, $8.9 million, and $11.0 million, respectively. See note 23 of the notes to
29

consolidated financial statements included in this report for additional information related to the transactions between us and Union Bank.
We intend to maintain our relationship with Union Bank, which our management believes provides certain benefits to us, including Union Bank's willingness to provide services, and at times liquidity and capital resources, on an expedient basis, and its proximity to our corporate headquarters in Lincoln, Nebraska.We intend to maintain our relationship with Union Bank, which our management believes provides certain benefits to us, including Union Bank's knowledge of and experience in the FFELP industry, its willingness to provide services, and at times liquidity and capital resources, on an expedient basis, and its proximity to our corporate headquarters in Lincoln, Nebraska.
The majority of the transactions and arrangements with Union Bank are not offered to unrelated third parties or subject to competitive bids. Accordingly, these transactions and arrangements not only present conflicts of interest, but also pose the risk to our shareholders that the terms of such transactions and arrangements may not be as favorable to us as we could receive from unrelated third parties. Moreover, we may have and/or may enter into contracts and business transactions with related parties that benefit Mr. Dunlap and his sister, as well as other related parties, which may not benefit us and/or our minority shareholders.
ITEM 1B.ITEM 1A. UNRESOLVED STAFF COMMENTS
The Company has no unresolved comments from the staff of the Securities and Exchange Commission regarding its periodic or current reports under the Securities Exchange Act of 1934.
ITEM 1C. CYBERSECURITY
The Company’s enterprise-wide cybersecurity program is embedded within and integrated with the enterprise risk management function. The Chief Security Officer is part of our senior leadership team and reports to the Chief Risk Officer. Our Chief Security Officer has over thirty years of cybersecurity, technology, and leadership experience both as a career active-duty military cyber operations officer and in the private sector. The cybersecurity team is organized into three departments: Protective Operations, Vulnerability Management, and Governance, Risk, and Compliance. The cybersecurity team is organized into three departments: Protective Operations, Posture Management, and Governance, Risk, and Compliance. Each of the three departments identifies, assesses, and manages material cybersecurity threats through specific approaches as further described below.
Protective Operations includes the Security Operations Center, cyber threat intelligence, offensive security, and application security teams. New cybersecurity threats surface daily, and existing cybersecurity threats evolve constantly. Our 24x7x365 in-house Security Operations Center is organized to not only monitor for signs of intrusion but also to provide contextual threat intelligence to system and platform owners across the enterprise, empowering them to take an active role in defending the enterprise. The Security Operations Center conducts daily briefings, identifies emerging cyber threats affecting the financial and education sectors, and reviews new tactics, techniques, and procedures utilized by cyber criminals and nation-state cyber actors. The Security Operations Center is also our incident response team, focused on detecting, analyzing, containing, eradicating, and recovering from cyber incidents. The Security Operations Center is also our incident response team, and ensures that the Company is prepared to detect, analyze, contain, eradicate, and recover from cyber incidents. While we have experienced cybersecurity incidents in the past, to date none have materially affected us, including our business strategy, results of operations, or financial condition. Our offensive security team conducts continuous threat-based and risk-based red team activities, and our application security team utilizes a combination of training, tools, code reviews, and awareness designed to ensure that our applications are developed with security at the forefront. We also engage with professional cybersecurity firms to conduct penetration tests on specific systems and applications annually. For more information about the cybersecurity risks we face, see the factors set forth under the caption “Risk Factors” in Part I, Item 1A of this report.
Vulnerability Management includes the vulnerability management, log operations, and architecture and engineering teams.Posture Management includes the vulnerability management, log operations, and architecture and engineering teams. Our vulnerability management team conducts regular scans of our enterprise to look for potential weaknesses and configuration-related issues. Based on the results of these scans, this team routinely patches or works with system and platform owners to resolve identified vulnerabilities. Our log operations team works closely as a bridge between the system owners and our Security Operations Center by logging and monitoring activities on our systems and applications. Our log operations team works closely as a bridge between the system owners and our Security Operations Center by ensuring that activities on our systems and applications are logged and monitored. Our architecture and engineering team manages security appliances and provides security architecture advice and consulting to our information technology and delivery teams throughout the enterprise. When it comes to posture management, our goal is not just to reactively resolve potential vulnerabilities discovered through the vulnerability management process; we also look for ways to prevent vulnerabilities through minimizing system ports, protocols, and services to only that which is necessary. When it comes to posture management, our goal is not just to reactively resolve potential vulnerabilities discovered through the vulnerability management process; we also look for ways to ensure that vulnerabilities don’t materialize through minimizing system ports, protocols, and services to only that which is necessary.
Governance, Risk, and Compliance includes teams dedicated to risk and compliance management.Governance, Risk, and Compliance includes the risk management and compliance management teams. These teams manage the security awareness program, compliance with cyber and privacy regulations, security policies, and prioritizes potential cyber risks that require ongoing monitoring or remediation. This team manages the security awareness program, compliance with cyber and privacy regulations, security policies, and prioritizes potential cyber risks that require ongoing monitoring or remediation. Identified risks are brought to the Cyber Risk Steering Committee for treatment. The Chief Security Officer chairs the committee, which consists of the Deputy Chief Security Officer, cybersecurity managers, various subject matter experts, and (as needed) members of management from operational areas of the business.
The Company’s business segments and support teams also work closely with cybersecurity and enterprise risk management to monitor and manage third-party risks. Managing third-party risks includes maintaining a close and effective working
30

relationship with the information technology procurement, accounting, and legal teams. In addition to identifying risks as part of the third-party selection process, we continuously monitor our third parties using products and services that provide us insight into their attack surface, threats that can impact us through them, and real-world security posture.
Audits are an important part of our layers of defense; they can help us to identify areas in which we have incomplete coverage or ineffective placement of controls. The Company has an independent internal audit team that conducts audits based on their own methodology and assessment and we utilize external cybersecurity auditors, where applicable. In addition, certain lines of business utilize other third-party cybersecurity auditors for Payment Card Industry Data Security Standard (PCI DSS) assessments and PCI Approved Scanning Vendor (ASV) scans; and we are routinely audited by our customers. In addition, certain lines of business utilize other third-party cybersecurity auditors for PCI DSS assessments and PCI ASV scans; and we are routinely audited by our customers.
The Company’s Board of Directors and Board Risk and Finance Committee oversee our integrated enterprise risk management and cybersecurity programs. The Board Risk and Finance Committee receives regular reports from the Chief Risk Officer and Chief Security Officer on key company risks and emerging threats. The Board Risk and Finance Committee receive regular reports from the Chief Risk Officer and Chief Security Officer on key company risks and emerging threats. These reports also include cybersecurity monitoring and threat response metrics, industry trends and educational materials, risk mitigation strategies, regulatory requirements, corporate policies, third-party risk metrics, cybersecurity tools and resources, incident response plans, and other areas of importance. These reports also include cybersecurity monitoring and 35threat response metrics, industry trends and educational materials, risk mitigation strategies, regulatory requirements, corporate policies, third-party risk metrics, cybersecurity tools and resources, incident response plans, and other areas of importance.
Recently Filed
Click on a ticker to see risk factors
Ticker * File Date
AVPT 2 hours ago
NXRT 2 hours ago
SRE 2 hours ago
CABO 2 hours ago
TPC 2 hours ago
BPAC 2 hours ago
WERN 2 hours ago
SDRL 2 hours ago
CHRD 2 hours ago
RYTM 2 hours ago
STEL 2 hours ago
FLOC 2 hours ago
WRBY 2 hours ago
XRAY 2 hours ago
EIG 2 hours ago
DXPE 2 hours ago
AA 2 hours ago
MKL 2 hours ago
ENOV 2 hours ago
MTCH 2 hours ago
KNTK 2 hours ago
WHD 2 hours ago
VCTR 2 hours ago
AUB 2 hours ago
MP 2 hours ago
AMPH 2 hours ago
PBYI 2 hours ago
PJT 2 hours ago
GPCR 2 hours ago
BUSE 2 hours ago
NABL 2 hours ago
Q 2 hours ago
REAL 2 hours ago
DGX 2 hours ago
MTZ 2 hours ago
CTKB 2 hours ago
KGS 2 hours ago
DNA 2 hours ago
ALTG 2 hours ago
WTFC 2 hours ago
NNI 2 hours ago
DEC 2 hours ago
BKU 2 hours ago
VCYT 2 hours ago
JANX 2 hours ago
SHAK 2 hours ago
COLB 2 hours ago
RKLB 2 hours ago
ACRS 2 hours ago
SITC 2 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard