JPMorgan Chase & Co. (JPM) Risk Factors

Some of the countries in which JPMorgan Chase conducts business have economies or markets that are less developed and more volatile or may have political, legal and regulatory regimes that are less established or predictable than other countries in which JPMorgan Chase operates. In addition, in some jurisdictions in which JPMorgan Chase conducts business, the local economy and business activities are subject to substantial government influence or control. Some of these countries have in the past experienced economic disruptions, including: - extreme currency fluctuations - high inflation - low or negative growth - defaults or reduced ability to service sovereign debt and - increased fraud or other misrepresentation of value. The governments in these countries have sometimes reacted to these developments by imposing restrictive policies that adversely affect the local and regional business environment, such as: - price, capital or exchange controls, including imposition of punitive transfer and convertibility restrictions or forced currency exchange - expropriation or nationalization of assets or confiscation of property, including intellectual property, and - changes in laws, rules and regulations. The impact of these actions could be accentuated in trading markets that are smaller, less liquid and more volatile than more-developed markets. These types of government actions can negatively affect JPMorgan Chase's operations in the relevant country, either directly or by suppressing the business activities of local clients or multi-national clients that conduct business in the jurisdiction. In addition, emerging markets countries, as well as more developed countries, have been susceptible to unfavorable social developments arising from poor economic conditions or governmental actions, including: - widespread demonstrations, civil unrest or general strikes - crime and corruption - security and personal safety issues - an outbreak or escalation of hostilities, or other geopolitical instabilities - overthrow of incumbent governments - terrorist attacks, and - other forms of internal discord. These economic, political, regulatory and social developments have in the past resulted in, and in the future could lead to, conditions that can adversely affect JPMorgan Chase's operations in those countries and impair the revenues, growth and profitability of those operations. In addition, any of these events or circumstances in one country can affect JPMorgan Chase's operations and investments in another country or countries, including in the U.S.PeopleJPMorgan Chase's ability to attract and retain qualified and diverse employees is critical to its success.JPMorgan Chase's employees are its most important resource, and in many areas of the financial services industry, competition for qualified personnel is intense. JPMorgan Chase endeavors to attract talented and diverse new employees and retain, develop and motivate its existing employees. JPMorgan Chase's efforts to hire and retain talented and diverse employees could be hindered by factors such as:- the emerging need for more-skilled workers in an evolving labor and workplace environment, including due to changes in technology, and- targeted recruitment of JPMorgan Chase employees by competitors. If JPMorgan Chase were unable to continue to attract or retain qualified and diverse employees, including successors to the Chief Executive Officer, members of the Operating Committee and other senior leaders, JPMorgan Chase's performance, including its competitive position, could be materially and adversely affected.JPMorgan Chase's use of hybrid work models could result in deterioration in employee performance or degradation of JPMorgan Chase's control environment which may have a material and adverse effect on its business and operations. Alternatively, discontinuing hybrid work models could harm JPMorgan Chase's ability to attract and retain employees.Unfavorable changes in immigration or travel policies could adversely affect JPMorgan Chase's businesses and operations.JPMorgan Chase relies on the skills, knowledge and expertise of employees located throughout the world. Changes in immigration or travel policies in the U.S. and other countries that unduly restrict or otherwise make it more difficult for employees or their family members to work in, or travel to or transfer between, jurisdictions in which JPMorgan Chase has operations or conducts its business could inhibit JPMorgan Chase's ability to attract and retain qualified employees, and thereby dilute the quality of its workforce, or could prompt JPMorgan Chase to make structural changes to its worldwide or regional operating models that cause its operations to be less efficient or more costly. - other forms of internal discord. These economic, political, regulatory and social developments have in the past resulted in, and in the future could lead to, conditions that can adversely affect JPMorgan Chase's operations in those countries and impair the revenues, growth and profitability of those operations. In addition, any of these events or circumstances in one country can affect JPMorgan Chase's operations and investments in another country or countries, including in the U.S.

The value of securities, derivatives and other financial instruments which JPMorgan Chase owns or in which it makes markets can be materially affected by market fluctuations. Market volatility, illiquid market conditions and other disruptions in the financial markets may make it extremely difficult to value certain financial instruments. Subsequent valuations of financial instruments in future periods, in light of factors then prevailing, may result in significant changes in the value of these instruments. In addition, at the time of any disposition of these financial instruments, the price that JPMorgan Chase ultimately realizes will depend on the demand and liquidity in the market at that time and may be materially lower than their current fair value. Any of these factors could cause a decline in the value of financial instruments that JPMorgan Chase owns or in which it makes markets, which may have an adverse effect on JPMorgan Chase's results of operations. JPMorgan Chase's risk management and monitoring processes, including its stress testing framework, seek to quantify and manage JPMorgan Chase's exposure to more extreme market moves. However, JPMorgan Chase's hedging and other risk management strategies may not be effective, and it could incur significant losses, if extreme market events were to occur.

JPMorgan Chase's businesses and operations are subject to complex and evolving laws, rules and regulations, both within and outside the U.S., governing the privacy and protection of personal information of individuals. Governmental authorities around the world have adopted and are considering the adoption of numerous legislative and regulatory initiatives concerning privacy, data protection and security. Litigation or enforcement actions relating to these laws, rules and regulations could result in fines or orders requiring that JPMorgan Chase change its data-related practices, which could have an adverse effect on JPMorgan Chase's ability to provide products and otherwise harm its business operations. Implementing processes relating to JPMorgan Chase's collection, use, sharing and storage of personal information to comply with all applicable laws, rules and regulations in all relevant jurisdictions, including where the laws of different jurisdictions are in conflict, can: - increase JPMorgan Chase's compliance and operating costs - hinder the development of new products or services, curtail the offering of existing products or services, or affect how products and services are offered to clients and customers - demand significant oversight by JPMorgan Chase's management, and - require JPMorgan Chase to structure its businesses, operations and systems in less efficient ways. Not all of JPMorgan Chase's clients, customers, vendors, counterparties and other external parties may have appropriate controls in place to protect the confidentiality, integrity or availability of the information exchanged between them and JPMorgan Chase, particularly where information is transmitted by electronic means. JPMorgan Chase could be exposed to litigation or regulatory fines, penalties or other sanctions if personal information of clients, customers, employees or others were to be mishandled or misused, such as situations where such information is: - erroneously provided to parties who are not permitted to have the information, or- intercepted or otherwise compromised by unauthorized third parties.Concerns regarding the effectiveness of JPMorgan Chase's measures to safeguard personal information, or the perception that those measures are inadequate, could cause JPMorgan Chase to lose existing or potential clients and customers or employees, and thereby reduce JPMorgan Chase's revenues. Furthermore, any failure or perceived failure by JPMorgan Chase to comply with applicable privacy or data protection laws, rules and regulations, or any failure to appropriately calibrate, manage and monitor access by employees or third parties to personal information, could subject JPMorgan Chase to inquiries, examinations and investigations that could result in requirements to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties or other sanctions. Any of these could damage JPMorgan Chase's reputation and otherwise adversely affect its businesses.In recent years, well-publicized incidents involving the inappropriate