FirstEnergy (FE) Risk Factors

We have continued to experience supply chain challenges due to economic conditions that developed during the COVID-19 pandemic, with order lead times increasing across numerous material categories and with some as much as tripling from pre-pandemic lead times. Several key suppliers have struggled with labor shortages and raw material availability, which along with increasing inflationary pressure, have increased the costs and decreased the availability of certain materials, equipment and contractors. FirstEnergy has taken steps to mitigate these risks and does not currently expect service disruptions or any material impact on its capital spending plan. However, the situation is subject to change and a prolonged continuation or further increase in supply chain disruptions could have an adverse effect on FirstEnergy's results of operations, cash flow and financial condition.

FEV currently holds a 33-1/3% equity ownership in Global Holding, the holding company for a joint venture in the Signal Peak mining and coal transportation operations with coal sales predominantly in international markets. The viability of our investment depends upon several factors beyond our control, including, but not limited to: Signal Peak's ability to renew and maintain governmental permits and approvals and remain in compliance with federal, state, and local safety and environmental statutes, rules, and regulations affecting the coal mining industry. Failure by Signal Peak to renew and maintain necessary permits and approvals, and to comply with any such statutes, rules and regulations, may impair its operations and the ability to generate cash flows necessary for Global Holding to pay future dividends and contribute to FirstEnergy's earnings. Signal Peak operates a single underground coal mine in south-central Montana and must obtain numerous governmental permits and approvals that impose strict conditions and obligations relating to, among other things, various environmental and safety matters in connection with its mining and coal transportation operations. The rules applicable to these permits and approvals are complex and can change over time. Regulatory authorities exercise considerable discretion in the timing and scope of permit issuance. In addition, the public has the right to comment on permit applications and otherwise participate in the permitting process, including through court intervention. Limitations on Signal Peak's ability to conduct its mining operations due to its inability to obtain or renew necessary permits or similar approvals could materially reduce or even halt production at the mine resulting in an adverse effect on our balance sheet, results of operations and cash flow. Signal Peak is currently a party to litigation that is challenging the validity of its permit to expand its mine into adjacent leased federal coal reserves. After receiving initial approval in 2015 from the OSMRE to expand the mine, environmental non-governmental organizations filed suit in the United States District Court for the District of Montana the same year challenging OSMRE's environmental assessment, which was a finding of no significant impact, and the expansion approval. The District Court affirmed OSMRE's conclusions. In April 2022, the Ninth Circuit Court reversed the District Court's ruling affirming the expansion approval and remanded the case back to the District Court. On February 10, 2023, the District Court vacated the permit issued by OSMRE, which restricts Signal Peak's ability to mine federal coal until OSMRE completes an environmental impact statement and reissues the permit. While the District Court's ruling is not expected to materially impede Signal Peak's ability to conduct its mining operations over the next 12-24 months, the inability to successfully obtain the permit from OSMRE would prohibit Signal Peak from mining those adjacent leased federal coal reserves and could further adversely impact Signal Peak from efficiently and economically conducting its mining operations thus reducing its production, cash flow and profitability.

The FE Board will continue to regularly evaluate our common stock dividend and determine whether to declare a dividend, and an appropriate amount thereof, each quarter taking into account such factors as, among other things, our earnings, financial condition and cash flows from subsidiaries, as well as general economic and competitive conditions. We cannot assure common shareholders that dividends will be paid in the future, or that, if paid, dividends will be at the same amount or with the same frequency as in the past.

We rely on the capital markets to meet our financial commitments and short-term liquidity needs if internal funds are not available from our operations. We also use LOCs provided by various financial institutions to support our hedging operations. We also deposit cash in short-term investments. In the event of volatility in the capital and credit markets, our ability to draw on our credit facilities and cash may be adversely affected. Our access to funds under those credit facilities is dependent on the ability of the financial institutions that are parties to the facilities to meet their funding commitments. Those institutions may not be able to meet their funding commitments if they experience shortages of capital and liquidity or if they experience excessive volumes of borrowing requests within a short period of time. Any delay in our ability to access those funds, even for a short period of time, could have a material adverse effect on our results of operations and financial condition. Should there be fluctuations in the capital and credit markets as a result of uncertainty, changing or increased regulation, reduced alternatives or failures of significant foreign or domestic financial institutions or foreign governments, our access to liquidity needed for our business could be adversely affected. Unfavorable conditions could require us to take measures to conserve cash until the markets stabilize or until alternative credit arrangements or other funding for our business needs can be arranged. Such measures could include deferring capital expenditures or other capital-like investments, changing hedging strategies to reduce collateral-posting requirements, and reducing or eliminating future dividend payments or other discretionary uses of cash.

Traditionally, electricity is generated at large, central station generation facilities distributed by our systems. This method results in economies of scale and lower unit costs than newer generation technologies such as fuel cells, microturbines, windmills and photovoltaic solar cells. It is possible that advances in newer generation technologies will make newer generation technologies more cost-effective, or that legislation addressing climate change at the federal or state level together with changes in regulatory policy will create incentives or benefits that otherwise make these newer generation technologies even more competitive with central station electricity production. To the extent that newer generation technologies are connected directly to load, bypassing the transmission and distribution systems, potential impacts could include decreased transmission and distribution revenues,stranded assets and increased uncertainty in load forecasting and integrated resource planning and could adversely affect our business and results of operations.

We are committed to providing safe and reliable service and equipment in our franchised service territories. Meeting this commitment requires the expenditure of significant capital resources. However, our employees, contractors and the general public may be exposed to dangerous environments due to the nature of our operations. Failure to provide safe and reliable service and equipment due to various factors, including cyber or physical attacks, equipment failure, accidents weather or natural disasters, could result in serious injury or loss of life that may harm our business reputation and adversely affect our operating results through reduced revenues, increased capital and operating costs, litigation or the imposition of penalties/fines or other adverse regulatory outcomes.

Our reputation is important. Damage to our reputation could materially adversely affect our business, results of operations, and financial condition and may arise from numerous sources further discussed below, including a breach of the DPA, negative outcomes associated with the SEC investigation or other HB 6 litigation or investigations, a significant cyber-attack, data security or physical security breach, failure to provide safe and reliable service, and negative perceptions regarding the operation of coal-fired generation, particularly GHG emissions. Any damage to our reputation may lead to negative customer perception, which may make it difficult for us to compete successfully for new opportunities, or could adversely impact our ability to launch new sophisticated technology-driven solutions to meet our customer expectations. A damaged reputation could further result in FERC, the PUCO, and other regulatory and legislative authorities being less likely to view us in a favorable light, and could negatively impact the rates we charge customers or otherwise cause us to be susceptible to unfavorable legislative and regulatory outcomes, as well as increased regulatory oversight and more stringent legislative or regulatory requirements. See "Risks Associated with Climate Change, GHG Emission and Other Environmental Matters" below.

FirstEnergy is engaged in an ongoing effort to create a culture of continuous improvement to strategically reduce our operating expenditures and continually reinvest in a more diverse capital program in support of our long-term strategy. FirstEnergy leverages opportunities to reduce costs – such as filling only critical positions, implementing our facility optimization plans, as well as exploring other additional, sustainable opportunities, such as reducing contractor spend. There can be no assurance that implementation of our continuous improvement culture will allow us to realize the anticipated benefits to our business, results of operations and financial condition in a timely manner, if at all. Our ability to achieve the continued benefits from our cost saving initiatives is subject to many estimates and assumptions as well as our ability to hire recruit and retain an appropriately qualified workforce and implement a culture of continuous improvement. FirstEnergy could experience unexpected delays and business disruptions resulting from supporting these initiatives, decreased productivity, and higher than anticipated costs, any of which may impair our ability to reduce operating expenditures and to achieve anticipated results or otherwise harm FirstEnergy's business, results of operations and financial condition.

