Raymond James Financial (RJF) Risk Factors

The financial services industry faces significant litigation and regulatory risks. Additionally, our litigation and regulatory risks continue to increase as our business grows both domestically and internationally. Many aspects of our business involve substantial risk of liability. We have been named as a defendant or co-defendant in lawsuits and arbitrations primarily involving claims for damages. The risks associated with potential litigation often may be difficult to assess or quantify and the existence and magnitude of potential claims often remain unknown for substantial periods of time. Unauthorized or illegal acts of our associates could also result in substantial liability. In addition, our business activities include providing custody, clearing, and back office support for certain non-affiliated, independent RIAs and broker-dealers. Even though these independent firms are exclusively responsible for their operations, supervision, compliance, and the suitability of their client's investment decisions, we have been, and may in the future be, named as defendants in litigation involving their clients. We are also the subject of inquiries, investigations, and proceedings by regulatory and other governmental agencies. In challenging market conditions, the volume of claims and amount of damages sought in litigation and regulatory proceedings against financial institutions have historically increased. Litigation risks include potential liability under securities laws or other laws for: alleged materially false or misleading statements made in connection with securities offerings and other transactions; issues related to our investment recommendations, including the suitability of such recommendations or potential concentration of investments; the inability to sell or redeem securities in a timely manner during adverse market conditions; contractual issues; employment claims; and potential liability for other advice we provide to participants in strategic transactions. Substantial legal liability could have a material adverse financial impact or cause us significant reputational harm, which in turn could seriously harm our business and future business prospects. In addition to financial costs and risks associated with potential liability, the costs of defending litigation, claims, and/or regulatory matters continue to increase over time. The amount of attorneys' fees incurred in connection with the defense of litigation, claims and/or regulatory matters could be substantial and might materially and adversely affect our results of operations. See "Item 3 - Legal Proceedings" and Note 19 of the Notes to Consolidated Financial Statements of this Form 10-K for additional information about legal and regulatory matters.

We are subject to a variety of risks, including reputational risk, associated with environmental, social, and governance matters. As a large financial institution, we have multiple stakeholders, including our shareholders, clients, associates, federal and state regulatory authorities, and the communities in which we operate, and these stakeholders will often have differing priorities and expectations regarding such matters. For example, individual U.S. states are increasingly developing differing, and sometimes conflicting, rules related to environmental, social, and governance matters. If we take action in conflict with one or another of those stakeholders' expectations, we could experience an increase in client complaints, a loss of business, or reputational harm. We could also face negative publicity or reputational harm based on the identity of those with whom we choose to do business. Any adverse publicity in connection with environmental, social, and governance issues could damage our reputation, ability to attract and retain clients and associates, compete effectively, and grow our business. In addition, proxy advisory firms and certain institutional investors who manage investments in public companies may integrate environmental, social, and governance factors into their investment analysis. The consideration of environmental and social matters in making investment and voting decisions is relatively new. Accordingly, the frameworks and methods for assessing policies related to such matters are not fully developed, vary considerably among the investment community, and will likely continue to evolve over time. Moreover, the subjective nature of methods used by various stakeholders to assess a company with respect to environmental, social, and governance criteria could result in erroneous perceptions or a misrepresentation of our actual policies and practices in these areas. Organizations that provide ratings information to investors on such matters may also assign unfavorable ratings to RJF. Public companies continue to face pressure from stakeholders to consider environmental, social, and governance issues in corporate actions, such as the election of directors and approval of executive compensation. Certain of our clients might also require that we implement additional procedures or standards in these areas in order to continue to do business with them. If we fail to comply with specific investor or client expectations and standards, or to provide the disclosure relating to these issues that any third parties may believe is necessary or appropriate (regardless of whether there is a legal requirement to do so), our reputation, business, financial condition, and/or results of operations could be negatively impacted. Moreover, there has been increased regulatory focus on the disclosure practices of investment managers offering sustainable and values-based investment strategies, resulting in increased risk that we could be perceived as making inaccurate or misleading statements regarding the investment strategies of our funds and ETFs, commonly referred to as "greenwashing." Such perceptions or accusations could damage our reputation, result in litigation or regulatory enforcement actions, and adversely affect our business.

