Metlife (MET) Risk Factors

Some of our shareholders, investors and customers, or those considering such a relationship with us, evaluate our business or other practices according to a variety of ESG standards and expectations. Our practices and performance are subject to increasing scrutiny with regard to various aspects of ESG performance from regulators and other stakeholders. Further, we define our own corporate purpose, in part, by the sustainability of our practices and our impact on all our stakeholders. Our investors or others may evaluate our practices by ESG criteria that are continually evolving and not always clear or readily measurable. These standards and expectations may also, as a whole, reflect contrasting or conflicting values or agendas and are not always susceptible to consensus. Our decisions and priorities must also necessarily, and simultaneously, take account of multiple business goals and interests. Our practices may not change in the particulars or at the rate some stakeholders expect. As a result, our efforts to conduct our business in accordance with some or all these expectations may involve trade-offs. In June 2022, we announced our commitment to achieve net zero greenhouse gas ("GHG") emissions by 2050 or sooner. This commitment applies to GHG emissions from our global owned and leased offices and vehicle fleets, employee business travel, supply chain and general account investment portfolio, including the general accounts of MetLife, Inc.'s wholly-owned subsidiaries, where reliable data and methodologies are available. We have oriented our climate objectives and interim targets to advance this commitment, which involves assumptions and expectations that involve risks and uncertainties. Data and measurement techniques continue to evolve. Further, because of the financed emissions included in our investment portfolio, our ability to meet our commitments is dependent on those counterparties meeting their own carbon reduction objectives. We may fail to meet our commitments or targets, and our policies and processes to evaluate and manage ESG standards in coordination with other business priorities may not prove completely effective or fully satisfy expectations of some stakeholders. For example, some current customers and potential customers may decline to do business with us based on our sustainability practices and related policies and actions. We may also face adverse regulatory, investor, media, or public scrutiny leading to business, reputational, or legal challenges.

The global nature of our business operations exposes us to a wide range of political, legal, operational, economic and other risks, including: nationalization or expropriation of assets; imposition of limits on foreign ownership of local companies; restrictions on the ability to access cash on deposit, changes in laws, their application or interpretation; political instability; economic or trade sanctions; sanctions on cross-border exchange listing, investment or other securities transactions; dividend limitations; price controls; regulations to address climate change; currency exchange controls or other transfer or exchange restrictions; difficulty enforcing contracts; regulatory restrictions; and public or political criticism of our business and operations. Some of these actions may affect us more harshly than our peers. Some of our businesses operate in emerging markets, where many of these risks are heightened. We face other risks that may affect our global operations and investments, including those related to the imposition of tariffs or other barriers to international trade, changes to international trade agreements, uncertainties in intergovernmental organizations, pension system reforms, labor problems with workers' associations or trade unions, and reliance on interconnected information systems and the security of such systems. Expanding our operations to new businesses or jurisdictions may require considerable management time and expenses before significant, if any, revenues and earnings are generated, which may reduce management and financial resources available for other uses. Our operations in new or existing markets may be unprofitable or achieve low margins.

Fluctuations in foreign currency exchange rates against the U.S. dollar may adversely affect our non-U.S. dollar denominated investments, investments in non-U.S. subsidiaries, net income from non-U.S. operations and issuance of non-U.S. dollar denominated instruments. Fluctuations in foreign currency exchange rates may also make certain of our products less attractive to customers, which may increase levels of early policy terminations and decrease sales volume and our in-force business. Such negative effects may be exacerbated if international markets experience severe economic or financial disruptions or significant currency devaluations, if a foreign economy is determined to be "highly inflationary," or if a country withdraws from the Euro zone. Fluctuations in foreign currency exchange rates may harm our operations, earnings or investments in the affected countries. We may be unable to mitigate the risk of such changes in exchange rates due to unhedged positions, asymmetrical and non-economic accounting resulting from derivative gains (losses) on non-qualifying hedges, the failure of hedges to effectively offset the impact of the foreign currency exchange rate fluctuation, or other factors. Fluctuations in currency exchange rates may adversely affect the translation of results into our U.S. dollar basis consolidated financial statements.