collection, use, sharing or storage of personal information have led to expanded governmental scrutiny of practices relating to the processing or safeguarding of personal information by companies in the U.S. and other countries. That scrutiny has in some cases resulted in, and could in the future lead to, the adoption of stricter laws, rules and regulations relating to the collection, use, sharing and storage of personal information. These types of laws, rules and regulations can prohibit or significantly restrict financial services firms such as JPMorgan Chase from transferring information across national borders or sharing information among affiliates or with third parties such as vendors, thereby increase compliance costs and operational risk, or restrict JPMorgan Chase's use of personal information when developing or offering products or services to customers. Some countries are considering or have adopted legislation implementing data protection requirements or requiring local storage and processing of data which could increase the cost and complexity of JPMorgan Chase's delivery of products and services. These restrictions could also inhibit JPMorgan Chase's development or marketing of certain products or services, or increase the costs of offering them to customers.JPMorgan Chase's operations, results and reputation could be harmed by occurrences of extraordinary events beyond its control.JPMorgan Chase's business and operational systems could be seriously disrupted, and its reputation could be harmed, by events or contributing factors that are wholly or partially beyond its control, including material instances of:- cyber attacks- security breaches of its physical premises, including threats to health and safety - erroneously provided to parties who are not permitted to have the information, or - intercepted or otherwise compromised by unauthorized third parties. Concerns regarding the effectiveness of JPMorgan Chase's measures to safeguard personal information, or the perception that those measures are inadequate, could cause JPMorgan Chase to lose existing or potential clients and customers or employees, and thereby reduce JPMorgan Chase's revenues. Furthermore, any failure or perceived failure by JPMorgan Chase to comply with applicable privacy or data protection laws, rules and regulations, or any failure to appropriately calibrate, manage and monitor access by employees or third parties to personal information, could subject JPMorgan Chase to inquiries, examinations and investigations that could result in requirements to modify or cease certain operations or practices, significant liabilities or regulatory fines, penalties or other sanctions. Any of these could damage JPMorgan Chase's reputation and otherwise adversely affect its businesses. In recent years, well-publicized incidents involving the inappropriate collection, use, sharing or storage of personal information have led to expanded governmental scrutiny of practices relating to the processing or safeguarding of personal information by companies in the U.S. and other countries. That scrutiny has in some cases resulted in, and could in the future lead to, the adoption of stricter laws, rules and regulations relating to the collection, use, sharing and storage of personal information. These types of laws, rules and regulations can prohibit or significantly restrict financial services firms such as JPMorgan Chase from transferring information across national borders or sharing information among affiliates or with third parties such as vendors, thereby increase compliance costs and operational risk, or restrict JPMorgan Chase's use of personal information when developing or offering products or services to customers. Some countries are considering or have adopted legislation implementing data protection requirements or requiring local storage and processing of data which could increase the cost and complexity of JPMorgan Chase's delivery of products and services. These restrictions could also inhibit JPMorgan Chase's development or marketing of certain products or services, or increase the costs of offering them to customers.

Item 1B. Unresolved Staff Comments.None.Item 1C. Cybersecurity.Refer to the Operational Risk Management section of Management's discussion and analysis on pages 147–150 for a discussion of cybersecurity risk.Item 2. Properties.JPMorgan Chase's headquarters is located in New York City at 383 Madison Avenue, a 47-story office building that it owns. The demolition of the Firm's former headquarters at 270 Park Avenue in New York City was completed in 2021, and construction of a new headquarters on the same site continues.The Firm owned or leased facilities in the following locations at December 31, 2023.December 31, 2023(in millions)Approximate square footageUnited States(a)New York City, New York383 Madison Avenue, New York, New York1.1 All other New York City locations5.9 Total New York City, New York7.0 Other U.S. locationsColumbus/Westerville, Ohio3.5 Chicago, Illinois2.7 Dallas/Plano/Fort Worth, Texas2.5 Wilmington/Newark, Delaware2.2 Houston, Texas1.6 Jersey City, New Jersey1.4 Phoenix/Tempe, Arizona1.3 All other U.S. locations34.5 Total United States56.7 Europe, the Middle East and Africa ("EMEA")25 Bank Street, London, U.K.1.4 All other U.K. locations2.4 All other EMEA locations1.5 Total EMEA5.3 Asia-Pacific, Latin America and CanadaIndia5.8 Philippines1.7 All other locations2.8 Total Asia-Pacific, Latin America and Canada10.3 Total72.3 (a)At December 31, 2023, the Firm owned or leased 4,897 retail branches in 48 states and Washington D.C.The premises and facilities occupied by JPMorgan Chase are collectively used across all of the Firm's business segments and for corporate purposes. JPMorgan Chase continues to evaluate its current and projected space requirements and may determine from time to time that certain of its properties (including the premises and facilities noted

When JPMorgan Chase launches a new product or service, introduces a new platform for the delivery or distribution of products or services (including mobile connectivity, electronic trading and cloud computing), acquires or invests in a business, makes changes to an existing product, service or delivery platform, or adopts a new technology, it may not fully appreciate or identify new operational risks that may arise from those changes, including increased reliance on third party providers, or may fail to implement adequate controls to mitigate the risks associated with those changes. Any significant failure in this regard could diminish JPMorgan Chase's ability to operate one or more of its businesses or result in:- potential liability to clients, counterparties and customers- higher compliance and operational cost - higher litigation costs, including regulatory fines, penalties and other sanctions- damage to JPMorgan Chase's reputation- impairment of JPMorgan Chase's liquidity- regulatory intervention, or - weaker competitive standing.Any of the foregoing consequences could materially and adversely affect JPMorgan Chase's businesses and results of operations.JPMorgan Chase's business and operations rely on its ability, and the ability of key external parties, to maintain appropriately-staffed workforces, and on the competence, trustworthiness, health and safety of employees.JPMorgan Chase's ability to operate its businesses efficiently and profitably, to offer products and services that meet the expectations of its clients and customers, and to maintain an effective risk management framework is highly dependent on its ability to staff its operations appropriately and on the competence, trustworthiness, health and safety of its employees. JPMorgan Chase's businesses and operations similarly rely on the workforces of third parties, including employees of vendors, custodians and financial markets infrastructures, and of businesses that it may seek to acquire. JPMorgan Chase's businesses could be materially and adversely affected by:- the ineffective implementation of business decisions- any failure to institute controls that appropriately address risks associated with business activities, or to appropriately train employees with respect to those risks and controls- staffing shortages, particularly in tight labor markets- the possibility that significant portions of JPMorgan Chase's workforce are unable to work effectively, including because of illness, quarantines, shelter-in-place arrangements, government actions or other restrictions in connection with health emergencies, the spread of infectious diseases, epidemics or pandemics, or due to extraordinary events beyond JPMorgan Chase's control such as natural disasters or an outbreak or escalation of hostilities or delivery platform, or adopts a new technology, it may not fully appreciate or identify new operational risks that may arise from those changes, including increased reliance on third party providers, or may fail to implement adequate controls to mitigate the risks associated with those changes. Any significant failure in this regard could diminish JPMorgan Chase's ability to operate one or more of its businesses or result in: - potential liability to clients, counterparties and customers - higher compliance and operational cost - higher litigation costs, including regulatory fines, penalties and other sanctions - damage to JPMorgan Chase's reputation - impairment of JPMorgan Chase's liquidity - regulatory intervention, or - weaker competitive standing. Any of the foregoing consequences could materially and adversely affect JPMorgan Chase's businesses and results of operations.