Our operations rely heavily on the secure processing, storage, and transmission of sensitive and confidential financial, personal, and other information in our computer systems and networks. There have been numerous highly publicized cases involving financial services companies reporting the unauthorized disclosure of client or other confidential information in recent years, as well as cyber-attacks involving the theft, dissemination, and destruction of corporate information or other assets, in some cases as a result of failure to follow procedures by employees or contractors or as a result of actions by third parties. There have also been numerous highly publicized cases where hackers have requested "ransom" payments in exchange for not disclosing customer information or for restoring access to information or systems. Like other financial services firms, we experience malicious cyber activity directed at our computer systems, software, networks, and users on a daily basis. This malicious activity includes attempts at unauthorized access, implantation of computer viruses or malware, and denial-of-service attacks. We also experience large volumes of phishing and other forms of social engineering attempted for the purpose of perpetrating fraud against the firm, our associates, or our clients. Additionally, we may face increased cybersecurity risk for a period of time after acquisitions as we transition the acquired entity's historical systems and networks to our standards. We also face increased cybersecurity risk related to mobile and cloud solutions or those related to new and emerging technologies such as AI. We seek to continuously monitor for and nimbly react to any and all such malicious cyber activity, and we develop our systems to protect our technology infrastructure and data from misuse, misappropriation, or corruption. Cyber-attacks can originate from a variety of sources, including threat actors affiliated with foreign governments, organized crime, or terrorist organizations. Threat actors may also attempt to place individuals within our firm, or induce employees, clients, or other users of our systems, to disclose sensitive information or provide access to our data, and these types of risks may be difficult to detect or prevent. Although cybersecurity incidents among financial services firms are on the rise, we have not experienced any material losses relating to cyber-attacks or other information security breaches. However, the techniques used in these attacks are increasingly sophisticated, change frequently, and are often not recognized until launched. Although we seek to maintain a robust suite of authentication and layered information security controls, including our cyber threat analytics, data encryption, anti-malware defenses, and vulnerability management programs, any one or combination of these controls could fail to detect, mitigate, or remediate these risks in a timely manner. Despite our implementation of protective measures and endeavoring to modify them as circumstances warrant, our computer systems, software, and networks may be vulnerable to human error, equipment failure, natural disasters, power loss, unauthorized access, supply chain attacks, distributed denial-of-service attacks, computer viruses and other malicious code, and other events that could result in significant liability and damage to our reputation, and have an ongoing impact on the security and stability of our operations. In addition, although we maintain insurance coverage that may, subject to terms and conditions, cover certain aspects of cyber and information security risks, such insurance coverage may be insufficient to cover all losses, such as litigation costs or financial losses that exceed our policy limits or are not covered under any of our current insurance policies. We also rely on numerous third-party service providers to conduct other aspects of our business operations, and we face similar risks relating to them. While we regularly conduct security assessments on these third-party vendors, we cannot be certain that their information security protocols are sufficient to withstand a cyber-attack or other security breach. We also cannot be certain that we will receive timely notification of such cyber-attacks or other security breaches. In addition, in order to access our products and services, our clients, independent contractor financial advisors, and financial advisors associated with firms affiliated with us through our RCS division may use computers and other devices that are beyond our security control systems. Notwithstanding the precautions we take, if a cyber-attack or other information security breach were to occur, this could jeopardize the information we confidentially maintain, or otherwise cause interruptions in our operations or those of our clients and counterparties, exposing us to liability. As attempted attacks continue to evolve in scope and sophistication, we may be required to expend substantial additional resources to modify or enhance our protective measures, to investigate and remediate vulnerabilities or other exposures or to communicate about cyber-attacks to our clients and/or regulators. A technological breakdown could also interfere with our ability to comply with financial reporting and other regulatory requirements, exposing us to potential disciplinary action by regulators. Further, successful cyber-attacks at other large financial institutions or other market participants, whether or not we are affected, could lead to a general loss of confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the financial system in general, which could result in reduced use of our financial products and services. Further, in light of the high volume of transactions we process, the large number of our clients, partners, and counterparties, and the increasing sophistication of malicious actors, a cyber-attack could occur. Moreover, any such cyber-attack may persist for an extended period of time without detection. We endeavor to design and implement policies and procedures to identify such cyber-attacks as quickly as possible; however, we expect that any investigation of a cyber-attack would take substantial amounts of time, and that there may be extensive delays before we obtain full and reliable information. During such time we would not necessarily know the extent of the harm or how best to remediate it, and certain errors or actions could be repeated or compounded before they are discovered and remediated, all of which would further increase the costs and consequences of such an attack. We may also be subject to liability under various data protection laws. In providing services to clients, we manage, utilize, and store sensitive or confidential client or employee data, including personal data. As a result, we are subject to numerous laws and regulations designed to protect this information, such as U.S. federal, state, and international laws governing the protection of personally identifiable information. These laws and regulations are increasing in complexity and number. If any person, including any of our associates, negligently disregards or intentionally breaches our established controls with respect to client or employee data, or otherwise mismanages or misappropriates such data, we could be subject to significant monetary damages, regulatory enforcement actions, fines, and/or criminal prosecution. In addition, unauthorized disclosure of sensitive or confidential client or employee data, whether through system failure, employee negligence, fraud, or misappropriation, could damage our reputation and cause us to lose clients and related revenue. Potential liability in the event of a security breach of client data could be significant. Depending on the circumstances giving rise to the breach, this liability may not be subject to a contractual limit or an exclusion of consequential or indirect damages. Further, lapses in cybersecurity controls, as perceived by our regulators, could lead to fines and penalties compounding monetary losses.