Our business operations rely on functioning and secure information systems and those of our vendors. Technological changes present us with new or intensified challenges, and if we are unable to foresee or adapt to these changes, our business, results of operations and financial condition may be adversely affected. For example, our assumptions, models and reserves may need to be modified if we are unable to accurately, timely, or completely process, store and retrieve the increased volume and variety of information relating to our businesses, including information related to deaths, that new technological tools for data collection and analysis make available. Similarly, our distribution channels may become more automated to increase flexibility of access to our services and products. We may incur significant costs to implement and adapt to such changes. If we are unsuccessful, our results of operations, competitive position, reputation and customer and distribution relationships may be harmed. Steps taken to adapt to these changes, such as changes to the method of collection and analysis of data, could also expose us to litigation or other regulatory and legal actions. Technological changes may affect our business model and how we interact with existing or prospective customers, and evolving consumer preferences may require a redesign of our products and investment composition. For example, changes in energy technology and increasing consumer preferences for e-commerce may harm the profitability of some businesses. Likewise, the growth and availability of artificial intelligence ("AI") technologies, including generative AI, presents significant opportunities but also complex challenges, including with respect to balancing and mitigating potential risks of harm posed by the development or deployment of AI technologies. We may fail to adjust our investments accordingly or suffer stranded assets. If we are unable to update our business model to match evolving consumer preferences and purchasing behavior, or the evolving technological landscape, our business, results of operations and financial condition may be adversely affected. New technologies may impact the configuration of our information systems, and how they connect with those of our vendors, service providers and/or partners. Such technological developments may introduce or uncover information security vulnerabilities, which may result in breaches or increased costs associated with maintaining appropriate data privacy, data protection, and cybersecurity measures or enforcement actions against us by regulators. Any such vulnerability that results in a security breach or failure of our information systems, or those of third parties on which we rely, may result in litigation, regulatory action, negative impacts to our business operations, and reputational harm.

We may be unable to prevent third parties from infringing on or misappropriating our intellectual property. We may incur litigation costs to enforce and protect it or to determine its scope or validity, and we may not be successful. In addition, we may be subject to claims by third parties for infringement of intellectual property, breach of license usage rights, or misappropriation of trade secrets. We may incur significant expenses for any such claims. If we are found to have infringed or misappropriated a third-party intellectual property right, we may be enjoined from providing certain products or services to our customers or from utilizing and benefiting from certain intellectual property. Alternatively, we could be required to enter into costly licensing arrangements with third parties or implement a costly alternative.

