tiprankstipranks
Keycorp (KEY)
NYSE:KEY
US Market

KeyCorp (KEY) Risk Analysis

Compare
2,054 Followers
Public companies are required to disclose risks that can affect the business and impact the stock. These disclosures are known as “Risk Factors”. Companies disclose these risks in their yearly (Form 10-K), quarterly earnings (Form 10-Q), or “foreign private issuer” reports (Form 20-F). Risk factors show the challenges a company faces. Investors can consider the worst-case scenarios before making an investment. TipRanks’ Risk Analysis categorizes risks based on proprietary classification algorithms and machine learning.

KeyCorp disclosed 38 risk factors in its most recent earnings report. KeyCorp reported the most risks in the “Finance & Corporate” category.

Risk Overview Q4, 2024

Risk Distribution
38Risks
47% Finance & Corporate
16% Legal & Regulatory
13% Macro & Political
8% Tech & Innovation
8% Production
8% Ability to Sell
Finance & Corporate - Financial and accounting risks. Risks related to the execution of corporate activity and strategy
This chart displays the stock's most recent risk distribution according to category. TipRanks has identified 6 major categories: Finance & corporate, legal & regulatory, macro & political, production, tech & innovation, and ability to sell.

Risk Change Over Time

2022
Q4
S&P500 Average
Sector Average
Risks removed
Risks added
Risks changed
KeyCorp Risk Factors
New Risk (0)
Risk Changed (0)
Risk Removed (0)
No changes from previous report
The chart shows the number of risks a company has disclosed. You can compare this to the sector average or S&P 500 average.

The quarters shown in the chart are according to the calendar year (January to December). Businesses set their own financial calendar, known as a fiscal year. For example, Walmart ends their financial year at the end of January to accommodate the holiday season.

Risk Highlights Q4, 2024

Main Risk Category
Finance & Corporate
With 18 Risks
Finance & Corporate
With 18 Risks
Number of Disclosed Risks
38
-7
From last report
S&P 500 Average: 31
38
-7
From last report
S&P 500 Average: 31
Recent Changes
5Risks added
11Risks removed
4Risks changed
Since Dec 2024
5Risks added
11Risks removed
4Risks changed
Since Dec 2024
Number of Risk Changed
4
+4
From last report
S&P 500 Average: 3
4
+4
From last report
S&P 500 Average: 3
See the risk highlights of KeyCorp in the last period.

Risk Word Cloud

The most common phrases about risk factors from the most recent report. Larger texts indicate more widely used phrases.

