Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - ZION
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors, and other SEC filings.
Cybersecurity risk is overseen by the Board and the Bank’s multiple lines of defense, including front-line bankers, operations teams, Enterprise Risk Management (“ERM”), and internal audit. Information security risk is managed in accordance with an established ERM framework, which includes elements such as key risk indicators, enterprise standards, controls, and self-assessments that comply with established ERM policies. These elements are regularly assessed, measured, and reported to Board-level and Bank senior management-level risk committees, and those committees review such reports.The ROC is responsible for reviewing reports from management related to enterprise-wide risk management efforts, including cybersecurity risks. As part of this oversight, the ROC conducts an annual review and approval of information security policies and programs, and receives regular updates on key risk indicators, threat trends, risk remediation activities, and operational events. As part of that oversight, the ROC performs an annual review and approval of information security policies and programs, and receives regular updates on key risk indicators, threat trends, risk remediation activities, and operational events. The ROC regularly reports on this oversight, including cybersecurity, to the Board. Management employs multiple real-time and interval-based monitoring and reporting mechanisms to detect and respond to cybersecurity incidents, and may also engage third parties to assist in these efforts. Documented escalation procedures are regularly tested through tabletop exercises and other activities, including notification to executive management during qualifying cybersecurity incidents. Documented escalation procedures are tested regularly as part of tabletop exercises and other activities and include notification to executive management during qualifying cybersecurity incidents. Management directly responsible for assessing, measuring, and managing cybersecurity risks include the Chief Information Security Officer (“CISO”) and the Chief Technology and Operations Officer (“CTOO”) . The current CISO has more than 20 years of technology leadership experience, including significant direct involvement in cybersecurity efforts, and holds multiple industry certifications. The current CTOO has more than 25 years of experience in audit, risk, operations, and technology leadership, including previous roles as Chief Audit Executive and Director of Bank Operations. The CTOO has more than 25 years of audit, risk, operations, and technology leadership experience, including prior assignments as the Bank’s Chief Audit Executive and Director of Bank Operations. The CISO and CTOO regularly report cybersecurity risk information to the Board or a Board committee . We engage multiple independent third parties and cyber experts to assess our information security programs and practices. These assessments include, but are not limited to, framework maturity assessments, blind penetration testing, technology health checks, cyber skill and staffing assessments, externally facilitated tabletop exercises, external cyber legal counsel briefings, and strategic assessments. Findings from these assessments are regularly reviewed with management and the ROC. Additionally, we participate in various cybersecurity industry forums and have access to law enforcement analysis regarding current threats.
We caution against undue reliance on forward-looking statements, which reflect our views only as of their date of issuance. Except as required by law, we specifically disclaim any obligation to update any factors or publicly announce revisions to forward-looking statements to reflect future events or developments.
ITEM 1. BUSINESS
DESCRIPTION OF BUSINESS
Zions Bancorporation, National Association (“Zions Bancorporation, N.A.,” “the Bank,” “we,” “our,” “us”) is a bank headquartered in Salt Lake City, Utah with annual net revenue (net interest income and noninterest income) of $3.1 billion in 2024, and total assets of approximately $89 billion at December 31, 2024. We provide a wide range of banking products and related services, primarily in the states of Arizona, California, Colorado, Idaho, Nevada, New Mexico, Oregon, Texas, Utah, Washington, and Wyoming. We had more than one million customers at year-end 2024, served by 404 branches and various online, mobile, and digital offerings. We had 9,406 full-time equivalent employees at December 31, 2024.
We conduct our operations primarily through seven separately managed and geographically defined bank divisions, which we refer to as “affiliates,” or “affiliate banks,” each with its own local branding and management teams. These affiliate banks constitute our primary business segments as referenced throughout this document. We emphasize local authority, responsibility, pricing, and customization of certain products to maximize customer satisfaction and strengthen community relations. Our affiliate banks are supported by an enterprise operating segment (referred to as the “Other” segment) that provides governance and risk management, allocates capital, establishes strategic objectives, and includes centralized technology, back-office functions, and certain lines of business not operated through our affiliate banks.
For more information about our segments, see “Business Segment Results” in Management’s Discussion and Analysis (“MD&A”) on page 43 and Note 22 of the Notes to Consolidated Financial Statements.
5
PRODUCTS AND SERVICES
We strive to develop long-lasting relationships with our customers by providing competitive products and high-quality service. Building and sustaining these relationships is essential to understanding and meeting our customers’ needs. Some of the products and services we provide, whether delivered digitally or by other means, include:
Commercial and Small Business Banking
We serve a wide range of commercial customers, generally small- and medium-sized businesses. Products and services we provide to our commercial and small business banking customers include:
•Commercial and industrial and owner-occupied lending and leasing;
•Municipal and public finance services;
•Depository account and cash management services;
•Commercial and small business cards, as well as merchant processing services;
•Corporate trust services; and
•Correspondent banking and international lending services.
Capital Markets and Investment Banking
We provide customized financing solutions to help our customers raise capital efficiently, execute strategic transactions, and manage exposure to financial markets. Capital markets products and services include:
•Loan syndications;
•Interest rate derivatives and foreign exchange services;
•Fixed income securities underwriting;
•Advisory and capital raising;
•Commercial mortgage-backed security (“CMBS”) conduit lending; and
•Power and project financing.
Commercial Real Estate Lending
We provide lending products secured by commercial real estate to borrowers that include:
•Term and construction/land development financing, including the following collateral types:
◦Commercial multifamily, industrial, and office; and
◦Residential single family, community development, and affordable housing.
Retail Banking
We provide quality retail banking products and services to our customers that include:
•Residential mortgages;
•Home equity lines of credit;
•Personal lines of credit and installment consumer loans;
•Depository account services;
•Consumer cards; and
•Personal trust services.
Wealth Management
We offer various wealth management products and services to customers. Our planning-driven offerings, combined with high-touch service and sophisticated asset management capabilities, have resulted in continued growth in assets under management. Additional offerings to our wealth management customers include:
•Investment management services;
•Fiduciary and estate services; and
•Advanced business succession and estate planning services.
6
COMPETITION
We operate in a highly competitive environment. Our primary competition for loans, deposits, and other banking services generally comes from commercial banks, credit unions, financial technology companies (“fintechs”), and private credit or debt funds. Some of these financial institutions do not have a physical presence in our market footprint, but solicit business via the internet and other means. We also compete with finance companies, mutual fund companies, insurance companies, brokerage firms, securities dealers, investment banking companies, other nontraditional lending and banking companies, and various other types of companies. Some of our competitors may face fewer regulatory constraints, and have greater capabilities to develop, implement, and offer innovative financial services and technologies. They may also benefit from lower cost structures, taxes, and regulatory burdens.
Our key differentiators include the quality of service delivered, our local community knowledge, the convenience of branch and office locations, the wide range of products and services offered, and the overall relationships with our customers. We strive to compete effectively in all these areas to remain successful.
SUPERVISION AND REGULATION
The banking and financial services business in which we operate is highly regulated. These regulations are designed to promote the safety, soundness, and stability of banking and financial institutions, and to protect the interests of customers, depositors, communities, the Deposit Insurance Fund, and the banking and financial system as a whole. Generally, these regulations are not intended to protect shareholders, investors, or non-depositor creditors. Banking laws and regulations have granted federal banking regulators expanded powers over many aspects of the financial services industry, which have reduced, and may continue to reduce, returns earned by shareholders. Additionally, changes in applicable laws or regulations, and in their application by regulatory agencies, are unpredictable and may have a material effect on our business and results.
General
We are governed by the provisions of the National Bank Act and other statutes applicable to national banks, as well as the rules and regulations of the Office of the Comptroller of the Currency (“OCC”), the Consumer Financial Protection Bureau (“CFPB”), and the Federal Deposit Insurance Corporation (“FDIC”). Additionally, we and some of our subsidiaries are subject to regulation by other federal and state agencies. These regulatory agencies may exert considerable influence over our activities through their supervisory and examination roles. Our brokerage and investment advisory subsidiaries are regulated by the Securities and Exchange Commission (“SEC”), Financial Industry Regulatory Authority (“FINRA”), and state securities regulators.
The National Bank Act
Our corporate affairs are governed by the National Bank Act, with related regulations administered by the OCC. In terms of securities matters, we are not subject to the Securities Act of 1933 (“Securities Act”), but are subject to OCC regulations governing securities offerings. Our common stock and certain other securities are registered under the Securities and Exchange Act of 1934 (“Exchange Act”), which grants the OCC the authority to administer and enforce certain sections of the Exchange Act applicable to national banks. Despite this, we continue to make filings required by the Exchange Act with the SEC as a voluntary filer. The statutory and regulatory frameworks applicable to us as a national bank are not as well developed as the corporate and securities law frameworks that apply to many other publicly held companies.
Capital Standards – Basel Framework
At December 31, 2024, we exceeded all capital adequacy requirements under the Basel III capital rules, which include specific risk-based capital and leverage ratio requirements prescribed by the OCC. The Basel III capital rules define the components of capital and other factors, such as risk weights, which affect banking institutions’ regulatory capital ratios.
The Basel III capital rules require us to maintain certain minimum capital ratios, as well as a 2.5% “capital conservation buffer,” designed to absorb losses during periods of economic stress. This buffer is composed entirely
7
of common equity Tier 1 (“CET1”). Financial institutions with a CET1 to risk-weighted assets ratio above the minimum, but below the capital conservation buffer, face constraints on dividends, equity repurchases, and compensation based on the amount of the shortfall. The severity of these constraints depends on the shortfall amount and the institution’s “eligible retained income,” defined as the greater of (1) net income for the four preceding quarters, net of distributions and associated tax effects not reflected in net income, or (2) average net income over the preceding four quarters.
