Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - AMAL

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. Risk Factors.

There are risks, many beyond our control, that could cause our financial condition or results of operations to differ materially from management’s expectations. Any of the following risks, by itself or together with one or more other factors, could adversely affect our business, prospects, financial condition, results of operations and cash flows, perhaps materially. The risks presented below are not the only risks that we face. Additional risks that we do not presently know or that we currently deem immaterial may also have an adverse effect on our business, results of operations, financial condition, prospects, and the market price and liquidity of our common stock. The following discussion should be read in conjunction with the financial statements and notes to the financial statements included in this report. Further, to the extent that any of the information contained in this report constitutes forward-looking statements, the risk factors below also are cautionary statements identifying important factors that could cause actual results to differ materially from those expressed in any forward-looking statements made by us or on our behalf. See “Cautionary Note Regarding Forward-Looking Statements” beginning on page 1.

Market and Interest Rate Risks

Our business may be adversely affected by economic conditions.

Some elements of the business environment that affect our financial performance include short-term and long-term interest rates, the prevailing yield curve, inflation, monetary supply, fluctuations in the debt and equity capital markets, and the strength of the domestic economy and the local economies in the markets in which we operate. Unfavorable market conditions can result in a deterioration of the credit quality of borrowers, an increase in the number of loan delinquencies, defaults and charge-offs, foreclosures, additional provisions for credit losses, adverse asset values and a reduction in assets under management or administration. A decline in real estate values can negatively impact our ability to recover our investment should the borrower become delinquent. Loans secured by stock or other collateral may be adversely impacted by a downturn in the economy and other factors that could reduce the recoverability of our investment. Unsecured loans are dependent on the solvency of the borrower, which can deteriorate, leaving us with a risk of loss. Unfavorable or uncertain economic and market conditions can be caused by declines in economic growth, business activity or investor or business confidence, limitations on the availability of or increases in the cost of credit and capital, increases in inflation or interest rates, high unemployment, natural disasters, epidemics and pandemics, state or local government insolvency, or a combination of these or other factors.

There are continuing concerns related to, among other things, the level of U.S. government debt and fiscal actions that may be taken to address that debt, price fluctuations of key natural resources, the potential resurgence of economic and political tensions with China, the Russian invasion of Ukraine and increasing oil prices due to Russian supply disruptions, and the Israel-Hamas conflict, each of which may have a destabilizing effect on financial markets and economic activity. Economic pressure on consumers, including due to factors such as inflation and increased cost of goods due to tariffs on imports, as well as overall economic uncertainty may result in changes in consumer and business spending, borrowing and saving habits. These economic conditions and/or other negative developments in the domestic or international credit markets or economies may significantly affect the markets in which we do business, the value of our loans and investments, and our ongoing operations, costs and profitability. Declines in real estate values and sales volumes, high unemployment or underemployment, and inflation may also result in higher than expected loan delinquencies, increases in our levels of nonperforming and classified assets and a decline in demand for our products and services. These negative events may cause us to incur losses and may adversely affect our capital, liquidity and financial condition.

In some cases, management of our risks depends upon the use of analytical and/or forecasting models, which, in turn, rely on assumptions and estimates. If the models used to mitigate these risks are inadequate, or the assumption or estimates are inaccurate or otherwise flawed, we may fail to adequately protect against risks and may incur losses. Artifical Intelligence ("AI") models may amplify existing risks, given the increased complexity of financial modelling and the challenges in explaining the models.

Fiscal challenges facing the U.S. government could negatively impact the value of investments in GSEs and the financial markets, which in turn could have an adverse effect on our financial position or results of operations.

Fiscal challenges facing the U.S. government, such as the downgrade of the sovereign credit ratings of the U.S. by Fitch Ratings, could have an adverse impact on value of investments in GSEs and on the financial markets, interest rates and economic conditions in the U.S. and worldwide. Federal budget deficit concerns and the potential for political conflict over legislation to fund U.S. government operations and raise the U.S. government's debt limit may increase the possibility of a default by the U.S. government on its debt obligations, additional related credit-rating downgrades, or an economic recession in the U.S. A significant portion of our securities portfolio is invested in GSE securities. As a result of uncertain domestic political conditions, including

potential future federal government shutdowns or the possibility of the federal government defaulting on its obligations for a period of time, investments in financial instruments issued or guaranteed by the federal government pose liquidity and credit risks.

A debt default or further downgrades to the U.S. government’s sovereign credit rating or its perceived creditworthiness could also adversely affect the ability of the U.S. government to support the financial stability of Fannie Mae, Freddie Mac and the FHLBNY, with which we do business and in whose securities we invest.

Changes in U.S. trade policies and other global political factors beyond our control, including the imposition of tariffs, retaliatory tariffs, or other sanctions, may adversely impact our business, financial condition and results of operations.

There have been, and may be in the future, changes with respect to U.S. and international trade policies, legislation, treaties and tariffs, embargoes, sanctions and other trade restrictions. Tariffs, retaliatory tariffs or other trade restrictions on products and materials that customers import or export, or a trade war or other related governmental actions related to tariffs, international trade agreements or policies or other trade restrictions have the potential to negatively impact our customers' costs, demand for their products, or the U.S. economy or certain sectors thereof and, thus, could adversely impact our business, financial condition and results of operations. The U.S. recently has threatened or imposed tariffs on imports including aluminum, steel, and energy products from major trading partners including China, Mexico and Canada. In response, these trading partners have threatened or imposed retaliatory tariffs on certain U.S. imports and announced investigations into U.S.-based companies. Disputes over trade, flows of undocumented immigrants, fentanyl, Taiwanese independence and China’s expanding military presence may result in additional tariffs, sanctions and trade restrictions. As a result of Russia’s invasion of Ukraine, the U.S. has imposed material financial and economic sanctions and export controls against certain Russian organizations and/or individuals, with similar actions either implemented or planned by the European Union (“EU”) and the U.K. and other jurisdictions. Additionally, an armed conflict involving Hamas and Israel, as well as further escalation of tensions between Israel and various countries in the Middle East and North Africa, may cause additional detrimental effects on the global economy, including capital markets. To the extent changes in the global political environment have a negative impact on us or on the markets in which we operate, our business, results of operations and financial condition could be materially and adversely impacted.

The vast majority of our operations and clients are located in New York City, Washington, D.C., and San Francisco. In addition, at December 31, 2024, 85.9% of the properties securing our CRE, multifamily, or construction loans outstanding were located in the states of New York and California, and in Washington, D.C. Our success depends upon the economic vitality, growth prospects, business activity, population, income levels, deposits and real estate activity in those areas and may be impacted by the effects of past and future civil unrest and domestic disturbances in the communities that we serve. A major terrorist attack in one of these areas could severely disrupt our operations and the ability of our clients to do business with us and cause losses to loans secured by properties in these areas. Although our customers' business and financial interests may extend well beyond our market areas, adverse economic and social conditions that affect our specific market area could reduce our growth rate, affect the ability of our customers to repay their loans to us and impact the stability of our deposit funding sources. Consequently, declines in economic and social conditions in these markets could generally affect our business, financial condition, results of operations and prospects.

Our business is subject to interest rate risk and fluctuations in interest rates may adversely affect our earnings, capital levels and overall results.

The majority of our assets and liabilities are monetary in nature and, as a result, we are subject to significant risk from changes in interest rates, which may affect our net interest income as well as the valuation of our assets and liabilities. Our earnings depend significantly on our net interest income, which is the difference between interest income on interest-earning assets, such as loans and securities, and interest expense on interest-bearing liabilities, such as deposits and borrowings. We expect to periodically experience “gaps” in the interest rate sensitivities of our assets and liabilities, meaning that either our interest-bearing liabilities will be more sensitive to changes in market interest rates than our interest-earning assets, or vice versa. In either event, if market interest rates move contrary to our position, this “gap” may work against us, and our earnings may be adversely affected.