Risk Factors Full Breakdown - Total Risks 38

Finance & Corporate
Total Risks: 18/38 (47%)Below Sector Average
Accounting & Financial Operations6 | 15.8%
Accounting & Financial Operations - Risk 1
Added
The preparation of our consolidated financial statements requires us to make subjective determinations and use estimates that may vary from actual results and materially impact our financial condition and results of operations.
The preparation of consolidated financial statements in conformity with U.S. GAAP requires management to make significant estimates that affect the financial statements. Our accounting policies and methods are fundamental to how we record and report our financial condition and results of operations. Some of these policies require the use of estimates and assumptions that may affect the value of the Key's assets or liabilities and financial results. Certain accounting policies are critical because they require management to make difficult, subjective or complex judgments about matters that are inherently uncertain and the likelihood that materially different estimates would result under different conditions or through the utilization of different assumptions. If assumptions or estimates underlying the Key's consolidated financial statements are incorrect or are adjusted periodically, our financial condition and results of operations could be materially impacted. See the "Critical Accounting Policies" section of Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations in this report for additional information.
Accounting & Financial Operations - Risk 2
Added
Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations.
Goodwill is periodically tested for impairment by comparing the fair value of each reporting unit to its carrying amount. If the fair value is greater than the carrying amount, then the reporting unit's goodwill is deemed not to be impaired. The fair value of a reporting unit is impacted by the reporting unit's expected financial performance and susceptibility to adverse economic, regulatory, and legislative changes. A significant decline in a reporting unit's expected future cash flows, a significant adverse change in the business climate, slower economic growth or a significant and sustained decline in the price of our common stock may cause the fair value of a reporting unit to be below its carrying amount, resulting in goodwill impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our common stock, or on our regulatory capital levels, but such an impairment loss could significantly reduce our earnings and thereby restrict KeyBank's ability to make dividend payments to us without prior regulatory approval, which in turn could impact our ability to pay dividends. At December 31, 2024, the book value of our goodwill was $2.8 billion, substantially all of which was recorded at KeyBank. Any such write down of goodwill will reduce Key's earnings, as well. See the "Critical Accounting Policies" section of Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations in this report for additional information.
Accounting & Financial Operations - Risk 3
We rely on dividends by our subsidiaries for most of our funds.
We are a legal entity separate and distinct from our subsidiaries. With the exception of cash that we may raise from debt and equity issuances, we receive substantially all of our funding from dividends by our subsidiaries. Dividends by our subsidiaries are the principal source of funds for the dividends we pay on our common and preferred stock and interest and principal payments on our debt. Federal banking law and regulations limit the amount of dividends that KeyBank (KeyCorp's largest subsidiary) can pay. For further information on the regulatory restrictions on the payment of dividends by KeyBank, see "Supervision and Regulation" in Item 1 of this report. In the event KeyBank is unable to pay dividends to us, we may not be able to service debt, pay obligations, or pay dividends on our common or preferred stock. Such a situation could result in Key losing access to alternative wholesale funding sources. In addition, our right to participate in a distribution of assets upon a subsidiary's liquidation or reorganization is subject to the prior claims of the subsidiary's creditors.
Accounting & Financial Operations - Risk 4
Our controls and procedures may fail or be circumvented, and our methods of reducing risk exposure may not be effective.
We regularly review and update our internal controls, disclosure controls and procedures, compliance monitoring activities, and corporate governance policies and procedures. We also maintain an ERM program designed to identify, measure, monitor, report, and analyze our risks. Additionally, our internal audit function provides an independent assessment and testing of Key's internal controls, policies, and procedures. Any system of controls and any system to reduce risk exposure, however well designed, operated, and tested, is based in part on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the system are met. The systems may not work as intended or be circumvented by employees, third parties, or others outside of Key. Additionally, instruments, systems, and strategies used to hedge or otherwise manage exposure to various types of market compliance, credit, liquidity, operational, and business risks and enterprise-wide risk could be less effective than anticipated. As a result, we may not be able to effectively or fully mitigate our risk exposures in particular market environments or against particular types of risk.
Accounting & Financial Operations - Risk 5
We rely on quantitative models to manage certain accounting, risk management, capital planning, and treasury functions.
We use quantitative models to help manage certain aspects of our business and to assist with certain business decisions, including, but not limited to, estimating ALLL, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, predicting cash flows, and for capital planning purposes (including during the capital stress testing process). Models are simplified representations of real-world relationships. Thus, our modeling methodologies rely on many assumptions, historical analyses, correlations, and available data. These assumptions provide only reasonable, not absolute, estimates, particularly in times of market distress when historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Models can also produce inadequate estimates due to errors in computer code, use of unsuitable data during development or input into the model during model use, or the use of a model for a purpose outside the scope of the model's design. Some models we use employ methodologies based on artificial intelligence (AI) or machine learning (ML). These models bring some unique complexities from those of traditional models, such as the need for large datasets for training, the potential for algorithmic bias, and the difficulty in interpreting model decisions. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Furthermore, strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable, and as a result, we may realize losses or other lapses. We have an enterprise-wide model risk management program designed to accurately identify, measure, report, monitor, and manage model risk. The management of model risk includes independent validation and model governance, establishing and monitoring model control standards and model risk metrics, and completeness and accuracy of the inventory of models. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. The failure or inadequacy of a model may result in increased regulatory scrutiny on us or may result in an enforcement action or proceeding against us by one of our regulators.
Accounting & Financial Operations - Risk 6
Changes in accounting policies, standards, and interpretations could materially affect how we report our financial condition and results of operations.
The FASB periodically changes the financial accounting and reporting standards governing the preparation of Key's consolidated financial statements. Additionally, those bodies that establish and/or interpret the financial accounting and reporting standards (such as the FASB, SEC, and other regulatory agencies) may change prior interpretations or positions on how these standards should be applied. These changes can be difficult to predict and can materially affect how Key records and reports its consolidated financial condition and results of operations. In some cases, Key could be required to retroactively apply a new or revised standard, resulting in changes to previously reported financial results.
Debt & Financing8 | 21.1%
Debt & Financing - Risk 1
The soundness of other financial institutions could adversely affect us.
Our ability to engage in routine funding transactions could be adversely affected by the actions and commercial soundness of other financial institutions. We have exposure to many different industries and counterparties in the financial services industries, and we routinely execute transactions with such counterparties, including brokers and dealers, banks, mortgage originators, hedge funds, insurance companies, and other institutional clients. Financial services institutions are interrelated as a result of trading, clearing, counterparty, or other relationships. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to, and may further lead to, market-wide liquidity problems and could lead to losses or defaults by us or other financial institutions. Disruption within the financial markets, including negative news regarding the banking industry or perceived risks of a bank's safety and soundness, can adversely impact the market price and volatility of our common stock or deposit runoff. Online and mobile banking have made it easier for customers to withdraw their deposits. Higher withdrawals can raise funding cost, which may reduce Key's net interest margin and net interest income. In addition, many of our transactions with other financial institutions expose us to credit risk in the event of default of a counterparty or client. Our credit risk may be affected when the collateral held by us cannot be realized or is liquidated at prices not sufficient to recover the full amount of our loan or derivatives exposure. There can be no assurance that any such losses would not adversely and materially affect our results of operations.
Debt & Financing - Risk 2
We are subject to liquidity risk, which could negatively affect our funding levels.
Liquidity risk refers to our ability to fund liability maturities and deposit withdrawals, meet contractual obligations, or fund asset growth and new business initiatives at a reasonable cost, in a timely manner and without adverse consequences. Our banking business is subject to four primary liquidity risks: contingency risk, mismatch risk, funding risk, and refinancing risk. Contingency risk arises from unexpected funding or liquidity needs occurring during challenging economic or financial market conditions. Mismatch risk may occur when illiquid assets are funded with less stable funding sources. Funding risk arises if funding sources become too concentrated. Refinancing risk arises when a concentrated liability maturity profile creates near-term funding stress. Despite actions that we take to manage these risks, unanticipated changes in assets, liabilities, and off-balance sheet commitments under various economic conditions (including a reduced level of wholesale funding sources), a substantial, unexpected, or prolonged change in the level or cost of liquidity could have a material adverse effect on us. If the cost effectiveness or the availability of supply in these credit markets is reduced for a prolonged period of time, our funding needs may require us to access funding and manage liquidity by other means. These alternatives may include generating client deposits, securitizing or selling loans, extending the maturity of wholesale borrowings, borrowing under certain secured borrowing arrangements, using relationships developed with a variety of fixed income investors to access new funds or renegotiate the terms of outstanding debt, and further managing loan growth and investment opportunities. These alternative means of funding may result in an increase in the overall cost of funds and may not be available under stressed conditions, which would cause us to liquidate a portion of our liquid asset portfolio to meet any funding needs.
Debt & Financing - Risk 3
Our credit ratings affect our liquidity position.
The rating agencies regularly evaluate the securities issued by KeyCorp and KeyBank. The ratings of our long-term debt and other securities are based on a number of factors, including our financial strength, ability to generate earnings, and other factors. Some of these factors are not entirely within our control, such as conditions affecting the financial services industry and the economy and changes in rating methodologies. Changes in any of these factors could impair our ability to maintain our current credit ratings. We may be unable to maintain our current ratings and our ratings may be downgraded again in the future. The impact of downgrades to KeyCorp's or KeyBank's credit ratings could adversely affect our access to liquidity and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us, reducing our ability to generate income. If KeyCorp's or KeyBank's credit ratings fell below investment grade, it could also create obligations or liabilities under the terms of existing arrangements that could increase our costs and reduce our profitability.
Debt & Financing - Risk 4
We have concentrated credit exposure in commercial and industrial loans, commercial real estate loans, and commercial leases.
As of December 31, 2024, approximately 69% of our loan portfolio consisted of commercial and industrial loans, commercial real estate loans, including commercial mortgage and construction loans, and commercial leases. These types of loans are typically larger than single family residential real estate loans and other types of consumer loans and have a different risk profile. The deterioration of a larger loan or a group of loans in this category could cause an increase in criticized, classified, and nonperforming loans, which could result in lower earnings from these loans, additional provision for loan and lease losses, and ultimately an increase in loan losses.
Debt & Financing - Risk 5
We are subject to the risk of defaults by our loan clients and counterparties.