Our business is highly dependent upon the effective operation of our information systems, and those of our service providers, vendors, and other third parties. Our business relies on the proper functioning of these systems, including processing claims, transactions and applications, providing information to customers and distributors, performing actuarial analyses, retaining customer and business records and other core business functions. A failure in the security of such systems, use by our employees or agents of unauthorized tools, software or other technology to communicate with customers or business counterparties or a failure to maintain the security of our internal or external vendors' systems, or the confidential information stored thereon, may adversely affect our ability to conduct business, result in regulatory enforcement action and litigation, and harm our results of operations, financial condition and reputation. We, our employees, and our vendors, like other commercial entities, continue to be targeted by or subject to computer viruses or other malicious code, unauthorized or fraudulent access, human errors, ransomware or cyber-attacks, and other breaches or incidents affecting our cybersecurity and information security systems. Globally, the frequency, severity and sophistication of cybersecurity incidents have increased, and these trends may continue. While we have implemented, and we require our critical vendors to implement, what we believe to be reasonable and appropriate cybersecurity and data protection measures, including a formal risk-based information security program, our efforts to minimize the risk of cyber-incidents and protect our information technology may be insufficient to prevent material break-ins, attacks, fraud, security breaches or other unauthorized access to our and our vendors' systems, including as a result of software code that contains vulnerabilities that may increase the potential of cyber-attacks or unauthorized access. We may not timely detect such incidents. If we or our vendors fail to prevent, detect, address and mitigate such incidents, we may suffer significant financial and reputational harm. There is no assurance that our security measures or those of our vendors, including information security policies, administrative, technical and physical controls and other actions designed as preventative, will provide fully effective protection from such events. In addition, we routinely transmit, receive and store personal, confidential and proprietary information by electronic means, including customers' confidential health-related information. Although we attempt to keep such information confidential and secure, we may be unable to do so in all events, and we or our vendors may also fail to maintain adequate internal controls or comply with relevant policies and procedures designed to ensure the privacy and integrity of sensitive data. Such failure may result in our or our vendors' intentional or unintentional disclosure or misuse of confidential information, as well as others' misappropriation of such confidential information, which could damage our reputation, reduce demand for our products and services and subject us to significant legal and regulatory liability and expenses, which would harm our business, results of operations and financial condition. We, our vendors, our reinsurers, and our customers may suffer disasters such as a natural catastrophe, epidemic, pandemic, industrial accident, blackout, computer virus, terrorist attack, ransomware or cyber-attack, or war, and ours or their disaster recovery systems may be insufficient to safeguard our ability to conduct normal business operations, obtain reinsurance and maintain our critical business or information technology systems in such circumstances, particularly if such disasters affect computer-based data processing, transmission, storage and retrieval systems and/or destroy or otherwise adversely impact the confidentiality, integrity or availability of valuable data or the financial wherewithal of reinsurers or vendors. Our ability to conduct business effectively and maintain the security, integrity, confidentiality or privacy of sensitive data could be severely compromised if, as a result of such disaster, key personnel are unavailable, or our vendors' ability to provide goods and services and our associates' ability to perform their job responsibilities are impaired. We may not carry business interruption insurance sufficient to protect us from all losses that may result from such interruptions, and any insurance for liability, operational and other risks may become less readily available or more expensive in the future. We may not be able to reliably access all the documents and records in the information storage systems we use, whether electronic or physical. We may fail to obtain or maintain all the records we need to administer and establish appropriate reserves for benefits and claims accurately and timely. If a data breach exposed any of our sensitive financial information, then customers, investors, or regulators may develop an inaccurate perception of our financial condition or results of operations. We could be compelled to publicly disclose information prematurely in order to dispel such inaccurate perceptions, or in order to fulfill our disclosure obligations, even if we do not believe the information is yet completely reliable or confirmed per our usual internal controls and disclosure controls. This may result in harm to our reputation. Regulators' or others' scrutiny of cybersecurity, including new laws or regulations, could increase our compliance costs and operational burdens, especially as regulatory and legislative focus on cybersecurity matters intensifies, which could lead to more enforcement actions of such laws or regulations. See "Business - Regulation - Cybersecurity, Privacy and Data Protection Regulation" for additional information. Regulators, customers, or others may act against us for any cybersecurity failures. We also have an increasing challenge of attracting and retaining highly qualified personnel to assist us in combating these security threats. Our continuous technological evaluations and enhancements, including changes designed to update our protective measures, may increase our risk of a breach or gap in our security. We may incur higher costs to comply with laws on, or regulators' scrutiny of, our use, collection, management, or transfer of data and other privacy practices. We are continuously evaluating and enhancing our cybersecurity and information security systems and creating new systems and processes. However, there can be no assurance that these measures will be effective in preventing or limiting the impact of future cybersecurity incidents.

Competitive pressures, based on a number of factors including service, product features, scale, price, financial strength, claims-paying ratings, credit ratings, e-business capabilities, name recognition, performance against ESG metrics, technology, adaptation in light of pandemics and other public health issues, changes in regulation and taxes, and other factors, may adversely affect the persistency of our products and our ability to sell products in the future. We may be harmed by competition from other insurance companies, as well as non-insurance financial services companies, which may have a broader array of products, more competitive pricing, higher claims paying ability ratings, greater financial resources with which to compete, or pre-existing customer bases for financial services products. Additionally, we may lose purchasers of group insurance products that are underwritten annually due to more favorable terms from competitors. Furthermore, the investment management and securities brokerage businesses have relatively low barriers to entry and continually attract new entrants. Our customers and clients may engage other financial service providers, resulting in our loss of business. An increase in consolidation activity among banks, brokers and broker-dealers may negatively impact the insurance industry's sales. It may increase competition for access to distributors, resulting in greater distribution expenses, and may impair our ability to market insurance products to or expand our current customer base. Consolidation and other industry changes may also increase the likelihood that distributors will renegotiate agreements on terms less favorable to us. In addition, legislative and other changes affecting the regulatory environment for our business may not impact all activities and companies equally, which could adversely affect our competitive position within the insurance industry and the broader financial services industry.