For more information about our capital ratios, see “Capital Management” in MD&A on page 77.
Prompt Corrective Action
The Federal Deposit Insurance Corporation Improvement Act (“FDICIA”) requires each federal banking agency to take prompt corrective action to address identified issues in insured depository institutions, particularly those that fall below one or more prescribed minimum capital ratios. Under FDICIA, the FDIC has established regulations defining five categories for insured depository institutions based on their capital ratios: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized, and critically undercapitalized.
According to the prompt corrective action provisions of FDICIA, as modified by the Basel III capital rules, an insured depository institution is generally classified as well capitalized if it has a CET1 ratio of at least 6.5%, a Tier 1 risk-based capital ratio of at least 8%, a total risk-based capital ratio of at least 10%, and a Tier 1 leverage ratio of at least 5%. Conversely, an insured depository institution is generally classified as undercapitalized if it has a CET1 ratio of less than 4.5%, a Tier 1 risk-based capital ratio of less than 6%, a total risk-based capital ratio of less than 8%, and a Tier 1 leverage ratio of less than 4%.
An institution classified as well capitalized, adequately capitalized, or undercapitalized, may be treated as though it were in the next lower capital category if the appropriate federal banking regulator, after notice and opportunity for a hearing, determines that an unsafe or unsound condition, or an unsafe or unsound practice, warrants such treatment. At each successive lower capital category, an insured depository institution faces more restrictions and prohibitions, including limitations on growth, interest rates paid on deposits, acceptance of brokered deposits, and payment of dividends. Furthermore, if a bank is classified in one of the undercapitalized categories, it is required to submit a capital restoration plan to the federal banking regulator.
The following schedule presents minimum capital ratio and capital conservation buffer requirements, our capital ratios at December 31, 2024, and the minimum requirements to be well capitalized:
MINIMUM CAPITAL RATIO AND CAPITAL CONSERVATION BUFFER REQUIREMENTS
8
Regulatory Developments
Resolution and Recovery Planning
Effective October 1, 2024, the FDIC revised its rule regarding the resolution planning requirements for insured depository institutions with $50 billion or more in total assets. Beginning in 2025, banks with $100 billion or more in total assets that are not affiliates of U.S. global systemically important banking organizations (“covered banks”) are required to submit full resolution plans with an identified resolution strategy every three years. Banks with $50 billion to $100 billion in total assets are required to submit more limited information triennially. The guidance also requires these banks to file interim supplemental information regarding their resolution planning in off-cycle years. We expect to file our first informational submission in late 2025.
In October 2024, the OCC issued a final rule amending its recovery planning guidelines for insured national banks. The guidelines require covered banks to develop and maintain a recovery plan tailored to their size, risk profile, activities, and complexity, including their organizational and legal entity structure. The recovery plan, subject to annual testing to validate its effectiveness, should consider both financial and non-financial risks and include elements such as: (1) a range of credible options to restore financial strength and viability, allowing the bank to continue operating as a going concern, and (2) an analysis of how each recovery option might affect capital, liquidity, and funding. We would be required to comply with these guidelines within 12 months after becoming a covered bank.
Basel III Endgame
In July 2023, federal banking regulators issued a proposal to implement the Basel Committee on Banking Supervision’s finalization of the post-crisis bank regulatory capital reforms. Commonly referred to as the “Basel III Endgame,” this proposal would significantly revise the capital requirements for large banking organizations, defined as those with $100 billion or more in total assets. At December 31, 2024, we had $88.8 billion in total assets and do not currently qualify as a large banking organization.
Under the proposal, if our total assets were to increase to $100 billion or more, we would be required to: (1) include certain components of accumulated other comprehensive income (“AOCI”), such as unrealized gains and losses on available-for-sale (“AFS”) securities, in regulatory capital and be subject to increased limitations on deferred tax assets (“DTAs”) as a percent of CET1, (2) hold capital for operational risk and market risk, and (3) calculate risk-based capital ratios under both the standardized approach and the expanded risk-based approach. The Federal Reserve has indicated its intention to collaborate with the other federal banking regulators on a revised proposal in 2025.
Long-term Debt
In August 2023, federal banking regulators issued a proposal to expand the long-term debt requirement to all banks with $100 billion or more in total assets. The proposed rule requires these banks to maintain a minimum outstanding amount of eligible long-term debt that is the greatest of (1) 6% of total risk-weighted assets, (2) 2.5% of total leverage exposure, and (3) 3.5% of average total assets. Under the proposal, if our total assets were to increase to $100 billion or more, we would have a three-year implementation period to issue the necessary debt and meet other requirements. If adopted as proposed, and assuming our assets and liabilities remain largely consistent with those at December 31, 2024, the estimated amount of incremental debt required to meet the new requirements would be approximately $3.1 billion, to be issued over the three-year phase-in period. We anticipate that the issuance of incremental debt would replace other sources of funding, with the timing of any issuance influenced by economic factors and associated borrowing costs.
FDIC Special Assessment
In November 2023, the FDIC issued a final rule to implement a special assessment pursuant to a systemic risk determination to recover the costs associated with protecting uninsured depositors following the closures of Silicon Valley Bank and Signature Bank in early 2023. Using an assessment base equal to the estimated amount of uninsured deposits above $5 billion at December 31, 2022, the FDIC initially expected to collect the special
9
assessment from banks at an annual rate of approximately 13.4 basis points (“bps”) for an anticipated eight quarterly assessment periods, beginning with the second quarter of 2024.
In June 2024, the FDIC announced that the special assessment would be collected at a lower rate for an additional two quarterly assessment periods, totaling ten periods. During 2023 and 2024, we recorded approximately $101 million in deposit insurance and regulatory expense related to the FDIC special assessment.
Capital Planning and Stress Testing
We use stress testing as an important tool to inform our decisions on the appropriate level of capital to maintain, based on hypothetically stressed economic conditions, comparable in severity to the scenarios published by the Federal Reserve Board (“FRB”). Our most recent internal stress test included hypothetical scenarios that reflected: (1) high inflation, (2) declining commercial property values, (3) increased losses on commercial loans due to declining asset values and slowing economic activity, (4) increased losses on consumer loans due to falling home prices, (5) rising unemployment, and (6) other current economic, financial, and social disruptions. The results of our stress test indicated that we would maintain capital ratios in excess of regulatory minimum and capital conservation buffer requirements throughout the nine-quarter horizon for the hypothetical stress test.
Liquidity
We utilize internal liquidity stress tests as a primary tool for establishing and managing liquidity guidelines. These guidelines encompass holdings of investment securities and other liquid assets, levels of readily available contingency funding, concentrations of funding sources, and the maturity profile of liabilities. At December 31, 2024, our sources of liquidity exceeded our uninsured deposits without the need to sell any investment securities. We continue to actively manage our deposit base and associated deposit costs in response to changes in the interest rate environment.
For more information about our liquidity profile, see “Liquidity Risk Management” in MD&A on page 73.
Financial Privacy and Cybersecurity
The federal legislature and federal banking regulators have implemented laws and rules governing the use of consumer information by banks and other financial institutions, including provisions of the Gramm-Leach-Bliley Act. These laws and rules limit the ability of banks and financial institutions to disclose nonpublic information about consumers to unaffiliated third parties, require financial institutions to disclose privacy policies to consumers and, in some circumstances, allow consumers to prevent disclosure of certain personal information to unaffiliated third parties. These regulations also affect how consumer information is transmitted through diversified financial companies and conveyed to outside suppliers.
Additionally, consumers may prevent the disclosure of certain information among affiliated companies that is assembled or used to determine eligibility for a product or service, such as information shown on consumer credit reports and asset and income information from applications. Consumers also have the option to direct banks and financial institutions not to share information about transactions and experiences with affiliated companies for marketing purposes. Federal law makes it a criminal offense, except in limited circumstances, to obtain or attempt to obtain customer information of a financial nature by fraudulent or deceptive means.
Federal and state regulators have been increasingly active in implementing privacy and cybersecurity standards and regulations. For example, SEC rules require timely disclosure of material cybersecurity incidents and description of cybersecurity risk management, strategy, and governance. Additionally, in recent years, a growing number of states, including those in which we conduct business, have enacted, or are considering enacting, laws and regulations that grant consumers enhanced privacy rights and control over personal information, establish or modify data breach notification requirements, and require certain financial institutions to implement detailed and prescriptive cybersecurity programs. Data and cybersecurity laws and regulations are evolving rapidly and remain a focus of state and federal legislators and bank regulators.
10
Open Banking
In October 2024, the CFPB issued a final rule under Section 1033 of the Dodd-Frank Act. The rule imposes new data access requirements on various parties in the financial ecosystem, including financial institutions, data aggregators, and businesses authorized by consumers to access information on their behalf. Among other requirements, the rule requires certain entities, including the Bank, to make available to consumers, upon request, information in their control or possession regarding the consumer financial products or services obtained from the Bank.
The rule also requires data providers, such as the Bank, to establish a developer interface that meets specific security specifications. This interface will allow data providers to receive requests for and provide specific types of data covered by the rule in an electronic, usable form to authorized third parties, including data aggregators. The current compliance deadline for a bank our size is April 1, 2027. We are preparing to comply with the rule, although it is currently the subject of several lawsuits that may affect its implementation.
Other Regulations and Proposals
We are subject to a wide range of requirements and restrictions contained in both federal and state laws. These regulations and proposals include, but are not limited to, the following:
•Limitations on Dividends Payable to Shareholders — Our ability to pay dividends on both our common and preferred stock is subject to regulatory restrictions. See Note 15 of the Notes to Consolidated Financial Statements for additional information.