Many of our routine transactions expose us to credit risk, including the risk of default of our counterparties, which include other financial institutions, or clients. Our credit risk may be exacerbated when the collateral held cannot be realized or is liquidated at prices insufficient to recover the full amount of the loan or derivative exposure due to us. In deciding whether to extend credit or enter into other transactions, we rely on information furnished by or on behalf of counterparties and clients, including financial statements, credit reports and other information. We also rely on representations of those counterparties, clients, or other third parties as to the accuracy and completeness of that information. The inaccuracy of that information or those representations affects our ability to accurately evaluate the default risk of a counterparty or client. In addition, given the Dodd-Frank legislative mandate to centrally clear eligible derivative contracts, we rely on central clearing counterparties to remain open and operationally viable at all times. A financial institution or other counterparty failure or a cybersecurity breach that causes the failure of or disruption to a counterparty or client, may materially and adversely affect our business, financial condition, or results of operations. Further, market volatility or difficulty accessing liquidity in the capital markets can result in a weaker counterparty profile and eventual failure of the counterparty to meet its contractual obligations.
Debt & Financing - Risk 6
Various factors may cause our allowance for loan and lease losses to increase or to be inadequate.
We maintain an ALLL (a reserve established through a provision for loan and lease losses charged to expense) that represents our estimate of losses based on our evaluation of risks within our existing portfolio of loans. The level of the allowance at December 31, 2024 represents management's estimate of expected credit losses over the contractual life of our existing loan portfolio. The determination of the appropriate level of the ALLL inherently involves a degree of subjectivity and requires that we make significant estimates of current credit risks, current trends, and reasonable and supportable forecasts of future economic conditions, all of which may undergo frequent and material changes. Changes in economic conditions affecting borrowers, the softening of certain macroeconomic variables that we are more susceptible to, such as GDP, unemployment, SOFR and other interest rates, the producer price index, and real estate values, along with updated information regarding existing loans, identification of additional problem loans and other factors, both within and outside of our control, may require an increase in the ALLL. Further, the multitude and totality of factors impacting our estimates and the subjectivity of components of its calculation may cause the ALLL to be an inadequate representation of the actual losses incurred over the life of our loan portfolio. Both an increase in the ALLL and actual losses exceeding our current estimates will reduce our net income and could impact our capital positions and may materially and adversely affect our business, financial condition or results of operations.
Debt & Financing - Risk 7
We are subject to interest rate risk, which could adversely affect net interest income.
Our earnings depend heavily upon our net interest income. Net interest income is the difference between interest income earned on interest-earning assets such as loans and securities and interest expense paid on interest-bearing liabilities such as deposits and borrowed funds. Hence, interest rate risk is inherent to our banking business and takes four primary forms: repricing risk, yield curve risk, basis risk, and option risk. Repricing risk occurs when assets and liabilities respond to interest rate changes at different paces and to a different degree. Yield curve risk arises when short- and long-term interest rates change to a different extent. We incur basis risk to the extent that the relationship between different interest rate indices changes over time. Option risk is present in assets, liabilities or other financial instruments that allow a party to change the timing of interest or principal payments. Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions, the competitive environment within our markets, consumer preferences for specific loan and deposit products and their payment behavior, and policies of various governmental and regulatory agencies, in particular, the Federal Reserve. Our ability to anticipate changes in these factors or to hedge the related on-and off-balance sheet exposures, and the cost of any such hedging activity, can significantly influence the success of our asset-and-liability management activities and our net interest income and net interest margin. Changes in monetary policy, including changes in interest rate controls being applied by the Federal Reserve, could influence the amount and timing of interest we receive on loans and securities, the amount and timing of interest we pay on deposits and borrowings, our ability to originate loans and obtain deposits, and the fair value of our financial assets and liabilities. When the Federal Reserve raises or reduces interest rates, the behavior of national money market rate indices, the correlation of consumer deposit rates to financial market interest rates, and the setting of benchmark rates may not follow historical relationships, which could influence net interest income and net interest margin through basis and other risks. In addition, our ability to change deposit rates in response to changes in interest rates and other market and related factors is limited by client relationship considerations. Moreover, if the interest we pay on deposits and other borrowings increases at a faster rate than the interest we receive on loans and other investments, net interest income, and therefore our earnings, would be adversely affected. Conversely, earnings could also be adversely affected if the interest we receive on loans and other investments falls more quickly than the interest we pay on deposits and other borrowings. These scenarios illustrate repricing risk. The impact of interest rates on our investment portfolio and consolidated financial results, including AOCI, can also affect our ability to maintain our capital ratios within our target ranges as well as the amount and timing of our future share repurchases and dividends. For additional information about the effects on interest rates on our business, refer to the information included under the caption "Risk Management - Market risk management" in Item 7 of this report.
Debt & Financing - Risk 8
Added
Scotiabank holds a significant equity interest in our business and may exercise influence over us, including through its ability to designate up to two directors to our Board of Directors.
Scotiabank holds approximately 14.9% of our issued and outstanding common shares. Pursuant to the Investment Agreement, dated August 12, 2024, between us and Scotiabank (the "Investment Agreement"), Scotiabank is entitled to designate up to two directors to our Board of Directors, subject to specified minimum ownership requirements. As of the date hereof, our Board of Directors includes two directors who were appointed pursuant to Scotiabank's director designation rights. As a result of the amount of common shares that are currently held by Scotiabank, together with its director designation rights, Scotiabank may be able to influence our policies and operations and impact matters requiring shareholder approval. In addition, the existence of a large shareholder may have the effect of deterring takeovers, delaying or preventing changes in control or changes in management, or limiting the ability of our other shareholders to approve transactions that they may deem to be in the best interests of our company. The interests of Scotiabank with respect to matters potentially or actually involving or affecting us and our other shareholders, such as future acquisitions, financings, and other corporate opportunities and attempts to acquire us, may conflict with the interests of our other shareholders.
Corporate Activity and Growth4 | 10.5%
Corporate Activity and Growth - Risk 1
Added
Our framework for managing risks and mitigating losses may not be effective.
Our risk management framework seeks to maintain safety and soundness and maximize profitability. We have established policies, processes, and procedures intended to identify, measure, monitor, report, and analyze the types of risk to which we are subject, including compliance, operational, liquidity, market, credit, model, reputational, and strategic risk, among others. We cannot provide assurance that our risk management framework will effectively mitigate risk and limit losses in our business and operations. For example, our risk management framework and measures that we take to mitigate risk may not be fully effective in identifying and mitigating our risk exposure in all market environments or against all types of risks, including risks that are unidentified or unanticipated, even if the frameworks for assessing risk are properly designed and implemented. In addition, some of our methods of managing risk are based upon our use of observed historical market behavior and management's judgment. These methods may not accurately predict future exposures, which could be significantly greater than historical measures indicate. If our risk management framework proves ineffective, we could suffer unexpected losses and our business, results of operations, and financial condition could be adversely affected.
Corporate Activity and Growth - Risk 2
We are subject to a variety of operational risks.
We are subject to operational risk, which represents the risk of loss resulting from human error, inadequate or failed internal processes, internal controls, systems, and external events. Operational risk includes the risk of fraud by employees or others outside of Key, clerical and recordkeeping errors, nonperformance by vendors, threats from cyber activity, and computer/telecommunications malfunctions. Fraudulent activity has escalated, become more sophisticated, and is ever evolving as there are more options to access financial services. Operational risk also encompasses compliance and legal risk, which is the risk of loss from violations of, or noncompliance with, laws, rules, regulations, prescribed practices, or ethical standards, as well as the risk of our noncompliance with contractual and other obligations. We are also exposed to operational risk through our outsourcing arrangements, and the effect that changes in circumstances or capabilities of our outsourcing vendors can have on our ability to continue to perform operational functions necessary to our business, such as certain loan processing functions. For example, breakdowns or failures of our vendors' systems or employees could be a source of operational risk to us. Resulting losses from operational risk could take the form of explicit charges, increased operational costs (including remediation costs), harm to our reputation, inability to secure insurance, litigation, regulatory intervention or sanctions, or foregone business opportunities. We rely on our employees to design, manage, and operate our systems and controls to assure that we properly enter into, record and manage processes, transactions and other relationships with customers, vendors, suppliers, and other parties with whom we do business. We also depend on employees and the systems and controls for which they are responsible to assure that we identify and mitigate the risks that are inherent in our relationships and activities. These concerns are increased when we change processes or procedures, introduce new products or services, or implement new technologies, as we may fail to adequately identify or manage operational risks resulting from such changes. These concerns may be further exacerbated by employee turnover or labor shortages. As a result of our necessary reliance on employees to perform these tasks and manage resulting risks, we are thus subject to human vulnerabilities. These range from innocent human error to misconduct or malfeasance, potentially leading to operational breakdowns or other failures. Our controls may not be adequate to prevent problems resulting from human involvement in our business, including risks associated with the design, operation and monitoring of automated systems. We may also fail to adequately develop a culture of risk management among our employees.
Corporate Activity and Growth - Risk 3
We may not realize the expected benefits of our strategic initiatives.
Our ability to compete depends on a number of factors, including, among others, our ability to develop and successfully execute our strategic plans and initiatives. Our strategic priorities include growing profitability; acquiring and expanding targeted client relationships; effectively managing risk and rewards; maintaining financial strength; fostering an inclusive work environment for all employees; and engaging, retaining, and inspiring our high-performing and talented workforce. The success of these initiatives can be subject to changes in the macroeconomic environment that are beyond our control. In addition, our inability to execute on or achieve the anticipated outcomes of our strategic priorities, or to do so in the expected timeframe, may affect how the market perceives us and could impede our growth and profitability.
Corporate Activity and Growth - Risk 4
Acquisitions or strategic partnerships may disrupt our business and dilute shareholder value.
Acquiring other banks, bank branches, or other businesses involves various risks commonly associated with acquisitions or partnerships, including exposure to unknown or contingent liabilities of the acquired company; diversion of our management's time and attention; significant integration risk with respect to employees, accounting systems, and technology platforms; increased regulatory scrutiny; and the possible loss of key employees and customers of the acquired company. We regularly evaluate merger and acquisition and strategic partnership opportunities and conduct due diligence activities related to possible transactions. As a result, mergers or acquisitions involving cash, debt or equity securities may occur at any time. Acquisitions may involve the payment of a premium over book and market values. Therefore, some dilution of our tangible book value and net income per common share could occur in connection with any future transaction.
Legal & Regulatory
Total Risks: 6/38 (16%)Below Sector Average
Regulation2 | 5.3%
