Allstate (ALL) Risk Factors

Some of our existing or potential investors, customers, employees, regulators, and other stakeholders evaluate our business practices according to a variety of environmental, social and governance ("ESG") standards and expectations, including those related to climate change, inclusive diversity and equity, data privacy, and the well-being of our employees. Some regulators have proposed or adopted, or may propose or adopt, pro- or anti-ESG rules or standards applicable to our business. Our business practices and disclosures are evaluated against ESG standards which are continually evolving and not always well defined or readily measurable today. ESG-related expectations may also reflect contrasting or conflicting values or agendas. Our practices may not change in the particular ways or at the rate stakeholders expect. We may fail to meet our commitments or targets. Our policies and processes to evaluate and manage ESG priorities in coordination with other business priorities may not prove completely effective or fully satisfy our stakeholders. Customers and potential customers may choose not to do business with us based on our ESG practices and related policies and actions. We may face adverse regulatory, investor, media, or public scrutiny leading to business, reputational, or legal challenges. We are subject to extensive regulation, and potential further restrictive regulation may increase operating costs and limit growthWe largely operate in the highly regulated insurance and broader financial services sectors and are subject to extensive laws and regulations that are complex and subject to change. Changes may lead to additional expenses, increased legal exposure, or increased reserve or capital requirements limiting our ability to grow or to achieve targeted profitability. Moreover, laws and regulations are administered and enforced by governmental authorities that exercise interpretive latitude, including:- State insurance regulators - State securities administrators- State attorneys general- Federal agencies including the SEC, the Financial Industry Regulatory Authority, the Department of Labor, the U.S. Department of Justice, the Consumer Financial Protection Bureau and the National Labor Relations BoardConsequently, compliance with one regulator's or enforcement authority's interpretation of a legal issue may not result in compliance with another's interpretation of the same issue.There is risk that one regulator's or enforcement authority's interpretation of a legal issue may change to our detriment. There is also a risk that changes in the overall legal environment may cause us to change our views regarding the actions we need to take from a legal risk management perspective. This could necessitate changes to our practices that may adversely impact our business. In some cases, state insurance laws and regulations are generally intended to protect or benefit purchasers or users of insurance products, not holders of securities that we issue. These laws and regulations may limit our ability to grow or to improve the profitability of our business.We have business process and information technology operations in Canada, India, the United Kingdom and Mexico that are subject to operating, regulatory and political risks in those countries. We also outsource certain business functions to vendors located in foreign countries, including India, Mexico, Colombia, South Africa and the Philippines, that are subject to operating, regulatory and political risks in those countries. We may incur substantial costs and other negative consequences if any of these risks occur, including an adverse effect on our business, results of operations and financial condition.A regulatory environment that requires rate increases to be approved, can dictate underwriting practices and mandate participation in loss sharing arrangements, may adversely affect results of operations and financial conditionPolitical events and positions can affect the insurance market, including efforts to suppress rates to a level that may not allow us to reach targeted levels of profitability. Regulatory challenges to rate increases, especially during inflationary periods with more

We rely on services and products provided by many vendors in the U.S. and abroad. These include vendors of computer hardware, software, cloud technology and software as a service, as well as vendors or outsourcing of services such as: - Claim and administrative services - Call center services for customer support - Human resource benefits management - Information technology support - Investment management services - Financial and business support services We continue to identify ways to improve operating efficiency and reduce cost, which may result in additional outsourcing arrangements in the future. If we are not successful transitioning work to a vendor or a key vendor becomes unable to continue to provide products or services, fails to meet service level standards, or if any vendor fails to protect our confidential, proprietary, and other information, or if our business continuity plans do not sufficiently address a vendor-related business interruption, we may suffer operational impairments and financial losses.

Global economic and capital market conditions could adversely impact demand for our products, returns on our investment portfolio and results of operations. The conditions that would have the largest impact on our business include: - Low or negative economic growth - Interest rate levels - Rising inflation increasing claims and claims expense - Substantial increases in delinquencies or defaults on debt - Significant downturns in the market value or liquidity of our investment portfolio - Prolonged downturn in equity valuations - Reduced consumer spending and business investment Stressed conditions, volatility and disruptions in global capital markets or financial asset classes could adversely affect our investment portfolio. Our assumptions about portfolio diversification may not hold across market conditions, which could lead to heightened investment losses.

In periods of extreme volatility and disruption in the capital and credit markets, liquidity and credit capacity may be severely restricted. Our access to additional financing depends on a variety of factors such as market conditions, the general availability of credit, the overall availability of credit to our industry, our credit ratings and credit capacity, as well as lenders' perception of our long- or short-term financial prospects. In such circumstances, our ability to obtain capital to fund operating expenses, financing costs,capital expenditures or acquisitions may be limited, and the cost of any such capital may be significant. A large-scale pandemic, the occurrence of terrorism, military actions, social unrest or other actions may have an adverse effect on our businessA large-scale pandemic, such as the Coronavirus and its impacts, the occurrence of terrorism, military actions, social unrest or other actions, may result in loss of life, property damage, and disruptions to commerce and reduced economic activity. Some of the assets in our investment portfolio may be adversely affected by declines in the equity markets, changes in interest rates, reduced liquidity and economic activity caused by a large-scale pandemic. Additionally, a large-scale pandemic or terrorist act could have a material effect on sales, liquidity and operating results.While most of the risks related to the Coronavirus have moderated, some longer-term impacts remain, such as supply chain disruptions, labor shortages, and other macroeconomic factors that have increased inflation and asset values. These factors have affected our operations and may continue to significantly affect our results of operations, financial condition and liquidity and should be considered when comparing the current period to prior periods. See MD&A, Highlights for a summary of the impacts on our operations, each of our segments and investments that may continue, emerge, evolve or accelerate into 2024.The failure in cyber or other information security controls, as well as the occurrence of events unanticipated in our disaster recovery processes and business continuity planning, could result in a loss or disclosure of confidential information, damage to our reputation, additional costs and impair our ability to conduct business effectivelyWe depend heavily on computer systems, mathematical algorithms and data to perform necessary business functions. There are threats that could impact our ability to protect our data and systems; if the threats materialize, they could impact confidentiality, integrity and availability:- Confidentiality - protecting our data from disclosure to unauthorized parties- Integrity - ensuring data is not changed accidentally or without authorization and is accurate- Availability - ensuring our data and systems are accessible to meet our business needs We collect, use, store or transmit a large amount of confidential, proprietary and other information (including personal information of customers, claimants or employees) in connection with the operation of our business. Systems are subject to increased cyberattacks and unauthorized access, such as physical and electronic break-ins or unauthorized tampering. capital expenditures or acquisitions may be limited, and the cost of any such capital may be significant.

We rely on a combination of contractual rights and copyright, trademark, patent and trade secret laws to establish and protect our intellectual property. Third parties may infringe or misappropriate our intellectual property. We may have to litigate to enforce and protect intellectual property and to determine its scope, validity or enforceability, which could divert significant resources and prove unsuccessful. An inability to protect intellectual property or an inability to successfully defend against a claim of intellectual property infringement could have a material effect on our business.We may be subject to claims by third parties for patent, trademark or copyright infringement or breach of usage rights. Any such claims and any resulting litigation could result in significant expense and liability. If third-party providers or we are found to have infringed a third-party intellectual property right, either of us could be enjoined from providing certain products or services or from utilizing and benefiting from certain methods, processes, copyrights, trademarks, trade secrets or licenses. Alternatively, we could be required to enter into costly licensing arrangements with third parties or implement costly work-arounds. Any of these scenarios could have a material effect on our business and results of operations.Loss of key vendor relationships, disruptions to the provision of products or services by a vendor, or failure of a vendor to provide and protect reliable data, and proprietary information, or personal information of our customers, claimants or employees could adversely affect our operationsWe rely on services and products provided by many vendors in the U.S. and abroad. These include vendors of computer hardware, software, cloud technology and software