Bank of America (BAC) Risk Analysis

A number of our products expose us to credit risk, including loans, letters of credit, derivatives, debt securities, trading account assets and assets held-for-sale. Deterioration in the financial condition of our consumer and commercial borrowers, counterparties or underlying collateral could adversely affect our results of operations and financial condition. Our credit portfolios may be impacted by U.S. and global macroeconomic and market conditions, events and disruptions, including declines in GDP, consumer spending or property values, asset price corrections, increasing consumer and corporate leverage, increases in corporate bond spreads, government shutdowns or policies such as student loan debt payment resumptions, tax changes, rising or elevated unemployment levels, elevated inflation, fluctuations in foreign exchange or interest rates, as well as the emergence or continuation of widespread health emergencies or pandemics, extreme weather events and the impacts of climate change, including acute and/or chronic extreme weather events and efforts to transition to a low-carbon economy. Significant economic or market stresses and disruptions typically have a negative impact on the business environment and financial markets, which could impact the underlying credit quality of our borrowers, counterparties and assets. Property value declines or asset price corrections could increase the risk of borrowers or counterparties defaulting or becoming delinquent in their obligations to us, and could decrease the value of the collateral we hold, which could increase credit losses. Credit risk could also be magnified by lending to leveraged borrowers or declining asset prices, including property or collateral values, unrelated to macroeconomic stress. Simultaneous drawdowns on lines of credit and/or an increase in a borrower's leverage in a weakening economic environment, or otherwise, could result in deterioration in our credit portfolio, should borrowers be unable to fulfill competing financial obligations. Increased delinquency and default rates could adversely affect our credit portfolios, including consumer credit card, home equity and residential mortgage portfolios through increased charge-offs and provisions for credit losses. A recessionary environment and/or a rise in unemployment could adversely impact the ability of our consumer and/or commercial borrowers or counterparties to meet their financial obligations and negatively impact our credit portfolio. Consumers have been and may continue to be negatively impacted by inflation, resulting in drawdowns of savings or increases in household debt. Higher interest rates, which have increased debt servicing costs for some businesses and households, may adversely impact credit quality, particularly in a recessionary environment. Certain sectors also remain at risk (e.g., commercial real estate, particularly office) as a result of shifts in demand and tighter financial and credit conditions. Globally, conditions of slow growth or recession could further contribute to weaker credit conditions. If the macroeconomic environment or certain sectors worsen, our credit portfolio, net charge-offs, provision and allowance for credit losses could be adversely impacted. We establish an allowance for credit losses, which includes the allowance for loan and lease losses and the reserve for unfunded lending commitments, based on management's best estimate of lifetime expected credit losses (ECL) inherent in our relevant financial assets. The process to determine the allowance for credit losses uses models and assumptions that require us to make difficult and complex judgments that are often interrelated, including forecasting how borrowers or counterparties may perform in changing economic conditions. The ability of our borrowers or counterparties to repay their obligations may be impacted by changes in future economic conditions, which in turn could impact the accuracy of our loss forecasts and allowance estimates. There is also the possibility that we have failed or will fail to accurately identify the appropriate economic indicators or accurately estimate their impacts to our borrowers or counterparties, which could impact the accuracy of our loss forecasts and allowance estimates.If the models, estimates and assumptions we use to establish reserves or the judgments we make in extending credit to our borrowers or counterparties, which are more sensitive due to the current uncertain macroeconomic and geopolitical environment, prove inaccurate in predicting future events, we may suffer losses in excess of our ECL. In addition, changes to external factors can negatively impact our recognition of credit losses in our portfolios and allowance for credit losses.The allowance for credit losses is our best estimate of ECL; however, there is no guarantee that it will be sufficient to address credit losses, particularly if the economic outlook deteriorates significantly, quickly, or unexpectedly. As circumstances change, we may increase our allowance, which would reduce our earnings. If economic conditions worsen, impacting our consumer and commercial borrowers, counterparties or underlying collateral, and credit losses are worse than expected, we may increase our provision for credit losses, which could adversely affect our results of operations and financial condition.Our concentrations of credit risk could adversely affect our credit losses, results of operations and financial condition.We may be subject to concentrations of credit risk because of a common characteristic or common sensitivity to economic, financial, public health or business developments. Concentrations of credit risk may reside in a particular industry, geography, product, asset class, counterparty or within any pool of exposures with a common risk characteristic. A deterioration in the financial condition or prospects of a particular industry, geographic location, product or asset class, or a failure or downgrade of, or default by, any particular entity or group of entities could negatively affect our businesses, and it is possible our limits and credit monitoring exposure controls will not function as anticipated.We execute a high volume of transactions and have significant credit concentrations with respect to the financial services industry, predominantly comprised of broker-dealers, commercial banks, investment banks, insurance companies, mutual funds, hedge funds, CCPs and other institutional clients. Financial services institutions and other counterparties are inter-related because of trading, funding, clearing or other relationships. Defaults by one or more counterparties, or market uncertainty about the financial stability of one or more financial services institutions, or the financial services industry generally, could lead to market-wide liquidity disruptions, losses, defaults and related disputes and litigation.Our credit risk may also be heightened by market risk when the collateral held by us cannot be liquidated or is liquidated at prices not sufficient to recover the full amount of the loan or We establish an allowance for credit losses, which includes the allowance for loan and lease losses and the reserve for unfunded lending commitments, based on management's best estimate of lifetime expected credit losses (ECL) inherent in our relevant financial assets. The process to determine the allowance for credit losses uses models and assumptions that require us to make difficult and complex judgments that are often interrelated, including forecasting how borrowers or counterparties may perform in changing economic conditions. The ability of our borrowers or counterparties to repay their obligations may be impacted by changes in future economic conditions, which in turn could impact the accuracy of our loss forecasts and allowance estimates. There is also the possibility that we have failed or will fail to accurately identify the appropriate economic indicators or accurately estimate their impacts to our borrowers or counterparties, which could impact the accuracy of our loss forecasts and allowance estimates. If the models, estimates and assumptions we use to establish reserves or the judgments we make in extending credit to our borrowers or counterparties, which are more sensitive due to the current uncertain macroeconomic and geopolitical environment, prove inaccurate in predicting future events, we may suffer losses in excess of our ECL. In addition, changes to external factors can negatively impact our recognition of credit losses in our portfolios and allowance for credit losses. The allowance for credit losses is our best estimate of ECL; however, there is no guarantee that it will be sufficient to address credit losses, particularly if the economic outlook deteriorates significantly, quickly, or unexpectedly. As circumstances change, we may increase our allowance, which would reduce our earnings. If economic conditions worsen, impacting our consumer and commercial borrowers, counterparties or underlying collateral, and credit losses are worse than expected, we may increase our provision for credit losses, which could adversely affect our results of operations and financial condition.

Our liquidity, competitive position, business, results of operations and financial condition are affected by market risks such as changes in interest and currency exchange rates, fluctuations in equity, commodity and futures prices, trading volumes and prices of securitized products, the implied volatility of interest rates and credit spreads and other economic and business factors. These market risks may adversely affect, among other things, the value of our securities, including our on- and off-balance sheet securities, trading assets and other financial instruments, the cost of debt capital and our access to credit markets, the value of assets under management (AUM), fee income relating to AUM, customer allocation of capital among investment alternatives, the volume of client activity in our trading operations, investment banking, underwriting and other capital market fees, which have already been negatively impacted, the general profitability and risk level of the transactions in which we engage and our competitiveness with respect to deposit pricing. The value of certain of our assets is sensitive to changes in market interest rates. If the Federal Reserve or a non-U.S. central bank changes or signals a change in monetary policy, market interest rates or credit spreads could be affected, which could adversely impact the value of such assets. Changes to fiscal policy, including expansion of U.S. federal deficit spending and resultant debt issuance, could also affect market interest rates. If interest rates decrease, our results of operations could be negatively impacted, including future revenue and earnings growth. Our models and strategies to assess and control our market risk exposures are subject to inherent limitations. In times of market stress or other unforeseen circumstances, previously uncorrelated indicators may become correlated. Such changes to the relationship between market parameters may limit the effectiveness of our hedging strategies and cause us to incur significant losses. Changes in correlation can be exacerbated where market participants use risk or trading models with assumptions or algorithms similar to ours. In these and other cases, it may be difficult to reduce our risk positions due to activity of other market participants or widespread market dislocations, including circumstances where asset values are declining significantly or no market exists. Where we own securities that do not have an established liquid trading market or are otherwise subject to restrictions on sale or hedging, or where the degree of accessible liquidity declines significantly, we may not be able to reduce our positions and risks associated with such holdings, so we may suffer larger than expected losses when adverse price movements take place. This risk can be exacerbated where we hold a position that is large relative to the available liquidity.