Similarly, when interest-earning assets mature or reprice more quickly, or to a greater degree than interest-bearing liabilities, falling interest rates could reduce net interest income. Additionally, an increase in the general level of interest rates may also, among other things, adversely affect the demand for loans and our ability to originate loans and decrease loan prepayment rates or adversely affect our results of operations by reducing the ability of borrowers to make payments under their current adjustable-rate loan obligations. Conversely, a decrease in the general level of

interest rates, among other things, may lead to prepayments on our loan and mortgage-backed securities portfolios and increased competition for deposits, potentially reducing our deposit base. Accordingly, changes in the general level of market interest rates may adversely affect our net yield on interest-earning assets, loan origination volume and our overall results.

Although our asset-liability management strategy is designed to control and mitigate exposure to the risks related to changes in the general level of market interest rates, those rates are affected by many factors outside of our control, including inflation, recession, unemployment, money supply, international disorder, instability in domestic and foreign financial markets and policies of various governmental and regulatory agencies, particularly the Federal Open Market Committee ("FOMC") of the Federal Reserve. Adverse changes in the U.S. monetary policy or in economic conditions could materially and adversely affect us. On January 31, 2025 the FOMC issued a statement that it decided to maintain short-term interest rates at a range of 4.25% to 4.50%, and it now projects just two interest rate cuts in 2025, compared to earlier projections for four rate cuts. We could experience net interest margin compression if our rates on our interest earning assets fail to increase in tandem with rates on our interest-bearing liabilities. We could experience net interest margin compression if our rates on our interest bearing liabilities fail to decrease in tandem with rates on our interest earning assets. See Impact of Inflation and Changing Interest Rates under Item 7. "Management's Discussion and Analysis of Financial Condition and Results of Operations." Similarly, if short-term interest rates increase and long-term interest rates do not increase, or increase but at a slower rate, we could experience net interest margin compression as our rates on interest earning assets decline measured relative to rates on our interest-bearing liabilities. Any such occurrence could have a material adverse effect on our net interest income and on our business, financial condition and results of operations.

We may not be able to accurately predict the likelihood, nature and magnitude of changes in market interest rates or how and to what extent they may affect our business. We also may not be able to adequately prepare for or compensate for the consequences of such changes. Any failure to predict and prepare for changes in interest rates or adjust for the consequences of these changes may adversely affect our earnings and capital levels and overall results.

The fair value of our investment securities could fluctuate because of factors outside of our control, which could have a material adverse effect on us.

As of December 31, 2024, the fair value of our investment securities portfolio was approximately $3.18 billion. Factors beyond our control could significantly affect the fair value of these securities. These factors include, but are not limited to, changes in market conditions including changes in interest rates or spreads, changes in the credit profile of individual securities, changes in prepayment behavior of individual securities, rating agency actions in respect of the securities, or adverse regulatory action. Any of these factors, among others, could cause other-than-temporary impairments, or OTTI, and realized and/or unrealized losses in future periods and declines in earnings and/or other comprehensive income (loss), which could materially and adversely affect our assets, business, cash flow, condition (financial or otherwise), liquidity, results of operations and prospects. The process for determining whether impairment of a security is OTTI usually requires complex, subjective judgments about the future financial performance and liquidity of the issuer, any collateral underlying the security as well as our intent and ability to hold the security for a sufficient period of time to allow for any anticipated recovery in fair value in order to assess the probability of receiving all contractual principal and interest payments on the security. Our failure to assess any impairments or losses with respect to our securities could have a material adverse effect on our assets, business, cash flow, condition (financial or otherwise), liquidity, results of operations and prospects.

Credit Risks

If we fail to effectively manage credit risk, our business and financial condition will suffer.

We must effectively manage credit risk. As a lender, we are exposed to the risk that our borrowers will be unable to repay their loans according to their terms, and that the collateral securing repayment of their loans, if any, may not be sufficient to ensure repayment. In order to manage credit risk successfully, we must, among other things, maintain disciplined and prudent underwriting standards and ensure that our lenders follow those standards. The weakening of these standards for any reason, such as an attempt to attract higher yielding loans, a lack of discipline or diligence by our employees in underwriting and monitoring loans, the inability of our employees to adequately adapt policies and procedures to changes in economic or any other conditions affecting borrowers and the quality of our loan portfolio, may result in loan defaults, foreclosures and additional charge-offs and may necessitate that we significantly increase our allowance, each of which could adversely affect our net income.

We are subject to risk arising from conditions in the commercial real estate market.

As of December 31, 2024, commercial real estate mortgage loans comprised approximately 8.8% of our loan portfolio. Commercial real estate mortgage loans generally involve a greater degree of credit risk than residential real estate mortgage loans because they typically have larger balances and are more affected by adverse conditions in the economy. Because payments on loans secured by commercial real estate often depend upon the successful operation and management of the properties and the businesses which operate from within them, repayment of such loans may be affected by factors outside the borrower’s control, such as adverse conditions in the real estate market or the economy, including interest rate fluctuations, or changes in government regulations. In recent years, commercial real estate markets have been impacted by entrenched work-from-home expectations which could affect the long-term performance of some types of office properties within our commercial real estate portfolio. Accordingly, the federal banking regulatory agencies have expressed concerns about weaknesses in the current commercial real estate market.

In 2019, the New York State legislature passed the Housing Stability and Tenant Protection Act of 2019, impacting about one million rent regulated apartment units. Among other things, the legislation: (i) curtails rent increases from material capital improvements and individual apartment improvements; (ii) all but eliminates the ability for apartments to exit rent regulation; (iii) does away with vacancy decontrol and high-income deregulation; and (iv) repealed the 20% vacancy bonus. The act generally limits a landlord’s ability to increase rents on rent-regulated apartments and makes it more difficult to convert rent-regulated apartments to market-rate apartments. As a result, the value of the collateral located in New York State securing our multi-family loans or the future net operating income of such properties could potentially become impaired. At December 31, 2024, our total multifamily loan exposure in New York State is approximately $951.4 million, of which approximately $697.3 million, or 73%, represents our portfolio’s composition of rent stabilized and rent controlled apartments in the New York multifamily market.

Our consumer solar loans expose us to higher credit risk.

A borrower’s ability to repay their solar loans can be negatively impacted by increases in their payment obligations to other lenders under mortgage, credit card and other loans resulting from increases in base lending rates or structured increases in payment obligations. If a client defaults on solar loan, we may be unsuccessful in our efforts to collect the amount of the loan. We are limited in our ability to collect on these loans if a client is unwilling or unable to repay them. Although solar loans are secured with security filings, we may be limited in our ability to recover any collateral supporting such loans due to the nature of the solar energy system becoming a fixture to the real property. Additionally, these short-term loans are subject to risks of defaults, bankruptcies, fraud, losses and special hazard losses that are not covered by standard hazard insurance. An increase in defaults precipitated by the risks and uncertainties associated with the above operations and activities could have a detrimental effect on our business.

We maintain an allowance for credit losses ("ACL") that represents management’s judgment of current expected credit losses and risks inherent in our loan portfolio. As of December 31, 2024, our ACL totaled $60.1 million, which represents approximately 1.29% of our total loans, net. The level of the allowance reflects management’s continuing evaluation of loan levels and portfolio composition, observable trends in nonperforming loans, historical loss experience, known and inherent risks in the portfolio, underwriting practices, adequacy of collateral, credit risk grading assessments, forecasted economic conditions, and other factors. The determination of the appropriate level of the ACL is inherently highly subjective and requires us to make significant estimates of and assumptions regarding current credit risks and future trends, all of which may undergo material changes. If, as a result of general economic conditions, there is a decrease in asset quality or growth in the loan portfolio, our management determines that additional increases in ACL are necessary, we may incur additional expenses which will reduce our net income, and our business, results of operations or financial condition may be materially and adversely affected. In addition, inaccurate management assumptions, deterioration of economic conditions affecting borrowers, new information regarding existing loans, identification or deterioration of additional problem loans, acquisition of problem loans and other factors, both within and outside of our control, may require us to increase our ACL.

Operational and Business Risks

We are at risk of increased losses from fraud.

