Renasant (RNST) Risk Factors

In connection with the Merger, we will assume all of The First's liabilities by operation of law. There may be liabilities that we failed or were unable to discover in the course of performing due diligence investigations into The First, or we may not have correctly assessed the significance of certain liabilities of The First identified in the course of our due diligence. Any such liabilities, individually or in the aggregate, could have an adverse effect on our business, financial condition and results of operations.

A significant portion of our loan portfolio is secured by real property. During the ordinary course of business, we may foreclose on and take title to properties securing certain loans. In doing so, there is a risk that hazardous or toxic substances could be found on these properties. If hazardous or toxic substances are found, we may be liable for remediation costs, as well as for personal injury and property damage. Environmental laws may require us to incur substantial expenses and may materially reduce the affected property's value or limit our ability to use or sell the affected property. The remediation costs and any other financial liabilities associated with an environmental hazard could have a material adverse effect on our financial condition and results of operations. In addition, future laws or more stringent interpretations or enforcement policies with respect to existing laws may increase our exposure to environmental liability. Although management has policies and procedures to perform an environmental review before the loan is recorded and before initiating any foreclosure action on real property, these reviews may not be sufficient to detect all potential environmental hazards.

Maintaining adequate liquidity is crucial to the operation of our business. We need sufficient liquidity to meet customer loan requests, deposit maturities and withdrawals and other cash commitments arising in both the ordinary course of business and in other unpredictable circumstances. We rely on dividends from the Bank as our primary source of funds. The primary source of the Bank's funds are customer deposits, loan repayments, proceeds from our investment securities and borrowings. While scheduled loan repayments are a relatively stable source of funds, they are subject to the ability of borrowers to repay the loans. The ability of borrowers to repay loans can be adversely affected by a number of factors, including changes in economic conditions, adverse trends or events affecting business industry groups, reductions in real estate values or markets, business closings or lay-offs, pandemics, inclement weather, natural disasters and international instability. Additionally, deposit levels may be affected by a number of factors, including interest rates paid by competitors, general interest rate levels, returns available to customers on alternative investments and general economic conditions. For example, following the March 2023 bank failures, many depositors became concerned about the soundness of other financial institutions and moved deposits to larger financial institutions or to other investment vehicles. Accordingly, we may be required from time to time to rely on secondary sources of liquidity to meet withdrawal demands or otherwise fund operations or to support growth. These secondary sources, which generally have a higher cost than deposits, include Federal Home Loan Bank advances and federal funds lines of credit from correspondent banks. If the aforementioned sources of liquidity are not adequate for our needs, we may attempt to raise additional capital in the equity or debt markets. Our ability to raise additional capital, if needed, will depend on conditions in such markets at that time, which are outside our control, and on our financial performance. If we are unable to meet our liquidity needs through any of the aforementioned sources, whether at all or at the time or the cost that we anticipate, we may be required to slow or discontinue loan growth, capital expenditures or other investments or liquidate assets.

The Company, our vendors (inclusive of vendors to our vendors) and our customers rely heavily on communications and information security systems to securely and reliably process, record, transmit and monitor confidential and other information through our and their computer systems and networks. Our operational systems, including, among other things, deposit and loan servicing, online and mobile banking, wealth management, accounting and data processing, could be materially adversely impacted by a failure, interruption or breach in the security or integrity of any of these systems, including systems under the control of vendors. As a financial institution, the Company is subject to ongoing threats to its systems, software, networks and other technology that originate from various sources, including our employees, cyber-criminals, hacktivists, groups linked to terrorist organizations or hostile countries, and third parties aiming to disrupt financial institutions more generally. Information security threats include computer hacking involving the introduction of computer viruses or malicious code known as "malware" into the Company's systems, cyber-attacks, identity theft, electronic fraudulent activity and attempted theft of financial assets. These threats, which are designed to obtain unauthorized access to confidential information belonging to the Company or its customers, manipulate or destroy data or systems, disrupt service on the Company's systems, or steal money through the use of "ransomware," are increasingly sophisticated and constantly evolving. In addition, our systems are threatened by unpredictable events such as terrorist attacks, power outages or tornadoes or other natural disasters. The Company may not be able to effectively implement, develop and manage critical systems and information technology infrastructure to facilitate strategic business initiatives, which could impair our ability to achieve financial, operational, compliance and strategic objectives and negatively affect our business, financial condition or results of operations. We have invested a significant amount of time and expense in security infrastructure investments and the development of policies and procedures governing our operations as well as in employee training and the monitoring of our vendors, in our efforts to preserve the security, integrity and continuity of our operations from the aforementioned threats. As described in the next paragraph, however, we have experienced security breaches and cyber-attacks, none of which have materially impacted the Company. Importantly, though, due to the difficulty in anticipating, detecting and recognizing threats to the Company's systems, coupled with the fact that we do not have control over the information security systems of customers, vendors and third parties, we can provide no assurances that our systems, or our vendor's or customer's systems, will not experience in the future any material failures, interruptions or security breaches of our communications and information securities systems or that, if any such failures, interruptions or breaches occur, they will be addressed in a timely and adequate manner. A successful penetration or circumvention of our security systems or other significant disruption of our information systems or those of customers, vendors or other third parties, including as a result of cyber-attacks, could (i) significantly and adversely impact our operations or those of our customers by disrupting our networks and systems; (ii) result in the unauthorized access to, and destruction, loss, theft, misappropriation or release of confidential, sensitive or otherwise valuable information and the use of such information to process fraudulent transactions; (iii) result in a violation of applicable privacy, data breach and other laws, subjecting the Company to additional regulatory scrutiny and exposure to civil litigation, criminal penalties, governmental fines or sanctions or financial liability; (iv) require significant management attention and resources to respond, remediate or remedy the damages that result; and/or (v) harm the reputation of or cause a loss of confidence in, the Company, in turn resulting in a decrease in the number of customers that choose to do business with the Company. Further, the extent of a particular failure, interruption or security breach of our communications and information securities systems, and the steps that the Company may need to take to investigate and remedy the matter, may not be immediately clear, and it may take a significant amount of time before such an investigation or determination, judicial or otherwise, can be completed. The occurrence of any of the foregoing could have a material adverse effect on our business, financial condition, results of operations or profitability. This in turn could result in financial losses to us or our customers, lasting damage to our reputation, the violation of privacy or other laws and significant litigation risk, all of which could have a material adverse effect on our financial condition and results of operations. The Company has experienced security breaches and cyber-attacks in the past. In May 2022, the Company learned of a data breach experienced by a vendor that provides property insurance validation services for the Company. This data breach, as it related to the Company, involved a third party obtaining names, addresses and loan numbers of certain customers via unauthorized access to our service provider's servers (the data breach did not involve Renasant Bank customer Social Security numbers or information related to any accounts maintained at Renasant Bank). Beginning in May 2023, the Company began receiving notices from a number of its vendors regarding the data breach related to the MOVEit Transfer software suffered by the vendor or a vendor to such vendor (the Company itself did not use the software). The data breach experienced by these vendors involved the names, account numbers, Social Security numbers and other nonpublic personal information of a relatively small number of our customers. For each incident, the Company caused notices of the data breach to be delivered to impacted clients, and we notified federal and state regulatory authorities about the incident. The relevant vendors also offered complementary credit monitoring services to consumer customers. The Company has also heightened its monitoring of the vendors' efforts to strengthen their information security infrastructure and prevent any further unauthorized access to its systems. Nonetheless, it is inevitable that additional breaches and attacks will occur in the future. While such breaches and attacks have not materially impacted the Company to date, future security breaches and cyber-attacks could result in serious and harmful consequences for the Company or its clients and customers.

In deciding whether to extend credit or enter into other transactions, we often rely on information furnished by or on behalf of customers and counterparties, including financial statements, credit reports, other financial information and appraisals of the value of collateral. We may also rely on representations of those customers, counterparties or other third parties, such as independent auditors, as to the accuracy and completeness of that information. Reliance on inaccurate or misleading financial statements, credit reports, other financial information or appraisals could have a material adverse effect on our business and, in turn, our financial condition and results of operations.

We rely on numerous vendors and other third party service providers (which we refer to collectively as "vendors") to assist us in providing our lending, deposit and other financial services as well as the back-office functions that support our day-to-day operations. We are therefore subject to the risks associated with a vendor's failure to provide the agreed-upon products or services, or its delivery of products or services at a level or in a manner that does not meet expectations. Deficient performance may result from the vendor's failure to meet its service standards under the contract (due to, among other reasons, insufficient support for its existing products and services or a change in its strategic focus) or simply because the vendor's products or services do not include the functionality, convenience or adaptability necessary to compete effectively or efficiently with other providers of the financial services we offer. Although we rigorously evaluate vendors before entering into contracts, we do not control a vendor's performance of its contractual obligations or its actions with respect thereto. A vendor's failure to meet its contractual obligations or otherwise perform as expected could be disruptive to our operations, which could have a material adverse impact on our business, financial condition and results of operations. Further, replacing service providers often entails significant delay and expense. Additionally, some external vendors require access to the Company's information systems to provide their services. We have identified these vendors as a source of information security risk, and, accordingly, our information security team monitors such vendors in accordance with Company policies. While the Company has implemented an active program to oversee the information security risk posed by vendors, there can be no assurance that the Company will not experience material security breaches associated with vendors (or service providers to our vendors). The Company's policies related to the monitoring of vendors and other third parties are discussed in detail below in Item IC, Cybersecurity, under the heading "Risk Management and Strategy - Diligence of Vendors and Other Third Parties."

The FDIC is required under the Dodd-Frank Act to maintain the Deposit Insurance Fund at a minimum reserve ratio of 1.35%. The FDIC's announced long-term goal is to maintain the reserve ratio at 2.00%. In October 2022, the FDIC raised the assessment rate by two basis points, effective in the first quarter of 2023, which increase is intended to remain in effect until the 2.00% goal is reached. The FDIC reaffirmed this goal in November 2023. The FDIC may also charge special assessments, such as the special assessment the FDIC charged certain financial institutions, including the Bank, in December 2023 based on their size and amount of uninsured deposits. Increases in deposit insurance assessment rates as well as any special assessments that the FDIC may charge us in the future may adversely affect our financial condition and results of operations.

We face substantial competition in all areas of our operations from a variety of different competitors, many of which are larger and have substantially greater resources than we have, including higher total assets and capitalization, greater access to capital markets and a broader offering of financial services. Such competitors primarily include national, regional and community banks within the various markets in which we operate. We also face competition from many other types of financial institutions (including savings and loans and credit unions), finance companies, brokerage firms, insurance companies, factoring companies, fintech companies and other financial intermediaries. Many of these competitors have fewer regulatory constraints and may have lower cost structures than the Company. The information under the heading "Competition" in Item 1, Business, in this report provides more information regarding the competitive conditions in our growth markets. Our industry could become even more competitive as a result of legislative, regulatory and technological changes. We also expect continued consolidation in the banking industry as a result of, among other things, elevated regulatory compliance and other legal costs and the benefits of scale when making investments in new technology. Banks, securities firms and insurance companies can merge under the umbrella of a financial holding company, which can offer virtually any type of financial service, including banking, securities underwriting, insurance (both agency and underwriting) and merchant banking. Also, legislative and regulatory changes on both the federal and state level may materially affect competitive conditions in our industry. Finally, technology has lowered barriers to entry and made it possible for non-banks to offer products and services traditionally provided by banks, such as loans and automatic transfer and payment systems. Our ability to compete successfully depends on a number of factors, including, among other things: -the ability to develop, maintain and build upon long-term customer relationships based on top quality service, high ethical standards and safe and sound assets;-the ability to expand our market position;-the scope, relevance and pricing of products and services offered to meet customer needs and demands;-the rate at which we introduce new products and services relative to our competitors;-customer satisfaction with our level of service; and-industry and general economic trends. Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect our growth and profitability, which, in turn, could have a material adverse effect on our financial condition and results of operations.

In addition to the general risks associated with our lending activities described above, including the effects of declines in real estate values, CRE loans are subject to additional risks. These loans depend on cash flows from the property to service the debt. Cash flows, either in the form of rental income or the proceeds from sales of commercial real estate, may be affected significantly by general economic conditions. A general downturn in the local economy where the property is located, or a decline in occupancy rates in particular, could increase the likelihood of default. An increase in defaults in our CRE loan portfolio could have a material adverse effect on our financial condition and results of operations. At December 31, 2023, we had approximately $6.8 billion in commercial real estate loans, representing approximately 55.22% of our loans outstanding on that date, as follows: (thousands)December 31, 2023Commercial Real EstateOwner-occupied$1,648,961 Non-owner occupied3,733,174 Construction1,333,397 Land Development:Commercial mortgage104,415 Total Commercial real estate loans$6,819,947 As discussed under the heading "Supervision and Regulation" in Item 1, Business, above, the federal banking agencies promulgated guidance regarding when an institution will be deemed to potentially have significant CRE concentration risk exposure, as indicated by the results of the 100/300 Test. Although the 100/300 Test is not a limit on our lending activity, if any future results of a 100/300 Test evaluation show us to have a potential CRE concentration risk, we may elect, or be required by our regulators, to adopt additional risk management practices or other limits on our activities, which could have a material adverse effect on our financial condition and results of operations.