Regulation - Risk 1
We are subject to extensive government regulation, supervision, and tax legislation.
As a financial services institution, we are subject to extensive federal and state regulation, supervision, and tax legislation. Banking regulations are primarily intended to protect depositors' funds, the DIF, consumers, taxpayers, and the banking system as a whole, not our debtholders or shareholders. These regulations increase our costs and affect our lending practices, capital structure, investment practices, dividend policy, ability to repurchase our common shares, and growth, among other things. KeyBank and KeyCorp remain covered institutions under the Dodd-Frank Act's enhanced prudential standards and regulations, including its provisions designed to protect consumers from financial abuse. Like similarly situated institutions, Key undergoes routine scrutiny from bank supervisors in the examination process and is subject to enforcement of regulations at the federal and state levels, particularly with respect to customer practices involving fair and responsible banking, fair lending, unfair, deceptive or abusive practices, and the Community Reinvestment Act, as well as compliance with AML, BSA and Office of Foreign Assets Control efforts. Changes to existing statutes and regulations, and taxes (including industry-specific taxes and surcharges), or their interpretation or implementation, could affect us in substantial and unpredictable ways, particularly with those laws and regulations that serve to protect customers. Such changes may subject us to additional costs, adversely impact our income, and increase our litigation risk should we fail to appropriately comply and may also impact consumer behavior, limit the types of financial services and products we may offer, affect the investments we make, and change the manner in which we operate. In addition, changes to laws and regulations may impact our customers by requiring them to adjust their operations or practices or impair their ability to pay fees or outstanding loans or afford new products, which could negatively impact demand for our products and services. Certain federal regulations have been in existence for decades without modification to account for modern banking practices, such as digital delivery of products and services, which can create challenges in execution and in the examination process. Emerging technologies, such as cryptocurrencies, could limit KeyBank's ability to track the movement of funds. KeyBank's ability to comply with BSA/AML and other regulations is dependent on its ability to continuously improve detection and reporting capabilities and reduce variation in control processes and oversight accountability. Additionally, federal banking law grants substantial enforcement powers to federal banking regulators. This enforcement authority includes, among other things, the ability to assess civil money penalties, fines, or restitution, to issue cease and desist or removal orders, and to initiate injunctive actions against banking organizations and affiliated parties. These enforcement actions may be initiated for violations of laws and regulations, for practices determined to be unsafe or unsound, or for practices or acts that are determined to be unfair, deceptive, or abusive. Failure to comply with these and other regulations, and supervisory expectations related thereto, may result in fines, penalties, lawsuits, regulatory sanctions, reputational damage , or restrictions on our business. Moreover, different government administrations may have different regulatory priorities, which may impact the level of regulation of financial institutions and the enforcement environment. For more information, see "Supervision and Regulation" in Item 1 of this report.
Regulation - Risk 2
Capital and liquidity requirements imposed by banking regulations require banks and BHCs to maintain more and higher quality capital and more and higher quality liquid assets.
Evolving capital standards resulting from the Dodd-Frank Act and the Regulatory Capital Rules adopted by our regulators have had and will continue to have a significant impact on banks and BHCs, including Key. For a detailed explanation of the capital and liquidity rules that apply to us, see the section titled "Regulatory capital requirements" under the heading "Supervision and Regulation" in Item 1 of this report. Regulatory capital standards require Key to maintain significant amounts of high-quality capital (e.g., common equity) and could limit our business activities (including lending) and our ability to expand organically or through acquisitions. They could also result in our taking steps to increase our capital that may be dilutive to shareholders or limit our ability to pay dividends or otherwise return capital to shareholders. In addition, regulatory liquidity standards require us to hold high-quality liquid assets, which has caused us to change, and may in the future cause us to change, our mix of investments, and may impact future business relationships with certain customers. Additionally, support of liquidity standards may be satisfied through the use of long-term wholesale borrowings, which tend to have a higher cost than that of traditional core deposits. Further, the Federal Reserve has detailed the processes that BHCs should maintain to ensure they hold adequate capital under severely adverse conditions and have ready access to funding before engaging in any capital activities. The severity and other features of these processes, which take the form of stress tests and other measures, may evolve from year to year and are used by the Federal Reserve to, among other things, evaluate our management of capital and the adequacy of our regulatory capital and to determine the stress capital buffer that we must maintain above our minimum regulatory capital requirements. Despite recent announcements by the Federal Reserve declaring intent to increase transparency into capital stress tests and models, the results of these processes are difficult to predict due to, among other things, the Federal Reserve's use of proprietary stress models that differ from our internal models. Consequently, the Federal Reserve may impose capital requirements in excess of our expectations which could require us, as applicable, to revise our stress-testing or capital management approaches, resubmit our capital plan or postpone, cancel, or alter our planned capital actions. The results may also lead to limits on Key's ability to make distributions, including paying out dividends or buying back shares. From time to time, federal banking regulators tailor the extent to which various categories of large banks are subject to certain capital, liquidity and other regulations. For instance, Category IV banks with assets between $100 billion and $250 billion, including Key, are not currently subject to certain capital and liquidity standards required of larger banks. However, the bank regulatory environment evolves continually, and regulatory standards, expectations and requirements evolve along with that environment, raising the risk of increased compliance costs in the future. Moreover, often in response to industry or macroeconomic stress events, informal regulatory expectations of capital and liquidity management practices may exceed formal requirements. Consequently, Key may not be able to realize any potential benefits of periodic regulatory tailoring. For more information on regulatory requirements and proposals regarding the management of liquidity risk, see the section titled "Regulatory capital requirements" under the heading "Supervision and Regulation" in Item 1 of this report.
Litigation & Legal Liabilities1 | 2.6%
Litigation & Legal Liabilities - Risk 1
Changed
We are, and may in the future be, subject to claims, litigation, arbitration, investigations, and governmental proceedings, which could result in significant financial liability and/or reputational harm.
We are subject to, and may in the future be subject to, claims or legal actions taken against us by customers, vendors, shareholders, or other parties. Further, KeyCorp is currently named, and KeyCorp and certain of its officers and directors have in the past been named, and may in the future be named, as defendants in various class actions, mass arbitrations, and other litigation relating to our business and activities. We maintain reserves for certain claims when deemed appropriate based upon our assessment that a loss is probable, estimable, and consistent with applicable accounting guidance. At any given time, we have a variety of legal actions asserted against us in various stages of litigation. Resolution of a legal action can often take years. Whether any particular claims and legal actions are founded or unfounded, if such claims and legal actions are not resolved in our favor, they may result in significant financial liability and adversely affect how the market perceives us and our products and services as well as impact customer demand for those products and services. We are also involved, from time to time, in other information-gathering requests, reviews, investigations, and proceedings (both formal and informal) by governmental and self-regulatory agencies regarding our business, including, among other things, accounting, compliance, and operational matters, which may result in adverse judgments, settlements, fines, penalties, injunctions, or other relief which, if significant, could adversely affect our business, results of operations and/or financial condition. Enforcement authorities may also seek admissions of wrongdoing and, in some cases, criminal pleas as part of the resolutions of matters and any such resolution of a matter involving Key could lead to increased exposure to private litigation, could adversely affect Key's reputation, and could result in limitations on our ability to do business in certain jurisdictions. Further, enforcement matters could impact our supervisory and CRA ratings, which may in turn restrict or limit certain of our business activities. In recent years, there has been an increase in the number of investigations and proceedings in the financial services industry. A violation of law or regulation by another financial institution has, in the past, resulted in, and may, in the future, give rise to an inquiry or investigation by regulators or other authorities of the same or similar practices by Key. The outcome of regulatory matters as well as the timing of ultimate resolution are inherently difficult to predict, and the uncertain regulatory enforcement environment makes it difficult to estimate probable losses, which can lead to substantial disparities between legal reserves and actual settlements or penalties.
Environmental / Social3 | 7.9%
Environmental / Social - Risk 1
Changed
Societal and governmental responses to climate change could adversely affect our business and performance, including indirectly through impacts on our customers.
Concerns over the long-term impacts of climate change have led and may continue to lead to governmental efforts around the world to mitigate those impacts, creating potential transition risk. Transition risks could include additional regulatory requirements or legislation, changes in stakeholder behaviors, or the development of new technologies to aid in the transition to a low-carbon economy, New and/or changing regulatory requirements could affect our results by requiring us to take costly measures to comply with any new laws or regulations related to climate change that may be adopted by federal, state, and local governments or regulators. Consumers and businesses also may change their own behavior as a result of these concerns. We and our customers may face cost increases, asset value reductions, operating process changes, and the like. In addition, the multiple and potentially conflicting laws and regulations regarding climate change that have been or may be adopted by various jurisdictions could increase our cost of doing business and make compliance with such laws and regulations more difficult. The impact on our customers will likely vary depending on their specific attributes, including reliance on or role in carbon-intensive activities.
Environmental / Social - Risk 2
Changed
Key is subject to corporate responsibility and sustainability efforts risks that could adversely affect our reputation and our business and results of operations.
Views about corporate responsibility and sustainability-related issues are diverse, dynamic, and rapidly changing. Financial services companies, including Key, face increasing criticism from social and environmental activists who target companies, including Key, for engaging in business with clients engaged in industries which such activists perceive to be harmful to communities or the environment. Such criticism directed at Key could generate dissatisfaction among our stakeholders. Additionally, however we respond to such criticism, we face the risk that current or potential clients may decline to do business with us or current or potential employees refuse to work with us. This can be true regardless of whether we are perceived by some as not having done enough to address activist concerns or by others as having inappropriately yielded to activist pressures. Conversely, there exists anti-environmental, social and governance (ESG) and anti-diversity, equity, and inclusion (DEI) sentiment among certain stakeholders and government institutions, which has gained momentum across the U.S. For example, President Trump recently issued an executive order opposing DEI initiatives in the private sector, and certain states have taken, and may in the future take, actions or proposed measures to limit the state's ability to do business with financial institutions or other businesses identified as discriminating against certain industries or practices based on environmental or social criteria. We could be exposed to reputational, financial, and legal risk as a result of anti-ESG and anti-DEI sentiment, and our ability to retain and attract customers and employees may be negatively impacted as a result of these contrasting arguments in how a financial institution should address these issues. Companies are facing increasing scrutiny from customers, regulators, investors, and other stakeholders related to their corporate responsibility and sustainability practices and disclosures. We may face criticism or a loss of confidence, with accompanying reputational risk, from our perceived action or inaction to deliver on our corporate responsibility and sustainability-related commitments. Investors and other stakeholders, including U.S. institutional investors, are increasingly considering how corporations are incorporating corporate responsibility and sustainability matters, including climate-related financial risks, into their business strategy when analyzing the expected risk and return of potential investments. The specific factors considered, as well as the approach to incorporating the factors into a broader investment process, vary by investor and can shift over time. These shifts in investing priorities may result in adverse effects on the trading price of our common stock if investors determine that Key has not made sufficient progress on corporate responsibility and sustainability matters or is not aligned with the investors' priorities. In addition, collecting, measuring, and reporting corporate responsibility and sustainability information and metrics can be costly, difficult and time consuming, is subject to evolving and potentially conflicting reporting standards, and can present numerous operational, reputational, financial, legal, and other risks. Further, inadequate processes to collect and review this information prior to disclosure could result in potential liability related to such information.