•Safety and Soundness Standards — Prescribed in FDICIA, these standards relate to internal controls, information systems, internal audit, loan documentation, credit underwriting, interest rate exposure, asset growth, compensation, and other operational and management standards deemed appropriate by federal banking regulators.
•Approval of Acquisitions and Restrictions on Other Activities — The National Bank Act requires regulatory and shareholder approval of all mergers between a national bank and another national or state bank and does not allow for the direct merger into a national bank of an unaffiliated nonbank. See further discussion in “Risk Factors.” Other laws and regulations governing national banks contain similar provisions concerning acquisitions and activities.
•Limits on Interchange Fees — Imposed under the Dodd-Frank Act, these rules require interchange transaction fees for electronic debit transactions to be reasonable and proportional to transaction processing costs. In October 2023, the Federal Reserve proposed revising Regulation II to lower the maximum permitted debit interchange fee by almost 30% and instituting a biennial review of the cap without public comment. This proposal is the subject of litigation, which may delay or affect its outcome. If finalized as proposed, the revised regulation could reduce our fee income by approximately $10 million or more per year.
•Limitations on Loans — Restrictions on the dollar amount of loans made to a borrower and its affiliates.
•Limitations on Transactions with Affiliates.
•Limitations on Investments and Securities — Restrictions on the nature and amount of any investments and the ability to underwrite certain types of securities (e.g., common equity).
•Branches — Requirements for opening and closing of branches.
•Consumer Protection Laws — A number of federal and state consumer protection laws, including fair lending and truth in lending requirements, provide equal access to credit and protect consumers in credit transactions. As a bank with $10 billion or more in total assets, we are subject to examination and primary enforcement authority with respect to consumer financial laws by the CFPB, which has broad rule making, supervisory, and enforcement powers under various federal consumer financial protection laws. These rules and regulations often reduce bank revenues and returns earned by shareholders. For example, the CFPB recently extended certain truth in lending requirements to overdraft fees and has proposed placing other restrictions on various fees routinely charged by banks related to providing financial services to customers.
11
•Community Reinvestment Act (“CRA”) — The CRA requires that banks address the credit needs of their communities, including providing credit to low- and moderate-income individuals. Failure to adequately serve our communities may result in penalties, such as denials of applications to add branches, relocate, add subsidiaries and affiliates, or merge with or acquire other financial institutions. Federal banking regulators recently finalized rules that significantly overhaul the evaluation framework used to assess a bank’s performance and compliance with CRA requirements. These changes may make it more challenging for banks to achieve satisfactory ratings. Currently, these new rules are subject to challenge in federal court by several financial services industry trade associations. The court has blocked enforcement against the plaintiffs while the case is pending.
•Compensation Requirements — Requirements regarding the time, manner, and form of compensation given to key executives and other personnel receiving incentive compensation, including requirements related to the SEC’s rule on pay versus performance disclosures, and other rules regarding the clawback of executive pay in certain circumstances involving accounting restatements. These restrictions include documentation and governance, deferral, risk-balancing, and the aforementioned clawback requirements. Any deficiencies in compensation practices may be incorporated into supervisory ratings, which can affect our ability to make acquisitions or engage in certain other activities, or could result in regulatory enforcement actions.
•Anti-Money Laundering (“AML”) Regulations — The Bank Secrecy Act (“BSA”), Title III of the Uniting and Strengthening of America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (“USA Patriot Act”), and other federal laws require financial institutions to assist U.S. government agencies in detecting and preventing money laundering and other illegal acts by maintaining policies, procedures, and controls designed to detect and report money laundering, terrorist financing, and other suspicious activity. Federal law grants broad enforcement powers to federal banking regulators and other government agencies with respect to AML, BSA, and Office of Foreign Assets Control (“OFAC”) laws and regulations, including the ability to assess significant civil or criminal monetary penalties and restitution and issue cease and desist or similar orders.
•Tax laws — Tax laws of the U.S., its states, and other jurisdictions where we conduct business.
We are also subject to the Sarbanes-Oxley Act of 2002, certain provisions of the Dodd-Frank Act, and other federal and state laws and regulations. These regulations address various matters, including corporate governance, auditing and accounting, internal controls over financial reporting, and enhanced and timely disclosure of corporate information.
Sustainability standards and related concerns, including those associated with global climate change, continue to evolve and have become increasingly prominent in recent years. We are closely monitoring developments in standards published by sustainability interest groups and organizations, as well as proposed regulatory initiatives and expectations relating to these issues. We strive to enhance our business by incorporating sustainable practices that we believe will benefit our investors, customers, employees, and communities. Examples include: our LEED Platinum-certified technology campus and other LEED-certified facilities, water conservation systems, use of remote deposit capture and electronic forms and signatures, financing renewable energy and energy efficiency projects, and subsidizing employee use of public transportation.
In addition to proposed and evolving rulemaking by federal banking regulators, such as their principles designed to help large financial institutions manage their exposure to climate-related risks, many states have adopted, or are considering, laws that address climate and social issues. For example, the state of California has enacted comprehensive climate-related disclosure laws that will require large entities doing business in the state, including the Bank, to measure and disclose greenhouse gas (“GHG”) emissions and publish biennial reports beginning in January 2026. These reports will disclose climate-related financial risks and measures adopted to reduce and adapt to those risks.
Among other requirements, the California climate-related disclosure laws require the public disclosure of GHG emissions from our operations (Scope 1) and indirect GHG emissions from our energy use (Scope 2) beginning in 2026, and our indirect upstream and downstream supply-chain GHG emissions (Scope 3) starting in 2027. These
12
laws will increase our compliance costs and may include provisions that conflict with other state and federal regulations, or limit our ability to conduct business in certain jurisdictions.
We publish an annual Corporate Responsibility Report that provides a summary of how we address these issues. The report is available on our website.
Corporate Governance
Our Board of Directors (“Board”) has overseen management’s establishment of a comprehensive system of corporate governance and risk management practices. This system includes frameworks, policies, and guidelines, such as the following:
•Corporate Governance Guidelines;
•A Code of Business Conduct and Ethics for Employees;
•A Director’s Code of Conduct;
•A Risk Management Framework;
•A Related Party Transaction Policy;
•Incentive Compensation Recoupment and Clawback Policies;
•Stock Ownership and Retention Guidelines;
•An Insider Trading Policy; and
•Charters for our Executive, Audit, Risk Oversight, Compensation, and Nominating and Corporate Governance Committees.
More information on our corporate governance practices is available on our website at zionsbancorporation.com. Our website is not part of this Form 10-K.
HUMAN CAPITAL MANAGEMENT
We are committed to identifying, recognizing, and creating fulfilling opportunities for our employees, and rewarding them for their contributions to our success. We continue to focus on enhancing our brand in the markets we serve to attract and retain a high-performing workforce, which is essential for our long-term success and value creation for our investors.
At December 31, 2024, we had 9,406 full-time equivalent employees. Approximately 58% of our associates were women, and 38% self-identified as a part of a minority demographic. We provide additional transparency into our workforce demographics by disclosing our Equal Employment Opportunity results in our Corporate Responsibility Report, which is available on our website.
The following objectives and initiatives are integral to our human capital management efforts:
Cultivating an environment where everyone is respected and valued
We are committed to providing growth, development, and leadership opportunities to all employees. Our commitment is to maintain a workplace where everyone is treated with respect and fairness, based on their qualifications and abilities, ensuring that the Bank is a place where everyone counts.
We embrace differences while finding common ground and focusing on things that unite us. Our Everyone Counts Council coordinates the related efforts of our affiliates and enterprise employee groups, providing executive management with goals and recommendations for continuous improvement.
Our initiatives include employee business forums, mental health programs, and a broad range of employee and regional events. Throughout the organization, the employee business forums, which are open to all employees, foster a sense of community and enable greater connectivity and support among employees and the communities in which we operate.
13
We believe that our performance is stronger when we draw upon the talents and experience of a diverse team of employees. The in-person exchange of ideas and viewpoints, in both formal and informal settings, improves productivity and cultivates a strong corporate culture while offering flexibility to balance personal needs.
Attracting, developing, and retaining talent for long-term success
We are committed to (1) attracting, developing, and retaining the most qualified individuals to serve the diverse markets in which we operate, (2) helping our employees grow in their careers, and (3) actively building a pipeline of talent for future leadership opportunities. As we attract and hire talent, we proactively consider the demand for competencies that will be needed within the workforce of the future.
Consistent with our strategic objectives, we invest in training our employees and in providing them with the tools and resources to build their capabilities. We offer more than 1,500 virtual, in-person, expert-led, and pre-recorded or self-paced learning options, enabling employees to create custom learning plans for personal and professional development. In 2024, we hosted more than 1,000 training experiences to support employees, build new skills, and assist in career advancement. Our offerings include new manager programs, tuition reimbursement, education sponsorship opportunities, job shadowing, coaching, and formal mentoring programs.
Our talent development program and individual development plans focus on education, experience, and exposure to help create well-rounded, highly skilled, and successful employees. We are also mindful of the continued competition for talent in the labor market. We continuously analyze relevant metrics related to employee recruiting and turnover, which will continue to impact wages and flexible work arrangements.
Recognizing, engaging, and rewarding our employees
Our comprehensive rewards and recognition programs are designed to reward high performance, improve retention, and enrich the employee experience through meaningful recognition and growth opportunities. We offer upside opportunities for those who take accountability for business objectives, enabling us to achieve superior results while mitigating risk.
We routinely assess pay equity across our organization to ensure fair compensation for all employees. Every two years, we engage an independent third party to review our pay equity. The most recent review, which accounted for variables such as education, experience, performance, and geography, found no meaningful differences in pay levels across our workforce. We remain committed to fair and equitable compensation for all our employees.