We are subject to U.S. regulatory capital and liquidity rules. These rules, among other things, establish minimum requirements to qualify as a well-capitalized institution. If any of our subsidiary insured depository institutions fail to maintain their status as well capitalized under the applicable regulatory capital rules, the Federal Reserve will require us to agree to bring the insured depository institution back to well-capitalized status. For the duration of such an agreement, the Federal Reserve may impose restrictions on our activities. If we were to fail to enter into or comply with such an agreement, the Federal Reserve may impose more severe restrictions on our activities, including requiring us to cease and desist activities permitted under the Bank Holding Company Act of 1956. Capital and liquidity requirements are frequently introduced and amended. Regulators may increase regulatory capital requirements, including TLAC and long-term debt requirements, change how regulatory capital or RWA is calculated or increase liquidity requirements. In 2023, U.S. banking regulators issued proposals to revise the calculation of the G-SIB surcharge and TLAC and long-term debt requirements. Our ability to return capital to our shareholders depends in part on our ability to maintain regulatory capital levels above minimum requirements plus buffers. To the extent that increases occur in our SCB, G-SIB surcharge or countercyclical capital buffer, our returns of capital to shareholders, including common stock dividends and common stock repurchases, could decrease. For example, our G-SIB surcharge increased by 50 bps to 3.0 percent on January 1, 2024. The Federal Reserve could also limit or prohibit capital actions, such as paying or increasing dividends or repurchasing common stock, as a result of economic disruptions or events. As part of its annual CCAR, we are subject to extensive regulatory evaluation of capital planning practices by the Federal Reserve, including stress testing on parts of our business using hypothetical economic scenarios prepared by the Federal Reserve. Those scenarios may affect our CCAR stress test results, which may impact our SCB level, requiring us to hold additional capital or causing changes in required capital buffers. A significant component of regulatory capital ratios is calculating our RWA and our leverage exposure. In July 2023, U.S. banking regulators issued a notice of proposed rulemaking to revise several key methodologies for measuring RWA,including a standardized approach for operational risk, revised market risk and credit risk requirements and removal of the use of certain internal models, which would increase our regulatory capital requirements, if adopted as proposed. Economic disruptions or events may also cause an increase in our balance sheet, RWA or leverage exposures, increasing required regulatory capital and liquidity amounts.Changes to and compliance with the regulatory capital and liquidity requirements may impact our operations by requiring us to liquidate assets, increase borrowings, issue additional equity or other securities, reduce the amount of common stock repurchases or dividends, cease or alter certain operations, pricing strategies and business activities or hold highly liquid assets, which may adversely affect our results of operations.Changes in accounting standards or assumptions in applying accounting policies could adversely affect us.Accounting policies and methods are fundamental to how we record and report our financial condition and results of operations. Some of these policies require the use of estimates and assumptions that may affect the reported value of our assets or liabilities and results of operations and are critical because they require management to make difficult, subjective and complex judgments about matters that are inherently uncertain. If assumptions, estimates or judgments are erroneously applied, we could be required to correct and restate prior-period financial statements. Accounting standard-setters and those who interpret the accounting standards, including the SEC, banking regulators and our independent registered public accounting firm may also amend or even reverse their previous interpretations or positions on how various standards should be applied. These changes may be difficult to predict and could impact the preparation and reporting of our financial statements, including the application of new or revised standards retrospectively, resulting in revisions to prior-period financial statements.We may be adversely affected by changes in U.S. and non-U.S. tax laws and regulations.Governmental authorities in the U.S. and/or other countries could further change tax laws in a way that would materially adversely affect us, including changes to the Tax Cuts and Jobs Act of 2017 and Inflation Reduction Act of 2022. Also, new guidelines issued by the Organization for Economic Cooperation and Development (OECD), which are currently being enacted into law in some OECD countries in which we operate, are expected to impose a 15 percent global minimum tax on a country-by-country basis. Any implementation of and/or change in tax laws and regulations or interpretations of current or future tax laws and regulations could materially adversely affect our effective tax rate, tax liabilities and results of operations. U.S. and foreign tax laws are complex and our judgments, interpretations or applications of such tax laws could differ from that of the relevant governmental authority. This could result in additional tax liabilities and interest, penalties, the reduction of certain tax benefits and/or the requirement to make adjustments to amounts recorded, which could be material.Additionally, we have U.K. net deferred tax assets (DTA) which consist primarily of net operating losses that are expected to be realized by certain subsidiaries over an extended number of years. Adverse developments with respect to tax laws or to other material factors, such as prolonged worsening of Europe's capital markets or changes in the ability of our U.K. subsidiaries to conduct business in the EU, could lead our management to reassess and/or change its current conclusion that no valuation allowance is necessary with respect to our U.K. net DTA. including a standardized approach for operational risk, revised market risk and credit risk requirements and removal of the use of certain internal models, which would increase our regulatory capital requirements, if adopted as proposed. Economic disruptions or events may also cause an increase in our balance sheet, RWA or leverage exposures, increasing required regulatory capital and liquidity amounts. Changes to and compliance with the regulatory capital and liquidity requirements may impact our operations by requiring us to liquidate assets, increase borrowings, issue additional equity or other securities, reduce the amount of common stock repurchases or dividends, cease or alter certain operations, pricing strategies and business activities or hold highly liquid assets, which may adversely affect our results of operations.

