Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - WTFC

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A.


			16

Broker-Dealer and Investment Adviser Regulation

Wintrust Investments has previously been subject to extensive regulation under federal and state securities laws. Wintrust Investments was registered as a broker-dealer with the SEC and in all 50 states, the District of Columbia and the U.S. Virgin Islands until August 2025 and was registered as an investment adviser with the SEC until January 2025. Wintrust Investments deregistered as a broker-dealer and investment adviser because Wintrust Investments transitioned support of the wealth management business of Wintrust Investments and certain private client business at GLA to a platform operated by LPL Financial. As previously announced by Wintrust Investments, this transition is expected to allow Wintrust and GLA to focus on the growth of their wealth management business, while outsourcing most of their operational and compliance support to LPL Financial. GLA continues to be registered as an investment adviser with the SEC and is subject to extensive regulation under federal and state securities laws.

Wintrust Investments was a member of several self-regulatory organizations (“SROs”), including FINRA, until it deregistered as a broker-dealer. In its capacity as a broker-dealer, Wintrust Investments was previously subject to SEC and SRO rules that governed all aspects of business in the securities industry and was subject to periodic examinations of member firms. Wintrust Investments is also subject to regulation by state securities commissions in states in which it conducts business. GLA is registered only with the SEC as an investment adviser, but certain of its advisory personnel are subject to regulation by state securities regulatory agencies.

The principal purpose of regulation and discipline of investment firms is the protection of customers, clients and the securities markets rather than the protection of creditors and shareholders of investment firms. Sanctions that may be imposed for failure to comply with laws or regulations governing investment advisers include the suspension of individual employees, limitations on an adviser’s engaging in various asset management activities for specified periods of time, the revocation of registrations, other censures and fines. Wintrust Investments was previously subject to these regulations until it deregistered as an investment adviser.

Incentive Compensation

The federal banking agencies have issued joint guidance on incentive compensation designed to ensure that the incentive compensation policies of banking organizations, such as us and our subsidiary banks, do not encourage imprudent risk taking and are consistent with the safety and soundness of the organization. It is unclear when, if ever, a rule will be finalized.

The Nasdaq listing standards required compliance by November 28, 2023.

De Novo Branching and De Novo Banks

With the approval of applicable regulators, national banks and state banks may establish de novo branches in states other than their home state as if such state was the bank’s home state.

For a three-year period, newly chartered banks are subject to enhanced supervisory procedures, including higher capital requirements, more frequent examinations and other requirements.

Anti-Tying Provisions

Each of our subsidiary banks is prohibited from conditioning the availability of any product or service, or varying the price for any product or service, on the requirement that the customer obtain some additional product or service from the bank or any of its affiliates, other than loans, deposits and trust services.


			17

Transactions with Affiliates

Certain transactions between a bank and its holding company or other non-bank affiliates are subject to various restrictions imposed by state and federal law and regulation. Such “covered transactions” include loans and other extensions of credit by the bank to the affiliate, investments in securities issued by the affiliate, purchases of assets from the affiliate, certain derivative transactions that create a credit exposure to an affiliate, the acceptance of securities issued by the affiliate as collateral for a loan, and the issuance of a guarantee, acceptance or letter of credit on behalf of the affiliate. In general, these affiliate transaction rules limit the number of covered transactions between an institution and a single affiliate, as well as the aggregate amount of covered transactions between an institution and all of its affiliates. In addition, covered transactions that are credit transactions must be secured by acceptable collateral, and all affiliate transactions, including those that do not qualify as covered transactions, must be on terms that are at least as favorable to the bank as then-prevailing in the market for comparable transactions with unaffiliated entities. Transactions between affiliated banks may be subject to certain exemptions under applicable federal law.

Community Reinvestment Act

Under the CRA, insured depository institutions, including our subsidiary banks, have a continuing and affirmative obligation to help meet the credit needs of its entire community, including low and moderate-income neighborhoods. The CRA does not establish specific lending requirements or programs for insured depository institutions, nor does it limit an insured depository institution’s discretion to develop the types of products and services that it believes are best suited to its particular community, consistent with the CRA. However, insured depository institutions are rated on their performance in meeting the needs of their communities. The CRA requires each federal banking agency to take an insured depository institution’s CRA record into account when evaluating certain applications by the insured depository institution or its holding company, including applications for charters, branches and other deposit facilities, relocations, mergers, consolidations, acquisitions of assets or assumptions of liabilities, and bank and savings association acquisitions. An unsatisfactory record of performance may be the basis for denying or conditioning approval of an application by an insured depository institution or its holding company. The CRA also requires that all institutions publicly disclose their CRA ratings. Each of our subsidiary banks received a “satisfactory” or better rating from the OCC on its most recent CRA performance evaluation.

Compliance with Consumer Protection Laws

Our subsidiary banks and some other operating subsidiaries are subject to a variety of federal and state statutes and regulations designed to protect consumers. In addition, the Dodd-Frank Act authorizes state attorneys general and other state officials to enforce consumer protection rules issued by the CFPB. State authorities have recently increased their focus on and enforcement of consumer protection rules.

Interest and other charges collected or contracted for by banks are subject to state usury laws and federal laws concerning interest rates.

Loan operations are also subject to federal laws and regulations applicable to credit transactions, such as:

Issued by the CFPB:

•The federal Truth-In-Lending Act and Regulation Z governing disclosures of credit terms to consumer borrowers;

•The Real Estate Settlement Procedures Act and Regulation X requiring that borrowers for mortgage loans for one- to four-family residential real estate receive various disclosures, including good faith estimates of settlement costs, lender servicing and escrow account practices, and prohibiting certain practices that increase the cost of settlement services;

•The Home Mortgage Disclosure Act and Regulation C requiring financial institutions to provide information to enable the public and public officials to determine whether a financial institution is fulfilling its obligation to help meet the housing needs of the community it serves;

•The Equal Credit Opportunity Act and Regulation B prohibiting discrimination on the basis of various prohibited factors in extending credit;

•The Fair Credit Reporting Act and Regulation V governing the use and provision of information to consumer reporting agencies; and

•The Fair Debt Collection Practices Act and Regulation F governing the manner in which consumer debts may be collected by collection agencies;


			18

Issued by others:

•The Service Members Civil Relief Act, applying to all debts incurred prior to commencement of active military service (including credit card and other open-end debt) and limiting the amount of interest, including service and renewal charges and any other fees or charges (other than bona fide insurance) that is related to the obligation or liability; and

•The guidance of the various federal agencies charged with the responsibility of implementing such federal laws.

Deposit operations are subject to, among others:

Issued by the CFPB:

•The Truth in Savings Act and Regulation DD which require disclosure of deposit terms to consumers; and

•The Electronic Fund Transfer Act and Regulation E which governs automatic deposits to and withdrawals from deposit accounts and customers’ rights and liabilities arising from the use of automated teller machines and other electronic banking services;

Issued by others:

•Regulation CC issued by the Federal Reserve Board, which relates to the availability of deposit funds to consumers; and

•The Right to Financial Privacy Act, which imposes a duty to maintain the confidentiality of consumer financial records and prescribes procedures for complying with administrative subpoenas of financial records.

There are consumer protection standards that apply to functional areas of operation rather than applying only to loan or deposit products. Our subsidiary banks and some other operating subsidiaries are also subject to certain state laws and regulations designed to protect consumers.

The CFPB has promulgated many mortgage-related final rules since it was established, including rules related to the ability to repay and qualified mortgage standards, mortgage servicing standards, loan originator compensation standards, high-cost mortgage requirements, Home Mortgage Disclosure Act requirements and appraisal and escrow standards for higher priced mortgages. Most of the provisions of these mortgage-related final rules are currently effective. In addition, several proposed revisions to mortgage-related rules are pending finalization. These rules have impacted, and may continue to impact, the business practices of mortgage lenders, including the Company.

In order to ensure compliance with all mortgage-related rules and regulations, the Company consolidated its consumer mortgage loan origination and loan servicing operations primarily within Wintrust Mortgage. All consumer mortgage applications are taken through Wintrust Mortgage, which has extensively trained loan originators located at many of our branches. While in certain limited cases our banks may offer specialized consumer mortgages to our customers, substantially all consumer mortgages for all of our banks are originated and closed by Wintrust Mortgage. Wintrust Mortgage then sells loans to third parties or to our banks. To the extent that we retain consumer mortgage loans in our bank portfolios, our banks have engaged Wintrust Mortgage to provide loan servicing.

In March 2023, the CFPB issued the “Small Business Lending Rule” to implement Section 1071 of the Dodd-Frank Act for the stated purpose of increasing transparency in small business lending, promoting economic development and combating unlawful discrimination. Under this rule, covered lenders, including the Company’s bank subsidiaries, are required to collect and report information about the small business credit applications they receive, including geographic and demographic data, lending decisions and the price of credit. As a result of court orders in litigation, on October 2, 2025, the CFPB extended compliance dates for the Small Business Lending Rule to begin on June 1, 2027. On November 13, 2025, the CFPB issued a proposed rule to revise certain provisions of the Small Business Lending Rule from 2023. The Company continues to monitor developments relating to this rule and evaluate the potential impacts on the Company.

In October 2024, the CFPB finalized a rule to implement Section 1033 of the Dodd-Frank Act, sometimes referred to as the Dodd-Frank Act’s “open banking” provision, which would require certain entities, including the Company and our bank subsidiaries, to comply with an established framework to govern consumer access to electronic financial data. In general, the rule would require, among other things, data providers holding a consumer account, such as our bank subsidiaries, to establish a developer interface satisfying certain data security specifications and other standards, through which the data provider can receive requests for, and provide, specific types of data covered by the rule in electronic, usable form to authorized third parties, including data aggregators. Under the rule, data providers would be prohibited from, among other things, charging consumers or third parties fees for processing these consumer data requests. The rule also would place certain data security, authorization and other obligations on third parties accessing covered data from data providers, which could include the Company and our bank subsidiaries when acting in certain capacities. The rule requires third parties to limit their collection, use, and retention of the data received to only what is reasonably necessary to provide the consumers’ requested product or service. In August 2025, the CFPB issued an advanced notice of proposed rulemaking to reconsider its final rule and, in October 2025, a district court


			19

issued a preliminary injunction preventing the CFPB from enforcing the final rule until the CFPB has completed its reconsideration of the rule. The Company continues to monitor developments relating to this rule and evaluate the potential impacts on the Company and our bank subsidiaries.

Changes to consumer protection regulations, including those promulgated by the CFPB, could affect our business but the likelihood, timing and scope of any such changes and the impact any such change may have on us cannot be determined with any certainty. See Item 1A. Risk Factors.

Debit Interchange

We are subject to a statutory requirement that interchange fees for electronic debit transactions that are paid to or charged by payment card issuers, including our bank subsidiaries, be reasonable and proportional to the cost incurred by the issuer. Regulation II also, among other things, specifies that debit card issuers should enable all debit card transactions, including card-not-present transactions such as online payments, to be processed on at least two unaffiliated payment card networks. As an issuer with over $10 billion in assets, we are subject to Regulation II.

In October 2023, the Federal Reserve released a notice of proposed rulemaking that would lower the maximum interchange fee that a large debit card issuer can receive on a debit card transaction. Under the proposal, initially the base component would decrease from 21.0 cents to 14.4 cents, the ad valorem component would decrease from 5.0 basis points to 4.0 basis points multiplied by the value of the transaction, and the fraud-prevention adjustment would increase from 1.0 cents to 1.3 cents for the debit card transactions performed from the effective date of the final rule to June 30, 2025. In addition, the proposal would adopt an approach for future adjustments to the interchange fee cap, which would occur every other year based on issuer cost data gathered from large debit card issuers. We will continue to monitor the status of the proposed rule and are in the process of evaluating this proposed rulemaking and assessing the scale of its adverse impact on the Company and our bank subsidiaries, if adopted as proposed.