as a service, as well as vendors or outsourcing of services such as:- Claim and administrative services- Call center services for customer support- Human resource benefits management - Information technology support - Investment management services- Financial and business support servicesWe continue to identify ways to improve operating efficiency and reduce cost, which may result in additional outsourcing arrangements in the future. If we are not successful transitioning work to a vendor or a key vendor becomes unable to continue to provide products or services, fails to meet service level standards, or if any vendor fails to protect our confidential, proprietary, and other information, or if our business continuity plans do not sufficiently address a vendor-related business interruption, we may suffer operational impairments and financial losses.Our ability to attract, develop, and retain talent to maintain appropriate staffing levels and establish a successful work culture is critical to our successCompetition for qualified employees with highly specialized knowledge in areas such as underwriting, data and analytics, technology and e-commerce, is intense and we have experienced increased competition in hiring and retaining employees. The increased prevalence of remote-working arrangements that do not require employees to relocate to take a new job could contribute to higher turnover. inability to protect intellectual property or an inability to successfully defend against a claim of intellectual property infringement could have a material effect on our business. We may be subject to claims by third parties for patent, trademark or copyright infringement or breach of usage rights. Any such claims and any resulting litigation could result in significant expense and liability. If third-party providers or we are found to have infringed a third-party intellectual property right, either of us could be enjoined from providing certain products or services or from utilizing and benefiting from certain methods, processes, copyrights, trademarks, trade secrets or licenses. Alternatively, we could be required to enter into costly licensing arrangements with third parties or implement costly work-arounds. Any of these scenarios could have a material effect on our business and results of operations.

We depend heavily on computer systems, mathematical algorithms and data to perform necessary business functions. There are threats that could impact our ability to protect our data and systems; if the threats materialize, they could impact confidentiality, integrity and availability: - Confidentiality - protecting our data from disclosure to unauthorized parties - Integrity - ensuring data is not changed accidentally or without authorization and is accurate - Availability - ensuring our data and systems are accessible to meet our business needs We collect, use, store or transmit a large amount of confidential, proprietary and other information (including personal information of customers, claimants or employees) in connection with the operation of our business. Systems are subject to increased cyberattacks and unauthorized access, such as physical and electronic break-ins or unauthorized tampering. We constantly defend against threats to our data and systems, including malware and computer virus attacks, unauthorized access, system failures and disruptions. We have experienced breaches of our data and systems, although to date none of these breaches has had a material effect on our business, operations or reputation. Events like these jeopardize the information processed and stored in, and transmitted through, our computer systems and networks and otherwise cause interruptions or malfunctions in our operations, which could result in damage to our reputation, financial losses, litigation, increased costs, regulatory penalties or customer dissatisfaction.These risks may increase in the future as threats become more sophisticated and we continue to expand internet and mobile strategies, develop additional remote connectivity solutions to serve our employees and customers, develop and expand products and services designed to protect customers' digital footprint, and build and maintain an integrated digital enterprise.Our increased use of third-party services (e.g., cloud technology and software as a service) can make it more difficult to identify and respond to cyberattacks in any of the above situations. Although we may review and assess third-party vendor cyber security controls, our efforts may not be successful in preventing or mitigating the effects of such events. Third parties to whom we outsource certain functions are also subject to cybersecurity risks. Personal information is subject to an increasing number of federal, state, local and international laws and regulations regarding privacy and data security, as well as contractual commitments. Any failure or perceived failure by us to comply with such obligations may result in governmental enforcement actions and fines, litigation or public statements against us by consumer advocacy groups or others and could cause our employees and customers to lose trust in us, which could have an adverse effect on our reputation and business. Our integrated operational risk and return management processes and practices may not be sufficient to timely detect and mitigate operational risks, including those posed by third-party service providers, that could have an adverse effect on our reputation and business. See the Regulation section, Privacy Regulation and Data Security, for additional information.The occurrence of a disaster or event that results in the shut-down, disruption, degradation or unavailability of one or more of our systems or facilities, unanticipated problems with our disaster recovery processes, or a support failure from external providers, could have an adverse effect on our ability to conduct business and on our results of operations and financial condition, particularly