Our employees regularly provide feedback through enterprise outreach and engagement forums, including quarterly leadership calls, biannual employee opinion surveys, town hall meetings, and targeted focus groups. These forums facilitate stronger relationships with managers, clarify organizational purpose and goals, and reinforce our Guiding Principles and Code of Business Conduct and Ethics.
ITEM 1A. RISK FACTORS
We generate revenue and grow our businesses by taking prudent and well-managed risks. These risks are outlined in our Risk Management Framework. The Board has established an Audit Committee, a Compensation Committee, a Risk Oversight Committee (“ROC”), and appointed an Enterprise Risk Management Committee (“ERMC”) to oversee and implement the Risk Management Framework. Our Board has established an Audit Committee, a Compensation Committee, a Risk Oversight Committee (“ROC”), and appointed an Enterprise Risk Management Committee (“ERMC”) to oversee and implement the Risk Management Framework. The ERMC is comprised of senior management and is chaired by the Chief Risk Officer. These committees monitor various risk areas, such as credit, interest rate and market, liquidity, strategic and business, operational, technology, cybersecurity, capital/financial reporting, legal/compliance (including regulatory), and reputational risks, as outlined in our risk taxonomy.
We have developed comprehensive policies, procedures, and controls to address these risks. However, we cannot guarantee that our actions will effectively prevent or mitigate the impact of these risks on our business or performance. Although not comprehensive, below we describe some of our material risk factors. Although not comprehensive, risk factors that are material to us are described below.
14
CREDIT RISK
Credit quality has adversely affected us in the past and may adversely affect us in the future.
Credit risk is one of our most significant risks. Rising interest rates, increased market volatility, or a weakening U.S. economy, both nationally and in the local markets where we operate, could result in, among other things, deterioration in credit quality and reduced demand for credit. This, in turn, may adversely impact the income generated from our loan and investment portfolios, result in higher charge-offs, and necessitate an increase in the allowance for credit losses.
We have a concentration of risk from counterparties, which may have unique risk characteristics that may adversely affect our results.
Concentrations of risk from counterparties could adversely affect us. Similar exposures across our loan and investment securities portfolios could pose additional credit risk. Additionally, concentrations with counterparties in derivative or securities financing transactions could further elevate this risk.
We have a concentration of risk in our loan portfolio, including, but not limited to, loans secured by real estate, oil and gas-related lending, and leveraged and enterprise value lending. These loans may have unique risk characteristics that may adversely affect our results.
We engage in commercial real estate (“CRE”) term and construction lending, primarily within our Western states footprint. Certain CRE collateral types, particularly multifamily, industrial, and office properties, continue to experience increased vacancy rates, declining property values, rent concessions, elevated costs, and pressures from higher interest rates. Certain CRE collateral types, particularly office CRE, continue to experience increased vacancy rates, declining property values, and pressures from rising interest rates, which could result in increased delinquencies and defaults. These factors could lead to increased delinquencies and defaults.
Additionally, we engage in oil and gas-related lending, and provide leveraged and enterprise value loans across our entire footprint. We also engage in oil and gas-related lending, and we provide leveraged and enterprise value loans across our entire footprint. These loans may be subject to specific risks, including governmental and social responses to environmental issues and climate change, volatility, and potential significant and prolonged declines in collateral-values and activity levels. Any decline in these portfolios could result in increased credit losses and reduced loan demand, adversely affecting our business and that of our customers. Any decline in these portfolios could cause increased credit losses and reduced loan demand, which could adversely affect our business and that of our customers. There may also be other unidentified risks within our loan portfolio.
Our business is highly correlated with local economic conditions in a specific geographic region of the U.S.
We provide a wide range of banking products and related services through our local management teams and distinctive brands across Arizona, California, Colorado, Idaho, Nevada, New Mexico, Oregon, Texas, Utah, Washington, and Wyoming. At December 31, 2024, loan balances from our banking operations in Utah, Idaho, Texas, and California accounted for 77% of the commercial lending portfolio, 70% of the CRE lending portfolio, and 70% of the consumer lending portfolio. At December 31, 2023, loan balances associated with our banking operations in Utah, Idaho, Texas, and California comprised 77%, 69%, and 70% of the commercial, CRE, and consumer lending portfolios, respectively.
Due to this geographic concentration, our financial performance is largely influenced by economic conditions in these markets. Consequently, any deterioration in economic conditions, including those triggered by climate change or natural disasters, could disproportionately impact these states, leading to higher credit losses and significantly affecting our overall operations and financial results. Accordingly, deterioration in economic conditions, including those caused by climate change or natural disasters, may specifically affect these states, and could result in higher credit losses and significantly affect our consolidated operations and financial results.
For information about our lending exposure to various industries and how we manage credit risk, see “Credit Risk Management” in MD&A on page 56.
INTEREST RATE AND MARKET RISK
We could be negatively affected by adverse economic conditions.
Adverse economic conditions present significant risks to our business, impacting our loan and investment portfolios, capital levels, results of operations, and financial condition.Adverse economic conditions pose significant risks to our business, including our loan and investment portfolios, capital levels, results of operations, and financial condition. A slowing economy, combined with inflationary pressures, changes in monetary and fiscal policies, rising interest rates, and declining values of our fixed-rate assets, as well as tariffs, sanctions, and other policies and actions impacting domestic and global trade,
15
can increase these risks. These factors may lead to reduced loan demand, increased credit losses, and lower fee income, among other negative effects.
Failure to effectively manage our interest rate risk could adversely affect our results.
Net interest income is the largest component of our revenue. Factors beyond our control can significantly influence the interest rate environment and increase our risk. These factors include changes in the prevailing interest rate environment, competitive pricing pressures for our loans and deposits, adverse shifts in the mix of deposits and other funding sources, and volatile market interest rates resulting from general economic conditions and the policies of governmental and regulatory agencies, particularly the FRB.
Most components of our balance sheet are sensitive to fluctuations in interest rates. Mismatches in rate sensitivity between assets and liabilities may result in unanticipated changes in their values, as well as related income and expense. Additionally, customer behavior can significantly impact asset and liability values, as customers may choose to withdraw certain deposits or prepay certain loans at any time, affecting our expected cash flows. Additionally, asset and liability values may be significantly impacted by customer behavior, as customers may choose to withdraw certain deposits or prepay certain loans at any time, which may significantly affect our expected cash flows.
For information about how we manage interest rate risk and market risk, see “Interest Rate and Market Risk Management” in MD&A on page 70.
LIQUIDITY RISK
Changes in the levels and sources of liquidity and capital may limit our operations and potential growth.
Our primary source of liquidity is deposits from our customers, which can be influenced by market-related forces such as increased competition and other factors.Our primary source of liquidity is deposits from our customers, which may be impacted by market-related forces such as increased competition for these deposits and a variety of other factors. For example, we, like many other banks, experienced heightened volatility in deposit levels and funding costs following the notable bank closures in 2023. If we are unable to fund assets through customer deposits or access other funding sources on favorable terms, or if we face increased borrowing costs or FDIC insurance assessments, or fail to manage liquidity effectively, our liquidity, operating margins, financial condition, and results of operations could be materially and adversely affected.
The Federal Reserve’s tightened monetary policy has resulted in a decline in the value of our fixed-rate loans and investment securities pledged as collateral for short-term borrowings.The Federal Reserve’s tightened monetary policy has contributed to a decline in the value of our fixed-rate loans and investment securities that are pledged as collateral to support short-term borrowings. Additionally, other economic conditions may continue to impact our liquidity and associated risk management efforts. The Federal Home Loan Bank (“FHLB”) system and Federal Reserve have been, and remain, significant sources of additional liquidity and funding. The Federal Home Loan Bank (“FHLB”) system and Federal Reserve have been, and continue to be, a significant source of additional liquidity and funding. However, borrowing from the FHLB is subject to requirements and conditions, and may not always be available as a source of liquidity. Changes in FHLB or Federal Reserve funding programs could also adversely affect our liquidity and management of associated risks. Changes in FHLB or Federal Reserve funding programs could adversely affect our liquidity and management of associated risks.
Unfavorable rating actions from rating agencies could adversely affect both us and the holders of our securities.
We access capital markets to supplement our funding.We access capital markets to augment our funding. This access is influenced by the ratings assigned to us by rating agencies. This access is affected by the ratings assigned to us by rating agencies. The rates we pay on our securities are also affected by, among other factors, the credit ratings assigned to us and our securities by recognized rating agencies. The rates we pay on our securities are also influenced by, among other things, the credit ratings that we and our securities receive from recognized rating agencies. Ratings downgrades to us or our securities could increase our costs or otherwise negatively impact our liquidity position, financial condition, or the market prices of our securities. Ratings downgrades to us or our securities could increase our costs or otherwise have a negative effect on our liquidity position, financial condition, or the market prices of our securities.
For information about how we manage liquidity risk, including rating agency actions, see “Liquidity Risk Management” in MD&A on page 73.
STRATEGIC AND BUSINESS RISK
Challenges faced by other financial institutions could adversely affect financial markets as a whole and have indirect adverse effects on us.
The soundness and stability of many financial institutions may be closely interrelated due to credit, trading, clearing, or other relationships between these institutions.The soundness and stability of many financial institutions may be closely interrelated as a result of credit, trading, clearing, or other relationships between the institutions. As a result, concerns about, or a default or threatened default by, one institution could lead to significant market-wide liquidity and credit problems, losses, or defaults by other institutions. This phenomenon, sometimes referred to as “systemic risk,” may adversely affect financial
16
intermediaries, such as clearing agencies, clearing houses, banks, securities firms, and exchanges, with which we interact on a daily basis, and therefore, could adversely affect us.