Human Capital Resources

Since its formation, Wintrust has held the objective of aiming to differentiate itself by offering customers a highly-personalized banking experience, through staff that is warm, friendly, and responsive. Wintrust expects each of its employees to embody that original mission by serving as brand ambassadors each day, within each community served by our banks and other business units.

Workforce Overview

As of December 31, 2025, Wintrust employed 5,902 full-time equivalent employees in the U.S. and Canada. None of our employees are represented by a collective bargaining agreement and we consider our employee relations to be good.

Talent Recruiting and Retention

At Wintrust we recognize that attracting, motivating and retaining talent at all levels is vital to continuing our success. Turnover for the entire Wintrust enterprise for the year was approximately 12% and voluntary departures accounted for approximately 83% of the total turnover.

In addition to competitive, performance-based compensation plans, we provide employees with comprehensive benefits packages. Wintrust consistently monitors and adapts its total rewards program design to reflect both market changes and employee feedback.


			20

People and Culture

Wintrust strives to promote an inclusive culture where every employee can be successful, and one that best supports the communities we serve. To further support inclusion across Wintrust, we have taken the following steps, each administered in compliance with applicable legal requirements:

•We have a formal equal employment opportunity policy which requires that persons are recruited, hired, assigned, promoted and subject to personnel action without regard to race, national origin, religion, age, color, sex, sexual orientation, gender identity, gender expression, disability, protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. We also have a formal policy prohibiting sexual harassment in the workplace, reinforced by annual mandatory trainings for all employees.

•We maintain equal opportunity compliance programs for Individuals with Disabilities and Protected Veterans. We do outreach to these groups regarding job opportunities at Wintrust and provide reasonable accommodations through the interactive process when requested.

•We continued the Paired To Win: Mentoring, a program launched in 2023 leveraging a user-friendly online platform designed to enable access to mentoring for all employees across the enterprise. At the conclusion of the program’s third year, we achieved a total of 778 completed mentoring relationships and 4,219 hours of mentoring completed by participants. In 2025, we had 15% employee participation in mentoring across the enterprise. The program’s success has been evident in its far-reaching impact. We saw comparable participation numbers across each entity, showcasing the program’s broad appeal and effectiveness.

•As part of our continued investment in building for our future, we launched our first cohort of the Paired To Win: Collective. This program focuses on preparing high-performing, high-potential people managers to become our future leaders. This program is a reshaping of the Paired To Win: Advocacy program that had two cohorts previously and is intended to allow us to reach and develop high-potential talent earlier in their leadership journey. The nine-month pilot began in September 2025 and will run through May 2026. There are twelve Proteges paired with twelve senior leaders for advocacy and development through coaching, workshops, and other opportunities to broaden their connections across the organization. The program has participation from across the enterprise.

•We drive employee engagement and further foster organizational inclusiveness through business resource groups (“BRGs”), which are grassroots networks of employees who provide unique perspective to real business challenges such as the human capital matters of talent attraction, hiring and development, as well as market awareness to drive continued success for Wintrust. BRGs are open to all employees across the enterprise and are one way that we break down barriers and build community. We currently have five established BRGs: Women of Wintrust, Multicultural Professionals Network, Leadership Coalition, PRISM, and Career Navigation.

Talent Pathways – Employee Development Overview

Talent Pathways reflects Wintrust’s continued commitment to investing in our employees and building the organizational capability required to support sustainable growth. Through an integrated approach spanning Talent Development, Talent Experience, and Leadership Development, we deliver the development solutions designed to meet employees where they are while preparing them for future roles and responsibilities across the organization.

Talent Development offerings are delivered through our learning management system, Wintrust University, which provides employees with access to a broad and continually evolving curriculum. As of year-end, Wintrust University offered a total of 1,547 courses, including 522 courses supporting core banking topics, 178 courses focused on professional and business skills, and 847 customized training courses tailored to specialized roles and business needs across the enterprise. This portfolio supports both role-based proficiency and continuous skill development aligned to business strategy and risk management priorities.

Talent Experience initiatives are designed to promote engagement, clarity, and career growth so that employees have access to relevant learning, transparent development pathways, and a consistent experience across the organization. Employees at all levels complete a comprehensive regulatory training curriculum aligned to their specific role and responsibilities, reinforcing our strong risk culture and commitment to regulatory compliance.

Leadership Development is anchored by the Leadership Journey, Wintrust’s eight-phase leadership development program designed to build strong, values-driven leaders at every level of the organization. During the year, 2,670 leaders participated in the Leadership Journey, strengthening leadership capability, succession readiness, and bench strength across the enterprise.

Collectively, these efforts demonstrate Wintrust’s ongoing investment in employee development, leadership capability, and a learning culture that supports performance, engagement, and long-term growth.


			21

Climate Impact

The Company’s approach in considering its climate impact is currently focused on mitigating the environmental impact of operations, specifically at its various banking locations; assessing other climate-related risks within the Company’s various businesses; and providing support to projects and investments that contribute to climate solutions. In 2025, some of the highlights of this approach included the following:

•The Company continued to monitor the climate impact of its various banking locations, including its corporate campus that consists of three office buildings located in Rosemont, Illinois. The Company continues to enhance its data collection and monitoring tools to more effectively track and manage its carbon emissions as its retail footprint and square footage fluctuate.

•The Company continued to pursue certain renewable energy solutions as well as efficient building standards and technologies.

•GLA executes investing through its Climate Opportunities strategy (which began in 2013) as well as additional client portfolios which emphasize climate considerations. These portfolios include investments in solutions for green buildings, renewable energy, sustainable agriculture, sustainable water, energy efficiency and pollution prevention. At December 31, 2025, these portfolios totaled approximately $155.5 million in climate-focused assets.

Available Information

The Company’s Internet address is www.wintrust.com. The Company makes available at this address, under the “Investor Relations” tab, free of charge, its Annual Report on Form 10-K, its annual reports to shareholders, Quarterly Reports on Form 10-Q, current reports on Form 8-K and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934 (the “Exchange Act”) as soon as reasonably practicable after such material is electronically filed with, or furnished to, the SEC.sec.gov.


ITEM 1A.21ITEM 1A.			RISK FACTORS

Risk Factors Summary

The summary of risks below provides an overview of the principal risks we are exposed to in the normal course of our business activities. This summary does not contain all of the information provided in the detailed discussion of risks that follows this summary and should be read together with such detailed discussion.

Risks Related to Economic Conditions and Operating Environment

•Includes risks related to deterioration in economic conditions and economic declines in the Chicago metropolitan, southern Wisconsin and west Michigan market areas, since our business is concentrated in these regions, as well as climate change and related environmental and sustainability matters.

Risks Related to Competition and Reputation

•Includes risks related to our ability to compete effectively, damage to our reputation, consumers deciding not to use banks to complete their financial transactions and the impact on us from the soundness of other financial institutions.

Risks Related to Growth and Acquisitions

•Includes risks related to our ability to identify favorable acquisitions or successfully integrate our acquisitions, our participation in FDIC-assisted acquisitions, new lines of business and new products and services and de novo operations that often involve significant expenses and delayed returns.

Legal and Regulatory Risks

•Includes risks related to our ability to meet regulatory capital ratios, changes in the United States’ monetary policy, legislative and regulatory actions taken now or in the future regarding the financial services industry, changes in data privacy and cybersecurity laws and regulations, financial reform legislation and increased regulatory rigor around consumer protection mortgage-related issues, federal, state and local consumer lending laws that may restrict our ability to originate certain mortgage loans or increase our risk of liability with respect to such loans, regulatory initiatives regarding bank capital requirements that may require heightened capital, any increase in our FDIC insurance premiums, any non-compliance with the USA PATRIOT Act, BSA or other laws and regulations, claims and legal actions, examinations and challenges by tax authorities, changes in federal and state tax laws and changes in the


			22

interpretation of existing laws, changes in accounting policies or accounting standards and changes in U.S. trade policies, including the imposition of tariffs and retaliatory tariffs.

Risks Related to Lending Operations

•Includes risks related to our allowance for credit losses and sufficiency to absorb losses that may occur in our loan portfolio, the repayment of commercial loans which are largely dependent upon the financial success and economic viability of the borrower, our loan portfolio being secured by real estate, in particular commercial real estate, events impacting collateral consisting of real property, any inaccurate assumptions in our analytical and forecasting models and environmental liability risk associated with lending activities.

Risks Related to Our Niche Businesses

•Includes risks related to our premium finance business, which may involve a higher risk of delinquency or collection than our other lending operations, widespread financial difficulties or credit downgrades among commercial and life insurance providers and exposure to certain risks associated with the securities industry.

Risks Related to Financial Strength and Liquidity

•Includes risks related to changes in prevailing interest rates, our liquidity position, an actual or perceived reduction in our financial strength, loss of deposits or a change in deposit mix, our credit rating, capital not being available when it is needed or the cost of that capital being very high, disruption in the financial markets, and being a bank holding company and therefore being limited in sources of funds, including to pay dividends.

Risks Related to General Operations

•Includes risks related to our controls and procedures, our operational or security systems or infrastructure, or those of third parties, fraud and security risks (including cyber-attacks, information security breaches and other similar incidents and those associated with debit cards and debit card transactions), the failure of vendors, the accuracy and completeness of information we receive about our customers and counterparties to make credit decisions, our ability to attract and retain experienced and qualified personnel, losses incurred in connection with actual or projected repurchases and indemnification payments related to mortgages that we have sold into the secondary market and the occurrence of extraordinary events, such as acts of war, terrorist attacks, natural disasters and public health threats.

Risks Related to Ownership of Our Common Stock

•Anti-takeover provisions could negatively impact our shareholders.

Risk Factors

An investment in our securities is subject to risks inherent to our business. Certain material risks and uncertainties that management believes affect Wintrust are described below. Before making an investment decision, you should carefully consider the risks and uncertainties described below together with all of the other information included or incorporated by reference in this Annual Report on Form 10-K and in our other filings with the SEC. Additional risks and uncertainties that management is not aware of or that management currently deems immaterial may also impair Wintrust’s business operations. This Annual Report on Form 10-K is qualified in its entirety by these risk factors. If any of the following risks actually occur, our business, financial condition and results of operations could be materially and adversely affected. If this were to happen, the value of our securities could decline significantly, and you could lose all or part of your investment.

Risks Related to Economic Conditions and Operating Environment

Deterioration in economic conditions may materially adversely affect the financial services industry and our business, financial condition, results of operations and cash flows.

The deterioration of any of these conditions can adversely affect our consumer and commercial businesses and securities portfolios, our level of charge-offs and provision for credit losses, our capital levels and liquidity, and our results of operations.


			23

As a lending institution, our business is directly affected by the ability of our borrowers to repay their loans, as well as by the value of collateral, such as real estate, that secures many of our loans. Any economic deterioration from current levels or slowing of current economic activity could lead to an increase in loan charge-offs and negatively affect consumer confidence as well as the level of business activity. Further, the underwriting and credit monitoring policies and procedures that we have adopted may not prevent losses that could have a material adverse effect on our business, financial condition, results of operations and cash flows.