Fraudulent activity has taken many forms, ranging from check fraud, mechanical devices attached to ATM machines, social engineering and phishing attacks to obtain personal information or impersonation of our clients through the use of falsified or stolen credentials and debit card fraud. Additionally, an individual or business entity may properly identify themselves, particularly when banking online, yet seek to establish a business relationship for the purpose of perpetrating fraud. Further, in addition to fraud committed against us, we may suffer losses as a result of fraudulent activity committed against third parties. Increased deployment of technologies, such as chip card technology, defray and reduce aspects of fraud; however, criminals are turning to other sources to steal personally identifiable information, such as unaffiliated healthcare providers and government entities, in order to impersonate the consumer to commit fraud. Many of these data compromises are widely reported in the media. Further, as a result of the increased sophistication of fraud activity, we have increased our spending on systems and controls to detect and prevent fraud. This will result in continued ongoing investments in the future. Nevertheless, these investments may prove insufficient and fraudulent activity could result in losses to us or our customers; loss of business and/or customers; damage to our reputation; the incurrence of additional expenses (including the cost of notification to consumers, credit monitoring and forensics, and fees and fines imposed by the card networks); disruption to our business; our inability to grow our online services or other businesses; additional regulatory scrutiny or penalties; or our exposure to civil litigation and possible financial liability any of which could have a material adverse effect on our business, financial condition and results of operations.

We could be adversely affected by a failure to establish and maintain effective internal controls over financial reporting.

A failure in our internal controls could have a significant negative impact not only on our earnings, but also on the perception that customers, regulators and investors may have of us. Any failure to maintain internal controls over financial reporting, or any difficulties that we may encounter in such maintenance, could result in significant deficiencies or material weaknesses, result in material misstatements in our consolidated financial statements and cause us to fail to meet our reporting obligations, each of which could result in a material adverse effect on our business, financial condition or results of operations or an adverse reaction in the financial markets due to a loss of confidence in the reliability of our financial statements. We continue to devote a significant amount of effort, time and resources to our controls and ensuring compliance with complex accounting standards and regulations. These efforts also include the management of controls to mitigate operational risks for programs and processes across the Company.

Our third party relationships could expose us to operational and regulatory risks.

We rely on third parties for internal and customer-facing services. The use of third parties may pose operational, compliance, and strategic risks to banks. The federal banking regulators expect banks implement controls to ensure that third parties perform their activities in compliance with applicable laws and regulations. In June 2023, the federal banking agencies issued “Interagency Guidance on Third-Party Relationships: Risk Management”, which requires banks to “analyze the risks associated with each third-party relationship and to calibrate its risk management processes”.

In addition, in July 2024, federal banking regulators issued a joint statement on banks’ arrangements with third parties to deliver bank deposit products and services. The joint statement was released concurrently with a request for information on bank-fintech arrangements involving banking products and services distributed to consumers and businesses through third parties, including payment and lending products in addition to deposit products, in the wake of issues with customers depositing non-FDIC insured funds through non-banks without proper controls.

We depend on the accuracy and completeness of information about customers and counterparties.

We may also rely on representations of those customers or counterparties or of other third parties, such as independent auditors, as to the accuracy and completeness of that information. Reliance on inaccurate, incomplete, fraudulent or misleading financial statements, credit reports or other financial or business information, or the failure to receive such information on a timely basis, could result in credit losses, reputational damage or other effects that could have a material adverse effect on our business, financial condition or results of operations.

We participate in a multi-employer non-contributory defined benefit pension plan for both our unionized and non-unionized employees, which could subject us to substantial cash funding requirements in the future.

We are required to make contributions to the Consolidated Retirement Fund, a multi-employer pension plan that covers both our unionized and non-unionized employees. Our multi-employer pension plan expense totaled $7.6 million in 2024. Our obligations may be impacted by the funding status of the plan, the plan’s investment performance, changes in the participant demographics, financial stability of contributing employers and changes in actuarial assumptions. In addition, if a participating employer becomes insolvent and ceases to contribute to a multiemployer plan, the unfunded obligation of the plan will be borne by the remaining participating employers. Under current law, an employer that withdraws or partially withdraws from a multi-employer pension plan may incur withdrawal liability to the plan. If, in the future, we choose to withdraw from this multi-employer pension plan, we will likely need to record significant withdrawal liabilities, which could negatively impact our financial performance in the applicable periods.

Climate related disasters may have an effect on the performance of our business operations and asset quality which could adversely affect our financial condition and results of operations.

There is an increasing concern over climate-related disasters on the impacts of business operations, asset quality, and earnings. Any of these events could disrupt the reliability of our operations and those of our customers, and third party vendors and suppliers. Such events could impair the value of our assets and those assets securing loans and mortgages in our portfolio, and they could lead to fluctuations in the value of our investments. Such events could cause downturns in economic and market conditions generally, which could negatively impact our customers and third party suppliers and vendors and which could have an adverse effect on our business and financial results. Our expenses could increase due to consumer preference changes and increased legislation and regulatory requirements such as those associated with the transition to a low-carbon economy. The potential costs, including strategic planning, litigation due to increased regulatory scrutiny or negative public sentiment, technology expenditures, and losses associated with climate related disasters are difficult to predict and could have a material adverse effect on our business, financial condition and results of operation.

We are exposed to risks related to our PACE financings.

Property Assessed Clean Energy ("PACE") financing is a means of financing energy-efficient upgrades or the installation of renewable energy sources for commercial, industrial and residential properties that are repaid over a selected term through property tax assessments, which are secured by the property itself and paid as an addition to the owners’ property tax bills. The unique characteristic of PACE assessments is that the assessment is attached to the property rather than the individual borrower. Active programs for residential PACE financing exist in California, Florida and Missouri.

Because PACE financing programs are typically enabled through state legislation and authorized at the local government level, variations between each state’s programs may expose us to increased compliance costs and risks. On December 17, 2024, the CFPB issued its final rule implementing Section 307 of the 2018 Economic Growth, Regulatory Relief, and Consumer Protection Act (the “EGRRCPA”) and amending Regulation Z to address how TILA applies to residential PACE transactions. The final rule amends Regulation Z’s definition of credit to include residential PACE financings, prescribes ability-to-repay requirements, and implements other amendments and exemptions to clarify how other rules in Regulation Z apply. The final rule becomes effective on March 1, 2026. If we fail to comply with the final rules adopted by the CFPB, we may face reputational and litigation risks with respect to our PACE assessments.

Our trust and investment management business may be negatively impacted by changes in economic and market conditions and clients may seek legal remedies for investment performance.

Our trust and investment management business may be negatively impacted by changes in general economic and market conditions because the performance of this business is directly affected by conditions in the financial and securities markets. The financial markets and businesses operating in the securities industry are highly volatile (meaning that performance results can vary greatly within short periods of time) and are directly affected by, among other factors, domestic and foreign economic conditions and general trends in business and finance, and by the threat, as well as the occurrence of global conflicts, all of which are beyond our control. We cannot assure you that broad market performance will be favorable in the future. Declines in the financial markets or a lack of sustained growth may result in a decline in the performance of our investment management business and may adversely affect the market value and performance of the investment securities that we manage, which could lead to reductions in our investment management fees, because they are based primarily on the market value of the securities we manage, and could lead some of our clients to reduce their assets under our management or seek legal remedies for investment

performance. If any of these events occur, the financial performance of our trust and investment management business could be materially and adversely affected.

The investment management contracts we have with our clients are terminable without cause and on relatively short notice by our clients, which makes us vulnerable to short term declines in the performance of the securities under our management.

Like most other companies with an investment management business, our investment management contracts with our clients are typically terminable by the client without cause upon less than 30 days’ notice. As a result, even short term declines in the performance of the securities we manage, which can result from factors outside our control such as adverse changes in market or economic conditions or the poor performance of some of the investments we have recommended to our clients, could lead some of our clients to move assets under our management to other asset classes such as broad index funds or treasury securities, or to investment advisors that have investment product offerings or investment strategies different than ours. Therefore, our operating results are heavily dependent on the financial performance of our investment portfolios and the investment strategies we employ in our investment management businesses and even short-term declines in the performance of the investment portfolios we manage for our clients, whatever the cause, could result in a decline in assets under management and a corresponding decline in investment management fees, which would adversely affect our results of operations.