This phenomenon has been evident in recent times, as financial institutions like ours were impacted by concerns regarding the soundness or creditworthiness of other financial institutions or reports of systemic deterioration in asset classes, such as commercial real estate. These concerns caused substantial and cascading disruptions within the financial markets and deposits environment, increased expenses, reduced bank fees, and adversely impacted the market price and volatility of our common stock. This has caused substantial and cascading disruptions within the financial markets and deposits environment, increased expenses, reduced bank fees, and adversely impacted the market price and volatility of our common stock.
We may not be able to hire or retain qualified personnel or effectively promote our corporate culture, and recruiting and compensation costs may increase due to changes in the workplace, marketplace, economy, and regulatory environment.
Our ability to execute our strategy, provide services, and remain competitive may be compromised if we are unable to recruit or retain qualified personnel, or if employee compensation and benefits costs increase substantially.Our ability to execute our strategy, provide services, and remain competitive may suffer if we are unable to recruit or retain qualified people, or if the costs of employee compensation and benefits increase substantially. Bank regulatory agencies have issued regulations and guidance that limit the manner and amount of compensation that banking organizations can provide to employees. Bank regulatory agencies have published regulations and guidance that limit the manner and amount of compensation that banking organizations provide to employees. These regulations and guidance may adversely affect our ability to attract and retain key personnel. Some of these limitations may not apply to institutions with which we compete for talent, particularly as we increasingly compete with financial technology providers and other entities that may not be subject to the same compensation limitations. Some of these limitations may not apply to institutions with which we compete for 16Table of ContentsZIONS BANCORPORATION, NATIONAL ASSOCIATION AND SUSDIARIEStalent, in particular, as we are more frequently competing for personnel with financial technology providers and other entities that may not have the same limitations on compensation as we do. If we experience such adverse effects with respect to our employees, our business, financial condition, and results of operations could be adversely or materially impacted. If we were to suffer such adverse effects with respect to our employees, our business, financial condition and results of operations could be adversely or materially affected.
Our ability to retain talent may also be adversely affected by changes in the economy and workforce trends, priorities, migration, modes of delivery and other considerations, such as the increased ability of employees to work remotely across many industries. This growth in remote work, along with changing priorities and benefits, has led to increased compensation and related expenses, as well as workplace challenges. These challenges include fewer opportunities for face-to-face interactions, training and mentoring new employees, promoting a cohesive corporate culture, and increased competition for experienced labor, particularly in high-demand and highly skilled categories. Additionally, inflationary pressures have increased our compensation costs and are likely to continue to do so in the future. Inflationary pressures have also increased our compensation costs and are likely to continue to do so in the future.
We have implemented and are continuing to implement significant changes, including organizational restructurings, efficiency initiatives, and the replacement or upgrading of technology systems to improve our operating efficiency and control environment.We have made, and are continuing to make, significant changes that include, among other things, organizational restructurings, efficiency initiatives, and replacement or upgrades of technology systems to improve our operating efficiency and control environment. The ultimate success and completion of these changes, and their effects on us, may vary significantly from intended results, which could materially adversely affect us.
In July 2024, we successfully completed the final phase of our multi-year project to replace our core loan and deposit banking systems. We continue to invest in a variety of strategic projects designed to enhance our products and services and simplify our business operations.We continue to invest in a variety of strategic projects designed to improve our products and services and to simplify how we do business. These initiatives and other significant changes are ongoing and at various stages of completion. These initiatives and other significant changes continue to be implemented and are in various stages of completion. By their nature, projections regarding duration, cost, expected savings, expected efficiencies, and related items are subject to change and significant variability. By their very nature, projections of duration, cost, expected savings, expected efficiencies, and related items are subject to change and significant variability. There is no certainty that we will achieve the expected benefits or other intended results associated with these projects. There can be no certainty that we will achieve the expected benefits or other intended results associated with these projects.
Our ability to develop, adopt, implement, and deliver technological advancements could adversely affect us.
Our ability to remain competitive increasingly depends on maintaining critical technological capabilities, and identifying and developing new, value-added products for existing and future customers.Our ability to remain competitive is increasingly dependent upon our ability to maintain critical technological capabilities, and to identify and develop new, value-added products for existing and future customers. These technological competitive pressures arise from both traditional banking and nontraditional sources. Larger banks may have greater resources and economies of scale for maintaining existing capabilities and developing or adopting digital and other technologies. Larger banks may have greater resources and economies of scale attendant to maintaining existing capabilities and developing digital and other technologies. Fintechs and other technology platform companies continue to emerge and compete with traditional financial institutions across a wide variety of products and services. Experimentation with, and adoption of, artificial intelligence, quantum computing, the expansion of blockchain technologies and digital currencies, including the potential creation and adoption of central bank digital currencies, as well as the increasing use and mainstream acceptance of such digital currencies, may fundamentally change the business of banking and present similar risks.
17
Our failure to remain technologically competitive could impede our market position and reduce customer satisfaction, product accessibility, and relevance.
OPERATIONAL RISK
Our operations could be disrupted by the impact of new and ongoing projects and initiatives.
We may encounter significant operational disruptions arising from our numerous projects and initiatives. These disruptions may include significant time delays, cost overruns, loss of key personnel, technological issues, and processing failures. These may include significant time delays, cost overruns, loss of key people, technological problems, and processing failures. Additionally, we may experience operational disruptions due to capacity constraints, service level failures, inadequate performance, and certain replacement costs. We may also experience operational disruptions due to capacity constraints, service level failures and inadequate performance, and certain replacement costs. Any or all of these issues could disrupt our systems, processes, control environment, procedures, employees, and customers. Any or all of these issues could result in disruptions to our systems, processes, control environment, procedures, employees, and customers. The ultimate effect of any significant disruption to our business could subject us to additional regulatory scrutiny or expose us to civil litigation and possible financial liability, any of which could materially impact us, including our control environment, operating efficiency, and results of operations.
We could be adversely affected by failures in our internal controls.
Due to their inherent limitations, our internal controls may not prevent or detect operational failures or misstatements in our financial statements arising from inadequate or failed internal processes and systems, human errors or misconduct, or other adverse external events.Because of their inherent limitations, our internal controls may not prevent or detect the risk of operational failures, misstatements in our financial statements, or capital arising from inadequate or failed internal processes or systems, human errors or misconduct, or other adverse external events. A failure in our internal controls could significantly negatively impact our earnings, and the perception that customers, regulators, and investors may have of us, thereby adversely affecting our business and stock price.To date, risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have not materially affected us, including our business strategy, results of operations, or financial condition.
We could be adversely affected by internal and external fraud schemes.
Attempts to commit fraud, both internally and externally, are becoming increasingly sophisticated and may rise in an adverse economic environment.Attempts to commit fraud both internally and externally are becoming increasingly more sophisticated and may increase in an adverse economic environment. We have experienced losses in the past due to these attempts and schemes and may not be able to identify, prevent, or mitigate all instances of fraud in the future that could result in material losses. We have experienced losses in the past as a result of these attempts and schemes and may not be able to identify, prevent, or otherwise mitigate all instances of fraud in the future that have the potential to result in material losses. These attempts may go undetected by the systems and procedures we have in place to monitor our operations.
Climate-related and other catastrophic events, including but not limited to, hurricanes, tornadoes, earthquakes, wildfires, floods, mudslides, prolonged drought, and pandemics may adversely affect us, our customers, the general economy, financial and capital markets, and specific industries.Climate-related and other catastrophic events including, but not limited to, hurricanes, tornadoes, earthquakes, fires, floods, prolonged drought, and pandemics may adversely affect us, our customers, and the general economy, financial and capital markets, and specific industries.
The occurrence of pandemics, natural disasters, and other climate-related or catastrophic events could materially and adversely affect our operations and financial results. We have significant operations and customers in Utah, Texas, California, and other regions where natural and other disasters have occurred, and are likely to continue to occur. These regions are known for being vulnerable to natural disasters and other risks, such as hurricanes, tornadoes, earthquakes, wildfires, floods, mudslides, prolonged droughts, and other weather-related events, some of which may be exacerbated by climate change and become more frequent and intense. These regions are known for being vulnerable to natural disasters and other risks, such as hurricanes, tornadoes, earthquakes, fires, floods, prolonged droughts, and other weather-related events, some of which may be exacerbated by climate change and become more frequent and intense. These types of catastrophic events, including the recent wildfires in Southern California, have posed physical risks to our property and disrupted the local economy, our business, and customers, including decreased access to insurance and other services. These types of catastrophic events at times have posed physical risks to our property and have disrupted the local economy, our business, and customers, including decreased access to insurance and other services. Additionally, catastrophic events occurring in other regions of the world may have an impact on us and our customers. In addition, catastrophic events occurring in other regions of the world may have an impact on us and our customers.
We utilize models in the management of the Bank.We use models in the management of the Bank. There is a risk that these models are inaccurate in various ways, potentially leading to suboptimal decisions.
We rely on models in the management of the Bank. For example, we use models to inform our estimate of the allowance for credit losses, manage interest rate and liquidity risk, project stress losses in various segments of our loan and investment portfolios, and forecast net revenue under stress. For example, we use models to inform our estimate of the allowance for credit losses, to manage interest rate and liquidity risk, to project stress losses in various segments of our loan and investment portfolios, and to project net revenue under stress. However, models cannot perfectly predict outcomes, and management decisions based on these models may therefore be suboptimal. For example, due to the prominent bank closures in 2023, customer deposit behavior deviated from modeled behaviors, prompting us to redevelop our deposit models, which are currently used by management. For example, with the recent prominent bank closures during the first half of 2023, customer deposit behavior deviated from modeled behaviors, and as a result, we redeveloped our deposit models, which are currently used by management. For more information about our deposit models, see “Interest Rate and Market Risk Management” in MD&A on page 70.
18
We outsource various operations to third-party suppliers, which could adversely impact our business and operational performance.
We rely on various suppliers to perform operational activities essential to our business.We rely on various vendors to perform operational activities to conduct our business. While these relationships offer benefits, they also present risks. These risks vary based on several factors, such as the type and amount of data our suppliers may access or process, the concentration of services they provide to us, and the national and international locations from which they operate. Our operational controls and third-party management programs may not always provide adequate oversight and control. Our operational controls and third-party management programs may not provide adequate oversight and control. Inadequate performance by third parties can adversely affect our ability to deliver products and services to our customers and conduct our business. Replacing or finding alternatives for underperforming suppliers can be difficult and costly, potentially adversely impacting our customers and other operations, especially when circumstances require us to make changes under tight time constraints. Replacing or finding alternatives for vendors who do not perform adequately can be difficult and costly, and may also adversely impact our customers and other operations, particularly when circumstances require us to make changes under tight time constraints. Many of our suppliers have experienced adverse effects on their operations, supply chains, personnel, and businesses due to inflationary pressures, wars and geopolitical conflicts, cyber vulnerabilities, natural disasters, and other events, all of which can impact our operations as well. Many of our vendors have experienced adverse effects upon their operations, supply chains, personnel, and businesses arising from inflationary pressures, wars and geopolitical conflicts, cyber vulnerabilities, and other events, all of which can impact our operations as well.
For information about how we manage operational risk, see “Operational, Technology, and Cybersecurity Risk Management” in MD&A on page 76.
TECHNOLOGY RISK
Our operations and customer services could be adversely impacted by system vulnerabilities, failures, or outages.
We rely on various information technology systems that support our internal operations and customer services.We rely on various information technology systems that work together in supporting internal operations and customer services. Vulnerabilities in, or a failure or outage of, one or more of these systems could impact our ability to perform internal operations and provide services to customers, such as online banking, mobile banking, remote deposit capture, treasury and payment services, and other services dependent on system processing. These risks increase as systems and software approach the end of their useful life or require more frequent updates and modifications. We have well-established business continuity, disaster recovery, and crisis management protocols that may not be sufficient to restore our operations in the event of system failure or other outages. We cannot guarantee that such occurrences will not have a significant operational or customer impact.
For information regarding risks associated with the replacement or upgrades of our technology systems, see “Strategic and Business Risk” in Risk Factors on page 16. For information about how we manage technology risk, see “Operational, Technology, and Cybersecurity Risk Management” in MD&A on page 76.
CYBERSECURITY RISK
We are subject to various information system failures and cybersecurity risks that could adversely affect our business and financial performance.
We rely heavily on communications and information systems to conduct our business. Our systems process and maintain information that is confidential, proprietary, personal, or otherwise sensitive, including financial and other confidential business information. We process and maintain on our systems certain information that is confidential, proprietary, personal, or otherwise sensitive, including financial and other confidential business information. We, our customers, and other financial institutions with which we interact, are subject to ongoing, continuous attempts by threat actors, such as organized cybercrime, hackers, and state-sponsored organizations, to penetrate key systems. Information security risks for us and other large financial institutions have increased significantly in recent years, partly due to the proliferation of new technologies, including artificial intelligence, the ubiquity of internet connections, and the increased sophistication and activities of threat actors. Information security risks for us and other large financial institutions have increased significantly in recent years, in part because of the proliferation of new technologies, the ubiquity of internet connections, and the increased sophistication and activities of threat actors.
Moreover, developments in our and third parties’ use of generative artificial intelligence, as well as the use of mobile and cloud technologies, could heighten these and other operational risks, as certain aspects of the security of such technologies may be complex, unpredictable, or beyond our control. The types of attacks these threat actors use include, but are not limited to, exploiting customer or system vulnerabilities or misconfigurations, denial-of-service, ransomware, compromising business emails, deceiving employees through email phishing or social engineering, and compromising any of our suppliers. The types of attacks these threat actors may use include, but are not limited to: exploiting customer or system vulnerabilities or misconfigurations, deceiving employees through email phishing or social engineering, and compromising any of our suppliers. Such threats may be difficult to detect over extended periods and could be further exacerbated through threat actors' use of artificial intelligence.
19
Third parties, including our suppliers and their subcontractors, also present operational and information security risks to us, including security incidents or failures of their own systems and downstream systems. In incidents involving third parties, we may not be informed promptly of any effect on our services or our data, nor be able to participate in any related investigation, notification, or remediation. In incidents involving third parties, we may not be informed promptly of any effect on our services or our data, or be able to participate in any related investigation, notification, or remediation that occurs. The possibility of third-party or employee error, failure to follow security procedures, or malfeasance also presents these risks.
As cybersecurity threats continue to evolve, we allocate necessary resources to modify or enhance our defenses and investigate or remediate any information security vulnerabilities.As cybersecurity threats continue to evolve, we will be required to expend additional resources to continue to modify or enhance our defenses or to investigate or remediate any information security vulnerabilities. While we and our third-party suppliers have experienced cybersecurity incidents in the past that have not materially impacted our data, customers, or operations, there can be no assurance that future failures, interruptions, or significant security breaches will not occur or that they will be adequately addressed. We, and our third-party suppliers, have experienced cybersecurity incidents in the past that have not had material impact to our data, customers, or operations, but there can be no assurance that any such failure, interruption, or significant security breach will not occur in the future, or, if any future occurrences will be adequately addressed. It is impossible to determine the severity or potential effects of these incidents with any certainty.
System enhancements and updates may also create risks associated with implementing new systems and integrating them with existing ones. Due to the complexity and interconnectedness of information technology systems, the process of enhancing our defenses itself can create a risk of systems disruptions and security issues. We may face additional risks to the extent our hardware and software providers are unable to deliver patches and updates to mitigate vulnerabilities or we are unable to implement patches in a timely manner, particularly when a vulnerability is being actively exploited by threat actors. We have devoted and will continue to devote significant resources to the security of our computer systems, but they may still be vulnerable to these threats and our efforts may subsequently be deemed to have been inadequate by regulators or courts. The occurrence of any failure, interruption or security incident to our information systems or those of our third-party suppliers could interfere with or disrupt our operations and services, damage our reputation, result in a loss of customer business, subject us to additional regulatory scrutiny, expose us to civil litigation and financial liability, or otherwise result in material adverse consequences on us. The occurrence of any failure, interruption or security incident to our information systems or those of our third-party suppliers could interfere with or disrupt our 19Table of ContentsZIONS BANCORPORATION, NATIONAL ASSOCIATION AND SUSDIARIESoperations and services, damage our reputation, result in a loss of customer business, subject us to additional regulatory scrutiny, expose us to civil litigation and financial liability, or otherwise result in material adverse consequences on us.
For information about how we manage cybersecurity risk, see Part I, Item 1C. Cybersecurity on page 24.
CAPITAL/FINANCIAL REPORTING RISK
Internal stress testing and capital management, along with provisions of the National Bank Act and OCC regulations, may limit our ability to increase dividends, repurchase shares of our stock, and access capital markets.
We utilize stress testing as an important mechanism to inform our decisions on the appropriate level of capital, based on hypothetically stressed economic conditions. Stress testing and other applicable regulatory requirements may, among other things, require us to increase our capital levels, limit our dividends or other capital distributions to shareholders, modify our business strategies, or decrease our exposure to various asset classes. The stress testing and other applicable regulatory requirements may, among other things, require us to increase our capital levels, limit our dividends or other capital distributions to shareholders, modify our business strategies, or decrease our exposure to various asset classes. Under the National Bank Act and OCC regulations, certain capital transactions, including share repurchases, are subject to the approval of the OCC. These requirements may limit our ability to respond to and take advantage of market developments.
Regulatory requirements, economic conditions, and other factors may require us to raise capital at times or in amounts that are unfavorable to us.Regulatory requirements, economic and other circumstances may require us to raise capital at times or in amounts that are unfavorable to us.
We maintain certain risk-based and leverage capital ratios, as required by our federal banking regulators, which can change depending upon general economic conditions, as well as the particular conditions, risk profiles, and our growth plans.We maintain certain risk-based and leverage capital ratios, as required by our banking regulators, which can change depending upon general economic conditions, as well as the particular conditions, risk profiles, and our growth plans. Compliance with capital requirements may limit our ability to expand and has required, and may require, us to raise additional capital or retain earnings that could otherwise be distributed to shareholders. These uncertainties and risks, including those created by legislative and regulatory change and uncertainties, such as recent regulatory proposals that would significantly revise the capital requirements and expand long-term debt requirements applicable to large banking organizations, may increase our cost of capital and other financing costs. For more information about these regulatory proposals, see “Regulatory Developments” in Supervision and Regulation on page 9.
20
We could be adversely affected by risks related to accounting, financial reporting, and regulatory compliance.
We are exposed to accounting, financial reporting, and regulatory compliance risk. Significant estimates, judgments, and interpretations of complex and changing accounting and regulatory policies are required to properly account for the products and services we provide to our customers. Changes in our accounting policies or accounting standards could materially affect how we report our financial results and conditions. The level of regulatory compliance oversight continues to be heightened. Identification, interpretation, and implementation of complex and changing accounting standards, as well as compliance with regulatory requirements, pose an ongoing risk.
The value of our goodwill may decline in the future.