A U.S. government debt default or rating downgrade could have a material adverse impact on our business and financial performance, including a decrease in the value of Treasury bonds and other government securities we hold, which could negatively impact the banks’ capital position and ability to meet regulatory requirements. Other negative impacts could include volatile capital markets, an adverse impact on the U.S. economy and the U.S. dollar, as well as increased default rates among borrowers in light of increased economic uncertainty. Some of these impacts might occur even in the absence of an actual default by or rating downgrade of the U.S. government but as a consequence of the uncertainty caused by extended political negotiations around the threat of such a default or rating downgrade and a U.S. government shutdown.

Except for our premium finance business and certain other niche businesses, our success depends primarily on the general economic conditions of the specific local markets in which we operate. Unlike larger national or other regional banks that are more geographically diversified, we provide banking and financial services to customers primarily in the Chicago metropolitan, southern Wisconsin and west Michigan market areas. The local economic conditions in these areas significantly impact the demand for our products and services as well as the ability of our customers to repay loans, the value of the collateral securing loans and the stability of our deposit funding sources.

In addition, the State of Illinois has experienced significant financial difficulty in recent years. To the extent that these issues impact the economic vitality of the state and the businesses operating in Illinois, businesses may be encouraged to leave the state or new employers may be discouraged to start or move businesses to Illinois, which could have a material adverse effect on our financial condition and results of operations.

Climate change manifesting as transition, physical or other risks could adversely affect our operations, businesses, customers, reputation and financial condition.

The physical risks of climate change include discrete events, such as flooding, hurricanes, tornadoes and wildfires, and longer-term shifts in climate patterns, such as extreme heat, sea level rise, increased severe weather, and more frequent and prolonged drought. Such events could disrupt our operations or those of our customers or third parties on which we rely, including through direct damage to assets and indirect impacts from supply chain disruption and market volatility. Transition risks, including changes in consumer preferences, additional regulatory requirements or taxes and additional counterparty or customer requirements, could increase our expenses, undermine our strategies and impact our financial condition.

In addition, our reputation and client relationships may be damaged as a result of our practices related to climate change, including our involvement, or our clients’ involvement, in certain industries or projects associated with causing or exacerbating climate change, as well as any decisions we make to continue to conduct or change our activities in response to considerations relating to climate change. As climate risk is interconnected with all key risk types, we have begun to develop and continue to enhance processes, to embed climate risk considerations into our risk management strategies established for risks such as market, credit and operational risks; however, because the timing and severity of climate change may not be predictable, our risk management strategies may not be effective in mitigating climate risk exposure.


			24

Risks Related to Competition and Reputation

The financial services industry is very competitive, and if we are not able to compete effectively, we may lose market share and our business could suffer.

We face competition in attracting and retaining deposits, making loans, and providing other financial services (including wealth management services) throughout our market area. Our competitors include national, regional and other community banks, and a wide range of other financial institutions such as credit unions, government-sponsored enterprises, mutual fund companies, insurance companies, factoring companies and other non-bank financial companies such as marketplace lenders, cryptocurrency companies (including stablecoins) and other financial technology companies. Many of these competitors have substantially greater resources and market presence or more advanced technology than Wintrust and, as a result of their size, may be able to offer a broader range of products and services, better pricing for those products and services, or newer technologies to deliver those products and services than we can. The financial services industry could become even more competitive as a result of legislative, regulatory and technological changes and continued consolidation. Also, technology has lowered barriers to entry and made it possible for non-banks to offer products and services traditionally provided by banks, such as mobile payment and other automatic transfer and payment systems, and for banks that do not have a physical presence in our markets to compete for deposits. The absence of, or differences in, regulatory requirements may give non-bank financial companies a competitive advantage over, or encourage additional entrants to become competitors of, Wintrust. For example, the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 (GENIUS Act) provides a legal framework for stablecoins to be issued in the United States, which may allow new and existing competitors to compete for funds that may have otherwise been deposited with banks.

Our ability to compete successfully depends on a number of factors, including, among other things:

•the ability to develop, maintain and build upon long-term customer relationships based on top quality service and high ethical standards;

•the scope, relevance and pricing of products and services offered to meet customer needs and demands;

•the ability to expand our market position;

•the ability to uphold our reputation in the marketplace;

•the rate at which we introduce new products and services relative to our competitors;

•customer satisfaction with our level of service; and

•industry and general economic trends.

If we are unable to compete effectively, our market share and income from deposits, loans and other products may be reduced. This could adversely affect our profitability and have a material adverse effect on our business, financial condition and results of operations.

Damage to our reputation may harm our business.

Maintaining trust in the Company is critical to our ability to attract and maintain customers, investors and employees. If our reputation is damaged, our business could be significantly harmed. Our reputation could also be harmed by the failure or perceived failure of an affiliate or a vendor or other third party with which we do business, to comply with applicable laws or regulations. In addition, our reputation or prospects could be significantly damaged by adverse publicity or negative information regarding the Company, whether or not true, that may be posted on social media, non-mainstream news services or other parts of the internet, and this risk can be magnified by the speed and pervasiveness with which information is disseminated through those channels.

Actions by the financial services industry generally or by certain members of or individuals in the industry can also affect our reputation. For example, the role played by financial services firms during and after the financial crisis, including concerns that consumers have been treated unfairly by financial institutions or that a financial institution had acted inappropriately with respect to the methods employed in offering products to customers, have damaged the reputation of the industry as a whole.


			25

Should any of these or other events or factors that can undermine our reputation occur, there is no assurance that the additional costs and expenses that we may need to incur to address the issues giving rise to the damage to our reputation would not adversely affect our earnings and results of operations, or that damage to our reputation will not impair our ability to retain our existing customers and employees or attract new customers and employees. Harm to our reputation or the reputation of our industry may also result in greater regulatory or legislative scrutiny, which may lead to changes in laws or regulations that could constrain our business or operations. Events that result in damage to our reputation may also increase our litigation risk.

Investors’ and other stakeholders’ expectations of our performance relating to environmental, social and governance factors may impose additional costs and expose us to new risks.

Simultaneous, disparate and divergent sentiments on ESG-related matters from multiple stakeholder groups increase the risk that any action or lack thereof by us on such matters will be perceived negatively by some stakeholders. We may be subject to laws or regulations related to ESG or sustainability matters, including those impacting disclosure, diligence or investment decisions. Failing to comply with expectations and standards from investors, customers, regulators, lawmakers and other stakeholders regarding ESG-related issues, or taking action in conflict with one or another of those stakeholders’ expectations, could also lead to a loss of business, adverse publicity, increased costs, an adverse impact on our reputation, customer complaints or other adverse consequences.

At the same time, certain groups across the United States, and the federal and certain state governments have proposed or enacted anti-ESG legislation, rules, regulations and policies. Such anti-ESG measures may lead to increased scrutiny and expose us to the risk of litigation, regulatory exposure and reputational harm. Additionally, certain states now require that certain investment managers make investments based solely on financial considerations, without regard to consideration of ESG factors. If investors subject to such legislation viewed us, our policies or our practices as being in contradiction of such anti-ESG requirements, such investors may not invest in us, which could negatively affect our financial performance.

Consumers may decide not to use banks to complete their financial transactions, which could adversely affect our business and results of operations.

Technology and other changes are allowing parties to complete financial transactions that historically have involved banks through alternative methods. For example, consumers can now maintain funds that would have historically been held as bank deposits in brokerage accounts or mutual funds. Consumers can also complete transactions such as paying bills and transferring funds directly without the assistance of banks. In addition, transactions using digital assets, including cryptocurrencies, stablecoins and other similar assets, have increased substantially over the course of the last several years. The process of eliminating banks as intermediaries could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. The loss of these revenue streams and the lower cost deposits as a source of funds could have a material adverse effect on our business, financial condition and results of operations.

We may be adversely impacted by the soundness of other financial institutions.

Adverse developments affecting the overall strength and soundness of other financial institutions, the financial services industry as a whole and the general economic climate and the U.S. Treasury market could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. In addition, adverse developments with respect to third parties with whom we have important relationships could also negatively impact perceptions about us. These perceptions about us could cause our business to be negatively affected and exacerbate the other risks that we face.

Wintrust may be impacted by actual or perceived soundness of other financial institutions, including as a result of the financial or operational failure of a major financial institution, or concerns about the creditworthiness of such a financial institution or its ability to fulfill its obligations, which can cause substantial and cascading disruption within the financial markets and increased expenses, including FDIC insurance premiums, and could affect our ability to attract and retain depositors and to borrow or raise capital. The failure of other banks and financial institutions and the measures taken by governments, businesses and other organizations in response to these events could adversely impact Wintrust’s business, financial condition and results of operations.

Wintrust’s ability to engage in routine funding transactions could be adversely affected by the actions and commercial soundness of other financial institutions. Financial services institutions are interrelated as a result of trading, clearing,


			26

counterparty or other relationships. We have exposure to many different industries and counterparties and routinely execute transactions with counterparties in the financial services industry, including the Federal Home Loan Bank (“FHLB”), commercial banks, brokers and dealers, investment banks and other institutional clients. Many of these transactions expose us to credit risk as well as market and liquidity risk in the event of a default by a counterparty or client. In addition, our credit risk may be exacerbated when collateral held by us cannot be realized or is liquidated at prices not sufficient to recover the full amount due to us. Any such losses could have material adverse effect on our business, financial condition and results of operations.

In addition a decrease in the supply of deposits or significant increase in competition for deposits could result in substantial increases in costs to retain and service deposits. Increased adoption of consumer banking technology could result in reduced deposit retention due to the relevant ease with which depositors may transfer deposits to a different depository institution in the event that confidence is lost in us or any of our bank subsidiaries.

Risks Related to Growth and Acquisitions

If we are unable to continue to identify favorable acquisitions or successfully integrate our acquisitions, our growth may be limited and our results of operations could suffer.

We expect to continue to make such acquisitions in the future. Wintrust seeks merger or acquisition partners that are culturally similar, have experienced management, possess either significant market presence or have potential for improved profitability through financial management, economies of scale or expanded services. Failure to successfully identify and complete acquisitions may result in Wintrust achieving slower growth.

The standards by which bank and financial institution acquisitions will be evaluated may be subject to change. For example, the OCC adopted a final rule in September 2024 amending its procedures for reviewing applications under the BMA and adding a policy statement on the OCC’s substantive approach to evaluating bank mergers under the BMA but in May 2025 reversed these 2024 issuances. Concurrent with the OCC’s 2024 issuance, the DOJ withdrew its 1995 Bank Merger Guidelines and issued the 2024 Banking Addendum to the 2023 Merger Guidelines. Unlike the OCC, the DOJ has not reinstated the guidance that was in effect prior to 2024.

Acquiring other banks, businesses or branches involves various risks commonly associated with acquisitions, including, among other things:

(1)potential exposure to unknown or contingent liabilities or asset quality issues of the target company;

(2)failure to adequately estimate the level of loan losses at the target company;

(3)difficulty and expense of integrating the operations and personnel of the target company;

(4)potential disruption to our business, including diversion of our management's time and attention;

(5)the possible loss of key employees and customers of the target company;

(6)difficulty in estimating the value of the target company; and

(7)potential changes in banking or tax laws or regulations that may affect the target company.

Acquisitions typically involve the payment of a premium over book and market values, and, therefore, some dilution of Wintrust’s tangible book value and net income per common share may occur as a result of any future acquisitions. In addition, certain acquisitions may expose us to additional regulatory risks, including from foreign governments. Our ability to comply with any such regulations will impact the success of any such acquisitions. Furthermore, failure to realize the expected revenue increases, cost savings, increases in geographic or product presence, and/or other projected benefits from an acquisition could have a material adverse effect on our financial condition and results of operations.

New lines of business and new products and services are essential to our ability to compete but may subject us to additional risks.

We continually implement new lines of business and offer new products and services within existing lines of business to offer our customers a competitive array of products and services. The financial services industry is continually undergoing rapid technological change with frequent introductions of new technology-driven products and services, such as the rapid adoption of mobile payment platforms. The effective use of technology can increase efficiency and enable financial institutions to better serve customers and to reduce costs. However, some new technologies needed to compete effectively result in incremental


			27

operating costs. Our future success depends, in part, upon our ability to address the needs of our customers by using technology to provide products and services that will satisfy customer demands, as well as to create additional efficiencies in operations. Many of our competitors, because of their larger size and available capital, have substantially greater resources to invest in technological improvements. We may not be able to effectively implement new technology-driven products and services or be successful in marketing these products and services to our customers.

At the same time, there can be substantial risks and uncertainties associated with these efforts, particularly in instances where the markets for such services are still developing. In developing and marketing new lines of business and/or new products or services, we may invest significant time and resources. Initial timetables for the introduction and development of new lines of business and/or new products or services may not be achieved, and price and profitability targets may not prove feasible. External factors, such as compliance with regulations, competitive alternatives, and shifting market preferences, may also impact the successful implementation of a new line of business or a new product or service. Furthermore, any new line of business and/or new product or service could have a significant impact on the effectiveness of our system of internal controls. Failure to successfully manage these risks in the development and implementation of new lines of business or new products or services could have a material adverse effect on our business, financial condition, and results of operations.

De novo operations often involve significant expenses and delayed returns and may negatively impact Wintrust's profitability.

Our financial results have been and will continue to be impacted by our strategy of branch openings and de novo bank formations. We expect to increase the opening of additional branches and may, under certain circumstances, resume de novo bank formations. It may take longer than expected or more than the amount of time Wintrust has historically experienced for new banks and/or banking facilities to reach profitability, and there can be no guarantee that these branches or banks will ever be profitable. To the extent we undertake additional de novo bank, branch and business formations, our level of reported net income, return on average equity and return on average assets will be impacted by startup costs associated with such operations, and it is likely to continue to experience the effects of higher expenses relative to operating income from the new operations. These expenses may be higher than we expected or than our experience has shown, which could have a material adverse effect on our business, financial condition and results of operations.

Legal and Regulatory Risks

If we fail to meet our regulatory capital ratios, we may be forced to raise capital or sell assets.

As a banking institution, we are subject to regulations that require us to maintain certain capital ratios, such as the ratio of our Tier 1 capital to our risk-based assets, and in recent years these regulatory and market expectations have increased substantially. If our regulatory capital ratios decline, as a result of decreases in the value of our loan portfolio or otherwise, we may be required to improve such ratios by either raising additional capital or by disposing of assets. If we choose to dispose of assets, we cannot be certain that we will be able to do so at prices that we believe to be appropriate, and our future operating results could be negatively affected. If we choose to raise additional capital, we may accomplish this by selling additional shares of common stock, or securities convertible into or exchangeable for common stock, which could significantly dilute the ownership percentage of holders of our common stock and cause the market price of our common stock to decline. Additionally, events or circumstances in the capital markets generally may increase our capital costs and impair our ability to raise capital at any given time.

Changes in the United States’ monetary policy may restrict our ability to conduct our business in a profitable manner.

Our ability to profitably operate is dependent, in part, upon federal fiscal policies that cannot be predicted. We are particularly affected by the monetary policies of the Federal Reserve, which influence money supply in the United States. Any change in the United States’ monetary policy, or worsening federal budgetary pressures, could affect our access to capital. Additionally, any trend toward inflation, economic decline, destabilizing of financial markets, or other factors beyond our control may significantly affect consumer demand for our products and consumers’ ability to repay loans, reducing our results of operations.

The Federal Reserve lowered interest rates towards the end of 2024 and during 2025. Inflation remains above the Federal Reserve's two percent target rate and while the Federal Reserve may seek to further lower interest rates in 2026, the range of


			28

potential rate paths will ultimately be driven by inflation data, labor market performance, and economic growth. We cannot predict the nature or timing of future changes in monetary policies, or the precise effects that future changes in monetary policies may have on our activities and financial results.

Legislative and regulatory actions taken now or in the future regarding the financial services industry may significantly increase our costs or limit our ability to conduct our business in a profitable manner.

We are subject to extensive federal and state regulation and supervision. The cost of compliance with such laws and regulations can be substantial and adversely affect our ability to operate profitably. Changes in the U.S. presidential administration and Congress have led and will likely continue to lead to changes in law or policy. In addition, changes in key personnel at the agencies that regulate us, including the federal banking regulators, may result in differing interpretations of existing rules and guidelines. Although the current presidential administration has indicated an intent to pursue the regulation of the financial services industry differently than was the case under the previous administration, there is significant uncertainty regarding the direction this administration will continue to take and its ability to implement its policies and objectives, as well as the ultimate impact on potential new regulatory initiatives and the enforcement of existing laws and regulations. It is also possible the expected changes in regulation do not occur or are reversed by a subsequent administration, or the regulatory measures that are ultimately enacted deliver significant competitive advantages to financial services that are structured differently or serve different markets than us.

We are subject to complex and evolving laws, regulations, rules, standards and contractual obligations regarding data privacy and cybersecurity, which could increase the cost of doing business, compliance risks and potential liability.

We are subject to complex and evolving laws, regulations, rules, standards and contractual obligations regarding data privacy and cybersecurity, including in relation to the personal information of customers, employees or others, and any failure to comply with these laws, regulations, rules, standards and contractual obligations could expose us to liability and/or reputational damage. As new data privacy and cybersecurity-related laws, regulations, rules and standards are implemented, the time and resources needed for us to comply with such laws, regulations, rules and standards as well as our potential liability for non-compliance and reporting obligations in the case of cyber-attacks, information security breaches or other similar incidents, may significantly increase. Compliance with these laws, regulations, rules and standards may require us to change our policies, procedures and technology, which could, among other things, make us more vulnerable to operational failures and to monetary penalties for breach of such laws, regulations, rules and standards.

In addition to various data privacy and cybersecurity laws, regulations, rules and standards already in place, U.S. states are increasingly adopting laws, regulations, rules and standards imposing comprehensive data privacy and cybersecurity obligations, which may be more stringent, broader in scope, or offer greater individual rights, with respect to personal information than federal or other state laws, regulations, rules and standards and such laws, regulations, rules and standards may differ from each other, which may complicate compliance efforts and increase compliance costs. Certain aspects of federal and state laws, regulations, rules and standards relating to data privacy and cybersecurity, as well as their enforcement, remain unclear, and we may be required to modify our practices in an effort to comply with them.

Further, while we strive to publish and prominently display privacy policies that are accurate, comprehensive, and compliant with applicable laws, regulations, rules, standards and contractual obligations, we cannot ensure that our privacy policies and other statements regarding our practices will be sufficient to protect us from claims, proceedings, liability or adverse publicity relating to data privacy or cybersecurity. Although we endeavor to comply with our privacy policies, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy policies and other documentation that provide promises and assurances about data privacy and cybersecurity can subject us to potential federal or state action if they are found to be deceptive, unfair, or misrepresentative of our actual practices. Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to our customers about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by our customers, to protect personal information from unauthorized disclosure, or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control.


			29

Any failure or perceived failure by us to comply with our privacy policies, or applicable data privacy and cybersecurity laws, regulations, rules, standards or contractual obligations, or any compromise of security that results in unauthorized access to, or unauthorized loss, destruction, use, modification, acquisition, disclosure, release, transfer or other processing of personal information, may result in requirements to modify or cease certain operations or practices, the expenditure of substantial costs, time and other resources, proceedings or actions against us, legal liability, governmental investigations, enforcement actions, claims, fines, judgments, awards, penalties, sanctions and costly litigation (including class actions). Any of the foregoing could harm our reputation, distract our management and technical personnel, increase our costs of doing business, adversely affect the demand for our products and services, and ultimately result in the imposition of liability, any of which could have a material adverse effect on our business, financial condition and results of operations. For more information regarding data privacy and cybersecurity laws, regulations, rules and standards, see “Protection of Client Information” under Supervision and Regulation in Item 1.

Financial reform legislation and increased regulatory rigor around consumer protection and mortgage-related issues may reduce our ability to market our products to consumers and may limit our ability to profitably operate our mortgage business.

The CFPB has broad rulemaking authority over a wide range of federal consumer protection laws applicable to the business of our subsidiary banks and some other operating subsidiaries, including the authority to prohibit “unfair, deceptive or abusive” acts and practices, but examination and supervision of our subsidiary banks is carried out by the primary federal banking agency and, where applicable, state banking agencies.

In particular, the mortgage-related rules issued by the CFPB have materially restructured the origination, servicing and securitization of residential mortgages in the United States. These rules have impacted, and will continue to impact, the business practices of mortgage lenders, including the Company. For example, in order to ensure compliance with mortgage-related rules issued by the CFPB, the Company consolidated its consumer mortgage loan origination and loan servicing operations within Wintrust Mortgage.

The CFPB and federal and state banking agencies also closely examine the mortgage and mortgage servicing activities of depository financial institutions. Should these or other agencies have serious concerns with respect to our operations in this regard, the effect of such concerns could have a material adverse effect on our profits.

Federal, state and local consumer lending laws may restrict our ability to originate certain mortgage loans or increase our risk of liability with respect to such loans and could increase our cost of doing business.

Federal, state and local laws have been adopted that are intended to eliminate certain lending practices considered “predatory.” These laws prohibit practices such as steering borrowers away from more affordable products, selling unnecessary insurance to borrowers, repeatedly refinancing loans and making loans without a reasonable expectation that the borrowers will be able to repay the loans irrespective of the value of the underlying property. The CFPB has promulgated many mortgage-related rules since it was established under the Dodd-Frank Act, including rules relating to the ability to repay loans and relating to qualified mortgage standards. It is our policy not to make predatory loans and to determine borrowers' ability to repay, but the law and related rules create the potential for increased liability with respect to our lending and loan investment activities. They increase our cost of doing business and, ultimately, may prevent us from making certain loans and cause us to reduce the average percentage rate or the points and fees on loans that we do make. In addition, regulation related to redlining, fair lending, CRA compliance and BSA compliance create significant burdens which necessitate increased costs. Any failure to comply with any of these regulations could have a significant impact on our ability to operate, our ability to acquire or open new banks and/or result in meaningful fines.

Regulatory initiatives regarding bank capital requirements may require heightened capital.

The federal banking agencies’ capital rules, as well as other aspects of current or proposed regulatory or legislative changes to laws or regulations applicable to banking organizations, have increased our compliance costs, impacted the profitability of our business activities and may change certain of our business practices, including the ability to offer new products, obtain financing, attract deposits, make loans, and achieve satisfactory interest spreads, and could expose us to additional costs,


			30

including increased compliance costs. These changes also may require us to invest significant management attention and resources to make any necessary changes to operations in order to comply, and could therefore also materially and adversely affect our business, financial condition and results of operations.

Our ability to engage in capital distributions, including paying dividends or repurchasing stock, may be restricted if we do not maintain the required Capital Conservation Buffer. In addition, we anticipate that our pro forma capital ratios will be an important factor considered by the Federal Reserve in evaluating whether proposed payments of dividends or stock repurchases are consistent with its prudential expectations. For more information regarding capital requirements, see “Capital Requirements of the Company and Subsidiary Banks” under Supervision and Regulation in Item 1.

Our FDIC insurance premiums may increase, or the FDIC could adopt additional special assessments, either of which could negatively impact our results of operations.

FDIC regulations use an assessment base for federal deposit insurance premiums based on average total consolidated assets less average tangible capital. There is a risk that the banks’ deposit insurance premiums will increase in the future if failures of insured depository institutions once again deplete the DIF. Additionally, to recoup losses to the DIF resulting from the bank failures of 2023, the FDIC also adopted a special assessment that became effective in 2024 and will be collected over eight quarterly assessment periods, with the eighth quarter to be collected at a lower rate, subject to certain adjustments. There is a risk that the FDIC could adopt additional special assessments in the future to recoup future DIF losses. Either of these events could negatively impact our financial condition and results of operations. For more information regarding the most recent increase to the banks’ deposit insurance premiums, see “Insurance of Deposit Accounts” under Supervision and Regulation in Item 1.

Non-compliance with the Bank Secrecy Act and its implementing regulations, and other applicable anti-money laundering laws and regulations could result in fines or sanctions.

The Bank Secrecy Act, as amended by the USA PATRIOT Act (the “BSA”), and its implementing regulations require financial institutions to develop risk-based anti-money laundering compliance programs designed to, among other things, prevent financial institutions from being used for money laundering, terrorist financing or other illicit finance activities.

We are subject to claims and legal actions that could negatively affect our results of operations or financial condition.

Periodically, as a result of our normal course of business, we are involved in claims and related litigation from our customers, employees or other parties. These claims and legal actions, whether meritorious or not, as well as reviews, investigations and proceedings by governmental and self-regulatory agencies could involve large monetary claims and significant legal expense. In addition, such actions may negatively impact our reputation in the marketplace and lessen customer demand. If such claims and legal actions are not decided in Wintrust's favor, our results of operations and financial condition could be adversely impacted.

We are subject to examinations and challenges by tax authorities that may impact our financial results.

In the normal course of business, we, as well as our subsidiaries, are routinely subject to examinations from federal and state tax authorities regarding the amount of taxes due in connection with investments we have made and the businesses in which we have engaged. Recently, federal and state tax authorities have become increasingly aggressive in challenging tax positions taken by financial institutions. These tax positions may relate to among other things tax compliance, sales and use, franchise, gross receipts, payroll, property and income tax issues, including tax base, apportionment and tax credit planning. The challenges made by tax authorities may result in adjustments to the timing or amount of taxable income or deductions or the allocation of income among tax jurisdictions. If any such challenges are made and are not resolved in our favor, they could have a material adverse effect on our financial condition and results of operations.


			31

Changes in federal and state tax laws and changes in interpretation of existing laws can impact our financial results.

Given the changing economic and political environment and ongoing budgetary pressures, the enactment of further new federal or state tax legislation may occur. The enactment of such legislation, or changes in the interpretation of existing law, including provisions impacting tax rates, apportionment, consolidation or combination, income, expenses, credits and exemptions may have a material adverse effect on our business, financial condition and results of operations.

Changes in accounting policies or accounting standards could materially adversely affect how we report our financial results and financial condition.

Our accounting policies are fundamental to understanding our financial results and financial condition. Some of these policies require use of estimates and assumptions that affect the value of our assets or liabilities and financial results. Some of our accounting policies are critical because they require management to make difficult, subjective and complex judgments about matters that are inherently uncertain and because it is likely that materially different amounts would be reported under different conditions or using different assumptions. If such estimates or assumptions underlying our financial statements are incorrect, we may experience material losses. From time to time, the FASB and the SEC change the financial accounting and reporting standards that govern the preparation of our financial statements. These changes can be hard to predict and could materially impact how we record and report our financial condition and results of operations. In some cases, we could be required to apply a new or revised standard retroactively, resulting in the restatement of prior period financial statements.

Changes in U.S. trade policies, including the imposition of tariffs and retaliatory tariffs, may adversely impact our business, financial condition and results of operations.

There continue to be proposals and discussion and dialogue in the U.S. government regarding potential changes to U.S. trade policies, legislation, treaties and tariffs, including trade policies and tariffs affecting other countries, including China, the European Union, Canada and Mexico and retaliatory tariffs by such countries. Tariffs and retaliatory tariffs have been imposed, and additional tariffs and retaliatory tariffs have been proposed. Additionally, the U.S. government has imposed certain economic sanctions and trade restrictions against certain other countries, and could impose additional sanctions and trade restrictions. This in turn, could adversely affect our financial condition and results of operations. In addition, to the extent changes in the political environment have a negative impact on us or on the markets in which we operate our business, results of operations and financial condition could be materially and adversely impacted. It remains unclear what the U.S. government or foreign governments will or will not do with respect to tariffs already imposed, additional tariffs that may be imposed, or international trade agreements and policies.

Risks Related to Lending Operations

If our allowance for credit losses is not sufficient to absorb losses that may occur in our loan portfolio, our financial condition and liquidity could suffer.

We maintain an allowance for credit losses that is intended to absorb expected lifetime credit losses related to our loan portfolio, off-balance sheet credit exposures and held-to-maturity debt securities portfolio. At each balance sheet date, our management determines the amount of the allowance for credit losses based on our estimate of expected credit losses over the life of the related asset with consideration of historical credit losses, current economic conditions and reasonable and supportable forecasts.

Because our allowance for credit losses represents an estimate of lifetime losses, there is no certainty that it will be adequate over time to cover credit losses in the portfolios, particularly if there are changes in expectations of general economic or market conditions, or events that adversely affect specific customers.

Although we believe our allowance for credits losses is adequate to absorb estimated credit losses in our loan portfolio, if our estimates are inaccurate and our actual credit losses exceed the amount that is anticipated, or if the forecasts and assumptions


			32

used in calculating our reserves are significantly different from those we actually experience, our financial condition and liquidity could be materially adversely affected.

For more information regarding our allowance for loan losses, see “Loan Portfolio and Asset Quality” under Management's Discussion and Analysis of Financial Condition and Results of Operations in Item 7.

A significant portion of our loan portfolio is comprised of commercial loans, the repayment of which is largely dependent upon the financial success and economic viability of the borrower.

The repayment of our commercial loans is dependent upon the financial success and viability of the borrower. If the economy weakens for a prolonged period or experiences deterioration or if the industry or market in which the borrower operates weakens, our borrowers may experience depressed or dramatic and sudden decreases in revenues that could hinder their ability to repay their loans. Our commercial loan portfolio totaled $17.0 billion or 32% of our total loan portfolio, at December 31, 2025, compared to $15.6 billion, or 32% of our total loan portfolio, at December 31, 2024.

Commercial loans are secured by different types of collateral related to the underlying business, such as accounts receivable, inventory and equipment. Should a commercial loan require us to foreclose on the underlying collateral, the unique nature of the collateral may make it more difficult and costly to liquidate, thereby increasing the risk to us of not recovering the principal amount of the loan. Accordingly, our business, results of operations and financial condition may be materially adversely affected by defaults in this portfolio.

A substantial portion of our loan portfolio is secured by real estate, in particular commercial real estate. Deterioration in the real estate markets could lead to additional losses, which could have a material adverse effect on our financial condition and results of operations.

As of both December 31, 2025 and 2024, approximately 36% and 36%, respectively, of our total loan portfolio was secured by real estate, the majority of which is commercial real estate. Continued uncertainty in economic conditions may impair a borrower’s business operations, slow the execution of new leases and lead to existing lease turnover. As a result of these factors, vacancy rates for retail, office and industrial space may increase, and hotel occupancy rates may decline. High vacancy and lower occupancy rates could also result in rents falling. The combination of these factors could result in the deterioration in the fundamentals underlying the commercial real estate market and the deterioration in value of some of our loans. Any such deterioration could adversely affect the ability of our borrowers to repay the amounts due under their loans. Specifically, the office property segment, which represents 3.18% of our total loan portfolio, is undergoing a structural shift given the rise of a remote work environment, resulting in heightened vacancies and potentially reduced leasing needs. It is anticipated that this heightened risk environment for the office segment may take several years to resolve. Increases in commercial and consumer delinquency levels or declines in real estate market values would require increased net charge-offs and increases in the allowance for loan and lease losses, which could have a material adverse effect on our business, financial condition and results of operations.

Additionally, any formal or informal action by our regulatory supervisors may require us to take increased reserves on these loans and could affect our share price. As a result of the risks associated with commercial real estate, banking regulators give greater scrutiny to lenders with a high concentration of commercial real estate in their portfolios, and such lenders are expected to implement stricter underwriting, internal controls, risk management policies and portfolio stress testing, as well as maintain higher capital levels and loss allowances. Concentrations in commercial real estate are monitored by regulatory agencies and subject to especially heightened scrutiny both on a public and confidential basis. Regulators may require banks to maintain elevated levels of capital or liquidity due to commercial real estate concentrations, especially if there is a downturn in our local real estate markets.


			33

Events impacting collateral consisting of real property could lead to additional losses which could have a material adverse effect on our financial condition and results of operations.

Many of the loans in our portfolio are secured by real estate located in the Chicago metropolitan area. Any declines in economic conditions, including inflation, recession, unemployment, changes in securities markets or other factors impacting these local markets could, in turn, have a material adverse effect on our financial condition and results of operations. Deterioration in the real estate markets where collateral for our mortgage loans is located could adversely affect the borrower's ability to repay the loan and the value of the collateral securing the loan, and in turn the value of our assets. In addition, any natural disasters or severe weather events have the potential to damage our real estate collateral. Climate change could have an impact on longer-term natural weather trends and increase the occurrence and severity of such adverse weather events.

Any inaccurate assumptions in our analytical and forecasting models could cause us to miscalculate our projected revenue, capital, liquidity or losses, which could adversely affect our financial condition.

We use analytical and forecasting models to estimate the effects of economic conditions on our loan portfolio and probable loan performance. Those models reflect certain assumptions about market forces, including interest rates and consumer behavior that may be incorrect. If our analytical and forecasting models’ underlying assumptions are incorrect, improperly applied, or otherwise inadequate, we may suffer deleterious effects such as higher than expected loan losses, lower than expected net interest income, lower than expected liquidity, lower than expected capital or unanticipated charge-offs, any of which could have a material adverse effect on our business, financial condition and results of operations.

We are subject to environmental liability risk associated with lending activities.

A significant portion of the Company's loan portfolio is secured by real property. In the ordinary course of business, the Company may foreclose on and take title to properties securing certain loans. In doing so, there is a risk that hazardous or toxic substances could be found on these properties. In addition, we own and operate a number of properties that may be subject to similar environmental liability risks.

Environmental laws may require the Company to incur substantial expenses and could materially reduce the affected property's value or limit the Company's ability to use or sell the affected property. The costs associated with investigation and remediation activities could be substantial and increase over time. In addition, if we are the owner or former owner of a contaminated site, we may be subject to common law claims by third parties based on damages and costs resulting from environmental contamination emanating from the property. Although the Company has policies and procedures to perform an environmental review before initiating any foreclosure action on real property, these reviews may not be sufficient to detect all potential environmental hazards. The remediation costs and any other financial liabilities associated with an environmental hazard could have a material adverse effect on the Company's business, financial condition, reputation and results of operations.

Risks Related to Our Niche Businesses

Our premium finance business may involve a higher risk of delinquency or collection than our other lending operations, and could expose us to losses.

We provide financing for the payment of property and casualty insurance premiums and life insurance premiums on a national basis through FIRST Insurance Funding and Wintrust Life Finance, respectively, and financing for the payment of property and casualty insurance premiums in Canada through our wholly-owned subsidiary, FIFC Canada. Property and casualty insurance premium finance loans involve a different, and possibly higher, risk of delinquency or collection than life insurance premium finance loans and the loan portfolios of our bank subsidiaries because these loans are issued primarily through relationships with a large number of unaffiliated insurance agents and because the borrowers are located nationwide. As a result, risk management and general supervisory oversight may be difficult. As of December 31, 2025, we had $8.2 billion of property and casualty insurance premium finance loans outstanding, of which $7.3 billion related to the Company's U.S. operations at FIRST Insurance Funding and $875.4 million related to the Company's Canadian operations at FIFC Canada. Together, these loans represented 16% of our total loan portfolio as of such date.

Acts of fraud are difficult to detect and


			34

deter, and we cannot assure investors that our risk management procedures and controls will prevent losses from fraudulent activity.

Wintrust Life Finance may be exposed to the risk of loss in our life insurance premium finance business because of fraud. While Wintrust Life Finance maintains a policy prohibiting the known financing of stranger-originated life insurance and has established procedures to identify and prevent the company from financing such policies, Wintrust Life Finance cannot be certain that it will never provide loans with respect to such a policy. In the event such policies were financed, a carrier could potentially put at risk the cash surrender value of a policy, which serves as Wintrust Life Finance's primary collateral, by challenging the validity of the insurance contract for lack of an insurable interest.

See the below risk factor “Widespread financial difficulties or credit downgrades among commercial and life insurance providers could lessen the value of the collateral securing our premium finance loans and impair the financial condition and liquidity of FIRST Insurance Funding, Wintrust Life Finance and FIFC Canada” for a discussion of further risks associated with our insurance premium finance activities.

While FIRST Insurance Funding and Wintrust Life Finance are licensed as required and carefully monitor compliance with regulation of each of their businesses, there can be no assurance that either will not be negatively impacted by material changes in the regulatory environment. FIFC Canada is not required to be licensed in most provinces of Canada, but there can be no assurance that future regulations which impact the business of FIFC Canada will not be enacted.

Additionally, to the extent that affiliates of insurance carriers, banks, and other lending institutions add greater service and flexibility to their financing practices in the future, our competitive position and results of operations could be adversely affected. Wintrust Life Finance's life insurance premium finance business could be materially negatively impacted by changes in the federal or state estate tax provisions. There can be no assurance that FIRST Insurance Funding and Wintrust Life Finance will be able to continue to compete successfully in its markets.

Widespread financial difficulties or credit downgrades among commercial and life insurance providers could lessen the value of the collateral securing our premium finance loans and impair the financial condition and liquidity of FIRST Insurance Funding, Wintrust Life Finance and FIFC Canada.

FIRST Insurance Funding, Wintrust Life Finance and FIFC Canada's premium finance loans are primarily secured by the insurance policies financed by the loans. FIRST Insurance Funding, Wintrust Life Finance and FIFC Canada consistently monitor carrier ratings and financial performance of our carriers. FIRST Insurance Funding, Wintrust Life Finance and FIFC Canada are also subject to the possibility of insolvency of insurance carriers in the commercial and life insurance businesses that are in possession of our collateral. If one or more large nationwide insurers were to fail, the value of our portfolio could be significantly negatively impacted. A significant downgrade in the value of the collateral supporting our premium finance business could impair our ability to create liquidity for this business, which, in turn could negatively impact our ability to expand.

Our wealth management business in general, and Wintrust Investments’ brokerage operation, in particular, exposes us to certain risks associated with the securities industry.

Our wealth management business in general, and Wintrust Investments' brokerage operations in particular, present special risks not borne by community banks that focus exclusively on community banking. For example, the brokerage industry is subject to fluctuations in the stock market that may have a significant adverse impact on transaction fees, customer activity and investment portfolio gains and losses. Likewise, additional or modified regulations may adversely affect our wealth management operations. Each of our wealth management operations is dependent on a small number of professionals whose departure could result in the loss of a significant number of customer accounts. A significant decline in fees and commissions or trading losses suffered in the investment portfolio could adversely affect our results of operations. In addition, we are subject to claim arbitration risk arising from customers who claim their investments were not suitable or that their portfolios were inappropriately traded. These risks increase when the market, as a whole, declines. The risks associated with retail brokerage may not be supported by the income generated by our wealth management operations.


			35

Risks Related to Financial Strength and Liquidity

Changes in prevailing interest rates could adversely affect our net interest income, which is our largest source of income.

We are exposed to interest rate risk in our core banking activities of lending and deposit taking, since changes in prevailing interest rates affect the value of our assets and liabilities. Such changes may adversely affect our net interest income, which is the difference between interest income and interest expense. Our net interest income is affected by the fact that assets and liabilities reprice at different times and by different amounts as interest rates change.

Each of our businesses may be affected differently by a given change in interest rates. For example, we expect that the results of our mortgage banking business in selling loans into the secondary market could be negatively impacted during periods of rising interest rates, whereas falling interest rates could have a negative impact on the net interest spread earned on deposits as we would be unable to lower the rates on many interest bearing deposit accounts of our customers to the same extent as many of our higher yielding asset classes.

Additionally, increases in interest rates may adversely influence the growth rate of loans and deposits, the quality of our loan portfolio, loan and deposit pricing, the volume of loan originations in our mortgage banking business and the value that we can recognize on the sale of mortgage loans in the secondary market.

The Federal Reserve has lowered rates at the end of 2024 and during 2025. The federal funds rate ended 2025 at a range of 3.50-3.75%. We cannot predict the nature or timing of future changes in monetary policies or the precise effects that they may have on our activities and financial results. For more discussion of this issue, see the above risk factor “Changes in the United States’ monetary policy may restrict our ability to conduct our business in a profitable manner.”

We seek to mitigate our interest rate risk through several strategies, which may not be successful. We also mitigate our interest rate risk by entering into interest rate swaps and other interest rate derivative contracts from time to time with counterparties. The Company held $6.85 billion of derivative contracts as of December 31, 2025 that were designated as cash flow hedges against the potential downward repricing of variable rate loans. To the extent that the market value of any derivative contract moves to a negative market value, we are subject to loss if the counterparty defaults. In the future, there can be no assurance that such mitigation strategies will be available or successful or that we will be successful in implementing any new mitigation strategies necessary to address the current rising interest rate environment. In addition, transactions entered into as part of mitigation strategies employed to mitigate risks associated with a prolonged low interest rate environment could be less beneficial or result in losses if interest rates continue to rise.

Our liquidity position may be negatively impacted if economic conditions do not improve or if they decline.

Liquidity is a measure of whether our cash flows and liquid assets are sufficient to satisfy current and future financial obligations, such as demand for loans, deposit withdrawals and operating costs. Our liquidity position is affected by a number of factors, including the amount of cash and other liquid assets on hand, payment of interest and dividends on debt and equity instruments that we have issued, capital we inject into our bank subsidiaries, proceeds we raise through the issuance of securities, our ability to draw upon our revolving credit facility and dividends received from our banking subsidiaries. Our future liquidity position may be adversely affected by multiple factors, including:

•if our banking subsidiaries report net losses or their earnings are weak relative to our cash flow needs;

•if it is necessary for us to make capital injections to our banking subsidiaries;

•if changes in regulations require us to maintain a greater level of capital, as more fully described below;

•if we are unable to access our revolving credit facility due to a failure to satisfy financial and other covenants; or

•if we are unable to raise additional capital on terms that are satisfactory to us.

Weakness or worsening of the economy, real estate markets or unemployment levels may increase the likelihood that one or more of these events will occur. If our liquidity is adversely affected, it may have a material adverse effect on our business, results of operations and financial condition.


			36

An actual or perceived reduction in our financial strength may cause others to reduce or cease doing business with us, which could result in a decrease in our net interest income and fee revenues.

Our customers rely upon our financial strength and stability and evaluate the risks of doing business with us. If we experience diminished financial strength or stability, actual or perceived, including due to market or regulatory developments, announced or rumored business developments or results of operations, or a decline in stock price, customers may withdraw their deposits or otherwise seek services from other banking institutions and prospective customers may select other service providers. The risk that we may be perceived as less creditworthy relative to other market participants is increased in the current market environment, where the consolidation of financial institutions, including major global financial institutions, is resulting in a smaller number of much larger counterparties and competitors. As our community banks become more closely identified with the Wintrust name, the impact of any perceived weakness or creditworthiness at either the holding company or our community banks may be greater than in prior periods. If customers reduce their deposits with us or select other service providers for all or a portion of the services that we provide them, net interest income and fee revenues will decrease accordingly, and could have a material adverse effect on our results of operations.

Loss of deposits or a change in the deposit mix could increase our funding costs.

Deposits are a low cost and stable source of funding. Wintrust competes with banks and other financial institutions, including financial technology companies, for deposits (see the above risk factor “Risks Related to Economic Conditions and Operating Environment - The financial services industry is very competitive, and if we are not able to compete effectively, we may lose market share and our business could suffer”) and as a result, Wintrust could lose deposits in the future, clients may shift their deposits into higher cost products or Wintrust may need to raise interest rates to avoid deposit attrition. Funding costs may also increase if lost deposits are replaced with wholesale funding. Higher funding costs reduce Wintrust’s net interest margin, net interest income and net income. Any of a variety of single or combined factors could contribute to adverse movement in deposits or deposit costs, including but not limited to economic uncertainty, rapid movements in market interest rates or the Federal Reserve’s monetary policy, entrance of competitors, disruptive technology or decreased confidence in Wintrust or the banking industry.

If our credit rating is lowered, our financing costs could increase.

A credit rating is not a recommendation to buy, sell or hold securities and may be subject to revision or withdrawal at any time by the assigning rating organization.

Our creditworthiness is not fixed and should be expected to change over time as a result of company performance and industry conditions. We cannot give any assurances that our credit ratings will remain at current levels, and it is possible that our ratings could be lowered or withdrawn by Fitch Ratings, Morningstar DBRS or Kroll Bond Rating Agency. Any actual or threatened downgrade or withdrawal of our credit rating could affect our perception in the marketplace and our ability to raise capital, and could increase our debt financing costs.

If our growth requires us to raise additional capital, that capital may not be available when it is needed or the cost of that capital may be very high.

We may need to raise additional capital to support continued growth both internally and through acquisitions. Any capital we obtain may result in the dilution of the interests of existing holders of our common stock.

Our ability to raise additional capital, if needed, will depend on conditions in the capital markets at that time which are outside our control and on our financial condition and performance. For example, in the event of future uncertainty in the banking industry or other idiosyncratic events, there is no guarantee that the U.S. government would invoke the systemic risk exception, create additional liquidity programs or take any other action to stabilize the banking industry or provide liquidity. Any diminished ability to access short-term funding or capital markets to raise additional capital, if needed, could subject us to liability, and our ability to further expand our operations through internal growth and acquisitions could be materially impaired and our financial condition and liquidity could be materially and negatively affected.


			37

Disruption in the financial markets could result in lower fair values for our investment securities portfolio.

The Company's available-for-sale debt and trading securities as well as certain equity securities are carried at fair value.

Accounting standards require the Company to categorize these securities according to a fair value hierarchy. Significant prolonged reduced investor demand could manifest itself in lower fair values for these securities and may result in recognition of an other-than-temporary or permanent impairment of available-for-sale debt securities and unrealized losses of equity securities with a readily determinable fair value recognized in earnings, which could lead to accounting charges and have a material adverse effect on the Company's financial condition and results of operations.