Our business is highly dependent on the security, controls and efficacy of our information systems, and the information systems of our customers, third parties, the financial services industry and financial data aggregators with whom we interact, on whom we rely or who have access to our customers' personal or account information. We rely on effective access management and the secure collection, processing, maintenance, use, sharing, dissemination and disposition of information in our and our third parties' information systems. Our cybersecurity risk and exposure remains heightened because of, among other things, our prominent size and scale, high-profile brand, geographic footprint and international presence and role in the financial services industry and the broader economy. The proliferation of third-party financial data aggregators and emerging technologies, including our and our third parties' use of automation, artificial intelligence (AI) and robotics, increases our cybersecurity risks and exposure. We, our employees, customers, regulators and third parties are ongoing targets of an increasing number of cybersecurity threats and cyberattacks. The tactics, techniques and procedures used in cyberattacks are pervasive, sophisticated and designed to evade security measures, including computer viruses, malicious or destructive code (such as ransomware), social engineering (including phishing, vishing and smishing), denial of service or information or other security breach tactics that have and in the future could result in disruptions to our businesses and operations and the loss of funds, including from attempts to defraud us and/or our customers, and impact the confidentiality, integrity or availability of our information, including intellectual property, or that of our employees, customers and third parties. Cyberattacks are carried out on a worldwide scale and by a growing number of actors, including organized crime groups, hackers, terrorist organizations, extremist parties, hostile foreign governments, state-sponsored actors, activists, disgruntled employees and other persons or entities, including those involved in corporate espionage. Cybersecurity threats and the tactics, techniques and procedures used in cyberattacks change, develop and evolve rapidly, including from emerging technologies, such as AI, machine learning and quantum computing. Despite substantial efforts to protect the integrity and resilience of our information systems and implement controls, processes, policies, employee training and other protective measures, we are not able to anticipate and/or detect all cybersecurity threats and incidents and/or develop or implement effective preventive or defensive measures designed to prevent, respond to or mitigate all cybersecurity threats and incidents. Internal access management failures could impact the confidentiality, integrity or availability of data. Additionally, the failure of our employees to exercise sound judgment and vigilance when targeted with social engineering or other cyberattacks increases our vulnerability.Our risk from and exposure to cybersecurity threats and incidents, information and security breaches and technology failures continues to increase due to the acceptance and use of digital banking and other digital products and services, including mobile banking products, and reliance on remote access tools and technology, which have increased our reliance on virtual or digital interactions and a larger number of access points to our information systems that must be secured, and results in greater amounts of information being available for access. Greater demand on our information systems and security tools and processes will likely continue.We also face significant third-party technology, cybersecurity and operational risks relating to the large number of customers and third parties with whom we do business, the financial services industry, upon whom we rely to facilitate or enable our business activities or upon whom our customers rely, including the secure collection, processing, maintenance, use, sharing, dissemination and disposition of customer and other sensitive information, providers of products and/or services, financial counterparties, financial data aggregators, financial intermediaries, such as clearing agents, exchanges and clearing houses, regulators, providers of outsourced infrastructure, such as internet access, cloud service providers and electrical power, and retailers for whom we process transactions. Such third-party information systems extend beyond our security and control systems, and such third parties have varying levels of security and cybersecurity resources, expertise, safeguards, controls and capabilities. Threat actors may actively seek to exploit security and cybersecurity weaknesses at our third parties and the relationships of our third parties with us may increase the risk that they are targeted by the same threats we face, and such third parties may be less prepared for such threats. We are also at additional risk resulting from critical third-party information security and open-source software vulnerabilities. We must rely on our third parties to adequately detect and promptly report cybersecurity incidents, and their failure to do so could adversely affect our ability to report or respond to cybersecurity incidents effectively or timely.Due to increasing consolidation, interdependence and complexity of financial entities and technology and information systems, a cybersecurity threat or incident, information or security breach or technology failure that significantly exposes, degrades, destroys or compromises the information systems or information of one or more financial entities or third parties could adversely impact us and increase the risk of operational failure and loss, as disparate systems need to be integrated, often on