Stifel Financial (SF) Risk Factors

The financial services industry faces significant litigation and regulatory risks. Additionally, our litigation and regulatory risks continue to increase as our business expands internationally. Many aspects of our business involve substantial risk of liability. We have been named as a defendant or co-defendant in lawsuits and arbitrations primarily involving claims for damages. The risks associated with potential litigation often may be difficult to assess or quantify, and the existence and magnitude of potential claims often remain unknown for substantial periods of time. In our role as underwriter and selling agent, we may be liable if there are material misstatements or omissions of material information in prospectuses and other communications regarding underwritten offerings of securities. At any point in time, the aggregate amount of existing claims against us could be material. While we do not expect the outcome of any existing claims against us to have a material adverse impact on our business, financial condition, or results of operations, we cannot assure you that these types of proceedings will not materially and adversely affect our company. We do not carry insurance that would cover payments regarding these liabilities, except for insurance against certain fraudulent acts of our associates. Acts of fraud are difficult to detect and deter, and while we believe our supervisory procedures are reasonably designed to detect and prevent violations of applicable laws, rules, and regulations, we cannot assure investors that our risk management procedures and controls will prevent losses from fraudulent activity. In addition, our bylaws provide for the indemnification of our officers, directors, and associates to the maximum extent permitted under Delaware law. In the future, we may be the subject of indemnification assertions under these documents by our officers, directors, or associates who have or may become defendants in litigation. These claims for indemnification may subject us to substantial risks of potential liability. In challenging market conditions, the volume of claims and amount of damages sought in litigation and regulatory proceedings against financial institutions have historically increased. Litigation risks include potential liability under securities laws or other laws for alleged materially false or misleading statements made in connection with securities offerings and other transactions, issues related to our investment recommendations, including the suitability of such recommendations or potential concentration of investments, the inability to sell or redeem securities in a timely manner during adverse market conditions, contractual issues, employment claims, and potential liability for other advice we provide to participants in strategic transactions. Substantial legal liability could have a material adverse financial impact or cause us significant reputational harm, which, in turn, could seriously harm our business and future business prospects. In addition to the foregoing financial costs and risks associated with potential liability, the costs of defending individual litigation and claims and/or regulatory matters continue to increase over time. The amount of attorneys' fees incurred in connection with the defense of litigation and claims and/or regulatory matters could be substantial and might materially and adversely affect our results of operations. See "Item 3 – Legal Proceedings," and Note 18 of the Notes to Consolidated Financial Statements of this Form 10-K for further information about legal matters.

We are subject to a variety of risks, including reputational risk, associated with ESG matters. The public holds diverse and often conflicting views on ESG topics. As a large financial institution, we have multiple stakeholders, including our shareholders, clients, associates, federal and state regulatory authorities, and the communities in which we operate, and these stakeholders will often have differing priorities and expectations regarding ESG issues. For example, individual U.S. states are increasingly developing differing, and sometimes conflicting, rules related to ESG matters, such as the recently enacted Climate Corporate Data Accountability Act in California. If we take action in conflict with one or another of those stakeholders' expectations, we could experience an increase in client complaints, a loss of business, or reputational harm. We could also face negative publicity or reputational harm based on the identity of those with whom we choose to do business. Any adverse publicity in connection with ESG issues could damage our reputation, our ability to attract and retain clients and associates, compete effectively, and grow our business. In addition, proxy advisory firms and certain institutional investors who manage investments in public companies are increasingly integrating ESG factors into their investment analysis. The consideration of environmental and social matters in making investment and voting decisions is relatively new. Accordingly, the frameworks and methods for assessing ESG policies are not fully developed, vary considerably among the investment community, and will likely continue to evolve over time. Moreover, the subjective nature of methods used by various stakeholders to assess a company with respect to ESG criteria could result in erroneous perceptions or a misrepresentation of our actual ESG policies and practices. Organizations that provide ratings information to investors on ESG matters may also assign unfavorable ratings to our company. Public companies are facing increased pressure from stakeholders to consider ESG issues in corporate actions, such as the election of directors and approval of executive compensation. Certain of our clients might also require that we implement additional ESG procedures or standards in order to continue to do business with them. If we fail to comply with specific ESG-related investor or client expectations and standards, or to provide the disclosure relating to ESG issues that any third parties may believe is necessary or appropriate (regardless of whether there is a legal requirement to do so), our reputation, business, financial condition, and/or results of operations, as well as the price of our common and preferred stock could be negatively impacted.