Risks Related to Privacy and Technology

Information technology systems are critical to our business. Our business requires us to collect, process, transmit and store significant amounts of confidential information regarding our customers, employees and our own business, operations, plans and business strategies. We use various technology systems to manage our customer relationships, general ledger, securities investments, deposits, and loans. Our computer systems, data management and internal processes, as well as those of third parties, are integral to our performance.

Under various federal and state laws, we are responsible for safeguarding such information. For example, our business is subject to joint federal bank agency rules, the GLBA, the NYDFS cybersecurity regulations, the CCPA, and the CPRA which, among other things: (i) impose certain limitations on our ability to share nonpublic personal information about our customers with nonaffiliated third parties; (ii) require that we provide certain disclosures to customers and others about our information collection, sharing and security practices and afford customers the right to “opt out” of any information sharing by us with nonaffiliated third parties (with certain exceptions); (iii) limit retention of customer data; (iv) require notification of certain data breaches be provided to consumers and, in some circumstances, regulators; (v) require notification of extortion payments and ransomware deployments; (vi) require enhanced governance of cyber risk, including risk assessments at least annually and whenever a change in the business or technology causes a material change to our cyber risk; and (vii) require that we develop, implement and maintain a written comprehensive information security program containing appropriate safeguards based on our size and complexity, the nature and scope of our activities, and the sensitivity of customer information we process, as well as plans for responding to data security breaches. Ensuring that our collection, use, transfer and storage of personal information complies with all applicable laws and regulations can increase our costs.

In particular, information pertaining to us and our customers is maintained, and transactions are executed, on our networks and systems or those of our customers or third-party partners, such as our online banking or reporting systems. The secure maintenance and transmission of confidential information, as well as execution of transactions over these systems, are essential to protect us and our customers against fraud and security breaches and to maintain our clients’ confidence.

A breach of our operational or security systems or infrastructure, or those of our third-party vendors and other service providers, including as a result of cyber-attacks, could disrupt our businesses, result in the disclosure or misuse of confidential or proprietary information, damage our reputation, increase our costs and cause losses.

In addition, increases in criminal activity levels and sophistication, advances in computer capabilities, new discoveries, vulnerabilities in third-party technologies (including browsers and operating systems) or other developments could result in a compromise or breach of the technology, processes and controls that we use to prevent fraudulent transactions and to protect data about us, our customers and underlying transactions, as well as the technology used by our customers to access our systems. Further, risk of cybersecurity incidents may increase with the political and economic instability or warfare (including the Russia and Ukraine war and campaigns by Chinese hackers to infiltrate computer networks associated

with critical American infrastructure). We cannot be certain that the security measures we, or processors, have in place to protect this sensitive data will be successful or sufficient to protect against all current and emerging threats designed to breach our systems or those of processors.

Our information technology systems may be subject to failure or interruption.

While we have established policies and procedures to prevent or limit the impact of system failures and interruptions, there can be no assurance that such events will not occur or will be adequately addressed if they do.

In the event of a breakdown in our internal control systems, improper operation of systems or improper employee actions , including if confidential or proprietary information were to be mishandled, misused or lost, we could suffer financial loss, loss of customers and damage to our reputation, and face regulatory action or civil litigation. Insurance coverage may not be available for such losses, or where available, such losses may exceed insurance limits.

Our business is highly dependent on the successful and uninterrupted functioning of our information technology and telecommunications systems, third-party servicers' accounting systems and mobile and online banking platforms. We outsource many of our major systems, such as data processing, loan servicing, item/payment processing systems, and online banking platforms. The failure of these systems, or the termination of a third-party software license or service agreement on which any of these systems is based, could interrupt our operations. Because our information technology and telecommunications systems interface with and depend on third-party systems, we could experience service denials if demand for such services exceeds capacity or such third-party systems fail or experience interruptions. If sustained or repeated, a system failure or service denial could result in a deterioration of our ability to process new and renewal loans or to gather deposits and provide customer service and it could compromise our ability to operate effectively, damage our reputation, result in a loss of business and subject us to additional regulatory scrutiny and possible financial liability, any of which could have a material adverse effect on our financial condition and results of operations. In addition, failure of third parties to comply with applicable laws and regulations, or fraud, misconduct, or material errors on the part of our employees or employees of any of these third parties could disrupt our operations or adversely affect our reputation.

It may be difficult for us to replace some of our third-party vendors, particularly vendors providing our core banking, debit card services and information services, in a timely manner if they are unwilling or unable to provide us with these services in the future for any reason and even if we are able to replace them, it may be at higher cost or result in the loss of customers. Any such events could have a material adverse effect on our business, financial condition or results of operations.

In November 2021, federal bank regulators issued a joint final rule to establish computer-security incident notification requirements for banking organizations and their bank service providers. The rule requires FDIC-supervised banks to report certain incidents to their case manager and also requires covered bank service providers to promptly notify their FDIC-supervised bank customer when the service provider determines that it has experienced a notification incident.

Although we review business continuity and backup plans for our vendors and take other safeguards to support our operations, such plans or safeguards may be inadequate. As a result of the foregoing, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact.

We must respond to rapid technological changes, and these changes may be more difficult or expensive than anticipated.

We will have to respond to future technological changes. Implementation of AI and machine learning and other new technologies may have unintended consequences due to their limitations, potential manipulation, or our failure to use them effectively. Many of our competitors have substantially greater resources to invest in technological improvements than we do. The financial services industry is changing rapidly, and to remain competitive, we must continue to enhance and improve the functionality and features of our products, services and technologies. These changes may be more difficult or expensive than we anticipate.

We expect that new technologies and business processes applicable to the banking industry will continue to emerge, and these new technologies and business processes may be better than those we currently use. Because the pace of technological change is high and our industry is intensely competitive, we may not be able to sustain our investment in new technology as critical systems and applications become obsolete or as better ones become available. A failure to maintain current technology and business processes could cause disruptions in our operations or cause our products and services to be less competitive, all of which could have a material adverse effect on our business, financial condition or results of operations.

Risks Related to Our Human Capital

We depend on our executive officers and other key employees, and our ability to attract additional key personnel, to continue the implementation of our long-term business strategy, and we could be harmed by the unexpected loss of their services.

We believe that our continued growth and future success will depend in large part on the skills of our executive officers and other key employees and our ability to motivate and retain these individuals, as well as our ability to attract, motivate and retain qualified senior and middle management and other skilled employees. Competition for employees is intense, and the process of locating key personnel with the combination of skills and attributes required to execute our business strategy may be lengthy. If the services of any of our of key personnel should become unavailable for any reason, we may not be able to identify and hire qualified persons on terms acceptable to us, or at all, which could have a material adverse effect on our business, financial condition, results of operation and future prospects. Leadership transitions can be inherently difficult to manage, and inadequate transitions may cause disruptions to our business due to, among other things, diverting management’s attention or causing a deterioration in morale.

Our business could suffer if we experience employee work stoppages, union campaigns or other labor difficulties, and efforts by labor unions could divert management attention and adversely affect operating results.

As of December 31, 2024, we had 429 employees, of which approximately 21% are represented by collective bargaining agreements or an employee union. Although we believe that our relationship with our employees is good, and we have not experienced any material work stoppages, work stoppages may occur in the future. Union activities also may significantly increase our labor costs, disrupt our operations and limit our operational flexibility. From time to time, we are subject to unfair labor practice charges, complaints and other legal, administrative and arbitration proceedings initiated against us by unions, the National Labor Relations Board or our employees, which could negatively impact our operating results. In addition, negotiating collective bargaining agreements could divert management attention, which could also adversely affect operating results. On November 29, 2024, we entered into a new collective bargaining agreement with OPEIU, which (i) extended the term of the agreement to June 30, 2026, (ii) provided for a 3.5% wage increase per annum for the term of the agreement, and (iii) made certain modifications to reflect improved terms, inclusive of a healthcare reimbursement account.