The remaining securities in our available-for-sale debt securities and equity securities with a readily determinable fair value portfolios were categorized as level 3 (meaning that their fair values were determined by inputs that are unobservable in the market and therefore require a greater degree of management judgment). The determination of fair value for securities categorized in level 3 involves significant judgment due to the complexity of factors contributing to the valuation, many of which are not readily observable in the market. In addition, the nature of the business of the third party source that is valuing the securities at any given time could impact the valuation of the securities. Consequently, the ultimate sales price for any of these securities could vary significantly from the recorded fair value at December 31, 2025, especially if the security is sold during a period of illiquidity or market disruption or as part of a large block of securities under a forced transaction.

There can be no assurance that decline in market value of available-for-sale debt securities and equity securities with a readily determinable fair value associated with these disruptions will not result in credit or permanent impairments, and unrealized losses, respectively, of these assets, which would lead to accounting charges which could have a material negative effect on our business, financial condition and results of operations.

We are a bank holding company, and our sources of funds, including to pay dividends, are limited.

We are a bank holding company and our operations are primarily conducted by and through our 16 operating banks, which are subject to significant federal and state regulation. Cash available to pay dividends to our shareholders, repurchase our shares or repay our indebtedness is derived primarily from dividends received from our banks and our ability to receive dividends from our subsidiaries is restricted. Various statutory provisions restrict the amount of dividends our banks can pay to us without regulatory approval. The banks may not pay cash dividends if that payment could reduce the amount of their capital below that necessary to meet the “adequately capitalized” level in accordance with regulatory capital requirements. It is also possible that, depending upon the financial condition of the banks and other factors, regulatory authorities could conclude that payment of dividends or other payments, including payments to us, is an unsafe or unsound practice and impose restrictions or prohibit such payments. Our inability to receive dividends from our banks could adversely affect our business, financial condition and results of operations.

Risks Related to General Operations

Our controls and procedures may fail or be circumvented.

Management regularly reviews and updates our internal controls over financial reporting, disclosure controls and procedures and corporate governance policies and procedures. Any system of controls, however well-designed and operated, is based in part on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the system are met. Any circumvention of our controls and procedures or failure to comply with regulations related to controls and procedures could have a material adverse effect on our business, results of operations and financial condition.


			38

Our operational or security systems, networks or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our results of operations, liquidity and financial condition, as well as cause legal or reputational harm.

The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance or failure, or breach of our or of third-party systems, networks or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. Moreover, technological or financial difficulties of one of our third-party vendors or service providers or their subcontractors could adversely affect our business to the extent those difficulties result in the interruption or discontinuation of products or services provided by an affected vendor or service provider. In addition, we may need to take our systems, networks or infrastructure offline if they become infected with malware or a computer virus or as a result of another form of cyber-attack, information security breach or other similar incident. In the event that backup systems are utilized, they may not process data as quickly as our primary systems, networks or infrastructure and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. Our business recovery plan may not be adequate and may not prevent significant interruptions of our operations or substantial losses.

We may not be insured against all types of losses as a result of disruptions to or failures of our operational and security systems, networks and infrastructure or those of third parties, and our insurance coverage may not be available on reasonable terms, or at all, or may be inadequate to cover all losses resulting from such disruptions or failures. Disruptions or failures in our business structure or in the structure of one or more of our third-party vendors or service providers could interrupt the operations or increase the cost of doing business. The occurrence of any disruptions or failures impacting our or our third-party vendors’ or service providers’ operational or security systems, networks or infrastructure could result in a loss of customer business and expose us to additional regulatory scrutiny, civil litigation, and possible financial liability, any of which could adversely impact our results of operations, liquidity and financial condition, as well as cause reputational harm.

We face risks from cyber-attacks, information security breaches and other similar incidents that could result in the disclosure of confidential and other information (including personal information), all of which could adversely affect our business or reputation, and create significant legal and financial exposure.

In addition, to access our network, products and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks.

These may include, among other things, computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, malfeasance or improper access by employees or vendors,


			39

attacks on personal email of employees, hacking, terrorist activities, identity theft, social engineering, credential stuffing, account takeovers, insider threats, human error, fraud, or other similar incidents that could result in the unauthorized release, gathering, monitoring, misuse, misappropriation, loss, disclosure or destruction of confidential, personal, proprietary and other information of ours, our employees, our customers or of third parties, damage to our systems and networks or other material disruption of our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents.

Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. Even the most advanced internal control environment may be vulnerable to compromise. Targeted social engineering attacks and "spear phishing" attacks are becoming more sophisticated and are extremely difficult to prevent. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently and may not be recognized until launched or until well after a breach has occurred. While we generally perform cybersecurity diligence on our key vendors and service providers, because we do not control our vendors and service providers and our ability to monitor their cybersecurity is limited, we cannot ensure the cybersecurity measures they take will be sufficient to protect any information we share them. Due to applicable laws, regulations, rules, standards or contractual obligations, we may be held responsible for cyber-attacks, information security breaches or other similar incidents attributed to our vendors and service providers as they relate to the information we share with them.

We also face indirect technology, cybersecurity and operational risks relating to the customers, clients and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators and providers of critical infrastructure such as internet access and electrical power.

The security and integrity of these transactions are dependent upon retailers’ vigilance and willingness to invest in technology and upgrades. Despite third-party security risks that are beyond our control, we offer our customers protection against fraud and attendant losses for unauthorized use of debit cards in order to stay competitive in the marketplace. Offering such protection to our customers exposes us to potential losses which, in the event of a data breach at one or more retailers of considerable magnitude, may adversely affect our business, financial condition, and results of operations.

Although we believe that we have appropriate information security procedures and controls designed to prevent or limit the effects of a cyber-attack, information security breach or other similar incident, our or our customers’ and/or third parties’ systems, networks and infrastructure may be the target of cyber-attacks, information security breaches or other similar incidents


			40

that could result in the unauthorized release, accessing, gathering, monitoring, loss, destruction, modification, acquisition, transfer, use or other processing of our or our customers’ confidential, personal, proprietary and other information. Additionally, we may not be insured against all types of losses as a result of cyber-attacks, information security breaches and other similar incidents, and our insurer may deny coverage as to any future claim or insurance coverage may not be available on reasonable terms, or at all, or may be inadequate to cover all losses resulting from such incidents.

Hacking or other unauthorized disclosure of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful cyber-attack, information security breach or other similar incident could cause us serious negative consequences, including our loss of customers and business opportunities, significant disruption to our operations and business, misappropriation or destruction of our confidential, personal, proprietary or other information and/or that of our customers or other third parties, or damage to our or our customers’ and/or third parties’ systems, networks or infrastructure, and could result in a violation of applicable data privacy and cybersecurity and other laws, regulations, rules, standards and contractual obligations, litigation exposure, regulatory fines, penalties or intervention, remediation costs, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, remediation costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition.

The development and use of artificial intelligence by us or others, or our inability to effectively and timely implement its use, may adversely affect the Company.

The use of artificial intelligence (“AI”) in the banking industry is increasing. Our future success will depend, in part, upon our ability to invest in and use appropriate technology, which may include AI. We may selectively incorporate AI technology in certain business processes, fraud detection, services or products, including technologies that process sensitive financial and/or personal data. Additionally, our third-party vendors, clients or counterparties may develop or incorporate AI technology in their business processes, services or products. As with many developing technologies, AI presents risks and challenges that could affect its further development, adoption, and use, and therefore could adversely affect our business. We may not be able to implement the use of AI in an effective or timely way, thus adversely impacting our operations and our ability to compete with financial institutions which successfully and timely implement AI. The use of AI, particularly generative AI, may produce output or take action that is incorrect, that results in the release of private, confidential or proprietary information, that reflects biases or perceived biases included in the data on which AI models are trained, that produces output that is, or is perceived to be, discriminatory or unfair, that infringes on the intellectual property rights of others, or that is otherwise harmful. The legal and regulatory environment relating to these emerging technologies is uncertain and rapidly evolving and includes regulatory schemes targeted specifically at AI as well as provisions in intellectual property, privacy, consumer protection, employment, and other laws applicable to the use of these technologies. These evolving laws and regulations could require changes in our implementation of these emerging technologies and increase our compliance costs and the risk of non-compliance. While we have policies governing the use of AI applications or websites on the Company’s network, there can be no assurances that such policies will be effective in mitigating the risks associated with using AI technology. Furthermore, employees may intentionally or inadvertently violate our policies by using personally identifiable or nonpublic information, including sensitive client information, with AI technologies. Any of these risks relating to our use of AI, or its use by third parties with which we do business, could expose us to liability or adverse legal or regulatory consequences, competitive harm and brand or reputational harm, which could have an adverse effect on our business, financial condition or results of operations.

Our business could be adversely affected by fraud.

As a financial institution, we are inherently and consistently exposed to a wide variety of fraudulent activity, including but not limited to check fraud, card fraud, electronic and digital fraud, wire fraud, ATM machine compromise, person-to-person payment fraud, social engineering and phishing attacks. Fraudulent activity is becoming increasingly sophisticated and may evade the systems and controls that we have in place to monitor our operations. We have experienced, and could experience in the future, losses incurred due to third-party, customer or employee fraud and theft. Additionally, certain of our banking clients have experienced, and could experience in the future, financial fraud and related losses, often requiring our involvement and assistance. Losses in the future could be material, negatively affect our results of operations, financial condition, prospects or reputation.


			41

Our vendors may be responsible for failures that adversely affect our operations.

We use and rely upon many external vendors to provide us with day-to-day products and services essential to our operations. We are thus exposed to risk that such vendors will not perform as contracted or at agreed-upon service levels. The failure of our vendors to perform as contracted or at necessary service levels for any reason could disrupt our operations, which could adversely affect our business. In addition, if any of our vendors experience insolvency or other business failure, such failure could affect our ability to obtain necessary products or services from a substitute vendor in a timely and cost-effective manner or prevent us from effectively pursuing certain business objectives entirely. Our failure to implement business objectives due to vendor nonperformance could adversely affect our financial condition and results of operations.

We rely on information furnished by or on behalf of customers and counterparties in deciding whether to extend credit or enter into other transactions. This information could include financial statements, credit reports, and other financial information. We also rely on representations of those customers, counterparties, or other third parties, such as independent auditors, as to the accuracy and completeness of that information. Reliance on inaccurate or misleading financial statements, credit reports, or other financial information could have a material adverse impact on our business, financial condition and results of operations.

If we are unable to attract and retain experienced and qualified personnel, our ability to provide high quality service will be diminished, we may lose key customer relationships, and our results of operations may suffer.

We believe that our future success depends, in part, on our ability to attract and retain experienced personnel, including our senior management and other key personnel. Our business model is dependent upon our ability to provide high quality and personal service. In addition, as a holding company that conducts its operations through our subsidiaries, we are focused on providing entrepreneurial-based compensation to the chief executives of each our business units. As a Company with start-up and growth oriented operations, we are cognizant that to attract and retain the managerial talent necessary to operate and grow our businesses we often have to compensate our executives with a view to the business we expect them to manage, rather than the size of the business they currently manage. Accordingly, any executive compensation restrictions may negatively impact our ability to retain and attract senior management. The departure of a senior manager or other key personnel may damage relationships with certain customers, or certain customers may choose to follow such personnel to a competitor. If we fail to effectively manage the transition in the position of chief executive officer, our business, financial condition, results of operations, cash flows and reputation, as well as our ability to successfully attract, motivate and retain key employees, could be harmed.