The SEC's Regulation Best Interest requires, among other things, a broker-dealer to act in the best interest of a retail client when making a recommendation to that client of any securities transaction or investment strategy involving securities. The regulation imposes heightened standards on broker-dealers, and we have incurred substantial costs in order to review and modify our policies and procedures, including associated supervisory and compliance controls. We anticipate that we will continue to incur incremental costs in the future to comply with the standard. In addition to the SEC, various states have adopted, or are considering adopting, laws and regulations seeking to impose new standards of conduct on broker-dealers that, as written, differ from the SEC's regulations and may lead to additional implementation costs. Implementation of the SEC regulations, as well as any new state rules that are adopted addressing similar matters, has resulted in (and may continue to result in) increased costs related to compliance, legal, operations, and information technology. Furthermore, certain non-U.S. jurisdictions have imposed heightened standards of conduct, which may have similar impacts on our business in those jurisdictions. The DOL has indicated that it plans to amend the definition of "fiduciary" in connection with investment advice regarding employee benefit plans and IRAs. Imposing a new fiduciary standard could result in increased costs and other impacts to our business.

We are engaged in intensely competitive businesses. We compete on the basis of a number of factors, including the quality of our associates, our products and services, pricing (such as execution pricing and fee levels), technology solutions, and location and reputation in relevant markets. Over time, there has been substantial consolidation and convergence among companies in the financial services industry, which has significantly increased the capital base and geographic reach of our competitors. See "Item 1 – Business - Competition" of this Form 10-K for additional information about our competitors. We compete directly with other national full-service broker-dealers, investment banking firms, commercial banks, and investment managers, and to a lesser extent, with discount brokers and dealers and investment advisers. We face competition from more recent entrants into the market, including fintechs, and increased use of alternative sales channels by other firms. Technology has lowered barriers to entry and made it possible for fintechs to compete with larger financial institutions in providing electronic, internet-based, and mobile phone-based financial solutions. This competition has grown significantly over recent years and is expected to intensify. In addition, commercial firms and other non-traditional competitors have applied for banking licenses or have entered into partnerships with banks to provide banking services. We also compete indirectly for investment assets with insurance companies, real estate firms, and hedge funds, among others. Competition from other financial services firms to attract clients or trading volume, through direct-to-investor online financial services, or higher deposit rates to attract client cash balances, could result in pricing pressure or otherwise adversely impact our business and cause our business to suffer. Our future success also depends in part on our ability to develop, maintain, and enhance our products and services, including factors such as customer experience, and the pricing and range of our offerings. The financial services industry is continually undergoing rapid technological change with frequent introductions of new technology-driven products and services. If we are not able to develop new products and services, enhance existing offerings, effectively implement new technology-driven products and services, or successfully market these products and services to our customers, our business, financial condition, or results of operations may be adversely affected. Furthermore, both financial institutions and their non-banking competitors face the risk that payments processing and other services could be significantly disrupted by technologies, such as cryptocurrencies, that require no intermediation. New technologies have required, and could require us in the future, to spend more to modify or adapt our products to attract and retain clients or to match products and services offered by our competitors, including technology companies. We must monitor the pricing of our services and financial products in relation to competitors and periodically may need to adjust our fees, commissions, margins, or interest rates on deposits to remain competitive. In fixed income markets, regulatory requirements have resulted in greater price transparency, leading to price competition and decreased trading margins. Our trading margins have been further compressed by the shift from high- to low-touch services over time, which has created additional competitive pressure. We believe that price competition and pricing pressures in these and other areas will continue as institutional investors continue to reduce the amounts they are willing to pay, including by reducing the number of brokerage firms they use, and some of our competitors seek to obtain market share by reducing fees, commissions, or margins.

We have grown our asset management business in recent years, which has increased the risks associated with this business relative to our overall operations. The asset management fees we are paid are dependent upon the value of client assets in fee-based accounts in our Private Client Group segment, as well as assets under management ("AUM") in our asset management business. The value of our fee-based assets and AUM is impacted by market fluctuations and inflows or outflows of assets. As our Private Client Group clients increasingly show a preference for fee-based accounts over transaction-based accounts, a larger portion of our client assets are more directly impacted by market movements. Therefore, in periods of declining market values, the values of fee-based accounts and AUM may resultantly decline, which would negatively impact our revenues. In addition, below-market investment performance by our funds, portfolio managers, or financial advisors could result in reputational damage that might cause outflows or make it more difficult to attract new investors into our asset management products and thus further impact our business and financial condition. Our asset management fees may also decline over time due to factors such as increased competition and the renegotiation of contracts. In addition, the market environment in recent years has resulted in a shift to passive investment products, which generate lower fees than actively managed products. A continued trend toward passive investments or changes in market values or in the fee structure of asset management accounts would negatively affect our revenues, business, and financial condition.

Maintaining our reputation is critical to attracting and maintaining clients, investors, financial advisors, and other associates. If we fail to address, or appear to fail to address, issues that may give rise to reputational risk, we could significantly harm our business prospects. These issues may include, but are not limited to, any of the risks discussed in this Item 1A, including appropriately dealing with potential conflicts of interest, legal and regulatory requirements, ethical issues, money laundering, cybersecurity and privacy, record keeping, sales and trading practices, and associate misconduct. In addition, the failure to either sell securities we have underwritten at anticipated price levels or to properly identify and communicate the risks inherent in the products and services we offer could also give rise to reputational risk. Failure to maintain appropriate service and quality standards, or a failure or perceived failure to treat clients fairly, can result in client dissatisfaction, litigation, and heightened regulatory scrutiny, all of which can lead to lost revenue, higher operating costs, and reputational harm. Negative publicity about us, including information posted on social media and internet forums or published by news organizations, whether or not true, may also harm our reputation. The speed and pervasiveness with which information can be disseminated through these channels, in particular social media, may magnify risk relating to negative publicity. Further, failures at other large financial institutions or other market participants, regardless of whether they relate to our activities, could lead to a general loss of customer confidence in financial institutions that could negatively affect us, including harming the market perception of the financial system in general.

Our operations rely heavily on the secure processing, storage, and transmission of sensitive and confidential financial, personal, and other information in our computer systems and networks. There have been several highly publicized cases involving financial services companies reporting the unauthorized disclosure of client or other confidential information in recent years, as well as cyber attacks involving the theft, dissemination, and destruction of corporate information or other assets, in some cases as a result of failure to follow procedures by employees or contractors or as a result of actions by third parties. There have also been several highly publicized cases where hackers have requested "ransom" payments in exchange for not disclosing customer information or for restoring access to information or systems. Like other financial services firms, we experience malicious cyber activity directed at our computer systems, software, networks, and its users on a daily basis. This malicious activity includes attempts at unauthorized access, implantation of computer viruses or malware, and denial-of-service attacks. We also experience large volumes of phishing and other forms of social engineering attempted for the purpose of perpetrating fraud against our company, our associates, our advisors, or our clients. Additionally, like many large enterprises, we have shifted to a more hybrid work environment which includes a combination of in-office and remote work for our associates. The increase in remote work over the past few years has introduced potential new vulnerabilities to cyber threats. We may also face increased cybersecurity risk for a period of time after acquisitions as we transition the acquired entity's historical systems and networks to our standards. We also face increased cybersecurity risk as we deploy additional mobile and cloud technologies. We seek to continuously monitor for and nimbly react to any and all such malicious cyber activity, and we develop our systems to protect the confidentiality, integrity, and availability of our data and technology infrastructure and data from misuse, misappropriation, or corruption. Senior management of our Information Security Office gives a quarterly update on cybersecurity to the Risk Management Committee of our Board of Directors and an update to our full Board of Directors twice annually. Cyber attacks can originate from a variety of sources, including threat actors affiliated with foreign governments, organized crime, or terrorist organizations. Threat actors may also attempt to place individuals within our company or induce associates, clients, or other users of our systems to disclose sensitive information or provide access to our data, and these types of risks may be difficult to detect or prevent. Although cybersecurity incidents among financial services firms are on the rise, we have not experienced any material losses relating to cyber attacks or other information security breaches. However, the techniques used in these attacks are increasingly sophisticated, change frequently and are often not recognized until launched. Although we seek to maintain a robust suite of authentication and layered information security controls, including our cyber threat analytics, data encryption, and monitoring technologies, anti-malware defenses, and vulnerability management programs, any one or combination of these controls could fail to detect, mitigate, or remediate these risks in a timely manner. Despite our implementation of protective measures and endeavoring to modify them as circumstances warrant, our computer systems, software, and networks may be vulnerable to human error, equipment failure, natural disasters, power loss, unauthorized access, supply chain attacks, distributed denial of service attacks, zero-day vulnerabilities, computer viruses and other malicious code, and other events that could result in significant liability and damage to our reputation, and have an ongoing impact on the security and stability of our operations. In addition, although we maintain insurance coverage that may, subject to terms and conditions, cover certain aspects of cyber and information security risks, such insurance coverage may be insufficient to cover all losses, such as litigation costs or financial losses that exceed our policy limits or are not covered under any of our current insurance policies. We also rely on numerous third-party service providers to conduct other aspects of our business operations, and we face similar risks relating to them. While we regularly conduct security assessments and external scans on these third-party vendors, we cannot be certain that their information security protocols are sufficient to withstand a cyber attack or other security breach. We also cannot be certain that we will receive timely notification of such cyber attacks or other security breaches. In addition, in order to access our products and services, our customers may use computers and other devices that are beyond our security control systems. Notwithstanding the precautions we take, if a cyber attack or other information security breach were to occur, this could jeopardize the information we confidentially maintain, or otherwise cause interruptions in our operations or those of our clients and counterparties, exposing us to liability. As attempted attacks continue to evolve in scope and sophistication, we may be required to expend substantial additional resources to modify or enhance our protective measures, to investigate and remediate vulnerabilities or other exposures or to communicate about cyber attacks to our customers. A technological breakdown could also interfere with our ability to comply with financial reporting and other regulatory requirements, exposing us to potential disciplinary action by regulators. Further, successful cyber attacks at other large financial institutions or other market participants, whether or not we are affected, could lead to a general loss of confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the financial system in general, which could result in reduced use of our financial products and services. Further, in light of the high volume of transactions we process, use of remote work, the large number of our clients, partners, and counterparties, and the increasing sophistication of malicious actors, a cyber attack could occur. Moreover, any such cyber attack may persist for an extended period of time without detection. We endeavor to design and implement policies and procedures to identify such cyber attacks as quickly as possible; however, we expect that any investigation of a cyber attack would take substantial amounts of time, and that there may be extensive delays before we obtain full and reliable information. During such time, we would not necessarily know the extent of the harm or how best to remediate it, and certain errors or actions could be repeated or compounded before they are discovered and remediated, all of which would further increase the costs and consequences of such an attack. The SEC recently enacted rules requiring public companies to disclose material cybersecurity incidents that they experience on Form 8-K within four business days of determining that a material cybersecurity incident has occurred and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance. These new reporting requirements are effective for us as of December 18, 2023. If we fail to comply with these new requirements we could incur regulatory fines in addition to other adverse consequences to our reputation, business, financial condition, and/or results of operations. We may also be subject to liability under various data protection laws. In providing services to clients, we manage, utilize, and store sensitive or confidential client or associate data, including personal data. As a result, we are subject to numerous laws and regulations designed to protect this information, such as U.S. federal, state, and international laws governing the protection of personally identifiable information. These laws and regulations are increasing in complexity and number. If any person, including any of our associates, negligently disregards or intentionally breaches our established controls with respect to client or associate data, or otherwise mismanages or misappropriates such data, we could be subject to significant monetary damages, regulatory enforcement actions, fines, and/or criminal prosecution. In addition, unauthorized disclosure of sensitive or confidential client or associate data, whether through system failure, associate negligence, fraud, or misappropriation, could damage our reputation and cause us to lose clients and related revenue. Potential liability in the event of a security breach of client data could be significant. Depending on the circumstances giving rise to the breach, this liability may not be subject to a contractual limit or an exclusion of consequential or indirect damages.

Our businesses rely extensively on data processing and communications systems. In addition to better serving clients, the effective use of technology increases efficiency and enables us to reduce costs. Adapting or developing our technology systems to meet new regulatory requirements, client needs, and competitive demands is critical for our business. Introduction of new technology presents challenges on a regular basis. There are significant technical and financial costs and risks in the development of new or enhanced applications, including the risk that we might be unable to effectively use new technologies or adapt our applications to emerging industry standards. Our continued success depends, in part, upon our ability to: (i) successfully maintain and upgrade the capability of our technology systems on a regular basis; (ii) maintain the quality of the information contained in our data processing and communications systems; (iii) address the needs of our clients by using technology to provide products and services that satisfy their demands; and (iv) retain skilled information technology associates. Failure of our technology systems to operate appropriately, which could result from events beyond our control, including a systems malfunction or cyber attack, failure by a third-party service provider, or an inability to effectively upgrade those systems or implement new technology-driven products or services, could result in financial losses, liability to clients for non-compliant data processing, and other violations of privacy and other laws and regulations, as well as regulatory sanctions.

We are engaged in various financial services businesses. As such, we are affected by domestic and international macroeconomic and political conditions, as well as economic output levels, interest and inflation rates, employment levels, prices of commodities, consumer confidence levels, changes in consumer spending, international trade policy, and fiscal and monetary policy. For example, Fed policies determine, in large part, interest rates and the cost of funds which directly affect the returns and fair value on our lending and investing activities. The market impact from such policies can also decrease materially the value of certain of our financial assets, most notably debt securities, as well as our cash flows. Changes in tax law and regulation, or any market uncertainty caused by a change in the political environment, may affect our clients and, directly or indirectly, our business. Macroeconomic conditions may also be negatively affected by domestic or international events, including natural disasters, political unrest, the indirect impact of wars, such as the wars in Ukraine and Israel, or public health epidemics and pandemics, as well as by a number of factors in the global financial markets that may be detrimental to our operating results, including trading levels, investing, and origination activity in the securities markets, security valuations, the absolute and relative level and volatility of interest and currency rates, real estate values, the actual and perceived quality of issuers and borrowers, and the supply of and demand for loans and deposits. If we were to experience a period of sustained downturn in the securities markets, credit market dislocations, reductions in the value of real estate, increases in mortgage and other loan delinquencies, or other negative market factors, our revenues and the value of the assets we own could be adversely impacted. Market uncertainty could also cause clients to move their investments to lower margin products, or withdraw them, which could have an adverse impact on our profitability. We could also experience a material reduction in trading volume and lower asset prices in times of market uncertainty, which would result in lower brokerage revenues, including losses on firm inventory, as well as losses on certain of our investments. Conversely, periods of severe market volatility may result in a significantly higher level of transactions and other activity which may cause operational challenges that may result in losses. These can include, but are not limited to, trade errors, failed transaction settlements, late collateral calls to borrowers and counterparties, credit losses, or interruptions to our system processing. Periods of reduced revenue and other losses could lead to reduced profitability because certain of our expenses, including our interest expense on debt, lease expenses, and salary expenses, are fixed, and our ability to reduce them over short time periods is limited. We do business in other parts of the world and, as a result, are exposed to risks, including market, litigation, and regulatory compliance risks. Our businesses and revenues derived from non-U.S. operations are subject to risk of loss from currency fluctuations, social or political instability, less established regulatory regimes, changes in governmental or central bank policies, downgrades in the credit ratings of sovereign countries, expropriation, nationalization, confiscation of assets, and unfavorable legislative, economic, and political developments. Action or inaction in any of these operations, including failure to follow proper practices with respect to regulatory compliance and/or corporate governance, could harm our operations and our reputation. We also invest or trade in the securities of corporations located in non-U.S. jurisdictions. Revenues from trading non-U.S. securities also may be subject to negative fluctuations as a result of the previously mentioned factors.