Risk Factors - QNTO

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

$QNTO Risk Factor changes from 00/03/31/22/2022 to 00/03/28/24/2024

Item 1A. Risk Factors. We are marketing for sale of our 51% stake in Oakmont Capital Holdings, LLC, primarily to reduce our asset size and increase our capital ratios. The Bank maintains a 51% ownership interest in Oakmont Capital Holdings, LLC (“Oakmont Capital”), a multi-state equipment finance company based in West Chester, Pennsylvania with a second significant facility located in Albany, Minnesota. We are currently marketing the Bank’s interest in Oakmont Capital for sale in order to reduce our asset size and increase the Bank’s capital ratios. In recent periods, Oakmont Capital has materially contributed to our growth in assets and our non-interest income. While we are currently marketing Oakmont Capital for sale, we may not complete the transaction if we are unable to receive favorable terms for the acquisition. If we complete a sale, we anticipate that our non-interest income will decrease. If we do not complete a sale, we may be required to raise additional capital to support the growth attributable to continued ownership interest in Oakmont Capital. Our ability to raise additional capital, when and if needed, will depend on conditions in the capital markets, economic conditions and a number of other factors, including investor preferences regarding the banking industry, market conditions and governmental activities, many of which are outside of our control, and on our financial condition and performance. Item 1B. Unresolved Staff Comments. Not applicable. Not applicable. 28 Item 1C. Cybersecurity. Overview. Our Board of Directors and management consider information security and cybersecurity as high priorities in our strategic and operational plans. We understand the critical nature of the confidentiality, integrity, and availability of customer and bank sensitive information. Any loss of confidentiality, integrity, or availability introduces operational, compliance, strategic, transactional, reputational, legal, and capital risks which we actively seek to avoid. It is understood that any one of these risks, if realized, will have a negative impact upon Quant Oak Bancorp and Quaint Oak Bank. Our approach to information and cybersecurity is proactive and strives to avoid incidents where possible through the use technical, administrative, and physical controls. Governance. Our efforts for increased information and cybersecurity readiness are driven from the top of the organization. The Board of Directors reviews and approves an Information Technology and Information Security Risk Appetite Statement which guides the actions of the management team, staff members, and supporting third-party service providers. In addition, the Board is active in the review and approval of all policies concerning information technology and information security. The Board further reviews reports provided by the management team regarding the status of Quaint Oak Bank’s GLBA compliance, risk management program, vendor management program, and the results of tests and exercises conducted for business continuity, disaster recovery, cybersecurity incident response, and pandemic response. Lastly, the Board of Directors reviews and approves the budget for information and cybersecurity, ensuring that we have sufficient resources to properly address all current and foreseeable information and cybersecurity threats. Management and Strategy. Senior management takes the guidance provided by the Board of Directors and transforms this guidance into operational priorities which are implemented and maintained by the staff members and third-party service providers. In addition, the senior management team ensures that budgeted resources are allocated in a timely manner to support the various security initiatives. Operational Information Technology and Information Security staff members, and third-party service providers utilize the direction and resources provided by the senior management team to develop procedures, standards, and guidelines to achieve the strategic goals defined by the Board of Directors. Operational and security health is reported monthly to Operating Risk and Executive Committees and the Board of Directors. Recommendations for improvements are shared between operational staff and the senior management team as part of a continuous improvement program for information security and cybersecurity. Operational staff members actively maintain, review, update, and exercise plans and procedures designed to enhance our overall business resiliency. All staff members are trained annually on current information and cybersecurity trends, techniques, and their responsibilities to keep our information confidential, accurate, and available. 29 We also utilize the services of third-party providers to conduct an IT audit, external and internal vulnerability testing, external and internal penetration testing, and social engineering testing on at least an annual basis. The results of these independent audits and tests are sent to the Board of Directors for review. Finally, Quaint Oak Bank complies with its regulatory requirements by having Federal and State safety and security examinations performed on a schedule dictated by the regulatory agencies. The results of these examinations are reviewed and approved by the Board of Directors. Additionally, all findings from these examinations are recorded and prioritized for remediation. Conclusion. Our Board of Directors and management take very seriously the information security and cybersecurity obligations Quaint Oak Bancorp and Quaint Oak Bank have to their respective customers, shareholders, staff members, and regulatory agencies. In support of these obligations, we have and actively maintain a robust information security and cybersecurity program based upon industry best practices, regulatory requirements, and the expertise of staff members and supporting third-party vendors. To our knowledge, we have not had a cybersecurity incident that has materially affected Quaint Oak Bancorp, its business strategy, financial condition, or results of operation. .