Losses incurred in connection with actual or projected repurchases and indemnification payments related to mortgages that we have sold into the secondary market may exceed our financial statement reserves and we may be required to increase such reserves in the future. Increases to our reserves and losses incurred in connection with actual loan repurchases and indemnification payments could have a material adverse effect on our business, financial condition, results of operations or cash flows.

In connection with such sales, we make certain representations and warranties, which, if breached, may require us to repurchase such loans, substitute other loans or indemnify the purchasers of such loans for actual losses incurred in respect of such loans. We receive requests for loan repurchases and indemnification payments relating to the representations and warranties with respect to such loans. We have been able to reach settlements with a number of purchasers, and believe that we have established appropriate reserves with respect to indemnification requests. It is possible that the number of such requests will increase or that we will not be able to reach settlements with respect to such requests in the future. Accordingly, it is possible that losses incurred in connection with loan repurchases and indemnification payments may be in excess of our financial statement reserves, and we may be required to increase such reserves and may sustain additional losses associated with such loan repurchases and indemnification payments in the future. Increases to our reserves and losses incurred by us in connection with actual loan repurchases and indemnification payments in excess of our reserves could have a material adverse effect on our business, financial condition, results of operations or cash flows.


			42

Our business could be adversely affected by the occurrence of extraordinary events, such as acts of war, terrorist attacks, natural disasters and public health threats.

Such events could significantly impact the demand for our products and services as well as the ability of our customers to repay loans, affect the stability of our deposit base, impair the value of the collateral securing loans, adversely impact our employee base, cause significant property damage, result in loss of revenue, and cause us to incur additional expenses. Additionally, financial markets may be adversely affected by the current or anticipated impact of military conflict, including the war in Ukraine, the conflict between Israel and Hamas, terrorism or other geopolitical events. The occurrence or threat of any such extraordinary event could result in a material negative effect on our business and results of operations.

Risks Related to Ownership of Our Common Stock

Anti-takeover provisions could negatively impact our shareholders.

Certain provisions of our articles of incorporation, by-laws and Illinois law may have the effect of impeding the acquisition of control of Wintrust by means of a tender offer, a proxy fight, open-market purchases or otherwise in a transaction not approved by our board of directors. For example, our board of directors may issue additional authorized shares of our capital stock to deter future attempts to gain control of Wintrust, including the authority to determine the terms of any one or more series of preferred stock, such as voting rights, conversion rates and liquidation preferences. As a result of the ability to fix voting rights for a series of preferred stock, the board has the power, to the extent consistent with its fiduciary duty, to issue a series of preferred stock to persons friendly to management in order to attempt to block a merger or other transaction by which a third party seeks control, and thereby assist the incumbent board of directors and management to retain their respective positions. In addition, our articles of incorporation expressly elect to be governed by the provisions of Section 7.85 of the Illinois Business Corporation Act, which would make it more difficult for another party to acquire us without the approval of our board of directors.

The ability of a third party to acquire us is also limited under applicable banking regulations. The BHC Act requires any “bank holding company” (as defined in the BHC Act) to obtain the approval of the Federal Reserve prior to acquiring more than 5% of our outstanding common stock. Any person other than a bank holding company is required to obtain prior approval of the Federal Reserve to acquire 10% or more of our outstanding common stock under the Change in Bank Control Act of 1978. Any holder of 25% or more of our outstanding common stock, other than an individual, is subject to regulation as a “bank holding company” under the BHC Act. For purposes of calculating ownership thresholds under these banking regulations, bank regulators would generally take the position that the maximum number of shares of Wintrust common stock that a holder is entitled to receive pursuant to securities convertible into or settled in Wintrust common stock, including pursuant to any warrants to purchase Wintrust common stock held by such holder, must be taken into account in calculating a shareholder's aggregate holdings of Wintrust common stock.

These provisions may have the effect of discouraging a future takeover attempt that is not approved by our board of directors but which our individual shareholders may deem to be in their best interests or in which our shareholders may receive a substantial premium for their shares over then-current market prices. As a result, shareholders who might desire to participate in such a transaction may not have an opportunity to do so. Such provisions will also render the removal of our current board of directors or management more difficult.

UNRESOLVED STAFF COMMENTS

None.

CYBERSECURITY

Risk Management and Strategy

Like every major financial services institution, Wintrust faces significant and persistent cybersecurity risks. Whether in the form of data theft, ransomware, phishing, denial of service, or third-party vendor incidents, threat actors continue to become more sophisticated and escalate their efforts against financial institutions. At Wintrust, the Board of Directors and executive management are committed to devoting the necessary resources into monitoring, detecting, preventing and mitigating


			43

cybersecurity risk. As a regulated financial institution, we are required to comply with various regulations applicable to cybersecurity, as well as guidance issued by our regulators, and our cybersecurity program closely tracks to those requirements. Additionally, Wintrust leverages global cybersecurity standards as general guides, including the National Institute of Standards and Technology (“NIST”) Cybersecurity Framework.

Cybersecurity oversight begins with the Information Technology & Information Security Committee (“IT/IS Committee”) of the Wintrust Board of Directors. The Wintrust Chief Security Officer (“CSO”) and designated officers under his supervision oversee the cybersecurity program. The CSO has a dual reporting structure, reporting to both the IT/IS Committee and the Vice Chairman/Chief Operating Officer of Wintrust. The CSO and his designated officers have extensive industry experience and manage a team of skilled professionals with cybersecurity expertise. This team governs our cybersecurity program that follows NIST cybersecurity framework components of Govern, Identify, Protect, Detect, Respond and Recover. Our cybersecurity program employs a wide range of technological, administrative, and physical security measures designed to address the confidentiality, integrity, and availability of the information and data of both Wintrust and our customers. We have established policies, processes and procedures to monitor, report and respond to suspected or actual security events. A critical function of the cybersecurity program is the Security Operations Center, which is constantly monitoring Wintrust systems to detect threats. If any credible threats are detected, the Security Operations Center notifies the CSO and the appropriate response plan is initiated. The CSO will advise executive management and other relevant stakeholders as necessary. We coordinate with our third parties and vendor partners through assessments and due diligence reviews before sharing or allowing the hosting or processing of data. We also work with our outside partners to investigate security events that may have impacted our business or data, and to leverage lessons learned during those investigations. In addition, we contractually require our third-party service providers that possess or process any Wintrust or customer information to adhere to certain security requirements, controls and responsibilities based on the risk profile of the relationship.

Wintrust also recognizes that individual employees are frequent targets of threat actors. We regularly engage with employees on the importance of protecting the information and data of Wintrust, our customers and employees through monthly newsletters, poster campaigns and other formal communications. If specific threats are identified, management may communicate those threats directly to employees for heightened awareness. Our cybersecurity program requires employees to review information security policies annually, complete multiple cybersecurity training courses throughout the year, and participate in monthly mock phishing campaigns. We also communicate with our customers about their role in enhancing cybersecurity and protecting their identities and data.

Governance

Besides our dedicated cybersecurity team, Wintrust’s risk management and internal audit teams provide additional review of its approach to cybersecurity. Our governance program maintains policies and standards, which are verified through risk-based assessments, reviews and testing. The CSO reports at regular intervals to the Wintrust Enterprise Risk Management Committee, the IT/IS Committee, and the Audit Committee of the Wintrust Board of Directors, as well as the full Wintrust Board of Directors, as necessary. The Audit Committee receives an annual review that includes enhancements to the cybersecurity program and management’s progress on its cybersecurity strategic roadmap. In addition, the Board of Directors receives quarterly cybersecurity reports, which include a review of key risk indicators, test results and related remediation, and an overview of recent threats and how the Company is managing those threats. For more information on the material risks that cybersecurity threats pose to us, please see our risk factor disclosures under Item 1A of this Annual Report on Form 10-K.

Notwithstanding the extensive approach we take to cybersecurity, Wintrust continues to face risks and accompanying threats that could have a material adverse effect on the enterprise. We work to manage these risks and threats on a daily basis. To date, we have not realized any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, that have, or are reasonably likely to, materially affect us, our business strategy, results of operation or financial condition. We continue to invest in our cybersecurity program, the resiliency of our environment and work to enhance our internal controls.

Protection of Client Information

Data privacy and cybersecurity laws and regulations concerning the collection, storage, handling, use, disclosure, transfer, protection and other processing of client information (including personal information) affect many aspects of the Company’s business, and are continuing to evolve.


			44

We are, or may in the future become, subject to a variety of complex federal, state and local laws, regulations, rules and standards regarding data privacy and cybersecurity, including the privacy and information safeguarding provisions of the Gramm-Leach-Bliley Act (“GLB Act”), the Fair Credit Reporting Act (“FCRA”) and the amendments adopted by the Fair and Accurate Credit Transactions Act of 2003, as well as various state laws and regulations. The GLB Act also requires financial institutions to implement a comprehensive information security program that includes administrative, technical and physical safeguards to ensure the security and confidentiality of customer information. In accordance with these requirements, we and each of our banks and operating subsidiaries provide a written privacy notice to each affected customer when the customer relationship begins and, to the extent required, on an annual basis. We and/or each of the banks and operating subsidiaries may need to amend our privacy policies and adapt our internal procedures in the event that these legal requirements, or the regulators’ interpretation of them, change, or if new requirements are added. Additionally, the federal banking regulators, as well as the SEC and related self-regulatory organizations, regularly issue guidance regarding cybersecurity that is intended to enhance cyber risk management among financial institutions.

Like other lenders, the banks and several of our operating subsidiaries use credit bureau data in their underwriting activities.

For more information regarding the risks associated with data privacy and cybersecurity laws and regulations, see “We are subject to complex and evolving laws, regulations, rules, standards and contractual obligations regarding data privacy and cybersecurity, which could increase the cost of doing business, compliance risks and potential liability” and “We face risks from cyber-attacks, information security breaches and other similar incidents that could result in the disclosure of confidential and other information (including personal information), all of which could adversely affect our business or reputation, and create significant legal and financial exposure” under Risk Factors in Item 1A.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
AVPT	2 hours ago
NXRT	2 hours ago
SRE	2 hours ago
CABO	2 hours ago
TPC	2 hours ago
BPAC	2 hours ago
WERN	2 hours ago
SDRL	2 hours ago
CHRD	2 hours ago
RYTM	2 hours ago
STEL	2 hours ago
FLOC	2 hours ago
WRBY	2 hours ago
XRAY	2 hours ago
EIG	2 hours ago
DXPE	2 hours ago
AA	2 hours ago
MKL	2 hours ago
ENOV	2 hours ago
MTCH	2 hours ago
KNTK	2 hours ago
WHD	2 hours ago
VCTR	2 hours ago
AUB	2 hours ago
MP	2 hours ago
AMPH	2 hours ago
PBYI	2 hours ago
PJT	2 hours ago
GPCR	2 hours ago
BUSE	2 hours ago
NABL	2 hours ago
Q	2 hours ago
REAL	2 hours ago
DGX	2 hours ago
MTZ	2 hours ago
CTKB	2 hours ago
KGS	2 hours ago
DNA	2 hours ago
ALTG	2 hours ago
WTFC	2 hours ago
NNI	2 hours ago
DEC	2 hours ago
BKU	2 hours ago
VCYT	2 hours ago
JANX	2 hours ago
SHAK	2 hours ago
COLB	2 hours ago
RKLB	2 hours ago
ACRS	2 hours ago
SITC	2 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - WTFC

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - WTFC

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing