Item 1A.

Risk Factors.

Risks Related to Macroeconomic and Political Conditions

We may be adversely affected by changes in economic conditions, especially in our market area.

We are located in southwestern Virginia and northwestern North Carolina, and our local economy is heavily influenced by the furniture and textile industries, both of which have been in decline in recent years. Although we the economy has largely recovered from the COVID-19 pandemic, certain consequences of the pandemic continue to impact the macroeconomic environment and may persist for some time. For example, the COVID-19 pandemic could have long-lasting impacts on certain industries due to changes in consumer behavior and business practices, including remote work and business travel. Further, the growth in economic activity and in the demand for goods and services, coupled with labor shortages, supply chain disruptions, and other factors, has contributed to rising inflationary pressures, the Federal Reserve’s responsive interest rate hikes, and the risk of recession. Changes in general economic or market conditions, whether caused by global, national or local concerns, could influence, among other things, the growth rate of our loans and deposits, the quality of the loan portfolio and loan and deposit pricing. Higher unemployment rates may lead to future increases in past-due and nonperforming loans, thus having a negative impact on the earnings of the Bank. As a result, a decline in general economic conditions caused by inflation, recession, unemployment or other factors beyond our control, could negatively affect our financial condition and performance.

We may be adversely impacted by changes in market conditions.

We are directly and indirectly affected by fluctuations in market conditions, which are subject to rapid or unpredictable change. Market risk generally represents the risk that values of assets and liabilities or revenues will be adversely affected by changes in market conditions. As a financial institution, market risk is inherent in the financial instruments associated with our operations and activities, including loans, deposits, securities, short-term borrowings, long-term debt and trading account assets and liabilities. A few of the market conditions that may shift from time to time, thereby exposing us to market risk, include fluctuations in interest rates, inflation, equity and futures prices, and price deterioration or changes in value due to changes in market perception or actual credit quality of issuers. Our investment securities portfolio, in particular, may be impacted by market conditions beyond our control, including rating agency downgrades of the securities, defaults of the issuers of the securities, lack of market pricing of the securities, and inactivity or instability in the credit markets, and changes in market interest rates. Any changes in these conditions, in current accounting principles or interpretations of these principles could have negative impacts on our investment securities portfolio, including on our returns, unrealized gains or unrealized losses, or our assessment of fair value and thus the determination of other-than-temporary impairment, any of which could have a material adverse effect on our net interest income or our results of operations.

Risks Related to Credit Risks

Our concentration in loans secured by real estate may increase our credit losses, which would negatively affect our financial results.

We offer a variety of secured loans, including commercial lines of credit, commercial term loans, real estate, construction, home equity, consumer and other loans. Many of our loans are secured by real estate (both residential and commercial) in our market area. At December 31, 2023, the Company had $749.7 million of loans secured by real estate outstanding, or 91.68% of its total loans. At December 31, 2021, the Company had $597.8 million of such loans outstanding, or 87.45% of its total loans. A major change in the real estate market, such as deterioration in the value of this collateral, or in the local or national economy, could adversely affect our customers’ ability to pay these loans, which in turn could impact us. Risk of loan defaults and foreclosures are unavoidable in the banking industry, and we try to limit our exposure to this risk by monitoring our extensions of credit carefully. We cannot fully eliminate credit risk, and as a result credit losses may occur in the future.

Should our loan quality deteriorate, and our allowance for credit losses becomes inadequate, our results of operations may be adversely affected.

Our earnings are significantly affected by our ability to properly originate, underwrite and service loans. In addition, we maintain an allowance for credit losses that we believe is a reasonable estimate of known and inherent losses within our loan portfolio. In addition, we maintain an allowance for loan losses that we believe is a reasonable estimate of known and inherent losses within our loan portfolio. We could sustain losses if we incorrectly assess the creditworthiness of our borrowers or fail to detect or respond to deterioration in asset quality in a timely manner. Through a periodic review and consideration of the loan portfolio, management determines the amount of the allowance for credit losses by considering general market conditions, credit quality of the loan portfolio, the collateral supporting the loans and performance of customers relative to their financial obligations. Through a periodic review and consideration of the loan portfolio, management determines the amount of the allowance for loan losses by considering general market conditions, credit quality of the loan portfolio, the collateral supporting the loans and performance of customers relative to their financial obligations.