In the ordinary course of our business, we depend on information technology systems that utilize sophisticated operational systems and network infrastructure to run all facets of our regulated generation, transmission and distribution services. Additionally, we store sensitive data, intellectual property and proprietary or personally identifiable information regarding our business, employees, shareholders, customers, suppliers, business partners and other individuals in our data centers and on our networks. We may also need to provide sensitive data to vendors and service providers who require access to this information. The secure maintenance of information and information technology systems is critical to our operations. Over the last several years, there has been an increase in the frequency of cyber-attacks by terrorists, hackers, international activist organizations, foreign governments and individuals. These and other unauthorized parties may attempt to gain access to our network systems or facilities, or those of third parties with whom we do business in many ways, including directly through our network infrastructure or through fraud, trickery, or other forms of deception against our employees, contractors and temporary staff. Additionally, our information and information technology systems and those of our vendors and service providers may be increasingly vulnerable to data security breaches, damage and/or interruption due to viruses, ransomware, unauthorized physical access, theft of access devices, human error, malfeasance, faulty password management or other malfunctions and disruptions. Further, hardware, software, or applications we develop or procure from third parties may contain defects in design or manufacture or other problems that could unexpectedly compromise information and/or security. As a source of critical infrastructure, the energy industry is at heightened threat of cyber-attacks, which are becoming increasingly more difficult to anticipate and prevent due to their rapidly evolving nature. We cannot anticipate, detect, or implement fully preventive measures against all cyber security threats because the techniques used are increasingly sophisticated and constantly evolving. For example, as artificial intelligence continues to evolve, cyber-attackers could use artificial intelligence to develop malicious code, denial-of-service attacks, sophisticated phishing attempts and other attacks leading to data loss, loss of operational control, or exploitation of inherent vulnerabilities. In addition, the increased use of smartphones, tablets, and other wireless devices, as well as ongoing remote work-from-home arrangements for a substantial portion of our corporate employees, may also heighten these and other operational risks. Furthermore, economic sanctions issued by one country against another, such as those issued by the U.S. and other countries against Russia in response to its war with Ukraine, or other increasing global geopolitical tensions, such as the war between Israel and Hamas, could increase the risk of state-sponsored cyber-attacks. Despite security measures and safeguards we have employed, including certain measures implemented pursuant to mandatory NERC Critical Infrastructure Protection standards, our infrastructure, as well as the transmission facilities of third parties with whom we are interconnected, may be increasingly vulnerable to such attacks as a result of the rapidly evolving and increasingly sophisticated means by which attempts to defeat security measures and gain access to our information technology systems may be made. Because our transmission facilities are interconnected with those of third parties, the operation of our facilities could be adversely affected by cyber-attacks or other unexpected or uncontrollable events occurring on the systems of such third parties. Given the rapidly evolving nature, sophistication, and complexity of cyber-attacks, despite our reasonable efforts to mitigate and prevent such attacks, it is possible that we may not be able to anticipate, prevent, detect, or implement effective preventive measures to protect against all cyber-attack incidents. Any actual or perceived cyber-attack, data security breach, damage, interruption and/or defect could: (i) disable our generation, transmission (including our interconnected regional transmission grid) and/or distribution services for a significant period of time; (ii) delay development and construction of new facilities or capital improvement projects; (iii) adversely affect our customer operations; (iv) expose us to increased risk of lawsuits; (v) expose us to increased risk of regulatory penalties; (vi) expose us to increased risk of loss of potential or existing customers; (vii) expose us to increased risk of damage relating to loss of proprietary information; (viii) corrupt data; and/or (ix) result in unauthorized access to the information stored in our data centers and on our networks and those of our vendors and service providers, including, company proprietary information, supplier information, employee data, and personal customer data, causing the information to be publicly disclosed, lost or stolen or result in incidents that could result in economic loss and liability and harmful effects on the environment and human health, including loss of life. Additionally, because our regulated generation, transmission and distribution services are part of an interconnected system, disruption caused by a cyber security incident at another utility, electric generator, RTO, or commodity supplier could also adversely affect our operations. Although we maintain cyber insurance and property and casualty insurance, there can be no assurance that liabilities or losses we may incur, including as a result of cyber security-related litigation, will be covered under such policies or that the amount of insurance will be adequate. Further, as cyber threats continually evolve and become more difficult to detect and successfully defend against, there can be no assurance that we can implement or maintain adequate preventive measures, accurately assess the likelihood of a cyber-incident or quantify potential liabilities or losses. Also, we may not discover any data security breach and loss of information for a significant period of time after the data security breach occurs particularly those of our vendors and service providers. For all of these reasons, any such cyber incident could result in significant lost revenue, the inability to conduct critical business functions and serve customers for a significant period of time, the loss of confidential, sensitive, and proprietary information, including but not limited to personal information of our customers, employees, suppliers, vendors and other third parties, the use of significant management resources, legal claims or proceedings, regulatory penalties, significant remediation costs, increased regulation, increased capital costs, increased insurance costs, increased protection costs for enhanced cyber security systems or personnel, damage to our reputation and/or the rendering of our internal controls ineffective, all of which could materially adversely affect our business, results of operations, financial condition and reputation.