JPMorgan Chase experiences numerous cyber attacks on its computer systems, software, networks and other technology assets on a daily basis from various actors, including groups acting on behalf of hostile countries, cyber-criminals, "hacktivists" (i.e., individuals or groups that use technology to promote a political agenda or social change) and others. These cyber attacks can take many forms, including attempts to introduce computer viruses or malicious code, which are commonly referred to as "malware," into JPMorgan Chase's systems. These attacks are often designed to: - obtain unauthorized access to confidential information belonging to JPMorgan Chase or its clients, customers, counterparties or employees - manipulate data - destroy data or systems with the aim of rendering services unavailable - disrupt, sabotage or degrade service on JPMorgan Chase's systems - steal money, or - extort money through the use of so-called "ransomware." JPMorgan Chase also experiences: - distributed denial-of-service attacks intended to disrupt JPMorgan Chase's websites, including those that provide online banking and other services,- a higher volume and complexity of cyber attacks against the backdrop of heightened geopolitical tensions, and- a high volume of disruptions to internet-based services used by JPMorgan Chase that are provided by third parties.JPMorgan Chase has experienced security breaches due to cyber attacks in the past, and it is inevitable that additional breaches will occur in the future. Any such breach could result in serious and harmful consequences for JPMorgan Chase or its clients and customers.A principal reason that JPMorgan Chase cannot provide absolute security against cyber attacks is that it may not always be possible to anticipate, detect or recognize threats to JPMorgan Chase's systems, or to implement effective preventive measures against all breaches because:- the techniques used in cyber attacks evolve frequently and are increasingly sophisticated, and therefore may not be recognized until launched or may go undetected for extended periods- cyber attacks can originate from a wide variety of sources, including JPMorgan Chase's own employees, cyber-criminals, hacktivists, well-resourced groups linked to terrorist organizations or hostile nation-states that can sustain malicious activities for extended periods, or third parties whose objective is to disrupt the operations of financial institutions more generally- JPMorgan Chase does not have control over the cybersecurity of the systems of the large number of clients, customers, counterparties and third-party service providers with which it does business, and- it is possible that a third party, after establishing a foothold on an internal network without being detected, may gain access to other networks and systems.The risk of a security breach due to a cyber attack could increase in the future due to factors such as: - JPMorgan Chase's ongoing expansion of its mobile banking and other internet-based product offerings and its internal use of internet-based products and applications, including those that use cloud computing services- advances in artificial intelligence, such as the use of machine learning and generative artificial intelligence by malicious actors to develop more advanced social engineering attacks, including targeted phishing attacks- the inability to maintain the security of information transmitted by JPMorgan Chase due to advances in quantum computing that may counteract or nullify existing information protections, and- the acquisition and integration of new businesses. - distributed denial-of-service attacks intended to disrupt JPMorgan Chase's websites, including those that provide online banking and other services,- a higher volume and complexity of cyber attacks against the backdrop of heightened geopolitical tensions, and - a high volume of disruptions to internet-based services used by JPMorgan Chase that are provided by third parties. JPMorgan Chase has experienced security breaches due to cyber attacks in the past, and it is inevitable that additional breaches will occur in the future. Any such breach could result in serious and harmful consequences for JPMorgan Chase or its clients and customers. A principal reason that JPMorgan Chase cannot provide absolute security against cyber attacks is that it may not always be possible to anticipate, detect or recognize threats to JPMorgan Chase's systems, or to implement effective preventive measures against all breaches because: - the techniques used in cyber attacks evolve frequently and are increasingly sophisticated, and therefore may not be recognized until launched or may go undetected for extended periods - cyber attacks can originate from a wide variety of sources, including JPMorgan Chase's own employees, cyber-criminals, hacktivists, well-resourced groups linked to terrorist organizations or hostile nation-states that can sustain malicious activities for extended periods, or third parties whose objective is to disrupt the operations of financial institutions more generally - JPMorgan Chase does not have control over the cybersecurity of the systems of the large number of clients, customers, counterparties and third-party service providers with which it does business, and - it is possible that a third party, after establishing a foothold on an internal network without being detected, may gain access to other networks and systems. The risk of a security breach due to a cyber attack could increase in the future due to factors such as: - JPMorgan Chase's ongoing expansion of its mobile banking and other internet-based product offerings and its internal use of internet-based products and applications, including those that use cloud computing services - advances in artificial intelligence, such as the use of machine learning and generative artificial intelligence by malicious actors to develop more advanced social engineering attacks, including targeted phishing attacks - the inability to maintain the security of information transmitted by JPMorgan Chase due to advances in quantum computing that may counteract or nullify existing information protections, and - the acquisition and integration of new businesses. In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by JPMorgan Chase's employees.The dynamic nature of the cyber threat landscape necessitates continuous enhancement and adaptation of cybersecurity controls. Failure to discover or address known vulnerabilities or shortcomings in cybersecurity controls, or to prioritize or complete enhancements to address them, in each case in a timely manner, may leave JPMorgan Chase vulnerable to cyber attacks, potentially resulting in data breaches, financial losses, reputational damage and regulatory penalties, including the failure to prioritize or complete enhancements relating to:- preventing unauthorized access and protecting against the misuse of access, including the maintenance and enhancement of controls related to secure software development practices and identity and access management, such as those relating to the management of administrative access to systems- detecting, escalating and addressing effectively and in a timely manner any vulnerabilities that may be present either in internally-developed software or externally-provided software or services, including vulnerabilities that could allow attackers to exploit unknown security flaws in software and hardware ("zero-day vulnerabilities")- enhancing early detection of attacks against third-party vendors, including attacks targeting vulnerabilities in third-party open-source software, in support of the secure development and maintenance of internal systems- maintaining and enhancing controls related to technology asset management and inventory systems to prevent the risk of undetected vulnerabilities that could undermine JPMorgan Chase's ability to operate an effective control process - upgrading the coverage and capabilities of systems and controls to protect JPMorgan Chase and its clients and customers from the impact of distributed denial-of-service attacks, or to recover from outages that could be caused by a malware or ransomware attack- strengthening network security and management of outbound connections to reduce the risk of data loss - identifying, assessing and mitigating insider threat activities that could lead to the misuse of JPMorgan Chase's systems or client and customer information, and- integrating acquired businesses where system integration may be complex or may require extensive and lengthy remediation or enhancement of controls.A successful penetration or circumvention of the security of JPMorgan Chase's systems or the systems of a vendor, governmental body or another market participant could cause serious negative consequences, including: In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by JPMorgan Chase's employees. The dynamic nature of the cyber threat landscape necessitates continuous enhancement and adaptation of cybersecurity controls. Failure to discover or address known vulnerabilities or shortcomings in cybersecurity controls, or to prioritize or complete enhancements to address them, in each case in a timely manner, may leave JPMorgan Chase vulnerable to cyber attacks, potentially resulting in data breaches, financial losses, reputational damage and regulatory penalties, including the failure to prioritize or complete enhancements relating to: - preventing unauthorized access and protecting against the misuse of access, including the maintenance and enhancement of controls related to secure software development practices and identity and access management, such as those relating to the management of administrative access to systems - detecting, escalating and addressing effectively and in a timely manner any vulnerabilities that may be present either in internally-developed software or externally-provided software or services, including vulnerabilities that could allow attackers to exploit unknown security flaws in software and hardware ("zero-day vulnerabilities")- enhancing early detection of attacks against third-party vendors, including attacks targeting vulnerabilities in third-party open-source software, in support of the secure development and maintenance of internal systems - maintaining and enhancing controls related to technology asset management and inventory systems to prevent the risk of undetected vulnerabilities that could undermine JPMorgan Chase's ability to operate an effective control process - upgrading the coverage and capabilities of systems and controls to protect JPMorgan Chase and its clients and customers from the impact of distributed denial-of-service attacks, or to recover from outages that could be caused by a malware or ransomware attack - strengthening network security and management of outbound connections to reduce the risk of data loss - identifying, assessing and mitigating insider threat activities that could lead to the misuse of JPMorgan Chase's systems or client and customer information, and - integrating acquired businesses where system integration may be complex or may require extensive and lengthy remediation or enhancement of controls. A successful penetration or circumvention of the security of JPMorgan Chase's systems or the systems of a vendor, governmental body or another market participant could cause serious negative consequences, including: - significant disruption of JPMorgan Chase's operations and those of its clients, customers and counterparties, including losing access to operational systems- misappropriation of confidential information of JPMorgan Chase or that of its clients, customers, counterparties, employees or regulators- disruption of or damage to JPMorgan Chase's systems and those of its clients, customers and counterparties- the inability, or extended delays in the ability, to fully recover and restore data that has been stolen, manipulated or destroyed, or the inability to prevent systems from processing fraudulent transactions- demands that JPMorgan Chase pay a ransom to a malicious actor that has perpetrated a cybersecurity breach- unintended violations by JPMorgan Chase of applicable privacy and other laws- financial loss to JPMorgan Chase or to its clients, customers, counterparties or employees- loss of confidence in JPMorgan Chase's cybersecurity and business resiliency measures- dissatisfaction among JPMorgan Chase's clients, customers or counterparties- significant exposure to litigation and regulatory fines, penalties or other sanctions, and- harm to JPMorgan Chase's reputation.The extent of a particular cyber attack, the methods and tools used by various actors, and the steps that JPMorgan Chase may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed. While such an investigation is ongoing, JPMorgan Chase may not necessarily know the full extent of the harm caused by the cyber attack, and that damage may continue to spread. These factors may inhibit JPMorgan Chase's ability to provide rapid, full and reliable information about the cyber attack to its clients, customers, counterparties and regulators, as well as the public. Furthermore, it may not be clear how best to contain and remediate the harm caused by the cyber attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber attack.JPMorgan Chase can be negatively affected if it fails to identify and address operational risks associated with the introduction of or changes to products, services and delivery platforms or the adoption of new technologies.When JPMorgan Chase launches a new product or service, introduces a new platform for the delivery or distribution of products or services (including mobile connectivity, electronic trading and cloud computing), acquires or invests in a business, makes changes to an existing product, service - significant disruption of JPMorgan Chase's operations and those of its clients, customers and counterparties, including losing access to operational systems - misappropriation of confidential information of JPMorgan Chase or that of its clients, customers, counterparties, employees or regulators - disruption of or damage to JPMorgan Chase's systems and those of its clients, customers and counterparties - the inability, or extended delays in the ability, to fully recover and restore data that has been stolen, manipulated or destroyed, or the inability to prevent systems from processing fraudulent transactions - demands that JPMorgan Chase pay a ransom to a malicious actor that has perpetrated a cybersecurity breach - unintended violations by JPMorgan Chase of applicable privacy and other laws - financial loss to JPMorgan Chase or to its clients, customers, counterparties or employees - loss of confidence in JPMorgan Chase's cybersecurity and business resiliency measures - dissatisfaction among JPMorgan Chase's clients, customers or counterparties - significant exposure to litigation and regulatory fines, penalties or other sanctions, and The extent of a particular cyber attack, the methods and tools used by various actors, and the steps that JPMorgan Chase may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed. While such an investigation is ongoing, JPMorgan Chase may not necessarily know the full extent of the harm caused by the cyber attack, and that damage may continue to spread. These factors may inhibit JPMorgan Chase's ability to provide rapid, full and reliable information about the cyber attack to its clients, customers, counterparties and regulators, as well as the public. Furthermore, it may not be clear how best to contain and remediate the harm caused by the cyber attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber attack.

JPMorgan Chase's businesses rely on the ability of JPMorgan Chase's financial, accounting, transaction execution, data processing and other operational systems to process, record, monitor and report a large number of transactions on a continuous basis, and to do so accurately, quickly and securely. In addition to proper design, installation, maintenance and training, the effective functioning of JPMorgan Chase's operational systems depends on: - the quality of the information contained in those systems, as inaccurate, outdated, incomplete or corrupted data can significantly compromise the functionality or reliability of a particular system and other systems to which it transmits or from which it receives information, and - JPMorgan Chase's ability to continue to maintain and upgrade its systems on a regular basis in line with technological advancements and evolving security requirements, carefully manage any changes introduced to its systems to maintain security and operational continuity, and adhere to all applicable legal and regulatory requirements, particularly in regions where JPMorgan Chase may face a heightened risk of malicious activity. JPMorgan Chase has experienced and expects that it will continue to experience failures and disruptions in the stability of its operational systems, including degraded performance of data processing systems, data quality issues, disruptions of network connectivity and malfunctioning software, as well as disruptions in its ability to access and use the operational systems of third parties. These incidents have resulted in various negative effects for customers, including the inability to access account information or to make transactions through ATM, internet or mobile channels, the exfiltration of customer personal data, the recording of duplicative transactions and extended delays for customers requiring services from call centers. There can be no assurance that these and other types of operational failures or disruptions will not occur in the future.JPMorgan Chase's ability to effectively manage the stability of its operational systems and infrastructure could be hindered by many factors, any of which could have a negative impact on JPMorgan Chase and its clients, customers and counterparties, including:- JPMorgan Chase's ability to effectively maintain and upgrade systems and infrastructure can become more challenging as the speed, frequency, volume, interconnectivity and complexity of transactions continue to increase- attempts by third parties to defraud JPMorgan Chase or its clients and customers are increasing, evolving and becoming more complex, and during periods of market disruption or economic uncertainty, these attempts can be expected to increase in volume- errors made by JPMorgan Chase or another market participant, whether inadvertent or malicious, could cause widespread system disruption- failure to detect weaknesses or shortcomings in operational systems in a timely manner- isolated or seemingly insignificant errors in operational systems could compound, or migrate to other systems over time, to become larger issues- disruptions in operational systems or in the ability of systems to communicate with each other could be caused by failures in synchronization or encryption software, or degraded performance of microprocessors, and- attempts by third parties to block the use of key technology solutions by claiming that the use infringes on their intellectual property rights.JPMorgan Chase also depends on its ability to access and use the operational systems of third parties, including its custodians, vendors (such as those that provide data and cloud computing services, and security and technology services) and other market participants (such as clearing and payment systems, CCPs and securities exchanges), and external operational systems with which JPMorgan is connected, whether directly or indirectly, can be sources of operational risk to JPMorgan Chase. JPMorgan Chase may be exposed not only to a systems failure or cyber attack that may be experienced by a vendor or market infrastructure with which JPMorgan Chase is directly connected, but also to a systems breakdown or cyber attack involving another party to which such a vendor or infrastructure is connected. Similarly, retailers, payment systems and processors, data aggregators and other external parties with which JPMorgan Chase's customers do business can increase JPMorgan Chase's operational risk. This is particularly the case where activities of customers or other parties are beyond JPMorgan Chase's security and control systems, including through the use of the internet,centers. There can be no assurance that these and other types of operational failures or disruptions will not occur in the future. JPMorgan Chase's ability to effectively manage the stability of its operational systems and infrastructure could be hindered by many factors, any of which could have a negative impact on JPMorgan Chase and its clients, customers and counterparties, including: - JPMorgan Chase's ability to effectively maintain and upgrade systems and infrastructure can become more challenging as the speed, frequency, volume, interconnectivity and complexity of transactions continue to increase - attempts by third parties to defraud JPMorgan Chase or its clients and customers are increasing, evolving and becoming more complex, and during periods of market disruption or economic uncertainty, these attempts can be expected to increase in volume - errors made by JPMorgan Chase or another market participant, whether inadvertent or malicious, could cause widespread system disruption - failure to detect weaknesses or shortcomings in operational systems in a timely manner - isolated or seemingly insignificant errors in operational systems could compound, or migrate to other systems over time, to become larger issues - disruptions in operational systems or in the ability of systems to communicate with each other could be caused by failures in synchronization or encryption software, or degraded performance of microprocessors, and - attempts by third parties to block the use of key technology solutions by claiming that the use infringes on their intellectual property rights. JPMorgan Chase also depends on its ability to access and use the operational systems of third parties, including its custodians, vendors (such as those that provide data and cloud computing services, and security and technology services) and other market participants (such as clearing and payment systems, CCPs and securities exchanges), and external operational systems with which JPMorgan is connected, whether directly or indirectly, can be sources of operational risk to JPMorgan Chase. JPMorgan Chase may be exposed not only to a systems failure or cyber attack that may be experienced by a vendor or market infrastructure with which JPMorgan Chase is directly connected, but also to a systems breakdown or cyber attack involving another party to which such a vendor or infrastructure is connected. Similarly, retailers, payment systems and processors, data aggregators and other external parties with which JPMorgan Chase's customers do business can increase JPMorgan Chase's operational risk. This is particularly the case where activities of customers or other parties are beyond JPMorgan Chase's security and control systems, including through the use of the internet,cloud computing services, and personal smart phones and other mobile devices or services.If an external party obtains access to customer account data on JPMorgan Chase's systems, whether authorized or unauthorized, and that party misappropriates that data, this could result in negative outcomes for JPMorgan Chase and its clients and customers, including a heightened risk of fraudulent transactions using JPMorgan Chase's systems, losses from fraudulent transactions and reputational harm arising from the perception that JPMorgan Chase's systems may not be secure.As JPMorgan Chase's interconnectivity with clients, customers and other external parties continues to expand, JPMorgan Chase increasingly faces the risk of operational failure or cyber attacks with respect to the systems of those parties. Security breaches affecting JPMorgan Chase's clients or customers, or systems breakdowns or failures, security breaches or human error or misconduct affecting other external parties, may require JPMorgan Chase to take steps to protect the integrity of its own operational systems or to safeguard confidential information, including restricting the access of customers to their accounts. These actions can increase JPMorgan Chase's operational costs and potentially diminish customer satisfaction and confidence in JPMorgan Chase.Furthermore, the widespread and expanding interconnectivity among financial institutions, clearing banks, CCPs, payments processors, financial technology companies, securities exchanges, clearing houses and other financial market infrastructures increases the risk that the disruption of an operational system involving one institution or entity, including due to a cyber attack, may cause industry-wide operational disruptions that could materially affect JPMorgan Chase's ability to conduct business. In addition, the risks associated with the disruption of an operational system of a third party could be exacerbated to the extent that the services provided by that system are used by a significant number or proportion of market participants.The ineffectiveness, failure or other disruption of operational systems upon which JPMorgan Chase depends, including due to a systems malfunction, cyber incident or other systems failure, could result in unfavorable ripple effects in the financial markets and for JPMorgan Chase and its clients and customers, including:- delays or other disruptions in providing services, including the provision of liquidity or information to clients and customers- impairment of JPMorgan Chase's ability to execute transactions, including delays or failures in the confirmation or settlement of transactions or in obtaining access to funds or other assets required for settlement- the possibility that funds transfers, capital markets trades or other transactions are executed erroneously cloud computing services, and personal smart phones and other mobile devices or services. If an external party obtains access to customer account data on JPMorgan Chase's systems, whether authorized or unauthorized, and that party misappropriates that data, this could result in negative outcomes for JPMorgan Chase and its clients and customers, including a heightened risk of fraudulent transactions using JPMorgan Chase's systems, losses from fraudulent transactions and reputational harm arising from the perception that JPMorgan Chase's systems may not be secure. As JPMorgan Chase's interconnectivity with clients, customers and other external parties continues to expand, JPMorgan Chase increasingly faces the risk of operational failure or cyber attacks with respect to the systems of those parties. Security breaches affecting JPMorgan Chase's clients or customers, or systems breakdowns or failures, security breaches or human error or misconduct affecting other external parties, may require JPMorgan Chase to take steps to protect the integrity of its own operational systems or to safeguard confidential information, including restricting the access of customers to their accounts. These actions can increase JPMorgan Chase's operational costs and potentially diminish customer satisfaction and confidence in JPMorgan Chase. Furthermore, the widespread and expanding interconnectivity among financial institutions, clearing banks, CCPs, payments processors, financial technology companies, securities exchanges, clearing houses and other financial market infrastructures increases the risk that the disruption of an operational system involving one institution or entity, including due to a cyber attack, may cause industry-wide operational disruptions that could materially affect JPMorgan Chase's ability to conduct business. In addition, the risks associated with the disruption of an operational system of a third party could be exacerbated to the extent that the services provided by that system are used by a significant number or proportion of market participants. The ineffectiveness, failure or other disruption of operational systems upon which JPMorgan Chase depends, including due to a systems malfunction, cyber incident or other systems failure, could result in unfavorable ripple effects in the financial markets and for JPMorgan Chase and its clients and customers, including: - delays or other disruptions in providing services, including the provision of liquidity or information to clients and customers - impairment of JPMorgan Chase's ability to execute transactions, including delays or failures in the confirmation or settlement of transactions or in obtaining access to funds or other assets required for settlement - the possibility that funds transfers, capital markets trades or other transactions are executed erroneously - financial losses, including due to loss-sharing requirements of CCPs, payment systems or other market infrastructures, or as possible restitution to clients and customers- higher operational costs associated with replacing services provided by a system that has experienced a failure or other disruption - limitations on JPMorgan Chase's ability to collect data needed for its business and operations- loss of confidence in the ability of JPMorgan Chase, or financial institutions generally, to protect against and withstand operational disruptions- dissatisfaction among JPMorgan Chase's clients or customers- significant exposure to litigation and regulatory fines, penalties or other sanctions, and - harm to JPMorgan Chase's reputation.If JPMorgan Chase's operational systems, or those of acquired businesses or of external parties on which JPMorgan Chase's businesses depend, are unable to meet the requirements of JPMorgan Chase's businesses and operations or bank regulatory standards, or if they fail or have other significant shortcomings, JPMorgan Chase could be materially and adversely affected.A successful cyber attack affecting JPMorgan Chase could cause significant harm to JPMorgan Chase and its clients and customers.JPMorgan Chase experiences numerous cyber attacks on its computer systems, software, networks and other technology assets on a daily basis from various actors, including groups acting on behalf of hostile countries, cyber-criminals, "hacktivists" (i.e., individuals or groups that use technology to promote a political agenda or social change) and others. These cyber attacks can take many forms, including attempts to introduce computer viruses or malicious code, which are commonly referred to as "malware," into JPMorgan Chase's systems. These attacks are often designed to:- obtain unauthorized access to confidential information belonging to JPMorgan Chase or its clients, customers, counterparties or employees- manipulate data- destroy data or systems with the aim of rendering services unavailable- disrupt, sabotage or degrade service on JPMorgan Chase's systems- steal money, or- extort money through the use of so-called "ransomware."JPMorgan Chase also experiences: - financial losses, including due to loss-sharing requirements of CCPs, payment systems or other market infrastructures, or as possible restitution to clients and customers - higher operational costs associated with replacing services provided by a system that has experienced a failure or other disruption - limitations on JPMorgan Chase's ability to collect data needed for its business and operations - loss of confidence in the ability of JPMorgan Chase, or financial institutions generally, to protect against and withstand operational disruptions - dissatisfaction among JPMorgan Chase's clients or customers - significant exposure to litigation and regulatory fines, penalties or other sanctions, and If JPMorgan Chase's operational systems, or those of acquired businesses or of external parties on which JPMorgan Chase's businesses depend, are unable to meet the requirements of JPMorgan Chase's businesses and operations or bank regulatory standards, or if they fail or have other significant shortcomings, JPMorgan Chase could be materially and adversely affected.

JPMorgan Chase operates in a highly competitive environment in which it must evolve and adapt to changes in financial regulation, technological advances, increased public scrutiny and changes in economic conditions. JPMorgan Chase expects that competition in the U.S. and global financial services industry will continue to be intense. Competitors include: - other banks and financial institutions - trading, advisory and investment management firms - finance companies - technology companies, and - other non-bank firms that are engaged in providing similar as well as new products and services. JPMorgan Chase cannot provide assurance that the significant competition in the financial services industry will not materially and adversely affect its future results of operations. For example, aggressive or less disciplined lending practices by non-bank competitors could lead to a loss of market share for traditional banks, and in an economic downturn could result in instability in the financial services industry and adversely impact other market participants, including JPMorgan Chase. New competitors in the financial services industry continue to emerge. For example, technological advances and the growth of e-commerce have made it possible for non-depository institutions to offer products and services that traditionally were banking products. These advances have also allowed financial institutions and other companies to provide electronic and internet-based financial solutions, including electronic securities and cryptocurrency trading, lending and other extensions of credit to consumers, payments processing and online automated algorithmic-based investment advice. Furthermore, both financial institutions and their non-banking competitors face the risk that payments processing and other products and services, including deposits and other traditional banking products, could be significantly disrupted by the use of new technologies, such as cryptocurrencies and other applications using secure distributed ledgers, that may not require intermediation. New technologies have required and could require JPMorgan Chase to spend more to modify or adapt its products to attract and retain clients and customers or to match products and services offered by its competitors, including technology companies. In addition, new technologies may be used by customers, or breached or infiltrated by third parties, in unexpected ways, which can increase JPMorgan Chase's costs for complying with laws, rules and regulations that apply to the offering of products and services through those technologies and reduce the income that JPMorgan Chase earns from providing products and services through those technologies.Ongoing or increased competition may put pressure on the pricing for JPMorgan Chase's products and services or may cause JPMorgan Chase to lose market share, particularly with respect to traditional banking products. This competition may be based on quality and variety of products and services offered, transaction execution, innovation, reputation and price. The failure of any of JPMorgan Chase's businesses to meet the expectations of clients and customers, whether due to general market conditions, under-performance, a decision not to offer a particular product or service, changes in client and customer expectations or other factors, could affect JPMorgan Chase's ability to attract or retain clients and customers. Any such impact could, in turn, reduce JPMorgan Chase's revenues. Increased competition also may require JPMorgan Chase to make additional capital investments in its businesses, or to extend more of its capital on behalf of its clients to remain competitive.The effects of climate change could adversely affect JPMorgan Chase's business and operations, both directly and as a result of impacts on its clients and customers.JPMorgan Chase operates in many regions, countries and communities around the world where its business, and the activities of its clients and customers, could be adversely affected by climate change. Climate change could manifest as a financial risk to JPMorgan Chase either through changes in the physical climate or from the process of transitioning to a low-carbon economy. Both physical risks and transition risks associated with climate change could have negative impacts on the financial condition or depository institutions to offer products and services that traditionally were banking products. These advances have also allowed financial institutions and other companies to provide electronic and internet-based financial solutions, including electronic securities and cryptocurrency trading, lending and other extensions of credit to consumers, payments processing and online automated algorithmic-based investment advice. Furthermore, both financial institutions and their non-banking competitors face the risk that payments processing and other products and services, including deposits and other traditional banking products, could be significantly disrupted by the use of new technologies, such as cryptocurrencies and other applications using secure distributed ledgers, that may not require intermediation. New technologies have required and could require JPMorgan Chase to spend more to modify or adapt its products to attract and retain clients and customers or to match products and services offered by its competitors, including technology companies. In addition, new technologies may be used by customers, or breached or infiltrated by third parties, in unexpected ways, which can increase JPMorgan Chase's costs for complying with laws, rules and regulations that apply to the offering of products and services through those technologies and reduce the income that JPMorgan Chase earns from providing products and services through those technologies. Ongoing or increased competition may put pressure on the pricing for JPMorgan Chase's products and services or may cause JPMorgan Chase to lose market share, particularly with respect to traditional banking products. This competition may be based on quality and variety of products and services offered, transaction execution, innovation, reputation and price. The failure of any of JPMorgan Chase's businesses to meet the expectations of clients and customers, whether due to general market conditions, under-performance, a decision not to offer a particular product or service, changes in client and customer expectations or other factors, could affect JPMorgan Chase's ability to attract or retain clients and customers. Any such impact could, in turn, reduce JPMorgan Chase's revenues. Increased competition also may require JPMorgan Chase to make additional capital investments in its businesses, or to extend more of its capital on behalf of its clients to remain competitive.

JPMorgan Chase routinely executes transactions with clients and counterparties such as corporations, financial institutions, asset managers, hedge funds, securities exchanges and government entities within and outside the U.S. Many of these transactions expose JPMorgan Chase to the credit risk of its clients and counterparties, and can involve JPMorgan Chase in disputes and litigation if a client or counterparty defaults. JPMorgan Chase can also be subject to losses or liability where a financial institution that it has appointed to provide custodial services for client assets or funds becomes insolvent as a result of fraud or the failure to abide by existing laws and obligations, or where clients are unable to access assets held by JPMorgan Chase as custodian due to governmental actions or other factors.A default by, or the financial or operational failure of, a CCP through which JPMorgan Chase executes contracts would require JPMorgan Chase to replace those contracts, thereby increasing its operational costs and potentially resulting in losses. In addition, JPMorgan Chase can be exposed to losses if a member of a CCP in which JPMorgan Chase is also a member defaults on its obligations to the CCP because of requirements that each member of the CCP absorb a portion of those losses. Furthermore, JPMorgan Chase can be subject to bearing its share of non-default losses incurred by a CCP, including losses from custodial, settlement or investment activities or due to cyber or other security breaches.As part of its clearing services activities, JPMorgan Chase is exposed to the risk of nonperformance by its clients, which it seeks to mitigate by requiring clients to provide adequate collateral. JPMorgan Chase is also exposed to intra-day credit risk of its clients in connection with providing cash management, clearing, custodial and other transaction services to those clients. If a client for which JPMorgan Chase provides these services becomes bankrupt or insolvent, JPMorgan Chase may incur losses, become involved in disputes and litigation with one or more CCPs, the client's bankruptcy estate and other creditors, or be subject to regulatory investigations. All of the foregoing events can increase JPMorgan Chase's operational and litigation costs, and JPMorgan Chase may suffer losses to the extent that any collateral that it has received is insufficient to cover those losses.Transactions with government entities, including national, state, provincial, municipal and local authorities, can expose JPMorgan Chase to enhanced sovereign, credit, operational and reputation risks. Government entities may, among other things, claim that actions taken by government officials were beyond the legal authority of those officials or repudiate transactions authorized by a previous incumbent government. These types of actions have in the past caused, and could in the future cause, JPMorgan Chase to suffer losses or hamper its ability to conduct business in the relevant jurisdiction.In addition, local laws, rules and regulations could limit JPMorgan Chase's ability to resolve disputes and litigation in the event of a counterparty default or unwillingness to make previously agreed-upon payments, which could subject JPMorgan Chase to losses.Disputes may arise with counterparties to derivatives contracts with regard to the terms, the settlement procedures or the value of underlying collateral. The disposition of those disputes could cause JPMorgan Chase to incur unexpected transaction, operational and legal costs, or result in credit losses. These consequences can it has appointed to provide custodial services for client assets or funds becomes insolvent as a result of fraud or the failure to abide by existing laws and obligations, or where clients are unable to access assets held by JPMorgan Chase as custodian due to governmental actions or other factors. A default by, or the financial or operational failure of, a CCP through which JPMorgan Chase executes contracts would require JPMorgan Chase to replace those contracts, thereby increasing its operational costs and potentially resulting in losses. In addition, JPMorgan Chase can be exposed to losses if a member of a CCP in which JPMorgan Chase is also a member defaults on its obligations to the CCP because of requirements that each member of the CCP absorb a portion of those losses. Furthermore, JPMorgan Chase can be subject to bearing its share of non-default losses incurred by a CCP, including losses from custodial, settlement or investment activities or due to cyber or other security breaches. As part of its clearing services activities, JPMorgan Chase is exposed to the risk of nonperformance by its clients, which it seeks to mitigate by requiring clients to provide adequate collateral. JPMorgan Chase is also exposed to intra-day credit risk of its clients in connection with providing cash management, clearing, custodial and other transaction services to those clients. If a client for which JPMorgan Chase provides these services becomes bankrupt or insolvent, JPMorgan Chase may incur losses, become involved in disputes and litigation with one or more CCPs, the client's bankruptcy estate and other creditors, or be subject to regulatory investigations. All of the foregoing events can increase JPMorgan Chase's operational and litigation costs, and JPMorgan Chase may suffer losses to the extent that any collateral that it has received is insufficient to cover those losses. Transactions with government entities, including national, state, provincial, municipal and local authorities, can expose JPMorgan Chase to enhanced sovereign, credit, operational and reputation risks. Government entities may, among other things, claim that actions taken by government officials were beyond the legal authority of those officials or repudiate transactions authorized by a previous incumbent government. These types of actions have in the past caused, and could in the future cause, JPMorgan Chase to suffer losses or hamper its ability to conduct business in the relevant jurisdiction. In addition, local laws, rules and regulations could limit JPMorgan Chase's ability to resolve disputes and litigation in the event of a counterparty default or unwillingness to make previously agreed-upon payments, which could subject JPMorgan Chase to losses. Disputes may arise with counterparties to derivatives contracts with regard to the terms, the settlement procedures or the value of underlying collateral. The disposition of those disputes could cause JPMorgan Chase to incur unexpected transaction, operational and legal costs, or result in credit losses. These consequences can also impair JPMorgan Chase's ability to effectively manage its credit risk exposure from its market activities, or cause harm to JPMorgan Chase's reputation.The financial or operational failure of a significant market participant, such as a major financial institution or a CCP, or concerns about the creditworthiness of such a market participant or its ability to fulfill its obligations, can cause substantial and cascading disruption within the financial markets, including in circumstances where coordinated action by multiple other market participants is required to address the failure or disruption. JPMorgan Chase's businesses could be significantly disrupted by such an event, particularly if it leads to other market participants incurring significant losses, experiencing liquidity issues or defaulting, and JPMorgan Chase is likely to have significant interrelationships with, and credit exposure to, such a significant market participant.JPMorgan Chase may suffer losses if the value of collateral declines in stressed market conditions.During periods of market stress or illiquidity, JPMorgan Chase's credit risk may be further increased when:- JPMorgan Chase fails to realize the estimated value of the collateral it holds- collateral is liquidated at prices that are not sufficient to recover the full amount owed to it, or- counterparties are unable to post collateral, whether for operational or other reasons.Furthermore, disputes with counterparties concerning the valuation of collateral may increase in times of significant market stress, volatility or illiquidity, and JPMorgan Chase could suffer losses during these periods if it is unable to realize the fair value of collateral or to manage declines in the value of collateral.JPMorgan Chase could incur significant losses arising from concentrations of credit and market risk.JPMorgan Chase is exposed to greater credit and market risk to the extent that groupings of its clients or counterparties, or obligors on securities and other financial instruments:- engage in similar or related businesses, or in businesses in related industries- do business in the same geographic region, or- have business profiles, models or strategies that could cause their ability to meet their obligations to be similarly affected by changes in economic conditions. For example, a significant deterioration in the credit quality of a counterparty, borrower or other obligor could lead to concerns about the creditworthiness of other counterparties, borrowers or obligors in similar, related or dependent industries. This type of interrelationship could exacerbate JPMorgan Chase's credit, liquidity and market risk exposure and potentially cause it to incur losses,also impair JPMorgan Chase's ability to effectively manage its credit risk exposure from its market activities, or cause harm to JPMorgan Chase's reputation. The financial or operational failure of a significant market participant, such as a major financial institution or a CCP, or concerns about the creditworthiness of such a market participant or its ability to fulfill its obligations, can cause substantial and cascading disruption within the financial markets, including in circumstances where coordinated action by multiple other market participants is required to address the failure or disruption. JPMorgan Chase's businesses could be significantly disrupted by such an event, particularly if it leads to other market participants incurring significant losses, experiencing liquidity issues or defaulting, and JPMorgan Chase is likely to have significant interrelationships with, and credit exposure to, such a significant market participant.