Environmental / Social - Risk 3
We are subject to complex and evolving laws and regulations regarding privacy and cybersecurity, which could limit our ability to pursue business initiatives, increase the cost of doing business and subject us to compliance risks and potential liability.
We are subject to complex and evolving laws, regulations, and requirements governing the privacy and protection of personal information of our customers, employees, job applicants, and other individuals. Complying with laws, regulations, and requirements applicable to our collection, use, transfer, and storage of personal information, as well as notification requirements related to our obligations with respect to such personal information, can increase operating costs, impact the development and marketing of new products or services, and reduce operational efficiency. Any mishandling or misuse of personal information by Key or our vendors or our failure to comply with notification requirements related to incidents relating to such personal information could expose us to litigation or regulatory fines, penalties, or other sanctions. At the federal level, we are subject to the Gramm-Leach-Bliley Act of 1999, as amended, which requires financial institutions to, among other things, periodically disclose their privacy policies and practices relating to sharing personal information and, in some cases, enables customers to opt out of the sharing of certain non-public personal information with unaffiliated third parties. We are also subject to the rules and regulations promulgated under the authority of the Federal Trade Commission, which regulates unfair or deceptive acts or practices, including with respect to privacy and cybersecurity. A number of states have also recently enacted consumer privacy laws that impose compliance obligations with respect to personal information or issued guidance regarding the same, such as the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (known as the "CCPA"), and the New York Department of Financial Services Cybersecurity Regulations. In addition, there has been a significant increase in privacy-related litigation in recent years with respect to how organizations collect information and technical data from their public facing websites, and federal and state courts have been creating new legal frameworks around consumer and website privacy, which also creates new risks on businesses. As new privacy-related laws and regulations, and judicially-created frameworks, are implemented in jurisdictions in which KeyBank operates, the time and resources needed for us to comply with such laws and regulations, as well as our potential liability for noncompliance and reporting obligations in the case of data breaches, may significantly increase. Compliance with these laws and regulations has required and may continue to require us to change our policies, procedures, and technology for information security and segregation of data, which could, among other things, make us more vulnerable to operational failures, result in increased costs as a result of continually evaluating our policies and processes and adapting to new requirements that are or become applicable to us, and subject us to monetary penalties for breach of such laws and regulations. As a result, some uncertainty remains as to the aggregate impact upon Key of significant regulations.
Macro & Political
Total Risks: 5/38 (13%)Above Sector Average
Economy & Political Environment4 | 10.5%
Economy & Political Environment - Risk 1
Changed
Federal agencies' actions to ensure stability of the U.S. economy and financial system may have costly or disruptive effects on us.
The federal government's actions can impact financial markets. For example, during 2024 the Federal Reserve, after an extended period of raising its monetary policy rate, began lowering interest rates in an effort to prevent a recession. These types of actions can impact financial markets and our business and cause increased financial market and interest rate volatility. Bank failures, such as those that occurred in 2023, have led the U.S. Treasury Secretary, the FDIC, and the Federal Reserve to invoke the systemic risk exception to the least-cost resolution requirement under the FDIA to guarantee uninsured deposits of the failed banks. The systemic bank exception can only be invoked for financial market risks that pose a threat to financial stability. The FDIC may impose a special assessment on IDIs to recover the loss to the failed bank resulting from the use of the systemic risk exception to protect the uninsured depositors. The potential impact of a special assessment to Key could increase noninterest expense for that quarter, as was the case during the first and second quarters of 2024. Regulators can implement measures designed to strengthen capital and liquidity standards and restore confidence in the banking system applicable to Key including those discussed in "Regulatory capital requirements" under the heading "Supervision and Regulation" in Item 1 of this report. These regulatory rules could have a material effect on our business, financial condition, and results of operations. Capital and long-term debt requirements require us to divert resources from otherwise profitable lending and investment opportunities to ensure compliance, which may be dilutive to shareholders or limit Key's ability to buy back shares or pay dividends. The Federal Home Loan Bank (FHLB) system continues to be a source of funding. Changes in FHLB lending policy could adversely affect our liquidity and profitability. Further, as market conditions evolve and respond to the influence of government agency initiatives, or lack thereof, the slope of the yield curve will shift and influence our loan and deposit rates and value of investments. The actions of federal agencies are not fully predictable which contributes to market volatility and changes to the slope of the yield curve.
Economy & Political Environment - Risk 2
Our profitability depends upon economic conditions in the geographic regions where we have significant operations and in certain market segments in which we conduct significant business.
We have concentrations of loans and other business activities in geographic regions where our bank branches are located - Washington; Oregon/Alaska; Rocky Mountains; Indiana/Northwest Ohio/Michigan; Central/Southwest Ohio; East Ohio/Western Pennsylvania; Atlantic; Western New York; Eastern New York; and New England - and additional exposure to geographic regions outside of our branch footprint. Economic growth in the various regions where we operate has been uneven, and the health of the overall U.S. economy may differ from the economy of any particular geographic region. Adverse conditions in a geographic region such as inflation, unemployment, recession, natural disasters, impact of public health crises, or other factors beyond our control could impact the ability of borrowers in these regions to repay their loans, decrease the value of collateral securing loans made in these regions, or affect the ability of our customers in these regions to continue conducting business with us. Additionally, a significant portion of our business activities are concentrated within the commercial real estate, healthcare, finance, and utilities market segments. The profitability of some of these market segments depends upon the health of the overall economy, seasonality, the impact of regulation, and other factors that are beyond our control and may be beyond the control of our customers in these market segments. An economic downturn or recession in one or more geographic regions where we conduct our business, or any significant or prolonged impact on the profitability of one or more of the market segments with which we conduct significant business activity, could adversely affect the demand for our products and services, the ability of our customers to repay loans, the value of the collateral securing loans, and the stability of our deposit funding sources.
Economy & Political Environment - Risk 3
Geopolitical destabilization could adversely impact our loan portfolios.
While we have minimal direct foreign company exposure in our loan portfolios, there are correlated and contingent risks posed by geopolitical destabilization within our loan portfolio. For example, conflicts across the world, including the Russia-Ukraine war and the Israel-Hamas war, have proven to have a material impact on certain domestic commodity prices, impacting our borrowers' input costs and disrupting supply chains both domestically and abroad. These factors increase potential defaults in our loan portfolio and could ultimately increase loan losses.
Economy & Political Environment - Risk 4
A worsening of the U.S. economy and volatile or recessionary conditions in the U.S. or abroad could negatively affect our business or our access to capital markets.
A worsening of economic and market conditions or downside shocks could result in adverse effects on Key and others in the financial services industry. Recent and persistent interest rate increases and a slowing economy could present a challenge for the industry, including Key, and negatively affect business and financial performance. In particular, we face the following risks, and other unforeseeable risks, in connection with a downturn in the economic and market environment or in the face of downside shocks or a recession, whether in the United States or internationally: - A loss of confidence in the financial services industry and the debt and equity markets by investors, placing pressure on the price of our common shares or decreasing the credit or liquidity available to Key, while also increasing the cost of such credit or liquidity;- A decrease in consumer and business confidence levels generally, decreasing credit usage and investment or increasing delinquencies and defaults;- A decrease in household or corporate incomes, reducing demand for our products and services;- A decrease in the value of collateral securing loans to our borrowers or a decrease in the quality of our loan portfolio, increasing loan charge-offs and reducing Key's net income;- A decrease in our ability to liquidate financial positions at acceptable market prices;- An increase in competition or consolidation in the financial services industry;- Increased concern over and scrutiny of the capital and liquidity levels of financial institutions generally, and those of our transaction counterparties specifically with a corresponding increase in our cost of capital, liquidity and/or funding;- A decrease in confidence in the creditworthiness of the United States or other issuers whose securities we hold; and - An increase in limitations on or the regulation of financial services companies like Key. In the event of severely adverse business and economic conditions generally or specifically in the principal markets in which we conduct business, there can be no assurance that the federal government and the Federal Reserve would intervene or make adjustments to fiscal or monetary policy that would cause business and economic conditions to improve. A worsening of business and economic conditions or market volatility related thereto could have a material adverse effect on our business, financial condition, and results of operations. In addition, volatility and uncertainty related to inflation and the effects of inflation, which has, in recent years, led to increased costs for businesses and consumers and could cause the Federal Reserve to reinitiate a series of interest rate increases, which may amplify or contribute to some of the risks of our business by adversely affecting the creditworthiness of our borrowers, increasing our costs, or resulting in lower values for our investment securities and other fixed-rate assets. To the extent that the Federal Reserve's policies around managing inflation fail to mitigate the volatility and uncertainty related to inflation and the effects of inflation, or to the extent conditions otherwise worsen or are exacerbated by policies enacted by the U.S. government, including the imposition of tariffs or other trade policies, we could experience adverse effects on our business, financial condition, and results of operations. In addition, when U.S. economic conditions are weak or recessionary, unemployment may rise and corporate profits may fall significantly, creating adverse credit conditions in our lending businesses. Rising credit costs may materially reduce our profitability as we generate the majority of our income from lending activity; See the section entitled "Credit Risk" in this Item 1A. "Risk Factors."
Natural and Human Disruptions1 | 2.6%
Natural and Human Disruptions - Risk 1
Our operations and financial performance could be adversely affected by severe weather and natural disasters exacerbated by climate change.
Natural disasters, including wildfires, tornadoes, severe storms, and hurricanes, have seemingly become more frequent and severe due to climate change. The timing and effects of these climate-related physical risks are difficult to accurately predict, and the potential impact of such risks on our operations, employees, communities, and customers could have a material adverse effect on our business, financial position, and results of operations. Given our broad regional focus, we are exposed to a wide range of climate-related physical risks across different geographical areas. Severe weather events can directly affect our operations by interrupting systems, damaging facilities, disrupting our supply chain, and hindering our ability to conduct business as usual. Additionally, these events can indirectly impact us by damaging or destroying customer businesses, impairing their ability to repay loans, or causing damage to properties pledged as collateral for loans made by Key. Although preventative measures may help to mitigate damage, such measures could be costly, and any disaster could adversely affect our ability to conduct our business as usual. Furthermore, the insurance we maintain may not be adequate to cover our losses resulting from any business interruption resulting from a natural disaster or other severe weather events. Recurring extreme weather events could also reduce the availability or increase the cost of insurance. Our failure to comply with evolving regulatory requirements related to natural disaster risk management may also result in legal and financial consequences.
Tech & Innovation
Total Risks: 3/38 (8%)Above Sector Average
Innovation / R&D1 | 2.6%
Innovation / R&D - Risk 1
Maintaining or increasing our market share depends upon our ability to adapt our products and services to evolving industry standards and consumer preferences, while maintaining competitive products and services.
The continuous, widespread adoption of new technologies requires us to continually evaluate our product and service offerings to ensure they remain competitive. Our success depends, in part, on our ability to adapt our products and services, as well as our distribution of them, to evolving industry standards and consumer preferences. New technologies have altered consumer behavior by allowing consumers to complete transactions such as paying bills or transferring funds directly without the assistance of banks. New products allow consumers to maintain funds in brokerage accounts or mutual funds that would have historically been held as bank deposits. The process of eliminating banks as intermediaries, known as "disintermediation," could result in the loss of fee income, as well as the loss of customer loans and deposits and related income generated from those products. The increasing pressure from our competitors, both bank and nonbank, to keep pace and adopt new technologies and products and services requires us to incur substantial expense. We may be unsuccessful in developing or introducing new products and services, modifying our existing products and services, adapting to changing consumer preferences and spending and saving habits, achieving market acceptance or regulatory approval, sufficiently developing or maintaining a loyal customer base, or offering products and services at prices equal to or lower than the prices offered by our competitors. These risks may affect our ability to achieve growth in our market share and could reduce both our revenue streams from certain products and services and our revenues from our net interest income.
Cyber Security1 | 2.6%
Cyber Security - Risk 1
We and third parties on which we rely (including their downstream service providers) may experience a cyberattack, technology failure, information system or security breach or interruption.
We rely heavily on communications, information systems (both internal and provided by third parties), and the internet to conduct our business. Our business is dependent on our ability to process and monitor large numbers of daily transactions in compliance with legal, regulatory, and internal standards and specifications. In addition, a significant portion of our operations relies heavily on the secure processing, storage, and transmission of personal and confidential information, such as the personal information of our employees, customers, and clients. These risks may increase in the future as we continue to increase mobile payments and other internet-based product offerings, expand our internal usage of web/cloud-based products and applications, and maintain and develop new relationships with third-party providers, including their downstream service providers. In addition, our ability to extend protections to customers' information to individual customer devices is limited, especially if the customers willingly provide third parties access to their devices or information. In the event of a failure, interruption, or breach of our information systems, or that of a third party that provides services to us or our customers, we may be unable to avoid impact to our customers. For example, we may experience operational disruptions or interruptions as a result of a cyber incident, including disruption caused by protective containment measures taken by us, such as taking certain first- or third-party systems off-line for a prolonged period. Such a failure, interruption, or breach could result in legal liability, remediation costs, regulatory action, or reputational harm. U.S. financial service institutions and companies have reported breaches in the security of their websites or other systems and several financial institutions, including Key, have had third parties on which they rely experience such breaches. In addition, several financial institutions, including Key, have experienced significant distributed denial-of-service attacks, some of which involved sophisticated and targeted attacks intended to disrupt, disable, or degrade services, or sabotage systems or data. Other attacks have attempted to obtain unauthorized access to confidential, proprietary, or personal information or intellectual property, to extort money through the use of "ransomware" or other extortion tactics, or to alter or destroy data or systems, often through various attack vectors and methods, including the introduction of computer viruses or malicious or destructive code (commonly referred to as "malware"), phishing, cyberattacks, account takeovers, credential stuffing, and other means. To the extent that we use third parties to provide services to our clients, we cannot control all of the risks at these third parties or third parties' downstream service providers. Hardware, software, or applications developed by Key or received from third parties may contain exploitable vulnerabilities, bugs, or defects in design, maintenance or manufacture or other issues that could unpredictably compromise information and cybersecurity. We depend on third party service providers and their downstream service providers to implement adequate controls and safeguards to protect against and report cyber incidents. While we have a third party risk management program, because we do not control our third party service providers or their downstream service providers and our ability to monitor their cybersecurity is limited, we cannot ensure the cybersecurity measures they take will be sufficient to protect any information we share with them or prevent any disruption arising from a technology failure, cyberattack or other information or security breach. If such parties fail to deter, detect, or report cyber incidents in a timely manner, we may suffer from financial and other harm, including to our information, operations, performance, employees, and reputation. In addition, should an adverse event affecting another company's systems occur, we may not have indemnification or other protection from the other company sufficient to fully compensate us or otherwise protect us or our clients from the consequences. To date, our losses and costs related to these breaches have not been material, but other similar events in the future could have a material impact on our business strategy, results of operations, or financial condition. In addition, our customers routinely use Key-issued credit and debit cards to pay for transactions conducted with businesses in person and over the internet. If the business's systems that process or store debit or credit card information experience a security breach, our card holders may experience fraud on their card accounts. We may suffer losses associated with such fraudulent transactions, as well as for other costs, such as replacing impacted cards. Key also provides card transaction processing services to some merchant customers under agreements we have with payment networks. Under these agreements, we may be responsible for certain losses and penalties if one of our merchant customers suffers a data breach. We also face risks related to the increasing interdependence and interconnectivity of financial entities and technology systems. A technology failure, cyberattack or other security breach that significantly compromises the systems of one or more financial parties or service providers in the financial system could have a material impact on counterparties or market participants, including us. Such incidents could also lead to widespread technology outages, interruptions or other failures of operational, communication, or other systems globally and across companies and industries. Any third-party technology failure, cyberattack, or security breach could adversely affect our ability to effect transactions, service clients, or otherwise operate our business and could result in legal liability, remediation costs, regulatory action, or reputational harm. Additionally, the increasing use of third-party financial data aggregators and emerging technologies, including the use of automation, artificial intelligence and robotics, introduces new information security risks and exposure for us and for our third party service providers, and, additionally, such technologies may be used to identify vulnerabilities; such technologies have resulted in a substantial increase in the volume and sophistication of cyberattacks against financial and other institutions, including the use of generative artificial intelligence to conduct more sophisticated social engineering attacks. Such security attacks can originate from a wide variety of sources/malicious actors, including, but not limited to, persons who constitute an insider threat, who are involved with organized crime, or who may be linked to terrorist organizations or hostile foreign governments. Those same parties may also attempt to fraudulently induce employees, customers, or other users of our systems to disclose sensitive information in order to gain access to our data or that of our customers or clients through social engineering, phishing, mobile phone malware and SIM card swapping, and other methods. Our security systems, and those of the third-party service providers on which we rely,may not be able to protect our information systems or data from similar attacks due to the rapid evolution and creation of sophisticated cyberattacks. We are also subject to the risk that a malicious actor or our employees may intercept and/or transmit or otherwise misuse unauthorized personal, confidential, or proprietary information or intellectual property. An interception, misuse, or mishandling of personal, confidential, or proprietary information or intellectual property being sent to or received from a customer or third party could result in legal liability, remediation costs, regulatory action, and reputational harm. We have incurred and will continue to incur significant expense in an effort to improve the reliability and resilience of our systems and their security against internal and external threats. Nonetheless, we cannot guarantee our measures will be effective or sufficient to prevent a cyber incident, and there remains the risk that one or more adverse events might occur. If one does occur, it could go undetected and persist for an extended period of time and/or we may be unable to remediate the event or its consequences timely or adequately. While we do maintain cyber information security and business interruption insurance, losses from a major interruption may exceed our coverage and there can be no assurance that liabilities or losses we may incur will be covered under such policies, that such insurance will continue to be available to us on economically reasonable terms, or at all, or that any insurer will not deny coverage as to any future claim.
Technology1 | 2.6%
Technology - Risk 1
The increased use of remote work infrastructure has expanded potential attack vectors and resulted in increased operational risks.
The increase in remote work over the past several years has resulted in an expanded potential attack surface and heightened operational risks and may negatively impact our ability, and the ability of our third-party service providers (including their downstream service providers), to perform services efficiently, securely, and without interruptions. In addition to some of our workforce working remotely periodically or on a full-time basis, our third-party service providers (including their downstream service providers) may utilize personnel who work remotely. Increased levels of remote access create additional cybersecurity risk and opportunities for cybercriminals to exploit vulnerabilities. These fraudulent activities have resulted in increased fraud losses to us and the financial services industry generally. In addition to enhanced cybersecurity risk, employees and other personnel performing services for us who work remotely may experience disruptions to their home internet or phone connections, decreased efficiency due to delayed network speeds or other interruptions, and/or delays in the dissemination and exchange of information, any of which could negatively impact our operations. We have experienced, and may continue to experience, disruption related to remote work, which disruptions could adversely impact our business, and could result in legal liability, regulatory penalties, litigation expenses, remediation costs, or reputational harm.
Production
Total Risks: 3/38 (8%)Below Sector Average
Employment / Personnel1 | 2.6%
Employment / Personnel - Risk 1
We may not be able to attract and retain skilled people.