an accelerated basis. Similarly, any cybersecurity threat or incident, information or security breach or technology failure that significantly exposes, degrades, destroys or compromises our information systems or information could adversely impact third parties and the critical infrastructure of the financial services industry, thereby creating additional risk for us.Cybersecurity incidents or information or security breaches could persist for an extended period of time before being detected, and it often takes additional time to determine the scope, extent, amount and type of impact, including information altered, destroyed or otherwise compromised, following which the measures to recover and restore to a business-as-usual state may be difficult to assess. We have spent and expect to continue to spend significant resources to modify and enhance management failures could impact the confidentiality, integrity or availability of data. Additionally, the failure of our employees to exercise sound judgment and vigilance when targeted with social engineering or other cyberattacks increases our vulnerability. Our risk from and exposure to cybersecurity threats and incidents, information and security breaches and technology failures continues to increase due to the acceptance and use of digital banking and other digital products and services, including mobile banking products, and reliance on remote access tools and technology, which have increased our reliance on virtual or digital interactions and a larger number of access points to our information systems that must be secured, and results in greater amounts of information being available for access. Greater demand on our information systems and security tools and processes will likely continue. We also face significant third-party technology, cybersecurity and operational risks relating to the large number of customers and third parties with whom we do business, the financial services industry, upon whom we rely to facilitate or enable our business activities or upon whom our customers rely, including the secure collection, processing, maintenance, use, sharing, dissemination and disposition of customer and other sensitive information, providers of products and/or services, financial counterparties, financial data aggregators, financial intermediaries, such as clearing agents, exchanges and clearing houses, regulators, providers of outsourced infrastructure, such as internet access, cloud service providers and electrical power, and retailers for whom we process transactions. Such third-party information systems extend beyond our security and control systems, and such third parties have varying levels of security and cybersecurity resources, expertise, safeguards, controls and capabilities. Threat actors may actively seek to exploit security and cybersecurity weaknesses at our third parties and the relationships of our third parties with us may increase the risk that they are targeted by the same threats we face, and such third parties may be less prepared for such threats. We are also at additional risk resulting from critical third-party information security and open-source software vulnerabilities. We must rely on our third parties to adequately detect and promptly report cybersecurity incidents, and their failure to do so could adversely affect our ability to report or respond to cybersecurity incidents effectively or timely. Due to increasing consolidation, interdependence and complexity of financial entities and technology and information systems, a cybersecurity threat or incident, information or security breach or technology failure that significantly exposes, degrades, destroys or compromises the information systems or information of one or more financial entities or third parties could adversely impact us and increase the risk of operational failure and loss, as disparate systems need to be integrated, often on an accelerated basis. Similarly, any cybersecurity threat or incident, information or security breach or technology failure that significantly exposes, degrades, destroys or compromises our information systems or information could adversely impact third parties and the critical infrastructure of the financial services industry, thereby creating additional risk for us. Cybersecurity incidents or information or security breaches could persist for an extended period of time before being detected, and it often takes additional time to determine the scope, extent, amount and type of impact, including information altered, destroyed or otherwise compromised, following which the measures to recover and restore to a business-as-usual state may be difficult to assess. We have spent and expect to continue to spend significant resources to modify and enhance our protective measures, investigate and remediate software and network vulnerabilities, and defend against, detect and respond to cybersecurity threats and incidents whether specific to us, a third party, the industry or businesses in general, and enhance our capabilities to respond and recover.While we and our third parties have experienced cybersecurity incidents, information and security breaches and technology failures, as well as adverse impacts from such events, including as described in this risk factor, we have not experienced material losses or other material consequences relating to cybersecurity incidents, information or security breaches or technology failures, whether directed at us or our third parties. However, we expect to continue to experience such events and impacts with increased frequency and severity due to the evolving threat environment, and there can be no assurance that future cybersecurity incidents, information and security breaches and technology failures, including as a result of cybersecurity incidents, information and security breaches and technology failures experienced by our third parties, will not have a material adverse impact on us, including our businesses, results of operations and financial condition.Any future cybersecurity incident, information or security breach or technology failure suffered by us or our third parties could result in disruption to our day-to-day business activities, an inability to effect transactions, execute trades, service our customers, manage our exposure to risk, expand our businesses, detect and prevent fraudulent or unauthorized transactions, including transactions impacting our customers, maintain information systems access and business operations and customer services, in the U.S. and/or globally. Additionally, we could experience the loss of customers and business opportunities, the withdrawal of customer deposits, the misappropriation, alteration or destruction of our or our third parties' intellectual property or confidential information, the unauthorized access to or temporary or permanent loss or theft of personally identifiable information, including of our employees and customers, significant lost revenue, losses and claims brought by third parties, violations of applicable privacy, cybersecurity and other laws, rules and regulations, litigation exposure, economic sanctions, enforcement actions, government fines, penalties or intervention and other negative consequences. Although we maintain cyber insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate. In addition, in the case of any cybersecurity incident, information or security breach or technology failure arising from third-party systems impacting us, any third-party indemnification may not be applicable or sufficient to address the impact of such cybersecurity incidents, information or security breaches or technology failures, including monetary losses of the Corporation. The occurrence of any of the events described above could adversely impact our businesses, results of operations, liquidity and financial condition, as well as cause reputational harm, whether such events are actual or perceived.Failure to satisfy our obligations as servicer for residential mortgage securitizations, loans owned by other entities and other related losses could adversely impact our reputation, servicing costs or results of operations.We service mortgage loans on behalf of third-party securitization vehicles and other investors. If we commit a material breach of our obligations as servicer or master servicer, we may be subject to termination if the breach is not cured within a specified period of time following notice, which could cause us to lose servicing income. We may also have liability for any failure by us, as a servicer or master servicer, for our protective measures, investigate and remediate software and network vulnerabilities, and defend against, detect and respond to cybersecurity threats and incidents whether specific to us, a third party, the industry or businesses in general, and enhance our capabilities to respond and recover. While we and our third parties have experienced cybersecurity incidents, information and security breaches and technology failures, as well as adverse impacts from such events, including as described in this risk factor, we have not experienced material losses or other material consequences relating to cybersecurity incidents, information or security breaches or technology failures, whether directed at us or our third parties. However, we expect to continue to experience such events and impacts with increased frequency and severity due to the evolving threat environment, and there can be no assurance that future cybersecurity incidents, information and security breaches and technology failures, including as a result of cybersecurity incidents, information and security breaches and technology failures experienced by our third parties, will not have a material adverse impact on us, including our businesses, results of operations and financial condition. Any future cybersecurity incident, information or security breach or technology failure suffered by us or our third parties could result in disruption to our day-to-day business activities, an inability to effect transactions, execute trades, service our customers, manage our exposure to risk, expand our businesses, detect and prevent fraudulent or unauthorized transactions, including transactions impacting our customers, maintain information systems access and business operations and customer services, in the U.S. and/or globally. Additionally, we could experience the loss of customers and business opportunities, the withdrawal of customer deposits, the misappropriation, alteration or destruction of our or our third parties' intellectual property or confidential information, the unauthorized access to or temporary or permanent loss or theft of personally identifiable information, including of our employees and customers, significant lost revenue, losses and claims brought by third parties, violations of applicable privacy, cybersecurity and other laws, rules and regulations, litigation exposure, economic sanctions, enforcement actions, government fines, penalties or intervention and other negative consequences. Although we maintain cyber insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate. In addition, in the case of any cybersecurity incident, information or security breach or technology failure arising from third-party systems impacting us, any third-party indemnification may not be applicable or sufficient to address the impact of such cybersecurity incidents, information or security breaches or technology failures, including monetary losses of the Corporation. The occurrence of any of the events described above could adversely impact our businesses, results of operations, liquidity and financial condition, as well as cause reputational harm, whether such events are actual or perceived.