if those events affect our computer-based data processing, transmission, storage, and retrieval systems or destroy data. If a significant number of employees were unavailable or unable to access our systems in the We constantly defend against threats to our data and systems, including malware and computer virus attacks, unauthorized access, system failures and disruptions. We have experienced breaches of our data and systems, although to date none of these breaches has had a material effect on our business, operations or reputation. Events like these jeopardize the information processed and stored in, and transmitted through, our computer systems and networks and otherwise cause interruptions or malfunctions in our operations, which could result in damage to our reputation, financial losses, litigation, increased costs, regulatory penalties or customer dissatisfaction. These risks may increase in the future as threats become more sophisticated and we continue to expand internet and mobile strategies, develop additional remote connectivity solutions to serve our employees and customers, develop and expand products and services designed to protect customers' digital footprint, and build and maintain an integrated digital enterprise. Our increased use of third-party services (e.g., cloud technology and software as a service) can make it more difficult to identify and respond to cyberattacks in any of the above situations. Although we may review and assess third-party vendor cyber security controls, our efforts may not be successful in preventing or mitigating the effects of such events. Third parties to whom we outsource certain functions are also subject to cybersecurity risks. Personal information is subject to an increasing number of federal, state, local and international laws and regulations regarding privacy and data security, as well as contractual commitments. Any failure or perceived failure by us to comply with such obligations may result in governmental enforcement actions and fines, litigation or public statements against us by consumer advocacy groups or others and could cause our employees and customers to lose trust in us, which could have an adverse effect on our reputation and business. Our integrated operational risk and return management processes and practices may not be sufficient to timely detect and mitigate operational risks, including those posed by third-party service providers, that could have an adverse effect on our reputation and business. See the Regulation section, Privacy Regulation and Data Security, for additional information. The occurrence of a disaster or event that results in the shut-down, disruption, degradation or unavailability of one or more of our systems or facilities, unanticipated problems with our disaster recovery processes, or a support failure from external providers, could have an adverse effect on our ability to conduct business and on our results of operations and financial condition, particularly if those events affect our computer-based data processing, transmission, storage, and retrieval systems or destroy data. If a significant number of employees were unavailable or unable to access our systems in the event of a disaster, our ability to effectively conduct business could be severely compromised.Losses from changing climate and weather conditions may adversely affect our financial condition, profitability or cash flowsClimate change affects the occurrence of certain natural events, such as increasing the frequency or severity of wind, tornado, hailstorm and thunderstorm events due to increased convection in the atmosphere. There could also be more frequent wildfires in certain geographies, more flooding and the potential for increased severity of hurricanes. As a result, incurred losses from such events and the demand, price and availability of reinsurance coverages for automobile and homeowners insurance may be affected.Climate change may also impact insurability by impairing our ability to identify and quantify potential hazards that will result in losses and offer our customers products at an affordable price. Our investment portfolio is also subject to the effects of climate change as economic shifts alter the return dynamic of long-term investments and increase valuation risk.Due to significant variability associated with future changing climate conditions, we are unable to predict the impact climate change will have on our businesses.Our efforts to meet evolving environmental, social, and governance standards may not meet stakeholders' expectationsSome of our existing or potential investors, customers, employees, regulators, and other stakeholders evaluate our business practices according to a variety of environmental, social and governance ("ESG") standards and expectations, including those related to climate change, inclusive diversity and equity, data privacy, and the well-being of our employees. Some regulators have proposed or adopted, or may propose or adopt, pro- or anti-ESG rules or standards applicable to our business.Our business practices and disclosures are evaluated against ESG standards which are continually evolving and not always well defined or readily measurable today. ESG-related expectations may also reflect contrasting or conflicting values or agendas. Our practices may not change in the particular ways or at the rate stakeholders expect. We may fail to meet our commitments or targets. Our policies and processes to evaluate and manage ESG priorities in coordination with other business priorities may not prove completely effective or fully satisfy our stakeholders. Customers and potential customers may choose not to do business with us based on our ESG practices and related policies and actions. We may face adverse regulatory, investor, media, or public scrutiny leading to business, reputational, or legal challenges. event of a disaster, our ability to effectively conduct business could be severely compromised.

Technological changes, such as autonomous or partially autonomous vehicles or technologies that facilitate ride, car or home sharing could disrupt the demand for products from current customers, create coverage issues, impact the frequency or severity of losses, or reduce the size of the automobile insurance market causing our auto insurance business to decline. Since auto insurance constitutes a significant portion of our overall business, we may be more sensitive than other insurers and more adversely affected by trends that could decrease auto insurance rates or reduce demand for auto insurance over time. Technological advancements and innovation are occurring in distribution, underwriting, claims and operations at a rapid pace that may continue to accelerate. Nontraditional competitors could enter the insurance market and further accelerate these trends. Our competitive position could be impacted if we are unable to deploy, in a cost effective and competitive manner, technology such as artificial intelligence, large language models and machine learning that collects and analyzes data to inform underwriting or other decisions, or if our competitors collect and use data which we do not have the ability to access or use. Innovations must be implemented in compliance with applicable insurance regulations and in a responsible and compliant manner. These changes may require extensive modifications to our systems and processes and extensive coordination with and reliance on the systems and operations of third parties. If we are unable to adapt to or bring such advancements and innovations to market, the quality of our products, our relationships with customers and agents, competitive position and business prospects may be materially affected. Changes in technology related to collection and application of data regarding customers could expose us to regulatory or legal actions and may have a material adverse effect on our business, reputation, results of operations and financial condition. Changes in technology and customer preferences may impact the ways in which we interact, do business with our customers and design our products. We may not be able to respond effectively or in a timely manner to these changes, including developing and deploying customer-facing technology to address these changing preferences and maintaining competitive technology,which could have an adverse effect on our results of operations and financial condition.Executing our strategy to advance and innovate technology has and may continue to impact our workforce as we require new and different skills, particularly those in areas such as digital, data and analytics and technology to achieve our strategic goals. Advancements in technology and changes in consumer preferences may also impact our workforce needs in the future.Transformative Growth strategy implementation may not be effectiveThe Transformative Growth strategy is to accelerate growth by improving customer value, expanding customer access, increasing sophistication and investment in customer acquisition, modernizing the technology ecosystem and driving organizational transformation. Implementation is focused on the property-liability businesses and impacts all aspects of Allstate's customer experience and business model, spanning product distribution and sales, operations and servicing, and claims processing. As part of the strategy, we have developed and continue to develop new insurance and non-insurance products and services to provide affordable, simple, and connected protection through multiple distribution channels. We have also expanded our product and service offerings through acquisitions and may continue to do so. If the strategy is not implemented effectively, customer retention and policy growth objectives could be adversely impacted. Lost business opportunities may result due to slower than anticipated speed to market. New products and services may not be as profitable as our existing products, may not perform as well as we expect and may change our risk exposures. External forces including competitor actions or regulatory changes may also have an adverse effect on the value generated from the transformation.Our catastrophe management strategy may adversely affect premium growthCatastrophe risk management actions have led us to reduce the size of our homeowners business, including customers with auto and other personal lines products and may negatively impact future sales. Adjustments to our business structure, size and underwriting practices in markets with significant severe weather and catastrophe risk exposure could adversely impact premium growth rates and retention.The ability of our subsidiaries to pay dividends may affect our liquidity and ability to meet our obligationsThe Allstate Corporation is a holding company with no significant operations. Its principal assets are the stock of its subsidiaries and its directly held cash and investment portfolios. Its liabilities include debt and pension and other postretirement benefit obligations related to employees. State insurance regulatory authorities limit the payment of dividends by insurance subsidiaries, as described in Note 17 of the consolidated financial statements. The limitations are based on statutory income and surplus. In addition, competitive pressures generally require the which could have an adverse effect on our results of operations and financial condition. Executing our strategy to advance and innovate technology has and may continue to impact our workforce as we require new and different skills, particularly those in areas such as digital, data and analytics and technology to achieve our strategic goals. Advancements in technology and changes in consumer preferences may also impact our workforce needs in the future.

Markets in which we operate are highly competitive, and we must continually allocate resources to refine and improve products and services to maintain our reputation, enhance brand perception, and remain competitive. If we are unsuccessful in generating new business, retaining customers or renewing contracts, our ability to maintain or increase premiums written or the ability to sell our products could be adversely impacted. Determining competitive position is complicated in the auto and homeowners insurance business as companies use different underwriting standards to accept new customers and quotes and close rates can fluctuate across companies and locations. Pricing of products is driven by multiple factors, including loss expectations, expense structure and dissimilar return targets. Additionally, sophisticated pricing algorithms make it difficult to determine what price potential customers would pay across competitors. There is also significant competition for producers, such as exclusive and independent agents and their licensed sales professionals. Growth and retention may be materially affected if we are unable to attract and retain effective producers or if those producers are unable to attract and retain their licensed sales professionals or customers. Our ability to adequately and effectively price our products is affected by the evolving nature of consumer needs and preferences, market and regulatory dynamics, broader use of telematics-based rate segmentation and potential change in consumer demand. Many voluntary benefits contracts are renewed annually and consumer protection plan contracts are generally multi-year, but renewals occur on a rolling basis. There is a risk that employers and retailers may be able to obtain more favorable terms from competitors than they could by renewing coverage with us. These competitive pressures may adversely affect the renewal of these contracts, as well as our ability to sell products.Changing consumer preferences may adversely impact the demand for our products which may adversely impact our business Growth and retention may be impacted if customer preferences change and we are unable to effectively adapt our business model and processes, including maintaining competitive products and allowing consumers to interact with us how they choose. Our business could be impacted by our ability to attract and retain customers through distribution channels that they prefer.Our business may also be adversely impacted by new or changing technologiesTechnological changes, such as autonomous or partially autonomous vehicles or technologies that facilitate ride, car or home sharing could disrupt the demand for products from current customers, create coverage issues, impact the frequency or severity of losses, or reduce the size of the automobile insurance market causing our auto insurance business to decline. Since auto insurance constitutes a significant portion of our overall business, we may be more sensitive than other insurers and more adversely affected by trends that could decrease auto insurance rates or reduce demand for auto insurance over time.Technological advancements and innovation are occurring in distribution, underwriting, claims and operations at a rapid pace that may continue to accelerate. Nontraditional competitors could enter the insurance market and further accelerate these trends. Our competitive position could be impacted if we are unable to deploy, in a cost effective and competitive manner, technology such as artificial intelligence, large language models and machine learning that collects and analyzes data to inform underwriting or other decisions, or if our competitors collect and use data which we do not have the ability to access or use. Innovations must be implemented in compliance with applicable insurance regulations and in a responsible and compliant manner. These changes may require extensive modifications to our systems and processes and extensive coordination with and reliance on the systems and operations of third parties. If we are unable to adapt to or bring such advancements and innovations to market, the quality of our products, our relationships with customers and agents, competitive position and business prospects may be materially affected. Changes in technology related to collection and application of data regarding customers could expose us to regulatory or legal actions and may have a material adverse effect on our business, reputation, results of operations and financial condition. Changes in technology and customer preferences may impact the ways in which we interact, do business with our customers and design our products. We may not be able to respond effectively or in a timely manner to these changes, including developing and deploying customer-facing technology to address these changing preferences and maintaining competitive technology,affect the renewal of these contracts, as well as our ability to sell products.

Growth and retention may be impacted if customer preferences change and we are unable to effectively adapt our business model and processes, including maintaining competitive products and allowing consumers to interact with us how they choose. Our business could be impacted by our ability to attract and retain customers through distribution channels that they prefer.