Our success depends on our ability to attract, retain, motivate, and develop a high performing, inclusive, and collaborative workforce. Competition for talent in our business is strong and requires us to make investments to provide compensation and benefits at market levels. Rising wages, as well as inflation, may cause us to increase these investments. Such investments cause compensation and benefits to represent our greatest expense. Additionally, we increasingly compete for talent outside of the core financial services industry. Non-financial institutions may be subject to different pay and hiring expectations than us, which may make it more difficult for us to attract qualified teammates. For example, we are required to deliver a substantial portion of the variable compensation of certain teammates in the form of awards tied to our financial performance and/or share price performance. Our failure to achieve our long-term financial goals and/or our share price performance may cause the value of these awards to decline or fall to zero, which would impact our ability to retain and incentivize qualified teammates. Similarly, our pay practices are subject to scrutiny by our regulators who may identify deficiencies in the structure of, or issue additional guidance on our compensation practices, causing us to make changes that may affect our ability to offer competitive pay to these individuals or that place us at a disadvantage to non-financial service industry competitors. Finally, while remote work opportunities allow us to hire outside of our traditional footprint, it also increases competition. These factors individually, or collectively, may constrain our ability to hire or retain a sufficient number of qualified employees, which could impact our ability to serve our customers and clients.
Supply Chain1 | 2.6%
Supply Chain - Risk 1
Added
We rely on third parties to perform significant operational services for us, and their failure to perform to our standards or other issues of concern with them could harm us.
Third parties perform significant operational services on our business, and many of our third party vendors outsource aspects of their operations and contractual obligations to downstream service providers. These parties – both our vendors and their downstream service providers – are subject to similar risks as Key. While we have a third party risk management program and can exert varying degrees of influence over our service providers, we do not control them, their actions, or their businesses. For example, one or more of these parties may experience a cybersecurity event, financial distress (including, but not limited to, filing for bankruptcy), operational difficulties, or operational disruptions that could negatively impact performance and delivery of our services. In addition, some of our third party arrangements are located overseas and, therefore, are subject to risks unique to the regions in which they operate. Service providers have not always met our requirements and expectations, and no assurance can be provided that in the future they will perform to our standards, adequately represent our brand, comply with applicable law, appropriately manage their own risks, including cybersecurity, remain financially or operationally viable, abide by their contractual obligations, or continue to provide us with the services that we require or that they are contractually obligated to provide. Disruption in services provided by these third parties, including a discontinuation or delay in services, could increase the costs of doing business and adversely affect our ability to deliver products and services to clients, to support teammates, and otherwise to conduct business, which would negatively impact our customer relationships, our reputation, and our business. Further, regulatory guidance adopted by federal banking regulators related to how banks select, contract with, evaluate, engage with, and manage their third parties, including such third parties' use of subcontractors and downstream service providers, impacts whether and how we work with such parties, as well as the cost of managing such relationships. In some instances, we may be responsible for failures of third parties to comply with government regulations. We may need to incur substantial expenses to address issues with a service provider, and if the issues cannot be acceptably resolved, we may not be able to timely or effectively replace the service provider due to contractual restrictions, the unavailability of acceptable alternative providers, or other reasons. Further, regardless of how much we can influence our service providers, issues of concern with them could result in supervisory actions and private litigation against us and could harm our reputation, business, and financial results. Certain third parties may have limited identification obligations to us or may not have the financial capacity to satisfy their indemnification obligations, and our insurance coverage may be inadequate to protect us from losses related to the actions of our third party vendors and their downstream service providers.
Costs1 | 2.6%
Costs - Risk 1
Declining asset prices could adversely affect us.
During periods of economic stress, the volatility and disruption that the capital and credit markets experience may reach, and have in the past reached, extreme levels. Market disruption may severely stress or even lead to the failure of financial institutions, which can cause further credit market constriction and further liquidation of assets, driving asset prices down even more. Asset price deterioration has a negative effect on the valuation of collateral and certain assets represented on our balance sheet and reduces our ability to sell assets at prices we deem acceptable. The most recent recession in the U.S., resulting from the impact of the COVID-19 pandemic, did not have significant lasting impact on collateral value. However, there are still risks to economic stability that could reverse recent stable trends in asset prices. These risks include, but are not limited to: - A correction in equity or housing markets;- Supply chain issues such as closed factories and disrupted port activity, as well as the impact of the Russia-Ukraine war and the Israel-Hamas war on global transportation and the availability of materials;- Recessionary pressures on other major international economies, such as China, that may impact the broader global and our domestic economy;- Labor-supply constraints, including as a result of potential changes to U.S. immigration policies and laws, leading to slowing job growth and rising wages along with inflation (wage-price spiral); and - Negative real GDP growth, as a result of, in part, the Federal Reserve's monetary policy to arrest inflationary pressures within the broader economy.
Ability to Sell
Total Risks: 3/38 (8%)Above Sector Average
Competition1 | 2.6%
Competition - Risk 1
We operate in a highly competitive industry.
We face substantial competition in all areas of our operations from a variety of competitors, some of which are larger and may have more financial resources than us. Our competitors primarily include national and super-regional banks as well as smaller community banks within the various geographic regions in which we operate. We also face competition from many other types of financial institutions, including, without limitation, savings associations, credit unions, mortgage banking companies, finance companies, mutual funds, insurance companies, investment management firms, private credit funds, investment banking firms, broker-dealers, financial technology companies, and other local, regional, national, and global financial services firms. In addition, technology has lowered barriers to entry and made it possible for nonbanks, including large technology companies, to offer products and services traditionally provided by banks. We expect the competitive landscape of the financial services industry to become even more intense as a result of legislative, regulatory, structural, customer preference, and technological changes. Our ability to compete successfully depends on a number of factors, including: our ability to develop and execute strategic plans and initiatives; our ability to develop, maintain, and build long-term client relationships; our ability to develop and deliver competitive products and technologies expected by our customers, while maintaining safety and soundness, effective risk management practices, and high ethical standards; our ability to attract, retain, and develop an employee workforce with the required skills and expertise; and industry and economic trends. Increased competition in the financial services industry, or our failure to perform in any of these areas, could significantly weaken our competitive position, which could adversely affect our growth and profitability. Strategic risk may also be realized due to events or issues that materialize in other risk factor areas. For example, significant deficiencies in end-to-end operational execution and/or product delivery or failure to comply with applicable laws and regulations may result in unmet client expectations or harm and impact our competitive standing in the industry.
Demand1 | 2.6%
Demand - Risk 1
Should the fundamentals of the commercial real estate market deteriorate, our financial condition and results of operations could be adversely affected.
Recent Federal Reserve monetary policy, including shrinkage of its balance sheet and incremental increases in target interest rates early in 2023 followed by a sustained period of relatively higher target interest rates throughout the latter part of 2023 and 2024, continue to impact the commercial and residential real estate markets. Capitalization rates have risen, and property value appreciation has slowed and continues to decline. In many markets within Key's footprint, property values continue to decrease. Industrial and retail properties continue to remain stable, but multifamily, office, hospitality, and single family detached properties show signs of deterioration. Development and construction continue, but at muted levels, and deliveries of additional units into the market have been supported. Oversupply of multifamily housing is a concern in certain urban and gateway markets. However, our exposures in those markets are limited (for example, approximately 5% of our multifamily portfolio is located in New York City, Chicago, Los Angeles, and San Francisco; we also have no exposure to rent controlled properties in New York City). The most severely impacted commercial real estate segments have been in office. Key's non-owner occupied office exposures are 5% of our total commercial real estate exposure. Substantial deterioration in property market fundamentals could negatively impact our portfolio, with a large portion of our clients active in real estate but in the comparatively better performing multifamily space over the cycle. A correction in the real estate markets could impact the ability of borrowers to make debt service payments on loans or to refinance the loans at maturity. A relatively small portion of our commercial real estate loans are construction loans. New construction and value-add or rehabilitation construction projects may not be fully leased at loan origination. These properties typically require additional leasing through the life of the loan to provide adequate cash flow to support debt service payments. If property market fundamentals deteriorate sharply, performance under existing leases could deteriorate and the execution of new leases could slow, compromising the borrower's ability to cover debt service payments.
Brand / Reputation1 | 2.6%
Brand / Reputation - Risk 1
Damage to our reputation could significantly impact our business and major stakeholders.
Our ability to attract and retain customers, clients, investors, and highly skilled management and employees is affected by our reputation. Damage to our reputation could also adversely impact our credit ratings and access to capital markets. Significant harm to our reputation can arise from various sources, including inappropriate behavior or misconduct of employees, actual or perceived unethical behavior, litigation or regulatory outcomes, inadequate or ineffective risk management practices, failing to deliver minimum or required standards of service and quality, corporate governance and regulatory compliance failures, disclosure of confidential information, significant or numerous failures, interruptions or breaches of our information systems, complex fraud threats, failure to meet external commitments and goals, including financial corporate responsibility and sustainability related commitments, the activities of our clients, customers and counterparties, including vendors, and actions taken by shareholder activists and community organizations. Additionally, actions by the financial services industry generally or by certain members or individuals in the industry as well as legislative or regulatory actions that target or negatively impact the industry may also have a significant adverse effect on our reputation. Negative coverage about Key published in traditional media or on social media websites, whether or not factually correct, may affect our reputation and our business prospects and impact our ability to attract and retain highly skilled employees. Social media facilitates the rapid dissemination of information or misinformation, thereby increasing the potential for widespread dissemination of inaccurate, false, misleading, or other negative information that could damage our reputation. Negative public opinion can also adversely affect our ability to attract and maintain customer relationships and could subject us to litigation and regulatory action. We are also subject to the risk that disruptions to how our customers access our banking services, such as disruptions to our technology platforms (e.g., online banking websites or mobile applications) or other impacts to our branches, could harm our reputation with customers. In particular, a cybersecurity event impacting Key or our customers' data or personal information could negatively impact our reputation and customer confidence in Key and our data security procedures. Increased model and generative AI use could expose us to liability or adverse legal or regulatory consequences and harm our reputation and the public perception of our business or the effectiveness of our security measures. We could also suffer significant reputational harm if we fail to properly identify and manage potential conflicts of interest. Management of potential conflicts of interests is complex as we expand our business activities through more numerous transactions, obligations, and interests with and among our clients. The actual or perceived failure to adequately address conflicts of interest could affect the willingness of clients to deal with us, which could adversely affect our businesses, and could give rise to litigation or enforcement actions.
See a full breakdown of risk according to category and subcategory. The list starts with the category with the most risk. Click on subcategories to read relevant extracts from the most recent report.

FAQ

What are “Risk Factors”?
Risk factors are any situations or occurrences that could make investing in a company risky.
    The Securities and Exchange Commission (SEC) requires that publicly traded companies disclose their most significant risk factors. This is so that potential investors can consider any risks before they make an investment.
      They also offer companies protection, as a company can use risk factors as liability protection. This could happen if a company underperforms and investors take legal action as a result.
        It is worth noting that smaller companies, that is those with a public float of under $75 million on the last business day, do not have to include risk factors in their 10-K and 10-Q forms, although some may choose to do so.
          How do companies disclose their risk factors?
          Publicly traded companies initially disclose their risk factors to the SEC through their S-1 filings as part of the IPO process.
            Additionally, companies must provide a complete list of risk factors in their Annual Reports (Form 10-K) or (Form 20-F) for “foreign private issuers”.
              Quarterly Reports also include a section on risk factors (Form 10-Q) where companies are only required to update any changes since the previous report.
                According to the SEC, risk factors should be reported concisely, logically and in “plain English” so investors can understand them.
                  How can I use TipRanks risk factors in my stock research?
                  Use the Risk Factors tab to get data about the risk factors of any company in which you are considering investing.
                    You can easily see the most significant risks a company is facing. Additionally, you can find out which risk factors a company has added, removed or adjusted since its previous disclosure. You can also see how a company’s risk factors compare to others in its sector.
                      Without reading company reports or participating in conference calls, you would most likely not have access to this sort of information, which is usually not included in press releases or other public announcements.
                        A simplified analysis of risk factors is unique to TipRanks.
                          What are all the risk factor categories?
                          TipRanks has identified 6 major categories of risk factors and a number of subcategories for each. You can see how these categories are broken down in the list below.
                          1. Financial & Corporate
                          • Accounting & Financial Operations - risks related to accounting loss, value of intangible assets, financial statements, value of intangible assets, financial reporting, estimates, guidance, company profitability, dividends, fluctuating results.
                          • Share Price & Shareholder Rights – risks related to things that impact share prices and the rights of shareholders, including analyst ratings, major shareholder activity, trade volatility, liquidity of shares, anti-takeover provisions, international listing, dual listing.
                          • Debt & Financing – risks related to debt, funding, financing and interest rates, financial investments.
                          • Corporate Activity and Growth – risks related to restructuring, M&As, joint ventures, execution of corporate strategy, strategic alliances.
                          2. Legal & Regulatory
                          • Litigation and Legal Liabilities – risks related to litigation/ lawsuits against the company.
                          • Regulation – risks related to compliance, GDPR, and new legislation.
                          • Environmental / Social – risks related to environmental regulation and to data privacy.
                          • Taxation & Government Incentives – risks related to taxation and changes in government incentives.
                          3. Production
                          • Costs – risks related to costs of production including commodity prices, future contracts, inventory.
                          • Supply Chain – risks related to the company’s suppliers.
                          • Manufacturing – risks related to the company’s manufacturing process including product quality and product recalls.
                          • Human Capital – risks related to recruitment, training and retention of key employees, employee relationships & unions labor disputes, pension, and post retirement benefits, medical, health and welfare benefits, employee misconduct, employee litigation.
                          4. Technology & Innovation
                          • Innovation / R&D – risks related to innovation and new product development.
                          • Technology – risks related to the company’s reliance on technology.
                          • Cyber Security – risks related to securing the company’s digital assets and from cyber attacks.
                          • Trade Secrets & Patents – risks related to the company’s ability to protect its intellectual property and to infringement claims against the company as well as piracy and unlicensed copying.
                          5. Ability to Sell
                          • Demand – risks related to the demand of the company’s goods and services including seasonality, reliance on key customers.
                          • Competition – risks related to the company’s competition including substitutes.
                          • Sales & Marketing – risks related to sales, marketing, and distribution channels, pricing, and market penetration.
                          • Brand & Reputation – risks related to the company’s brand and reputation.
                          6. Macro & Political
                          • Economy & Political Environment – risks related to changes in economic and political conditions.
                          • Natural and Human Disruptions – risks related to catastrophes, floods, storms, terror, earthquakes, coronavirus pandemic/COVID-19.
                          • International Operations – risks related to the global nature of the company.
                          • Capital Markets – risks related to exchange rates and trade, cryptocurrency.
                          What am I Missing?
                          Make informed decisions based on Top Analysts' activity
                          Know what industry insiders are buying
                          Get actionable alerts from top Wall Street Analysts
                          Find out before anyone else which stock is going to shoot up
                          Get powerful stock screeners & detailed portfolio analysis