If the fair value of a reporting unit is determined to be less than its carrying value, we would take a charge related to the impairment of our goodwill.If the fair value of a reporting unit is determined to be less than its carrying value, we may have to take a charge related to the impairment of our goodwill. Such a charge could result from, among other factors, weakening in the economic environment, a decline in the performance of the reporting unit, or new legislative or regulatory changes not anticipated in management’s expectations.
We may unable to fully realize our deferred tax assets, which could adversely affect our operating results and financial performance.We may not be able to fully realize our deferred tax assets, which could adversely affect our operating results and financial performance.
At December 31, 2024, we had a net deferred tax asset of $904 million. The accounting treatment for realization of deferred tax assets is complex and requires judgment. Our ability to fully realize our deferred tax asset could be reduced in the future if our estimates of future taxable income from our operations, future reversals of existing deferred tax liabilities (“DTLs”), or tax planning strategies do not support the realization of our deferred tax asset. Changes in applicable tax laws, regulations, macroeconomic conditions, or market conditions may adversely affect our financial results, and there can be no assurance that we will be able to fully realize our deferred tax assets.
For information about how we manage capital, see “Capital Management” in MD&A on page 77.
LEGAL/COMPLIANCE RISK
Laws and regulations governing us and the financial services industry impose significant limitations on our business activities, subjecting us to increased regulation and additional costs.
We, and the entire financial services industry, have incurred, and will continue to incur, substantial costs related to personnel, systems, consulting, and other activities in order to comply with banking regulations. See “Supervision and Regulation” on page 7 for further information about the regulations applicable to us and the financial services industry generally.
Regulators, the U.S. Congress, state legislatures, and other governing or consultative bodies continue to enact rules, laws, and policies to regulate the financial services industry and public companies, including laws that are designed to promote, protect, or penalize certain activities or industries and their access to financial services. We are, and may in the future become, subject to these laws by offering our products and services to certain industries or in certain locations. The nature of these laws and regulations and their effect on our future business and performance cannot be predicted.
There can be no assurance that any or all of these regulatory changes or actions will ultimately be enacted. However, if enacted, some of these proposals could adversely affect us by, among other things: impacting after-tax returns earned by financial services firms in general; limiting our ability to grow; increasing FDIC insurance assessments, taxes or fees on our funding or activities; limiting the range of products and services that we could offer; and requiring us to raise capital at inopportune times.
Political developments, including those arising from transitions in administration and shifts in congressional control, may create volatility and uncertainty, potentially resulting in significant changes in the size, scope, and effectiveness of government agencies and services.
Political developments, such as those recently announced or enacted by the new administration, may result in sudden changes in laws, policies, and government operations. For example, the administration has taken steps or indicated plans to (1) change leadership of, and potentially combine or eliminate, various regulatory agencies; (2)
21
alter the purpose, funding, or enforcement powers of certain agencies; (3) significantly reduce the size of the federal government and workforce; and (4) modify, reinterpret, replace, or repeal various laws, regulations and regulatory guidance.
These actions may create uncertainties and volatility in U.S. and global markets, potentially affecting the government's ability to provide services at historical levels. They may also impact our ability to obtain guidance and support from the government in addressing existing and emerging risks, such as climate change, cyber attacks, financial privacy, artificial intelligence, and public safety. Many of these actions are being legally challenged or require further legislative action before implementation. The extent and timing of these changes are uncertain, as are their potential impacts, whether beneficial or adverse, on our business, financial performance, and customers. The extent and timing of any such changes are uncertain, as are the potential direct and indirect impacts, whether beneficial or adverse.
Legislative, administrative, and judicial changes to tax laws, regulations, and case law may adversely impact our business and financial performance.Tax laws, regulations, and case law may change due to legislative, administrative, and judicial changes that could adversely impact our business and financial performance.
We are subject to the income tax laws of the U.S., its states, and other jurisdictions where we conduct business. These laws are complex and subject to different interpretations by the taxpayer and the various taxing authorities. In determining the provision for income taxes, management makes judgments and estimates about the application of these inherently complex laws, related regulations, and case law. In the process of preparing our tax returns, management attempts to make reasonable interpretations of the tax laws. These interpretations are subject to challenge by the tax authorities upon audit or to reinterpretation based on management’s ongoing assessment of facts and evolving case law. Changes in tax laws, regulations, or case law may result in an adverse impact to our effective tax rate, tax obligations, and financial results. Additionally, challenges made by tax authorities during an audit may result in adjustments to our tax return filings, resulting in similar adverse impacts to our financial position.
We could be adversely affected by legal and governmental proceedings.
We are subject to risks associated with legal claims, litigation, and regulatory and other government proceedings. Our exposure to these proceedings may increase as a result of stresses on customers, counterparties, and others arising from the past or current economic environments, more frequent claims and actions resulting from fraud schemes perpetrated by or involving our customers, new regulations promulgated under recently enacted statutes, the creation of new examination and enforcement bodies, changes in administration and other political developments, and enforcement and legal actions against banking organizations. Any such matters may result in material adverse consequences to our results of operations, financial condition, or ability to conduct our business, including adverse judgments, settlements, fines, penalties (e. Any such matters may result in material adverse consequences to our results of operations, financial 21Table of ContentsZIONS BANCORPORATION, NATIONAL ASSOCIATION AND SUSDIARIEScondition or ability to conduct our business, including adverse judgments, settlements, fines, penalties (e. g., civil money penalties under applicable banking laws), injunctions, restrictions on our business activities, or other relief. We maintain insurance coverage to mitigate the financial risk of defense costs, settlements, and awards, but the coverage is subject to deductibles and limits of coverage. Our involvement in any such matters, even if the matters are ultimately determined in our favor, could also cause significant harm to our reputation and divert management attention from the operation of our business. In general, the amounts paid by financial institutions in settlement of proceedings or investigations have been increasing dramatically. This has affected and will continue to adversely affect (1) our ability to obtain insurance coverage for certain claims, (2) our deductible levels, and (3) the cost of premiums associated with our coverage. Consequently, our financial results are subject to greater risk of adverse outcomes from legal claims.
Due to the difficulty in predicting the timing of, and damages or penalties associated with, the resolution of legal claims, it is possible that adverse financial impacts from litigation could occur sporadically and could be significant. In addition, any enforcement matters could impact our supervisory and CRA ratings, which may restrict or limit our activities.
The corporate and securities laws governing us are less developed than those for state-chartered corporations, potentially impacting our ability to execute corporate transactions efficiently and optimally.The corporate and securities laws applicable to us are not as well-developed as those applicable to a state-chartered corporation, which may impact our ability to effect corporate transactions in an efficient and optimal manner.
Our corporate affairs are governed by the National Bank Act, and related regulations are administered by the OCC. As to securities laws, the OCC maintains its own securities offering framework applicable to national banks and their securities offerings, and our compliance with the Exchange Act is governed and enforced by the OCC.
22
State corporate codes, including that of Utah, are widely recognized, updated by legislative action from time-to-time, and may be based on and influenced by model statutes. The federal securities law regime established by the Securities Act and the Exchange Act and the SEC’s extensive and well-developed framework thereunder are widely used by public companies. The OCC’s statutory and regulatory frameworks have been used by publicly traded banking organizations relatively rarely and are not as well developed as the corporate and securities law frameworks applicable to other public corporations. While certain specific risks associated with operating under these frameworks are described below, unless and until these frameworks are further developed and established over time, the uncertainty of how these frameworks might apply to any given corporate or securities matters may prevent us from effecting transactions in an efficient and optimal manner or perhaps at all.
Differences between the National Bank Act and state law requirements regarding mergers could hinder our ability to execute acquisitions as efficiently and advantageously as bank holding companies or other financial institutions.
Unlike state corporate law, the National Bank Act requires shareholder approval of all mergers between a national bank and another national or state bank and does not allow for exceptions in the case of various “minor” mergers, such as a parent company’s merger with a subsidiary or an acquirer’s merger with an unaffiliated entity in which the shares issued by the acquirer do not exceed a designated percentage. The National Bank Act and related regulations may also complicate the structuring of certain nonbank acquisitions.
These differences could adversely affect the ability of the Bank and other banks registered under the National Bank Act to efficiently consummate acquisition transactions. In addition, such differences could make us less competitive as a potential acquirer in certain circumstances given that our acquisition proposal may be conditioned on shareholder approval while our competitors’ proposals will not have such a condition.
We are subject to restrictions on permissible activities, which limit the types of business we may conduct and may complicate acquisitions of other financial companies.We are subject to restrictions on permissible activities that would limit the types of business we may conduct and that may make acquisitions of other financial companies more challenging.
Under applicable laws and regulations, bank holding companies and banks are generally limited to business activities and investments that are related to banking or are financial in nature. The range of permissible financial activities is set forth in the Gramm-Leach-Bliley Act and is more limited for banks than for bank holding company organizations. The differences relate mainly to insurance underwriting (but not insurance agency activities) and merchant banking (but not broker-dealer and investment advisory activities). The differences relate mainly to insurance underwriting (but not insurance agency activities) and 22Table of ContentsZIONS BANCORPORATION, NATIONAL ASSOCIATION AND SUSDIARIESmerchant banking (but not broker-dealer and investment advisory activities). The fact that we do not have a bank holding company could make future acquisitions of financial institutions with such operations more challenging.
REPUTATIONAL RISK
We face various reputational risk issues arising from operational, regulatory, compliance, and legal risks.
Any of the risks described in this section may give rise to adverse publicity and other expressions of negative public opinion, increased regulatory scrutiny, and damaged relationships among other reputational risks.Any of the aforementioned risks may give rise to adverse publicity and other expressions of negative public opinion, increased regulatory scrutiny, and damaged relationships among other reputational risks.
OTHER RISKS
Wars, international trade policies and disputes, geopolitical conflicts, and retaliatory measures imposed by the U.S. and other countries, including the responses to such measures, may significantly disrupt domestic and foreign economies and markets.
Wars, international trade policies and disputes, and other geopolitical conflicts in recent years, have created increasing risks for global markets, trade, economic conditions, cybersecurity, and similar concerns. For example, these conflicts have affected and could continue to affect the availability and price of commodities and products, adversely affecting supply chains and increasing inflationary pressures; the value of currencies, interest rates, and other components of financial markets; and lead to increased risks of events such as cyberattacks that could result in severe costs and disruptions to governmental entities and companies and their operations. For example, these conflicts could affect the availability and price of commodities and products, adversely affecting supply chains and increasing inflationary pressures; the value of currencies, interest rates, and other components of financial markets; and lead to increased risks of events such as cyberattacks that could result in severe costs and disruptions to governmental entities and companies and their operations. The impact of these conflicts and retaliatory measures is continually evolving and cannot be predicted with certainty. It is likely that these conflicts will continue to affect the global political order and global and domestic markets for a substantial period of time. It is likely that these conflicts will continue to affect the global political order and global and domestic markets for a substantial period of time, regardless of when these conflicts end.
23
While these events have not materially interrupted our operations, these or future developments resulting from these conflicts, such as cyberattacks on the U.S., the Bank, our customers, or our suppliers, could make it difficult to conduct business.
Stakeholder views and developments related to environmental and social issues could lead or require us to restrict or modify certain business activities and negatively affect our business and reputation.
There has been an increased focus by politicians, investors, and other stakeholders regarding practices related to environmental and social issues. For example, the new administration has issued executive orders designed to prohibit or limit certain activities often referred to as “diversity, equity, and inclusion” by government agencies, federal contractors, and others. Due to the varying perspectives among stakeholders on these issues, we face an increased risk that any action or inaction on our part may be perceived negatively by some stakeholders, potentially adversely impacting our business and reputation.
Investor and regulatory expectations could eventually lead us to restrict or modify certain business practices. Additionally, our operations could be adversely impacted by federal, state, and local laws and regulations addressing environmental and social issues. For example, some states have recently enacted or considered laws prohibiting financial institutions from limiting services to specific types of businesses if they also engage with governmental entities in those states. Depending on the wording and implementation of these laws, our risk management capabilities could be adversely impacted. Depending on how these laws are worded and implemented, they could adversely affect our ability to manage risk. These environmental and social regulations may conflict with other state and federal laws, potentially increasing our costs or limiting our ability to operate in certain jurisdictions.
Evolving regulatory and social focus on climate change may impose additional requirements on companies, including financial institutions, regarding the measurement, management, and disclosure of climate-related risks and associated lending and investment activities.Heightened regulatory and social focus on climate change may place additional requirements on public companies, including financial institutions, regarding the measurement, management, and disclosure of climate-related risks and associated lending and investment activities. New and potentially conflicting state and federal laws and policies on climate change may increase regulatory, compliance, credit, and reputational risks and costs. Additionally, transitioning to a lower-carbon economy could expose us to other risks, such as our customers’ susceptibility to commodity price volatility, increased insurance costs or lack of access to insurance, and shifts in the market for carbon-related products and services. In addition, the transition to a lower-carbon economy could subject us to other risks, such as through our customers’ exposure to volatility in commodity prices, increased insurance costs or inability to access insurance, and changes in the market for carbon-related products and services. For more information, see “Other Regulations & Proposals” in Supervision and Regulation on page 11.
Protracted congressional negotiations in Washington, D.C. regarding government funding and other issues introduce additional volatility into the U.S. economy, particularly affecting capital and credit markets and the banking industry.
The U.S. government is currently operating under a continuing resolution that provides short-term appropriations. Efforts to pass spending bills for long-term government funding have proven challenging, increasing the risk of a government shutdown. Concurrently, the national debt continues to grow as Congress struggles to formulate a plan for greater fiscal responsibility. These circumstances may result in downgrades in the U.S. credit rating or defaults, introducing additional volatility into the U.S. economy. This could impact capital and credit markets, the banking industry, financial markets, and interest rates, among other unforeseen consequences. In such an event, the Bank’s liquidity, operating margins, financial condition, and results of operations could be materially and adversely affected. In any such event, the Bank’s liquidity, operating margins, financial condition, and results of operations may be materially and adversely affected.
ITEM 1B. UNRESOLVED STAFF COMMENTS
There are no unresolved written comments that were received from SEC or OCC staff 180 days or more before the end of our fiscal year relating to our periodic or current reports filed under the Exchange Act.
ITEM 1C. CYBERSECURITY
Cybersecurity risk is the risk of adverse impacts to the confidentiality, integrity, and availability of data owned, stored, or processed by the Bank or the accompanying information systems. The number and sophistication of attempts to disrupt or penetrate our systems and those of our suppliers continues to grow. The number and sophistication of attempts to disrupt or penetrate our systems, and those of our suppliers — sometimes referred to as hacking, cybersecurity fraud, cyberattacks, or other similar names — continues to grow. These attempts are often referred to as hacking, cybersecurity fraud, cyberattacks, or other similar names.
24
Our supply chain risk management practices include risk assessments of suppliers, particularly regarding cybersecurity. We monitor our suppliers using commercially available services that provide real-time security scoring of supplier technology services, threat intelligence, financial intelligence, geopolitical risk intelligence, and other cybersecurity-related considerations. Regular reviews are performed to monitor changes in our suppliers’ cybersecurity risk posture. Reviews are also regularly performed to monitor changes in suppliers’ cybersecurity risk posture. Continuous threat intelligence monitoring is also conducted to identify potential cybersecurity incidents involving third parties. Continuous threat intelligence monitoring is also performed to identify potential cybersecurity incidents involving third parties. We strive to negotiate appropriate cybersecurity provisions in our contracts with suppliers. We strive to negotiate appropriate provisions with respect to cybersecurity in our contracts with suppliers.
Upon the occurrence of a cybersecurity incident, whether identified internally or through third-party cybersecurity notifications, we assess the incident’s criticality and potential materiality and disclosure. This evaluation considers various factors, including service availability, operational impact, reputational consequences, regulatory and legal implications, data sensitivity, and direct financial impact. The CISO continuously monitors these criteria to determine the incident's potential impact, individually or in aggregate. We have established escalation procedures to promptly inform senior and executive management, the Board (or relevant subcommittees), and regulators, based on the incident's criticality and materiality. We have escalation procedures to notify members of senior and executive management, the Board (or an applicable subset), and regulators in a timely manner based on the criticality and materiality of the cybersecurity incident.
At December 31, 2024, risks from cybersecurity threats, including those arising from any previous cybersecurity incidents, have not materially impacted our business strategy, results of operations, or financial condition. Management has evaluated known cybersecurity incidents for potential materiality and disclosure using formal, documented processes and has determined that there have been no material cybersecurity incidents, either individually or in aggregate. At December 31, 2023, management has assessed known cybersecurity incidents for potential materiality and disclosure using formal documented processes and has determined that there have been no material cybersecurity incidents, individually or in aggregate. We acknowledge that future cybersecurity incidents could potentially have a material adverse effect on our organization, despite our efforts to prevent or mitigate such events.
For additional discussion regarding cybersecurity risks, see “Cybersecurity Risk” in Risk Factors on page 19.
25
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| ADTI | 11 hours ago |
| BUKS | 11 hours ago |
| MFBI | 11 hours ago |
| HGYN | 14 hours ago |
| PODC | 1 day, 9 hours ago |
| AAQL | 1 day, 9 hours ago |
| FIZZ | 1 day, 9 hours ago |
| KEQU | 1 day, 16 hours ago |
| AERT | 1 day, 18 hours ago |
| CRDO | 2 days, 8 hours ago |
| MSBI | 2 days, 10 hours ago |
| NCL | 3 days, 8 hours ago |
| QLGN | 3 days, 9 hours ago |
| CNVS | 3 days, 9 hours ago |
| PMNT | 3 days, 9 hours ago |
| STEK | 3 days, 9 hours ago |
| PTCO | 3 days, 9 hours ago |
| FATN | 3 days, 9 hours ago |
| ZCAR | 3 days, 10 hours ago |
| SUND | 3 days, 10 hours ago |
| ELTP | 3 days, 10 hours ago |
| RGPX | 3 days, 10 hours ago |
| ELRE | 3 days, 13 hours ago |
| PCSV | 3 days, 14 hours ago |
| ATXG | 3 days, 18 hours ago |
| EZBC | 3 days, 20 hours ago |
| EZET | 3 days, 20 hours ago |
| FGDL | 3 days, 20 hours ago |
| OMCC | 6 days, 6 hours ago |
| MXC | 6 days, 9 hours ago |
| AIRT | 6 days, 9 hours ago |
| IGC | 6 days, 10 hours ago |
| MSN | 6 days, 10 hours ago |
| KFY | 6 days, 12 hours ago |
| GENC | 6 days, 13 hours ago |
| XITO | 6 days, 14 hours ago |
| CGEH | 1 week ago |
| ETST | 1 week ago |
| STRZ | 1 week ago |
| AEMD | 1 week ago |
| CPBI | 1 week ago |
| AOUT | 1 week ago |
| RDZN | 1 week ago |
| OESX | 1 week ago |
| AIOT | 1 week ago |
| JRSH | 1 week, 1 day ago |
| GIS | 1 week, 1 day ago |
| DAKT | 1 week, 1 day ago |
| CLRCF | 1 week, 1 day ago |
| AMWD | 1 week, 1 day ago |