The amount of future credit losses will be influenced by changes in economic, operating and other conditions, including changes in interest rates, which may be beyond our control, and these losses may exceed current estimates. Although we believe the allowance for credit losses is a reasonable estimate of known and inherent losses in the loan portfolio, we cannot precisely predict such losses or be certain that the credit loss allowance will be adequate in the future. Although we believe the allowance for loan losses is a reasonable estimate of known and inherent losses in the loan portfolio, we cannot precisely predict such losses or be certain that the loan loss allowance will be adequate in the future. While the risk of nonpayment is inherent in banking, we could experience greater nonpayment levels than we anticipate. Further deterioration in the quality of our loan portfolio could cause our interest income and net interest margin to decrease and our provisions for loan losses to increase further, which could adversely affect our results of operations and financial condition.

Federal and state regulators periodically review our allowance for credit losses and may require us to increase our provision for credit losses or recognize further loan charge-offs, based on judgments different than those of management. Any increase in the amount of the provision or loans charged-off as required by these regulatory agencies could have a negative effect on our operating results and financial condition.

Our small-to-medium sized business target market may have fewer financial resources to weather a downturn in the economy.

We target our business development and marketing strategy primarily to serve the banking and financial services needs of small and medium sized businesses. These businesses generally have less capital or borrowing capacity than larger entities. If general economic conditions adversely affect this major economic sector in our markets, our results of operations and financial condition may be adversely affected.

Risks Related to Liquidity and Interest Rate Risk

Our ability to maintain adequate sources of liquidity may be negatively impacted by the economic environment which could adversely affect our financial condition and results of operations.

In managing our consolidated balance sheet, we depend on cash and due from banks, federal funds sold, loan and investment security payments, core deposits, lines of credit with correspondent banks and lines of credit with the Federal Home Loan Bank to provide sufficient liquidity to meet our commitments and business needs, and to accommodate the transaction and cash management needs of clients. Deposit levels and funding costs may be affected by a number of factors, including interest rates paid by competitors, general interest rate levels, returns available to customers on alternative investments, changes in the liquidity needs of our depositors and general economic conditions that affect savings levels and the amount of liquidity in the economy, including government stimulus efforts in response to economic crises. If market interest rates rise or our competitors raise the rates they pay on deposits, our funding costs may increase, either because we raise our rates to avoid losing deposits or because we lose deposits and must rely on more expensive sources of funding. Further, the availability of these funding sources is highly dependent upon the perception of the liquidity and creditworthiness of the financial institution, and such perception can change quickly in response to market conditions or circumstances unique to a particular company. The availability of these funding sources is highly dependent upon the perception of the liquidity and creditworthiness of the financial institution, and such perception can change quickly in response to market conditions or circumstances unique to a particular company. Any event that limits our access to these sources, such as a decline in the confidence of debt purchasers, or our depositors or counterparties, may adversely affect our liquidity, financial position, and results of operations.

In addition, financial challenges at other banking institutions could lead to depositor concerns that spread within the banking industry. In March 2023, Silicon Valley Bank and Signature Bank experienced large deposit outflows coupled with insufficient liquidity to meet withdrawal demands, resulting in the institutions being placed into FDIC receiverships. In the aftermath, there was substantial market disruption and concern that diminished depositor confidence could spread across the banking industry, leading to deposit outflows that could destabilize other institutions. While public confidence in the banking system has stabilized, deposit outflows caused by reputational concerns or events affecting the banking industry generally could adversely affect the Company’s liquidity, financial condition, and results of operations.

We may incur losses if we are unable to successfully manage interest rate risk.

Our profitability will depend in substantial part upon the spread between the interest rates earned on investments and loans and interest rates paid on deposits and other interest-bearing liabilities. Changes in monetary policy, including changes in interest rates, will affect our operating performance and financial condition in diverse ways including the pricing of securities, loans and deposits and the volume of loan originations in our mortgage-origination office. Changes in interest rates will affect our operating performance and financial condition in diverse ways including the pricing of securities, loans and deposits and the volume of loan originations in our mortgage-origination office. We attempt to minimize our exposure to interest rate risk, but we will be unable to eliminate it. Our net interest spread will depend on many factors that are partly or entirely outside our control, including competition, federal economic, monetary and fiscal policies, and economic conditions generally.

In addition, changes in interest rates may negatively affect both the returns on and market value of our investment securities. As we experienced due to rising interest rates in 2023, interest rate changes can reduce unrealized gains or increase unrealized losses in our portfolio and thereby negatively impact our accumulated other comprehensive income and equity levels. Further, such losses could be realized into earnings should liquidity and/or business strategy necessitate the sales of securities in a loss position. Additionally, actual investment income and cash flows from investment securities that carry prepayment risk, such as mortgage-backed securities and callable securities, may materially differ from those anticipated at the time of investment or subsequently as a result of changes in interest rates and market conditions. These occurrences could have a material adverse effect on our net interest income or our results of operations.

Risks Related to Our Business and Industry

Our future success is dependent on our ability to compete effectively in the highly competitive banking industry.

We face vigorous competition from other banks and other financial institutions, including savings and loan associations, savings banks, finance companies and credit unions for deposits, loans and other financial services in our market area. A number of these banks and other financial institutions are significantly larger than we are and have substantially greater access to capital and other resources, as well as larger lending limits and branch systems, and offer a wider array of banking services. In addition, credit unions have been able to increasingly expand their membership definition and, because they enjoy a favorable tax status, may be able to offer more attractive loan and deposit pricing. To a limited extent, we also compete with other providers of financial services, such as money market mutual funds, brokerage firms, consumer finance companies, marketplace lenders and other financial technology firms, insurance companies and governmental organizations which may offer more favorable financing than we can. Many of our non-bank competitors are not subject to the same extensive regulations that govern us. As a result, these non-bank competitors have advantages over us in providing certain services. This competition may reduce or limit our margins and our market share and may adversely affect our results of operations and financial condition.

Our ability to operate profitably may be dependent on our ability to implement various technologies into our operations.

The market for financial services, including banking and consumer finance services, is increasingly affected by advances in technology, including developments in telecommunications, data processing, computers, automation, online banking and tele-banking. The pace of technological change has increased in the "fintech" environment, in which industry-changing technology-driven products and services are often introduced and adopted, including innovative ways that customers can make payments, access products, and manage accounts. Our ability to compete successfully in our market may depend on the extent to which we are able to exploit such technological changes. If we are not able to afford such technologies, properly or timely anticipate or implement such technologies, or effectively train our staff to use such technologies, our business, financial condition or operating results could be adversely affected.

Consumers may decide not to use banks to complete their financial transactions.

Technology and other changes are allowing parties to complete financial transactions through alternative methods that historically have involved banks. The activity and prominence of so-called marketplace lenders and other technological financial service companies have grown significantly over recent years and are expected to continue growing. In addition, consumers can now maintain funds that would have historically been held as bank deposits in brokerage accounts, mutual funds or general-purpose reloadable prepaid cards. Consumers can also complete transactions, such as paying bills and/or transferring funds directly without the assistance of banks. The process of eliminating banks as intermediaries, known as “disintermediation,” could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. If we are unable to address the competitive pressures that we face, we could lose market share, which could result in reduced net revenue and profitability and lower returns. The loss of these revenue streams and the lower cost of deposits as a source of funds could have a material adverse effect on our financial condition and results of operations.

Our exposure to operational risk may adversely affect our business.

We are exposed to many types of operational risk, including reputational risk, legal and compliance risk, the risk of fraud or theft by employees or outsiders, unauthorized transactions by employees or operational errors, including clerical or record-keeping errors or those resulting from faulty or disabled computer or telecommunications systems. Reputational risk, or the risk to our earnings and capital from negative public opinion, could result from our actual alleged conduct in any number of activities, including lending practices, corporate governance, regulatory compliance or the occurrence of any of the events or instances mentioned below, or from actions taken by government regulators or community organizations in response to that conduct. Negative public opinion could also result from adverse news or publicity that impairs the reputation of the financial services industry generally.

Further, if any of our financial, accounting, or other data processing systems fail or have other significant shortcomings, we could be adversely affected. We depend on internal systems and outsourced technology to support these data storage and processing operations. Our inability to use or access these information systems at critical points in time could unfavorably impact the timeliness and efficiency of our business operations. We could be adversely affected if one of our employees causes a significant operational break-down or failure, either as a result of human error or where an individual purposefully sabotages or fraudulently manipulates our operations or systems. We are also at risk of the impact of business disruptions resulting from natural disasters, pandemic, terrorism and international hostilities, including effects on our workforce or systems or for the effects of outages or other failures involving power or communications systems operated by others.

Misconduct by employees could include fraudulent, improper or unauthorized activities on behalf of clients or improper use of confidential information. We may not be able to prevent employee errors or misconduct, and the precautions we take to detect this type of activity might not be effective in all cases. Employee errors or misconduct could subject us to civil claims for negligence or regulatory enforcement actions, including fines and restrictions on our business. In addition, there have been instances where financial institutions have been victims of fraudulent activity in which criminals pose as customers to initiate wire and automated clearinghouse transactions out of customer accounts. Although we have policies and procedures in place to verify the authenticity of our customers, we cannot assure that such policies and procedures will prevent all fraudulent transfers. Such activity can result in financial liability and harm to our reputation.

If any of the foregoing risks materialize, it could have a material adverse effect on our business, financial condition and results of operations.

Natural disasters, severe weather events, acts of war or terrorism, pandemics or endemics, climate change and other external events could significantly impact our business.

Natural disasters, including severe weather events of increasing strength and frequency due to climate change, acts of war or terrorism, pandemics or endemics and other adverse external events could have a significant adverse impact on business operations of the Company, third parties who perform operational services for the Company or the Company’s borrowers and customers. Such events could affect the stability of the Company’s deposit base, create economic or market uncertainty, negatively impact consumer confidence, impair the ability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, result in lost revenue or cause the Company to incur additional expenses. Although the Company’s management has established disaster recovery policies and procedures, the occurrence of any such event could have a material adverse effect on the Company’s business, which, in turn, could have a material adverse effect on the Company’s financial condition and results of operations.

Our operations depend upon third party vendors that perform services for us.

We are reliant upon certain external vendors to provide products and services necessary to maintain our day-to-day operations, including data processing and interchange and transmission services for the ATM network. Accordingly, our success depends on the services provided by these vendors, and our operations are exposed to risk that these vendors will not perform in accordance with the contracted service agreements. Although we maintain a system of policies and procedures designed to monitor and mitigate vendor risks, the failure of an external vendor to perform in accordance with the contracted arrangements under service agreements could disrupt our operations, which could have a material adverse impact on our business and, in turn, our financial condition and results of operations.

Our operations may be adversely affected by cybersecurity risks.

In the ordinary course of business, we and our vendors collect and store sensitive data, including proprietary business information and personally identifiable information of our customers and employees, in systems and on networks. The secure processing, maintenance and use of this information is critical to our operations and business strategy. We have invested in accepted technologies and review processes and practices that are designed to protect our networks, computers and data from damage or unauthorized access. Despite these security measures, our computer systems and infrastructure, or those of our vendors, may be vulnerable to attacks by hackers or breached due to employee error, malfeasance or other disruptions. Despite these security measures, our computer systems and infrastructure may be vulnerable to attacks by hackers or breached due to employee error, malfeasance or other disruptions. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by the Bank and its customers. A breach of any kind could compromise systems and the information stored there could be accessed, damaged or disclosed. A breach in security could result in legal claims, regulatory penalties, reimbursement of fraudulent transfers, disruption in operations and damage to our reputation, which could adversely affect our business. For additional discussion of our response to cybersecurity risk, please refer to Item 1C. “Cybersecurity” below.

Our inability to successfully manage growth or implement our growth strategy may adversely affect our results of operations and financial condition.

A key aspect of our long-term business strategy is our continued growth and expansion. We may not be able to successfully implement this strategy if we are unable to identify attractive expansion locations or opportunities in the future. In addition, our successful implementation and management of growth will be contingent upon whether we can maintain appropriate levels of capital to support our growth, maintain control over expenses, maintain adequate asset quality, attract talented bankers and successfully integrate into the organization any branches or businesses acquired. As we continue to implement our growth strategy, we expect to incur increased personnel, occupancy and other operating expenses. In many cases, our expenses will increase prior to the income we expect to generate from the growth. For instance, in the case of new branches, we must absorb these expenses prior to or as we begin to generate new deposits, and there is a further time lag involved in redeploying the new deposits into attractively priced loans and other higher yielding earning assets. Thus, our plans to branch or expand loan or mortgage operations could depress earnings in the short run, even if we are able to efficiently execute our strategy.

In addition, our business strategy involves branch expansion in North Carolina, with several branches opening in new markets in western North Carolina in 2020 and 2022. The banking business in western North Carolina is competitive, and the level of competition may increase further. There can be no assurance that the Company will be able to successfully compete in this competitive market, or that we will be able to successfully manage additional growth in western North Carolina. There can be no assurance that Parkway will be able to successfully compete in this competitive market, or that we will be able to successfully manage additional growth in western North Carolina. Because of our limited participation in these new markets, there may be unexpected challenges and difficulties that could adversely affect our operations.

Risks Related to the Regulatory Environment

An inability to maintain our regulatory capital position could adversely affect our operations.

As of December 31, 2023, the Bank was classified as “well capitalized” for regulatory capital purposes. If we do not maintain the expected levels of regulatory capital in the future, it could increase the regulatory scrutiny on the Company and the Bank, and the OCC could establish individual minimum capital ratios or take other regulatory actions against us. If we do not maintain the expected levels of regulatory capital in the future, it could increase the regulatory scrutiny on Parkway and the Bank, and the OCC could establish individual minimum capital ratios or take other regulatory actions against us. Further, if the Bank were no longer “well capitalized” for regulatory capital purposes, it would not be able to offer interest rates on deposit accounts that are significantly higher than the average rates in its market area. As a result, it may be more difficult for us to increase deposits. If we are not able to attract new deposits, our ability to fund our loan portfolio may be adversely affected. In addition, the Bank is subject to a capital conservation buffer designed to absorb losses during periods of economic stress. Banking institutions with a ratio of common equity Tier 1 to risk-weighted assets above the minimum capital requirements but below the conservation buffer will face constraints on dividends, equity repurchases, and compensation based on the amount of the shortfall. We also could be required to pay higher insurance premiums to the FDIC if our capital position declines, which would reduce our earnings. We also could be required to pay higher insurance premiums to the FDIC if our capital position declines, which would reduce our earnings. Any of the foregoing could have a material adverse effect on our operations or financial condition. Any of the foregoing could have a material adverse effect on our operations or financial condition.

Our profitability may suffer because of rapid and unpredictable changes in the highly regulated environment in which we operate.

We are subject to extensive supervision by several governmental regulatory agencies at the federal and state levels. Recently enacted, proposed and future banking legislation and regulations have had, and will continue to have, a significant impact on the financial services industry. These regulations, which are intended to protect depositors and other customers and not our shareholders, and the interpretation and application of them by federal and state regulators, are beyond our control, may change rapidly and unpredictably and can be expected to influence our earnings and growth. These regulations, which are intended to protect depositors and not our shareholders, and the interpretation and application of them by federal and state regulators, are beyond our control, may change rapidly and unpredictably and can be expected to influence our earnings and growth.

For example, the CFPB has recently pursued a more aggressive enforcement policy with respect to a range of regulatory compliance matters, specifically including fair lending, loan servicing, financial institution sales and marketing practices, and financial institution consumer fee and account management practices. In 2023, the CFPB brought enforcement actions against a number of financial institutions for overdraft practices that the CFPB alleged to be unlawful and ordered each of these institutions to pay a substantial civil money penalty in addition to customer restitution. Despite our ongoing compliance efforts, we may become subject to regulatory enforcement actions with respect to our programs and practices. The costs and limitations related to this additional regulatory scrutiny with respect to consumer product offerings and services may adversely affect the Company’s profitability.

We are subject to stringent capital requirements, which could adversely affect our results of operations and future growth.

In 2013, the Federal Reserve, the FDIC and the OCC approved a new rule that substantially amended the regulatory risk-based capital rules applicable to us. The final rule implemented the “Basel III” regulatory capital reforms and changes required by the Dodd-Frank Act. The final rule included new minimum risk-based capital and leverage ratios that became effective for us on January 1, 2015, and refined the definition of what constitutes “capital” for purposes of calculating these ratios. These minimum capital requirements are: (i) a new common equity Tier 1 (“CET1”) capital ratio of 4.5%; (ii) a Tier 1 to risk-based assets capital ratio of 6%; (iii) a total capital ratio of 8%; and (iv) a Tier 1 leverage ratio of 4%. The new minimum capital requirements are: (i) a new common equity Tier 1 (“CET1”) capital ratio of 4.5%; (ii) a Tier 1 to risk-based assets capital ratio of 6%; (iii) a total capital ratio of 8%; and (iv) a Tier 1 leverage ratio of 4%. The final rule also established a “capital conservation buffer” of 2.5% above the new regulatory minimum capital ratios, and when fully effective on January 1, 2019, resulted in the following minimum ratios: (a) a common equity Tier 1 capital ratio of 7.0%; (b) a Tier 1 to risk-based assets capital ratio of 8.5%; and (c) a total capital ratio of 10.5%. An institution will be subject to limitations on paying dividends, engaging in share repurchases, and paying discretionary bonuses if its capital level falls below the buffer amount. These limitations will establish a maximum percentage of eligible retained income that can be utilized for such activities. In addition, the final rule provides for a number of new deductions from and adjustments to capital and prescribes a revised approach for risk weightings that could result in higher risk weights for a variety of asset categories.

While the Economic Growth Act provided some relief through the establishment of a simplified leverage capital framework for smaller banks, these more stringent capital requirements for us could, among other things, result in lower returns on equity, require the raising of additional capital, adversely affect our future growth opportunities, and result in regulatory actions such as a prohibition on the payment of dividends or on the repurchase shares if we were unable to comply with such requirements.

Government measures to regulate the financial industry could materially affect our businesses, financial condition or results of operations.

As a financial institution, we are heavily regulated at the state and federal levels. Banking regulations generally are intended to protect depositors, not investors, and regulators have broad interpretive and enforcement powers beyond our control that may change rapidly and unpredictably and could influence our earnings and growth. Our success depends on our continued ability to comply with these regulations. Future changes in the laws or regulations or their interpretations or enforcement could be materially adverse to us and our shareholders.

Further, banks have faced, and expect to continue to face, increased public and legislative scrutiny as well as stricter and more comprehensive regulation of our financial services practices. In July 2010, the Dodd-Frank Act was signed into law and has increased our compliance costs in the short term. We expect that financial institutions will remain heavily regulated in the near future and that additional laws or regulations may be adopted further regulating specific banking practices. The ultimate impact of current or future legislation on our businesses and results of operations, will depend on regulatory interpretation and rulemaking, as well as the success of our actions to mitigate the negative earnings impact of certain provisions.

Changes in accounting standards could impact reported earnings and capital.

The authorities that promulgate accounting standards, including the Financial Accounting Standards Board (the “FASB”), the SEC, and other regulatory authorities, periodically change the financial accounting and reporting standards that govern the preparation of the Company’s consolidated financial statements. These changes are difficult to predict and can materially impact how the Company records and reports its financial condition and results of operations. In some cases, the Company could be required to apply a new or revised standard retroactively, resulting in the restatement of financial statements for prior periods. Such changes could also impact the capital levels of the Company and the Bank, or require the Company to incur additional personnel or technology costs.

Increasing scrutiny and evolving expectations from customers, regulators, investors, and other stakeholders with respect to environmental, social and governance (“ESG”) practices may impose additional costs on the Company or expose it to new or additional risks.

Companies are facing increasing scrutiny from customers, regulators, investors, and other stakeholders related to ESG practices and disclosure. Investor advocacy groups, investment funds, and influential investors are also increasingly focused on these practices, especially as they relate to climate risk, hiring practices, the diversity of the work force, and racial and social justice issues. Increased ESG-related compliance costs could result in increases to the Company’s overall operational costs. Increased ESG related compliance costs could result in increases to the Company’s overall operational costs. Failure to adapt to or comply with regulatory requirements or investor or stakeholder expectations and standards could negatively impact the Company’s reputation, ability to do business with certain partners, and the Company’s stock price. New government regulations could also result in new or more stringent forms of ESG oversight and expanding mandatory and voluntary reporting, diligence, and disclosure.

Climate change and related legislative and regulatory initiatives may result in operational changes and expenditures that could significantly impact the Company’s business.

The current and anticipated effects of climate change are creating an increasing level of concern for the state of the global environment. As a result, political and social attention to the issue of climate change has increased. Federal and state legislatures and regulatory agencies have continued to propose and advance numerous legislative and regulatory initiatives seeking to mitigate the effects of climate change. The federal banking agencies have emphasized that climate-related risks are faced by banking organizations of all types and sizes and are in the process of enhancing supervisory expectations regarding banks’ risk management practices. In December 2021, the OCC published proposed principles for climate risk management by banking organizations with more than $100 billion in assets. The OCC also has appointed its first ever Climate Change Risk Officer and established an internal climate risk implementation committee in order to assist with these initiatives and to support the agency’s efforts to enhance its supervision of climate change risk management. Similar and even more expansive initiatives are expected, including potentially increasing supervisory expectations with respect to banks’ risk management practices, accounting for the effects of climate change in stress testing scenarios and systemic risk assessments, revising expectations for credit portfolio concentrations based on climate-related factors and encouraging investment by banks in climate-related initiatives and lending to communities disproportionately impacted by the effects of climate change. Similar and even more expansive initiatives are expected, including potentially increasing supervisory expectations with respect to banks’ risk management practices, accounting for the effects of climate change in stress testing scenarios and systemic risk assessments, revising expectations for credit portfolio concentrations based on climate-related factors and encouraging investment by banks in climate-related initiatives and lending to communities disproportionately impacted by the effects of climate change. To the extent that these initiatives lead to the promulgation of new regulations or supervisory guidance applicable to the Company, the Company would likely experience increased compliance costs and other compliance-related risks.

The lack of empirical data surrounding the credit and other financial risks posed by climate change render it impossible to predict how specifically climate change may impact the Company’s financial condition and results of operations; however, the physical effects of climate change may also directly impact the Company. Specifically, unpredictable and more frequent weather disasters may adversely impact the value of real property securing the loans in the Bank’s loan portfolio. Additionally, if insurance obtained by borrowers is insufficient to cover any losses sustained to the collateral, or if insurance coverage is otherwise unavailable to borrowers, the collateral securing loans may be negatively impacted by climate change, which could impact the Company’s financial condition and results of operations. Further, the effects of climate change may negatively impact regional and local economic activity, which could lead to an adverse effect on customers and impact the communities in which the Company operates. Overall, climate change, its effects and the resulting, unknown impact could have a material adverse effect on the Company’s financial condition and results of operations.

Item 1B.

Unresolved Staff Comments.

None.

Item 1C.

Cybersecurity.

Cybersecurity Risk Management and Strategy

Cybersecurity risks are constantly evolving and becoming increasingly pervasive across all industries. To mitigate these risks and protect sensitive customer data, financial transactions and our information systems, the Company has implemented a comprehensive cybersecurity risk management program, which is a component of its overarching enterprise risk management program. Key components of the cybersecurity risk management program include:

The Company engages reputable third-party assessors to conduct various independent risk assessments on a regular basis, including but not limited to maturity assessments and various testing. Following a defense-in-depth strategy, the Company leverages both in-house resources and third-party service providers to implement and maintain processes and controls to manage the identified risks.

Our Third-Party Risk Management program is designed to ensure that our vendors meet our cybersecurity requirements. This includes conducting periodic risk assessments of vendors, requiring vendors to implement appropriate cybersecurity controls and monitoring vendor compliance with our cybersecurity requirements.

The Company’s cybersecurity risk management program and strategy are designed to protect the company's information and information systems from a variety of threats, both natural and man-made. Periodic risk assessments are performed to validate control requirements and ensure that the Company’s information is protected at a level commensurate with its sensitivity, value, and criticality. Preventative and detective security controls are employed on all media where information is stored, the systems that process it, and infrastructure components that facilitate its transmission to protect the confidentiality, integrity, and availability of Company information. These controls include, but are not limited to access control, data encryption, data loss prevention, incident response, security monitoring, third party risk management, and vulnerability management.

The Company's cybersecurity risk management program and strategy are regularly reviewed and updated to ensure that they are aligned with the Company's business objectives and are designed to address evolving cybersecurity threats and satisfy regulatory requirements and industry standards.

Material Effects of Cybersecurity Threats

While cybersecurity risks have the potential to materially affect the Company's business, financial condition, and results of operations, the Company does not believe that risks from cybersecurity threats or attacks, including as a result of any previous cybersecurity incidents, have materially affected the Company, including its business strategy, results of operations or financial condition. However, the sophistication of cyber threats continues to increase, and the Company’s cybersecurity risk management and strategy may be insufficient or may not be successful in protecting against all cyber incidents. Accordingly, no matter how well designed or implemented the Company’s controls are, it will not be able to anticipate all cyber security breaches, and it may not be able to implement effective preventive measures against such security breaches in a timely manner. For more information on how cybersecurity risk may materially affect the Company’s business strategy, results of operations or financial condition, please refer to Item 1A. “Risk Factors” above.

Governance

Board of Directors Oversight

The Company’s Board of Directors is charged with overseeing the establishment and execution of the Company’s risk management framework and monitoring adherence to related policies required by applicable statutes, regulations and principles of safety and soundness. Consistent with this responsibility the Board has delegated primary oversight responsibility over the Company’s risk management framework, including oversight of cybersecurity risk and cybersecurity risk management, to the Technology Committee of the Board of Directors. The Technology Committee receives regular updates on cybersecurity risks and incidents and the cybersecurity program through direct interaction with the Chief Operations Officer and the Information Security Officer and provides periodic updates regarding cybersecurity risks and the cybersecurity program to the full Board of Directors. Additionally, awareness and training on cybersecurity topics is provided to the Board on an annual basis.

Management's Role

The Company’s information security program is primarily administered at the management level by the Information Security Officer, and is supported by the Information Technology Department, which is led by the Chief Operations Officer. The Information Security Officer is responsible for day-to-day management of the Company’s information security program, including data loss prevention, access control, threat monitoring, incident response and employee education and training. The Company also maintains policies related to cybersecurity and data security that provide the required governance and technical aspects for the information security program. Each policy is mapped to applicable regulatory guidance, and is reviewed and approved by the Board annually.