Maintaining trust in JPMorgan Chase is critical to its ability to attract and retain clients, customers, investors and employees. Damage to JPMorgan Chase's reputation can therefore cause significant harm to JPMorgan Chase's business and prospects, and can arise from numerous sources, including: - employee misconduct, including discriminatory behavior or harassment with respect to clients, customers or employees, or actions that are contrary to JPMorgan Chase's goal of fostering a diverse and inclusive workplace - security breaches, including as a result of cyber attacks - failure to safeguard client, customer or employee information - failure to manage risks associated with its client relationships, or with transactions or business activities in which JPMorgan Chase or its clients engage, including transactions or activities that may be unpopular among one or more constituencies - failure to meet publicly-announced commitments to support ESG initiatives- non-compliance with laws, rules, and regulations - operational failures- litigation or regulatory fines, penalties or other sanctions - actions taken in executing regulatory and governmental requirements during a global or regional health emergency, spread of infectious disease, epidemic or pandemic- regulatory investigations or enforcement actions, or resolutions of these matters, and - failure or perceived failure to comply with laws, rules or regulations by JPMorgan Chase or its clients, customers, counterparties or other parties, including newly-acquired businesses, companies in which JPMorgan Chase has made principal investments, parties to joint ventures with JPMorgan Chase, and vendors with which JPMorgan Chase does business.JPMorgan Chase's reputation may be significantly damaged by adverse publicity or negative information regarding JPMorgan Chase, whether or not true, that may be published or broadcast by the media or posted on social media, non-mainstream news services or other parts of the internet, or that may be disseminated through disinformation campaigns targeted at JPMorgan Chase. This latter risk can be magnified by the speed and pervasiveness with which information is disseminated through those channels.Social and environmental activists have been increasingly targeting JPMorgan Chase and other financial services firms with public criticism concerning their business practices, including business relationships with clients that are engaged in certain sensitive industries, such as companies:- whose products are or are perceived to be harmful to human health, or- whose activities negatively affect or are perceived to negatively affect the environment, workers' rights or communities. Activists have also taken actions intended to change or influence JPMorgan Chase's business practices with respect to ESG matters, including public protests at JPMorgan Chase's headquarters and other properties, and submitting specific ESG-related proposals for a vote by JPMorgan Chase's shareholders.In addition, JPMorgan Chase and other companies have been and continue to be criticized by activists, politicians and other members of the public concerning positions taken with respect to matters of public policy. These criticisms can be more widespread during election years in various jurisdictions, and could have the effect of focusing attention on a company such as JPMorgan Chase as part of a wider public debate on public policy matters. - failure to meet publicly-announced commitments to support ESG initiatives - non-compliance with laws, rules, and regulations - operational failures - litigation or regulatory fines, penalties or other sanctions - actions taken in executing regulatory and governmental requirements during a global or regional health emergency, spread of infectious disease, epidemic or pandemic - regulatory investigations or enforcement actions, or resolutions of these matters, and - failure or perceived failure to comply with laws, rules or regulations by JPMorgan Chase or its clients, customers, counterparties or other parties, including newly-acquired businesses, companies in which JPMorgan Chase has made principal investments, parties to joint ventures with JPMorgan Chase, and vendors with which JPMorgan Chase does business. JPMorgan Chase's reputation may be significantly damaged by adverse publicity or negative information regarding JPMorgan Chase, whether or not true, that may be published or broadcast by the media or posted on social media, non-mainstream news services or other parts of the internet, or that may be disseminated through disinformation campaigns targeted at JPMorgan Chase. This latter risk can be magnified by the speed and pervasiveness with which information is disseminated through those channels. Social and environmental activists have been increasingly targeting JPMorgan Chase and other financial services firms with public criticism concerning their business practices, including business relationships with clients that are engaged in certain sensitive industries, such as companies: - whose products are or are perceived to be harmful to human health, or - whose activities negatively affect or are perceived to negatively affect the environment, workers' rights or communities. Activists have also taken actions intended to change or influence JPMorgan Chase's business practices with respect to ESG matters, including public protests at JPMorgan Chase's headquarters and other properties, and submitting specific ESG-related proposals for a vote by JPMorgan Chase's shareholders. In addition, JPMorgan Chase and other companies have been and continue to be criticized by activists, politicians and other members of the public concerning positions taken with respect to matters of public policy. These criticisms can be more widespread during election years in various jurisdictions, and could have the effect of focusing attention on a company such as JPMorgan Chase as part of a wider public debate on public policy matters. These and other types of criticism and actions directed at JPMorgan Chase could potentially engender dissatisfaction among clients, customers, investors, employees, government officials and other stakeholders. In all of these cases, JPMorgan Chase's reputation and its business and results of operations could be harmed by:- greater scrutiny from governmental or regulatory bodies, or further criticism from politicians and other members of the public- unfavorable coverage or commentary in the media, including through social media campaigns- certain clients and customers ceasing doing business with JPMorgan Chase, and encouraging others to do so- impairment of JPMorgan Chase's ability to attract new clients and customers, to expand its relationships with existing clients and customers, or to hire or retain employees, or- certain investors opting to divest from investments in securities of JPMorgan Chase.Actions by the financial services industry generally or individuals in the industry can also affect JPMorgan Chase's reputation. For example, the reputation of the industry as a whole can be damaged by concerns that:- consumers have been treated unfairly by a financial institution, or- a financial institution has acted inappropriately with respect to the methods used to offer products to customers.If JPMorgan Chase is perceived to have engaged in these types of behaviors, this could weaken its reputation among clients or customers, employees or other stakeholders.Failure to effectively manage potential conflicts of interest or to satisfy fiduciary obligations can result in litigation and enforcement actions, as well as damage JPMorgan Chase's reputation.JPMorgan Chase's ability to manage potential conflicts of interest is highly complex due to the broad range of its business activities which encompass a variety of transactions, obligations and interests with and among JPMorgan Chase's clients and customers. JPMorgan Chase can become subject to litigation, enforcement actions, and heightened regulatory scrutiny, and its reputation can be damaged, by the failure or perceived failure to:- adequately address or appropriately disclose conflicts of interest, including potential conflicts of interest that may arise in connection with providing multiple products and services in, or having one or more investments related to, the same transaction- identify and address any conflict of interest that a third party with which it is does business may have with respect to a transaction involving JPMorgan Chase- deliver appropriate standards of service and quality These and other types of criticism and actions directed at JPMorgan Chase could potentially engender dissatisfaction among clients, customers, investors, employees, government officials and other stakeholders. In all of these cases, JPMorgan Chase's reputation and its business and results of operations could be harmed by: - greater scrutiny from governmental or regulatory bodies, or further criticism from politicians and other members of the public - unfavorable coverage or commentary in the media, including through social media campaigns - certain clients and customers ceasing doing business with JPMorgan Chase, and encouraging others to do so - impairment of JPMorgan Chase's ability to attract new clients and customers, to expand its relationships with existing clients and customers, or to hire or retain employees, or - certain investors opting to divest from investments in securities of JPMorgan Chase. Actions by the financial services industry generally or individuals in the industry can also affect JPMorgan Chase's reputation. For example, the reputation of the industry as a whole can be damaged by concerns that: - consumers have been treated unfairly by a financial institution, or - a financial institution has acted inappropriately with respect to the methods used to offer products to customers. If JPMorgan Chase is perceived to have engaged in these types of behaviors, this could weaken its reputation among clients or customers, employees or other stakeholders.