Our businesses rely extensively on data processing and communications systems. In addition to better serving clients, the effective use of technology increases efficiency and enables us to reduce costs. Adapting or developing our technology systems to meet new regulatory requirements, client needs, and competitive demands is critical for our business. Introduction of new technology presents challenges on a regular basis. There are significant technical and financial costs and risks in the development of new or enhanced applications, including the risk that we might be unable to effectively use new technologies, adapt our applications to emerging industry standards, or keep applications current as it relates to vulnerabilities and security controls. Our continued success depends, in part, upon our ability to: (i) successfully maintain and upgrade the capability of our technology systems on a regular basis; (ii) maintain the quality of the information contained in our data processing and communications systems; (iii) address the needs of our clients by using technology to provide products and services that satisfy their demands; (iv) retain skilled information technology employees; and (v) ensure that our existing and new technology systems conform to regulatory requirements. Failure of our technology systems to operate appropriately, which could result from events beyond our control, including a systems malfunction or cyber-attack, failure by a third-party service provider, or an inability to effectively upgrade those systems or implement new technology-driven products or services, could result in financial losses, liability to clients for non-compliant data processing, and violations of privacy and other laws and regulations, as well as regulatory sanctions.

We are engaged in intensely competitive businesses. We compete on the basis of a number of factors, including the quality of our associates, our products and services, pricing (such as execution pricing and fee levels), technology solutions, and location and reputation in relevant markets. Over time, there has been substantial consolidation and convergence among companies in the financial services industry, which has significantly increased the capital base and geographic reach of our competitors. See "Item 1 - Business - Competition" of this Form 10-K for additional information about our competitors. We compete directly with other national full service broker-dealers, investment banking firms, commercial banks, and investment advisors, investment managers, and to a lesser extent, with discount brokers and dealers. We face competition from more recent entrants into the market, including fintechs, and increased use of alternative sales channels by other firms. Technology has lowered barriers to entry and made it possible for fintechs to compete with larger financial institutions in providing electronic, internet-based, and mobile phone-based financial solutions. This competition has grown significantly over recent years and is expected to intensify. In addition, commercial firms and other non-traditional competitors have applied for banking licenses or have entered into partnerships with banks to provide banking services. We also compete indirectly for investment assets with insurance companies, real estate firms, and hedge funds, among others. Competition from other financial services firms to attract clients or trading volume, through direct-to-investor online financial services, or higher deposit rates to attract client cash balances, could result in pricing pressure or otherwise adversely impact our business and cause our business to suffer. Our future success also depends in part on our ability to develop, maintain, and enhance our products and services, including factors such as customer experience, and the pricing and range of our offerings. The financial services industry is continually undergoing rapid technological change with frequent introductions of new technology-driven products and services. If we are not able to develop new products and services, enhance existing offerings, effectively implement new technology-driven products and services, or successfully market these products and services to our customers, our business, financial condition or results of operations may be adversely affected. Furthermore, both financial institutions and their non-banking competitors face the risk that payments processing and other services could be significantly disrupted by technologies (e.g., AI, online trading platforms, digital payment technologies) that require no intermediation. New technologies have required, and could require us in the future, to spend more to modify or adapt our products to attract and retain clients or to match products and services offered by our competitors, including technology companies. Although we currently do not use AI extensively, we may in the future use, develop, and incorporate within our technology platform and services, systems and tools that incorporate AI and machine learning, including generative AI. Although we strive to establish and maintain appropriate governance and risk management processes, ineffective or inadequate AI development or deployment practices by us or third-party vendors could result in unintended consequences such as AI algorithms that produce inaccurate output or that are based on biased, incomplete, and/or inaccurate datasets. Any of the foregoing may result in harm to our business, results of operations, or reputation. Compliance with new or changing laws, regulations, or industry standards relating to AI may impose significant operational costs and limit our ability to develop, deploy, or use AI and machine learning technologies. We must monitor the pricing of our services and financial products in relation to competitors and periodically may need to adjust our fees, commissions, margins, or interest rates on deposits to remain competitive. In fixed income markets, regulatory requirements have resulted in greater price transparency, leading to price competition and decreased trading margins. Our trading margins have been further compressed by the shift from high- to low-touch services over time, which has created additional competitive pressure. We believe that price competition and pricing pressures in these and other areas will continue as institutional investors continue to reduce the amounts they are willing to pay, including by reducing the number of brokerage firms they use, and some of our competitors seek to obtain market share by reducing fees, commissions, or margins.

Maintaining our reputation is critical to attracting and maintaining clients, investors, and associates. If we fail to address, or appear to fail to address, issues that may give rise to reputational risk, we could significantly harm our business prospects. These issues may include, but are not limited to, any of the risks discussed in this Item 1A, including appropriately dealing with potential conflicts of interest, legal and regulatory requirements, fraud perpetrated against our clients, ethical issues, money laundering, cybersecurity and privacy, record-keeping, sales and trading practices, and associate misconduct. In addition, the failure to either sell securities we have underwritten at anticipated price levels or to properly identify and communicate the risks inherent in the products and services we offer could also give rise to reputational risk. A failure or perceived failure to maintain appropriate service and quality standards or to treat clients fairly can result in client dissatisfaction, litigation, and heightened regulatory scrutiny, all of which can lead to lost revenue, higher operating costs, and reputational harm. Negative publicity about us, including information posted on social media or other internet forums or published by news organizations, whether or not true, may also harm our reputation. The speed and pervasiveness with which information can be disseminated through these channels, in particular social media, may magnify risk relating to negative publicity. Further, failures at other large financial institutions or other market participants, regardless of whether they relate to our activities, could lead to a general loss of client confidence in financial institutions that could negatively affect us, including harming the market perception of the financial system in general.

We are engaged in various financial services businesses. As such, we are affected by domestic and international macroeconomic and political conditions, as well as economic output levels, interest and inflation rates, employment levels, prices of commodities, consumer confidence levels, changes in consumer spending, international trade policy, and fiscal and monetary policy. For example, Fed policies determine, in large part, interest rates and the cost of funds which directly affect the returns and fair value on our lending and investing activities. The market impact from such policies can also materially decrease the value of certain of our financial assets, most notably debt securities, as well as our cash flows. In addition, our results of operations may be impacted by changes resulting from different political philosophies governing individual and corporate taxation, as well as regulation, which may result from the outcome of the recent federal elections in the U.S. For example, changes to tax laws and regulations, including various provisions of the Tax Cut and Jobs Act ("TCJA") which will expire in 2025 if not extended, may negatively impact our effective income tax rate, financial results, or the amount of any tax assets or liabilities. Changes in tax law and regulation, or any market uncertainty caused by a change in the political environment, may also affect our clients and, directly or indirectly, our business. Macroeconomic conditions may also be negatively affected by domestic or international events, including natural disasters, political unrest, the indirect impact of wars and conflicts, such as the wars in Ukraine and Israel, or public health epidemics and pandemics, as well as by a number of factors in the global financial markets that may be detrimental to our operating results. If we were to experience a period of sustained downturn in the securities markets, credit market dislocations, reductions in the value of real estate, increases in mortgage and other loan delinquencies, or other negative market factors, our revenues and the value of the assets we own could be adversely impacted. Market uncertainty could also cause clients to move their investments to lower margin products, or withdraw them, which could have an adverse impact on our profitability. We could also experience a material reduction in trading volume and lower asset prices in times of market uncertainty, which would result in lower brokerage revenues, including losses on firm inventory, as well as losses on certain of our investments. Conversely, periods of severe market volatility may result in a significantly higher level of transactions and activity which may cause operational challenges that may result in losses. These can include, but are not limited to, trade errors, failed transaction settlements, late collateral calls to borrowers and counterparties, credit losses, or interruptions to our system processing. Periods of reduced revenue and other losses could lead to reduced profitability because certain of our expenses, including our interest expense on debt, lease expenses, and salary expenses, are fixed, and our ability to reduce them over short time periods is limited. Our businesses and revenues derived from non-U.S. operations may also be subject to risk of loss from currency fluctuations, social or political instability, less established regulatory regimes, changes in governmental or central bank policies, downgrades in the credit ratings of sovereign countries, expropriation, nationalization, confiscation of assets and unfavorable legislative, economic and political developments.

Certain of our principal operations are located in St. Petersburg, Florida. While we have a business continuity plan that provides for significant operations to be conducted out of remote locations, as well as our Southfield, Michigan and Memphis, Tennessee corporate offices, and our U.S. information systems processing to be conducted out of our information technology data center in the Denver, Colorado area, our operations could be adversely affected by hurricanes or other serious weather conditions, the magnitude and frequency of which may be affected by climate change. Such weather conditions could affect the processing of transactions, communications, and the ability of our associates to get to our offices, or work remotely. In addition, our operations are dependent on our associates' ability to relocate to a secondary location in the event of a power outage or other disruption in their primary remote work location. Furthermore, such weather events may also have a negative impact on the operations and/or financial condition of our clients or counterparties, which may affect the processing of transactions with such parties, decrease revenues from such clients or increase the credit risk associated with loans and other credit exposures to such clients.