Capital and Liquidity Risks

We are subject to liquidity risk.

Liquidity is required to fund the needs of our depositors, repay borrowings, fund loan commitments and investments, pay expenditures and other obligations as they arise. These

factors include an economic downturn affecting our loan portfolio, adverse financial market conditions, adverse regulatory or judicial actions against labor unions, political organizations or not-for profits, or adverse regulatory actions against us.

Our access to deposits may also be affected by the liquidity needs of our depositors, particularly in an adverse interest rate or economic environment where they may be compelled to withdraw deposits. As a part of our liquidity management, we must ensure we can respond effectively to potential volatility in our customers’ deposit balances. Our total on-balance sheet deposits totaled $7.18 billion as of December 31, 2024. For instance, our on-balance sheet deposits from political campaigns, PACs, and state and national party committee clients totaled $969.6 million, or 14% of total on-balance sheet deposits as of December 31, 2024 and decreased their deposit balances significantly after the last election campaign, resulting in short-term volatility in their deposit balances held with us through election cycles. Additionally, our on-balance sheet deposits from labor unions totaled $1.99 billion, or 28% of total on-balance sheet deposits as of December 31, 2024. While historically we have been able to replace deposit outflows and borrowings as necessary, we might not be able to replace such funds in the future, especially if a large number of our depositors or those depositors with a high concentration of deposits sought to withdraw their accounts. We could encounter difficulty meeting a significant deposit outflow which could negatively impact our profitability or reputation. A failure to maintain adequate liquidity could materially and adversely affect our business, results of operations or financial condition.

Our business needs and future growth may require us to raise capital, but that capital may not be available or may be dilutive.

Our ability to raise capital will depend on, among other things, conditions in the capital markets, which are outside of our control, and our financial performance. Accordingly, we cannot provide assurance that such capital will be available on terms acceptable to us or at all. Any occurrence that limits our access to capital, may adversely affect our capital costs and our ability to raise capital and, in turn, our liquidity. Further, if we need to raise capital in the future, we may have to do so when many other financial institutions are also seeking to raise capital and would then have to compete with those institutions for investors. Any inability to raise capital on acceptable terms when needed could have a material adverse effect on our business, financial condition and results of operations and could be dilutive to both tangible book value and our share price.

In addition, an inability to raise capital when needed may subject us to increased regulatory supervision and the imposition of restrictions on our growth and business. These restrictions could negatively affect our ability to operate or further expand our operations through loan growth, acquisitions or the establishment of additional branches. These restrictions may also result in increases in operating expenses and reductions in revenues that could have a material adverse effect on our financial condition, results of operations and our share price.

We may be subject to more stringent capital requirements in the future.

We are subject to regulatory requirements specifying minimum amounts and types of capital that we must maintain. From time to time, the regulators change these regulatory capital adequacy guidelines. If we fail to meet these minimum capital guidelines and other regulatory requirements, we may be restricted in the types of activities we may conduct and we may be prohibited from taking certain capital actions, such as paying dividends and repurchasing or redeeming capital securities.

In particular, the capital requirements applicable to us under the Basel III rules, which became fully phased-in on January 1, 2019 required us to satisfy additional, more stringent, capital adequacy standards. In addition, these requirements could have a negative impact on our ability to lend, grow deposit balances, make acquisitions or make capital distributions in the form of dividends or share repurchases. Higher capital levels could also lower our return on equity.

Risks Related to Our Strategy

Our social responsibility positions may have a material adverse effect on our business, financial condition or results of operations.

As a socially responsible bank, we take positions to support economic, social, racial and environmental justice that are consistent with our charter as a public benefit corporation and with applicable law; however, these types of positions may be inconsistent with policies promulgated by other institutions or governmental entities, and as a result, we may become a target of public criticism, governmental scrutiny and investigation and litigation.

For example, we support the recruitment and hiring of people from all backgrounds, so that our workforce reflects the communities that we serve, and we support activities that promote an inclusive workforce. We encourage the advancement of equal opportunity without the use of preferential treatment, quotas or other unlawful and discriminatory practices. Additionally, we have expressed support for certain causes through our shareholder activism, which includes the filing of shareholder proposals at other public companies and serving as plaintiffs in class action litigation.

We may not be able to implement our growth strategy or manage costs effectively, resulting in lower earnings or profitability.

There can be no assurance that we will be able to continue to grow and to be profitable in future periods, or, if profitable, that our overall earnings will remain consistent or increase in the future. Additionally, maintaining more than adequate capital at all times, hiring and retaining qualified employees, managing noninterest expenses and successfully implementing strategic initiatives are all key drivers to successful growth. Even if we are able to increase our interest income, our earnings may nonetheless be reduced by increased expenses, such as additional employee compensation or other general and administrative expenses and increased interest expense on any liabilities incurred or deposits solicited to fund increases in assets. Additionally, if our competitors extend credit on terms we find to pose excessive risks, or at interest rates which we believe do not warrant the credit exposure, we may not be able to maintain our lending volume and could experience deteriorating financial performance. Our inability to manage our growth successfully or to continue to expand into new markets could have a material adverse effect on our business, financial condition or results of operations.

New lines of business, products, product enhancements or services may subject us to additional risks.

From time to time, we may implement new lines of business or offer new products or product enhancements as well as new services within our existing lines of business. There are substantial risks and uncertainties associated with these efforts, particularly in instances in which the markets are not fully developed. In implementing, developing or marketing new lines of business, products, product enhancements or services, we may invest significant time and resources, although we may not assign the appropriate level of resources or expertise necessary to make these new lines of business, products, product enhancements or services successful or to realize their expected benefits. Initial timetables for the introduction and development of new lines of business, products, product enhancements or services may not be achieved, and price and profitability targets may not prove feasible. For example, several of our competitors have successfully introduced innovative investment management products. The introduction of such new products requires continued innovative efforts on the part of our management and may require significant time and resources as well as ongoing support and investment. External factors, such as compliance with regulations, competitive alternatives and shifting market preferences, may also affect the implementation of a new line of business or offerings of new products, product enhancements or services. Furthermore, any new line of business, product, product enhancement or service or system conversion could have a significant impact on the effectiveness of our internal controls. Failure to successfully manage these risks in the development and implementation of new lines of business or offerings of new products, product enhancements or services could have a material adverse effect on our business, financial condition or results of operations.

As a fund manager, we from time-to-time engage in stockholder activism, pressing issuers on a range of corporate governance topics.

Maintaining our reputation also depends on our ability to successfully prevent third-parties from infringing on our brand and associated trademarks. Defense of our reputation and our trademarks, including through litigation, could result in costs adversely affecting our business, results of operations or financial condition.

We are a Certified B CorporationTM. The term “Certified B Corporation” does not refer to a particular form of legal entity, but instead refers to companies certified by the B Lab, an independent nonprofit organization, as meeting rigorous standards of social and environmental performance, accountability and transparency. Our reputation could be harmed if we lose our Certified B CorporationTM status, whether by choice or by our failure to meet B Lab’s certification requirements.

The name “Amalgamated” originated with our over a 100 year union history – the Amalgamated Clothing Workers of America – and, over the course of time, other entities use the name Amalgamated, some of which are related parties or affiliates of the Bank and some that are not legally related or affiliated. As a result, we may face risks related to public scrutiny and identity confusion with those other entities that share the same name.

The banking business is highly competitive, and we experience competition in our markets from many other financial institutions. We compete with commercial banks, credit unions, savings and loan associations, mortgage banking firms, non-traditional financial-services providers, other financial service businesses, including investment advisory and wealth management firms, mutual fund companies, and securities brokerage and investment banking firms, as well as super-regional, national and international financial institutions that operate offices in our primary market areas and elsewhere. As customers’ preferences and expectations continue to evolve, technology has lowered barriers to entry and made it possible for banks to expand their geographic reach by providing services over the Internet and for Fintech, i.e. “non-banks” to offer products and services traditionally provided by banks, such as automatic transfer and automatic payment systems. Because of this rapidly changing technology, our future success will depend in part on our ability to address our customers’ needs by using technology and to identify and develop new, value-added products for existing and future customers. Failure to do so could impede our time to market, reduce customer product accessibility, and weaken our competitive position. Customer loyalty can be easily influenced by a competitor’s products, especially offerings that could provide cost savings or a higher return to the customer. Moreover, this competitive industry could become even more competitive as a result of legislative, regulatory and technological changes and continued consolidation.

In October 2024, the CFPB finalized the Required rule making on Personal Financial Data Rights rule to promote “open and decentralized banking” by requiring covered institutions to allow customers to authorize the transfer of certain customer information to other financial institutions.

Difficulties in obtaining regulatory approval for acquisitions and in combining the operations of acquired entities with the Company’s own operations may prevent us from achieving the expected benefits from our acquisitions.

The Company has expanded its business through a past acquisition and may do so again in the future. Our ability to complete acquisitions is in many instances subject to regulatory approval, and we cannot be certain when or if, or on what terms and conditions, any required regulatory approvals would be granted. In addition, inherent uncertainties exist when integrating the operations of an acquired entity, including in ability to fully achieve the Company’s strategic objectives and planned operating efficiencies in an acquisition, disruption of the Company’s business and diversion of management’s time and attention and exposure to unknown or contingent liabilities of acquired entities.

Legal, Accounting, Regulatory, and Compliance Risks

Changes in our accounting policies or in accounting standards could materially affect how we report our financial results and condition.

Changes in our accounting policies or in accounting standards could materially affect how we report our financial results and condition. From time to time, the FASB changes the financial accounting and reporting standards that govern the preparation of our financial statements. As a result of such changes, whether promulgated or required by the FASB or other regulators, we could be required to change certain of the assumptions or estimates we have previously used in preparing our financial statements, which could negatively affect how we record and report our results of operations and financial condition generally.

Our accounting estimates and risk management processes and controls rely on analytical and forecasting techniques and models and assumptions, which may not accurately predict future events.

Our accounting policies and methods are fundamental to how we record and report our financial condition and results of operations. Our management must exercise judgment in selecting and applying many of these accounting policies and methods so they comply with GAAP and reflect management’s judgment of the most appropriate manner in which to report our financial condition and results. In some cases, management must select the accounting policy or method to apply from two or more alternatives, any of which may be reasonable under the circumstances, yet which may result in our reporting materially different results than would have been reported under a different alternative.

Certain accounting policies are critical to presenting our financial condition and results of operations. They require management to make difficult, subjective or complex judgments about matters that are uncertain. Materially different amounts could be reported under different conditions or using different assumptions or estimates. Because of the uncertainty of estimates involved in this matters, we may be required to significantly increase the allowance or sustain credit losses that are significantly higher than the reserve provided. Any of these could have a material adverse effect on our business, financial condition or results of operations. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

The banking industry is heavily regulated and that regulation, together with any future legislation or regulatory changes, could limit or restrict our activities and adversely affect our operations or financial results.

We operate in an extensively regulated industry and we are subject to examination, supervision, and comprehensive regulation by various federal and state agencies. The Company is subject to Federal Reserve regulations, and the Bank is subject to regulation, supervision and examination by the FDIC and the NYDFS. Further, potential implementation by the current administration of a regulatory reform agenda may be significantly different from that of the prior administration, impacting the rule making, supervision, examination and enforcement of the banking regulation agencies and our ability to respond to those changes. We are also subject to capitalization guidelines established by our regulators, which require us to maintain adequate capital to support our business. If, as a result of an exam, a banking agency were to determine that the financial condition, capital adequacy, asset quality, asset concentration, earnings prospects, management, liquidity sensitivity to market risk or other aspects of any of our operations has become unsatisfactory, or that we or our management are in violation of any law or regulation, the banking agency could take a number of different remedial actions as it deems appropriate.

Furthermore, our regulators also have the ability to compel us to take certain actions, or restrict us from taking certain actions entirely, such as actions that our regulators deem to constitute an unsafe or unsound banking practice. Our failure to comply with any applicable laws or regulations, or regulatory policies and interpretations of such laws and regulations, could result in sanctions by regulatory agencies (such as a memorandum of understanding, a written supervisory agreement or a cease and desist order), civil money penalties or damage to our reputation, all of which could have a material adverse effect on our business, financial condition or results of operations.

Our trust and investment management businesses are highly regulated.

Through our investment management division, we provide investment management, custody, safekeeping and trust services to institutional clients. These products and services require us to comply with a number of regulations issued by the Department of Labor, the Employee Retirement Income Security Act, the FDIC Statement of Principles of Trust Department Management, and federal and state securities regulators.

Our failure to comply with applicable laws or regulations could result in fines, suspensions of individual employees, litigation, or other sanctions. Any such failure could have an adverse effect on our reputation and could adversely affect our business, financial condition, results of operations or prospects.

The Federal Reserve may require us to commit capital resources to support the Bank.

The Federal Reserve requires a bank holding company to act as a source of financial and managerial strength to a subsidiary bank and to commit resources to support such subsidiary bank. Under the “source of strength” doctrine, the Federal Reserve may require a bank holding company to make capital injections into a troubled subsidiary bank and may charge the bank holding company with engaging in unsafe and unsound practices for failure to commit resources to such a subsidiary bank. In addition, the Dodd-Frank Act directs the federal bank regulators to require that all companies that directly or indirectly control an insured

depository institution serve as a source of strength for the institution. Under these requirements, in the future, we could be required to provide financial assistance to the Bank if the Bank experiences financial distress.

A capital injection may be required at times when we do not have the resources to provide it, and therefore we may be required to borrow the funds. In the event of a bank holding company’s bankruptcy, the bankruptcy trustee will assume any commitment by the holding company to a federal bank regulatory agency to maintain the capital of a subsidiary bank. Moreover, bankruptcy law provides that claims based on any such commitment will be entitled to a priority of payment over the claims of the holding company’s general unsecured creditors, including the holders of its note obligations. Thus, any borrowing that must be done by the holding company in order to make the required capital injection becomes more difficult and expensive and will adversely impact the holding company’s cash flows, financial condition, results of operations and prospects.

The BSA, the PATRIOT Act, the Anti-Money Laundering Act of 2020, and other laws and regulations require financial institutions, among other duties, to institute and maintain effective anti-money laundering programs, and to file suspicious activity and currency transaction reports as appropriate. FinCEN, established by the U.S. Treasury Department to administer the BSA, is authorized to impose significant civil money penalties for violations of those requirements and has engaged in coordinated enforcement efforts with the individual federal banking regulators, as well as the U.S. Department of Justice, Drug Enforcement Administration and IRS. There is also increased scrutiny of compliance with the rules enforced by the Office of Foreign Assets Control. If our policies, procedures and systems are deemed deficient or the policies, procedures and systems of the financial institutions that we may acquire are deficient, we would be subject to liability, including fines, and regulatory actions such as restrictions on our ability to pay dividends and engage in acquisitions, which would negatively impact our business, financial condition and results of operations. In recent years, sanctions that the regulators have imposed on banks that have not complied with all requirements have been especially severe. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us, which could have a material adverse effect on our business, financial condition and results of operations.

We are subject to the Community Reinvestment Act and federal and state fair lending laws, and failure to comply with these laws could lead to material penalties.

The Community Reinvestment Act (“CRA”), the ECOA and the FHA impose nondiscriminatory lending requirements on financial institutions. The FDIC, the NYDFS, the Department of Justice, and other federal and state agencies are responsible for enforcing these laws and regulations. In October 2023, the FDIC, the FRB and the OCC jointly adopted final regulations for modernizing and implementing the CRA, which became effective on April 1, 2024, with a multi-year phase-in. These regulations create a complex regulatory scheme that will impact how the Bank’s compliance with the CRA is evaluated and that will increase its compliance obligations, unless the regulations are successfully challenged in court. Private parties may also have the ability to challenge an institution’s performance under fair lending laws in private class action litigation. A successful challenge to our performance under the fair lending laws and regulations could adversely impact our rating under the CRA and result in a wide variety of sanctions, including the required payment of damages and civil money penalties, injunctive relief, imposition of restrictions on merger and acquisitions and expansion activity, which could negatively impact our reputation, business, financial condition and results of operations.

We are exposed to litigation and compliance risks related to our Socially Responsible Banking business model.

We may become the target of public criticism, litigation and enforcement actions because of our ESG products and our social responsibility mission. For example, boycott regulations target financial institutions that will not lend or have made statements about not lending to certain industries. They prohibit a state from doing business with such institutions and/or from investing the state’s assets, including pension-plan assets, through such institutions. Boycott regulations affect financial institutions with investment policies that exclude or reduce exposure to fossil-fuel-producing energy companies or with restrictions in place for sensitive industries such as mining, timber production, or firearms manufacturing — particularly if these industries are economically important to the state.

There has been a significant rise in climate-related probes and litigation, including greenwashing claims, against banks. "Greenwashing" involves a business making misleading sustainability-related claims to investors or consumers, usually to boost its reputation and bottom line. Furthermore, ESG products in the banking and financial services sectors have become subject to heightened regulatory scrutiny for potentially misleading claims and poor controls. Allegations that our ESG products contain

claims that have misled investors or consumers, or that the claims are subject to poor controls, even if ultimately unfounded, may fundamentally damage our reputation and our financial performance.

Our financial condition may be affected negatively by the costs of litigation.

In difficult market conditions, the volume of claims and amount of damages sought in litigation and investigations against financial institutions have historically increased. We may be involved from time to time in a variety of litigation, investigations or similar matters arising out of our business. In many cases, we may seek reimbursement from our insurance carriers to cover such costs and expenses. Our insurance may not cover all claims that may be asserted against us, and any claims asserted against us, regardless of merit or eventual outcome, may harm our reputation. Should the ultimate judgments or settlements in any litigation or investigation significantly exceed our insurance coverage, they could have a material adverse effect on our business, financial condition and results of operations. In addition, we may not be able to obtain appropriate types or levels of insurance in the future, nor may we be able to obtain adequate replacement policies with acceptable terms, if at all.

From time to time we are, or may become, involved in suits, legal proceedings, information-gatherings, investigations and proceedings by governmental and self-regulatory agencies that may lead to adverse consequences.

Many aspects of the banking business involve a substantial risk of legal liability. From time to time, we are, or may become, the subject of information-gathering requests, reviews, investigations and proceedings, and other forms of regulatory inquiry, including by bank regulatory agencies, self-regulatory agencies, and law enforcement authorities. The results of such proceedings could lead to significant civil or criminal penalties, including monetary penalties, damages, adverse judgments, settlements, fines, injunctions, restrictions on the way we conduct our business or reputational harm.

Risks Related to Our Common Stock

Shares of our common stock could face volatility due to banking sector uncertainty.

Bank holding company stock prices are sensitive to generalized concerns about the health of the banking industry as a whole, regardless of the health of a particular institution. Ongoing stress in the banking sector could adversely impact the market price of our common stock and our business, financial condition and results of operations. If some investors find our common stock less attractive as a result, there may be a less active trading market for our common stock and our stock price may be more volatile.

The Company is a bank holding company that conducts substantially all of its operations through the Bank. As a result, our ability to make dividend payments on our common stock depends primarily on certain federal regulatory considerations and the receipt of dividends and other distributions from the Bank. As is the case with all financial institutions, the profitability of the Bank is subject to the fluctuating cost and availability of money, changes in interest rates, and in economic conditions in general.

Holders of our common stock are only entitled to receive such cash dividends as our Board of Directors may declare out of funds legally available for such payments. Although we currently expect to continue to pay quarterly dividends, any future determination relating to our dividend policy will be made by our Board of Directors and will depend on a number of factors. Any actual determination relating to our dividend policy and the declaration of future dividends will be made, subject to applicable law and regulatory approvals, by our Board of Directors and will depend on a number of factors, including: (i) our historical and projected financial condition, liquidity and results of operations, (ii) our capital levels and needs, (iii) tax considerations, (iv) any acquisitions or potential acquisitions that we may examine, (v) statutory and regulatory prohibitions and other limitations, (vi) the terms of any credit agreements or other borrowing arrangements that restrict our ability to pay cash dividends, (vii) general economic conditions and (viii) other factors deemed relevant by our Board of Directors. The Board of Directors may determine not to pay any cash dividends at any time. There can be no assurance that we will pay any dividends to holders of our common stock, or as to the amount of any such dividends. For more information, see “Cautionary Note Regarding Forward-Looking Statements” and “Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities—Dividend Policy.”

We have several significant investors whose individual interests may differ from yours.

A significant percentage of our common stock is currently held by investment funds affiliated with an amalgamation of Workers United and numerous joint boards, locals or similar organizations authorized under the constitution of Workers United (the “Workers United Related Parties”). Workers United Related Parties own approximately 37% of our common stock. The interests of these investors could conflict with the interests of our other stockholders, and any future transfer by these investors of their shares of common stock to other investors who have different business objectives could adversely affect our business, results of operations, financial condition, prospects or the market value of our common stock.

Transfers of our common stock owned by the Workers United Related Parties could adversely impact your rights as a stockholder and the market price of our common stock.

The Workers United Related Parties may transfer all or part of the shares of our common stock that they own, without allowing you to participate or realize a premium for any investment in our common stock, or distribute shares of our common stock that it owns to their members. Sales or distributions by the Workers United Related Parties of such common stock could adversely impact prevailing market prices for our common stock.

Additionally, a sale of common stock by the Workers United Related Parties to a third party could adversely impact the market price of our common stock and our business, financial condition and results of operations. For example, a change in control caused by the sale of our shares by the Workers United Related Parties may result in a change of management decisions and business policy.

Shares of our common stock are subject to dilution.

If we choose to raise capital by selling shares of our common stock for any reason, the issuance would have a dilutive effect on the holders of our common stock and could have a material negative effect on the value of our common stock.

Item 1B. Unresolved Staff Comments.

None.

Cybersecurity.

The Company’s Board recognizes the critical importance of maintaining the trust and confidence of our customers, clients, business partners and employees. The Board is actively involved in oversight of the Company’s risk management program, and cybersecurity represents an important component of the Company’s overall approach to enterprise risk management (“ERM”).

The Company’s cybersecurity policies, standards, processes and practices are fully integrated into the Company’s ERM program and are based on recognized frameworks established by the Federal Financial Institutions Examination Council (the “FFIEC”), and other applicable industry standards and regulations, including regulations promulgated by the NYDFS. In general, the Company seeks to address cybersecurity risks through a comprehensive, cross-functional approach that is focused on preserving the confidentiality, security and availability of the data and information that the Company collects and stores by identifying, preventing and mitigating cybersecurity threats and effectively responding to cybersecurity incidents when they occur. The Company’s strategy is informed by determinations of inherent risk and risk maturity level that are made in connection with an independent cybersecurity awareness assessment prepared for the FFIEC.

As one of the critical elements of the Company’s overall ERM approach, the Company’s Information Security Program is focused on the following key areas:

•Protecting the confidentiality, integrity, and availability of information systems and the nonpublic information stored on them.

•Identifying risks, defending against unauthorized access, and detecting, responding to, and recovering from cybersecurity incidents.

Risk Management, Strategy and Governance

Role of Management

The Company has implemented a comprehensive, cross-functional approach to identifying, preventing and mitigating cybersecurity threats and incidents, while also implementing controls and procedures that provide for the prompt escalation of certain cybersecurity incidents so that decisions regarding the public disclosure and reporting of such incidents can be made by management in a timely manner.

The Company has also established a governance structure and organization to manage cybersecurity risk. This includes escalation and reporting of cybersecurity incidents through the Chief Risk Officer’s organization to an Executive Response Team and the Board, and periodic reporting on the Information Security Program to the Information Security Subcommittee of the Enterprise Risk Management Committee, an executive committee that oversees the Information Security Program, and the Enterprise Risk Oversight Committee (the “EROC”), the Board committee that oversees the ERM framework.

The Chief Information Security Officer (“CISO”), under the supervision of the Company’s Chief Risk Officer (“CRO”) in coordination with the Company’s executive team, which includes our CEO, CFO, Chief Technology Officer (“CTO”) and Chief Legal Officer (“CLO”), works collaboratively across the Company to implement the Information Security Program, which is designed to protect the Company’s information systems from cybersecurity threats and to promptly respond to any cybersecurity incidents in accordance with the Company’s incident response and recovery plans.

The CISO coordinates all aspects of the Information Security Program and presents a report on the Information Security Program to the Information Cyber Security Subcommittee on a quarterly basis so that the Subcommittee is made aware of a wide range of topics including recent developments in the Information Security Program, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third parties.

In 2024, the Company appointed a new Chief Information Security Officer (CISO). The new CISO has over 25 years of experience in Cyber Security, Information Security, Risk Management, and Information Technology. He has served as CISO and SVP at a financial institution, overseeing cyber and information security policies and ensuring compliance and security for new product implementations. Previously, he was VP, Head of Cybersecurity at another financial institution and held key roles at a financial services company. He is actively involved in advisory roles and professional boards, and he holds advanced degrees and certifications in information systems

and security. The CISO holds a Bachelor’s in Science in Managed Information Systems from Saint Peter’s University, a Master of Science in Information Systems with a concentration in Information Security from Stevens Institute of Technology, Hoboken, NJ, and a Graduate Certificate in Business Process Management and Service Innovation from Stevens Institute of Technology, Hoboken, NJ.

Role of the Board of Directors

The Board’s oversight of cybersecurity risk management is supported by the EROC, which regularly interacts with the Company’s ERM function and the CISO.

The EROC oversees the Company’s ERM process, including the management of risks arising from cybersecurity threats. The EROC receives regular presentations and reports on the Information Security Program, which address a wide range of topics including recent developments, evolving standards, vulnerability assessments, third-party and independent reviews, the threat environment, technological trends and information security considerations arising with respect to the Company’s peers and third parties.

The EROC receives prompt and timely information regarding any cybersecurity incident that meets established reporting thresholds, as well as ongoing updates regarding any such incident until it has been addressed.

Although we have not historically experienced significant cybersecurity incidents, we and other banks are subject to attacks of increasing frequency and sophistication.

Technical Safeguards

The Company deploys technical safeguards that are designed to protect Company’s data and information systems from cybersecurity threats, including firewalls, intrusion prevention and detection systems, anti-malware functionality and access controls, which are evaluated and improved through vulnerability assessments and cybersecurity threat intelligence.

The Company engages in the periodic assessment and testing of the Company’s policies, standards, processes and practices that are designed to address cybersecurity threats and incidents. These efforts include a wide range of activities, including audits, assessments, tabletop exercises, vulnerability testing, stress testing based on top cyberattack scenarios and other exercises focused on evaluating the effectiveness of our cybersecurity measures and planning and by leveraging the Federal Reserve Bank of New York methodology for cyber risk (“FFIEC CyberSecurity Assessment Tool”). The Company regularly engages third parties to perform independent assessments on our cybersecurity measures, including information security maturity assessments, audits and independent reviews of our information security control environment and operating effectiveness. The results of such assessments, audits and reviews are reported to the EROC, and the Company adjusts its cybersecurity policies, standards, processes and practices as necessary based on the information provided by these assessments, audits and reviews.

Incident Response and Recovery Planning

The Company has established and maintains comprehensive incident response and recovery plans that fully address the Company’s timely and effective response to a cybersecurity incident, and such plans are tested and evaluated on an annual basis. Multidisciplinary teams throughout the Company are deployed to address cybersecurity threats and to respond to cybersecurity incidents. Through ongoing communications with these teams, the CISO monitors the prevention, detection, mitigation and remediation of cybersecurity threats and incidents in real time and reports such threats and incidents to the Executive Response Team of the Company and as guided by the Company’s Chief Risk Officer, to the Risk Committee when appropriate.

The Company’s Security Incident Response Team (“SIRT”) structure includes an Executive Response Team (“ERT”). The ERT is composed of all members of the Executive Management Team, the Head of Business Continuity Management, and the CISO (if the incident is due to a cyber breach), and it oversees a Management Response Team (“MRT”). In the event of a security incident, the Company’s designated Response Coordinator, who is the Information Security Manager or the CISO’s designee, shall investigate the reported security incident and assign an initial severity level. They will gather initial facts about the security incident, analyze information it has received, identify those entities affected by the security incident, assess the preliminary severity and extent of the damage (which can be financial or reputational).

If the severity is assessed as Low or Medium in accordance with criteria identified in the incident response and recovery plans, the Response Coordinator will report the incident to the CISO and complete the remediation actions for the cybersecurity incident and report the final outcome to the CISO. The CISO will report to the ERT remediation of Low or Medium cybersecurity incidents at least on a quarterly basis. If the cybersecurity incident is classified as a High, or at the Response Coordinator’s discretion, the Response Coordinator will report the cybersecurity incident to the CISO and promptly convene the ERT. The ERT will determine the

appropriate steps necessary to respond to the cybersecurity incident and oversee the MRT’s execution of the response. The ERT will determine whether the cybersecurity incident needs to be escalated to the Board.

Third-Party Risk Management

The Company’s Third-Party Risk Management Program provides a risk-based approach to the assessment, measurement, monitoring, and control of risks related to third parties with whom the Company does business, including vendors, service providers and other external users of Company’s systems, as well as the systems of third parties that could adversely impact our business in the event of a cybersecurity incident affecting those third-party systems. In particular, the Company confirms that new and existing service providers are implementing appropriate measures to protect customer information and customer information systems in conformance with the Company’s requirements.

Education and Awareness

Through its Information Security Awareness Program, the Company provides regular, mandatory training regarding cybersecurity threats as a means to equip the Company’s personnel with effective tools to address cybersecurity threats, and to communicate the Company’s evolving information security policies, standards, processes and effective practices.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
CPPTL	1 day, 4 hours ago
TUSK	1 day, 4 hours ago
EQBK	1 day, 4 hours ago
FSUN	1 day, 4 hours ago
UBX	1 day, 4 hours ago
BSTT	1 day, 4 hours ago
NDLS	1 day, 4 hours ago
FNRN	1 day, 4 hours ago
SNBR	1 day, 4 hours ago
FCBC	1 day, 4 hours ago
MYFW	1 day, 4 hours ago
BRDG	1 day, 4 hours ago
AIMD	1 day, 4 hours ago
GRND	1 day, 4 hours ago
SPFI	1 day, 4 hours ago
ATRA	1 day, 4 hours ago
SGHT	1 day, 4 hours ago
CMCT	1 day, 4 hours ago
OB	1 day, 4 hours ago
NABL	1 day, 4 hours ago
NODK	1 day, 4 hours ago
RGTI	1 day, 4 hours ago
UNTY	1 day, 4 hours ago
HBT	1 day, 4 hours ago
ZCSH	1 day, 4 hours ago
ETCG	1 day, 4 hours ago
LXRX	1 day, 4 hours ago
EBTC	1 day, 5 hours ago
GSBC	1 day, 5 hours ago
CCFN	1 day, 6 hours ago
GPLB	1 day, 6 hours ago
BCBP	1 day, 6 hours ago
SBFG	1 day, 6 hours ago
HMST	1 day, 6 hours ago
CAC	1 day, 7 hours ago
BMNM	1 day, 7 hours ago
OFLX	1 day, 7 hours ago
FSTR	1 day, 7 hours ago
CARE	1 day, 8 hours ago
IBCP	1 day, 8 hours ago
BFST	1 day, 9 hours ago
LFWD	1 day, 9 hours ago
FNLC	1 day, 10 hours ago
COOK	1 day, 11 hours ago
ESPR	1 day, 11 hours ago
FORR	1 day, 12 hours ago
MASS	1 day, 12 hours ago
ADV	1 day, 12 hours ago
NBBK	1 day, 12 hours ago
WHF	1 day, 13 hours ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - AMAL

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - AMAL

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing