Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - ISBA
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors.
An investment in our common stock is subject to risks inherent to our business. The material risks and uncertainties that management believes affect us are described below. Before making an investment decision, you should carefully consider the risks and uncertainties described below, together with all the other information included or incorporated by reference herein. The risks and uncertainties described below are not the only ones facing us. Additional risks and uncertainties that management is not aware of or focused on or that management currently deems immaterial may also impair our business operations. This Annual Report on Form 10-K is qualified in its entirety by these risk factors.
If any of the events described in the risk factors should occur, our financial condition and results of operations could be materially and adversely affected. If this were to happen, the value of our securities could decline significantly, and you could lose all or part of your investment.
CREDIT RISKS
Deterioration in credit quality may adversely affect our earnings.
Our primary source of revenue is interest income derived from loans to individuals, small businesses, and commercial entities. As such, we are exposed to credit risk, which is the risk that borrowers may fail to meet their repayment obligations. Credit losses are inherent in the business of making loans and could have a material adverse effect on our operating results.
The credit quality of our loan portfolio can be influenced by several factors, including changes in economic conditions, the financial health of borrowers, industry-specific risks, and local market conditions. A downturn in the local or national economy could lead to higher unemployment rates, reduced consumer spending, and lower demand for credit, which in turn could increase the risk of loan defaults and charge-offs. Even in stable economic environments, we may experience higher-than-expected loan delinquencies or defaults, which could lead to increased provisions for loan losses and adversely impact our profitability and capital.
To manage the credit risk arising from lending activities, we maintain sound underwriting policies and procedures. We continuously monitor asset quality to determine the appropriateness of valuation allowances. We continuously monitor asset quality in order to determine the appropriateness of valuation allowances.
Credit losses could increase, and the allowance may not be adequate to cover actual loan losses.
We maintain an ACL to reserve for estimated expected credit losses within our loan portfolio.We maintain an ALLL to reserve for estimated incurred loan losses within our loan portfolio. The level of the ACL reflects our evaluation of industry concentrations; specific credit risks; loan loss experience; loan portfolio quality; and economic, political and regulatory conditions. The level of the ALLL reflects our evaluation of industry concentrations; specific credit risks; loan loss experience; loan portfolio quality; and economic, political and regulatory conditions. The determination of the appropriate level of the ACL inherently involves a high degree of subjectivity and requires management to make significant estimates related to current and expected future credit risks and trends, all of which may undergo material changes. Although management believes the ACL is appropriate to absorb probable losses within the loan portfolio, this allowance may not be adequate. An increase in the allowance would result in an expense for the period, thereby reducing the amount of reported net income, which may also adversely affect capital.
Concentrations within the loan portfolio may increase exposure to credit losses.
A financial institution’s exposure to risk increases if a disproportionate amount of the loan portfolio is extended to a single borrower, specific industry sector, or geographic area. A downturn in the economy, natural disaster, or industry-specific stressor may have a larger impact on the financial health of those borrowers, and in turn, the financial institution.
The Bank’s loan portfolio consists of consumer, commercial, and agricultural loans. While our risk management framework includes robust underwriting standards, diversified lending practices, and monitoring of concentration risk within the portfolio, unforeseen economic shocks or industry-specific downturns could still lead to higher-than-expected loan losses, charge-offs, and impairments to collateral.
6
INTEREST RATE AND LIQUIDITY RISKS
Changes in interest rates may reduce our net interest income.
As a financial institution, our earnings and cash flows are largely dependent upon our ability to generate net interest income. Interest rate risk results from the timing differences in the maturity or repricing frequency of a financial institution’s interest earning assets, such as loans and securities, and its interest-bearing liabilities, such as deposits and borrowed funds.
Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions, changes in monetary policy, demand for loans, securities and deposits, and policies of various governmental and regulatory agencies. We monitor the potential effects of changes in interest rates through simulations and gap analyses. We monitor the potential effects of changes in interest rates through simulations and gap analyses. To help mitigate the effects of changes in interest rates, we make significant efforts to stagger projected cash flows and maturities of interest sensitive assets and liabilities. To help mitigate the effects of changes in interest rates, we make significant efforts to stagger projected cash flows and maturities of interest sensitive assets and liabilities.
The value of our investment securities portfolio may be negatively impacted by fluctuations in the market, including credit deterioration of the issuers of individual securities.
A volatile interest rate environment, illiquid market, or decline in credit quality could require us to recognize a credit-related impairment to the investment securities held in our portfolio. We consider many factors in determining whether a credit-related impairment exists including the length of time and extent to which fair value has been less than cost, the investment credit rating, and the probability that the issuer will be unable to pay the amount when due. We consider many factors in determining whether an OTTI exists including the length of time and extent to which fair value has been less than cost, the investment credit rating, and the probability that the issuer will be unable to pay the amount when due. While we do not intend to sell a security in an unrealized loss position or before recovery of its cost basis, the presence of these risk factors could lead to impairment charges.
We are subject to liquidity risk in our operations, which could adversely impact our ability to fund various obligations.
Liquidity risk is the risk to earnings or capital arising from our inability to meet obligations, such as deposit withdrawals, loan disbursements, and other operating costs, when they come due without incurring unacceptable and significant costs. Liquidity risk includes the inability to manage unplanned changes in funding sources, or failure to address changes in market conditions that affect the ability to liquidate assets quickly and with minimal loss in value. Liquidity risk includes the inability to manage unplanned changes in funding sources, or failure to address changes in market conditions that affect the ability to liquidate assets quickly and with minimal loss in value. Retail deposits, cash, and unencumbered AFS securities are our primary sources of liquidity, supplemented by alternative and wholesale funding sources. Our ability to manage liquidity will be hindered if we are unable to maintain access to funding or if adequate financing is not available to accommodate future growth at acceptable costs. In addition, if we rely too heavily on more expensive funding sources to support future growth, our operating margins and profitability would be adversely affected.
Minimum capital requirements may adversely affect our ability to pay cash dividends, reduce our profitability, or otherwise adversely affect our business, financial condition or results of operations.
As a banking organization, our capital and liquidity are subject to regulation and supervision by banking regulators. We are required to maintain minimum levels of capital. The need to maintain capital and liquidity could result in our being required to increase our regulatory capital, restrict our lending capacity, and may dilute shareholder value or limit our ability to pay dividends or otherwise return capital to our investors through stock repurchases.
Our access to funds from subsidiaries may be restricted.
The Corporation is a separate and distinct legal entity from the Bank and its non-banking subsidiaries. The Corporation depends on dividends, distributions and other payments from its banking and non-banking subsidiaries to fund dividend payments on its common stock, debt service of subordinated borrowings, fund stock repurchase program and to fund strategic initiatives or other obligations. The Corporation’s subsidiaries are subject to laws that authorize regulatory bodies to block or reduce the flow of funds from those subsidiaries to the Corporation based on assertion that certain payments from subsidiaries are considered an unsafe or unsound practice, which could impede our access to funds that we may need to make payments on our obligations or dividend payments, if and when declared from time to time by our board of directors in its sole discretion out of funds legally available for that purpose.
Earnings may not grow if we are unable to successfully attract core deposits and lending opportunities and execute opportunities to generate fee-based income.
Historically, our loan and deposit growth has been the principal factor in our increase in net-interest income. If we are unable to execute our business strategy of continued growth in loans and deposits, our earnings could be adversely impacted. The Corporation’s ability to continue to grow depends, in part, upon our ability to expand our market share, to successfully attract core deposits and identify loan and investment opportunities, as well as opportunities to generate fee-based income. Our ability
7
to manage growth successfully will also depend on whether we can continue to efficiently fund asset growth and maintain asset quality and cost controls, as well as on factors beyond our control, such as economic conditions and interest-rate trends.
Wholesale funding sources may prove insufficient to replace deposits, support operations and future growth.
We must maintain sufficient funds to respond to the needs of customers. To manage liquidity, we use several funding sources in addition to core deposit growth, loan repayments and maturities of loans and securities. These sources include FHLB and FRB advances, proceeds from the sale of securities and loans and liquidity resources at the holding company. Our ability to manage liquidity will be severely constrained if unable to maintain access to funding or if adequate financing is not available to accommodate future growth at acceptable costs. In addition, if we need to rely heavily on more expensive funding sources to support future growth, revenues may not increase proportionately to cover costs. In this case, our operating margins and profitability would be adversely affected.
Loss of deposits or a change in deposit mix could increase our cost of funding.
Deposits are a lower cost and stable source of funding. We compete with banks and other financial institutions for deposits. Funding costs may increase if deposits are lost and we are forced to replace them with more expensive sources of funding, if customers shift their deposits into higher cost products or if we need to raise interest rates to avoid losing deposits. Higher funding costs reduce our net interest income, net interest margin, and net income.
Prepayments of loans may negatively impact our business as customers may prepay the principal amount of their outstanding loans at any time.
The speeds at which such prepayments occur, as well as the size of such prepayments, are within the customers’ discretion. Fluctuations in interest rates, in certain circumstances, may also lead to high levels of loan prepayments, which may also have an adverse impact on net interest income. If customers prepay the principal amount of their loans, and we are unable to lend those funds to other borrowers or invest the funds at the same or higher interest rates, interest income will be reduced. A significant reduction in interest income could have a negative impact on our results of operations and financial condition.
Secondary mortgage market conditions may adversely affect our financial condition and earnings.
The secondary mortgage markets are impacted by interest rates and investor demand for residential mortgage loans and increased investor yield requirements for these loans. These conditions may fluctuate in the future. As a result, a prolonged period of secondary market illiquidity may reduce our loan production volumes, change loan portfolio composition, and reduce operating results. Secondary markets are affected by Fannie Mae, Freddie Mac, and Ginny Mae for loan purchases that meet their conforming loan requirements. These agencies could limit purchases of conforming loans due to capital constraints, changes in conforming loan criteria or other factors. Proposals to reform mortgage finance could affect the role of these agencies and the market for conforming loans.
OPERATIONAL AND REPUTATIONAL RISKS
Operational risks could lead to financial loss, litigation, and reputation risk.
Like most financial institutions, we are exposed to many types of operational risk. Operational risk is the risk of loss resulting from failed or inadequate internal processes, people, and systems or from external events. Errors or lapses in internal controls could result in financial loss, regulatory violations, or reputational damage. Our dependence upon automated systems may further increase the risk that system errors will result in losses that are difficult to detect. Operational risks may also arise from employee misconduct, including fraud or theft. These factors may lead to reputation risk and transaction risk. These factors may lead to reputation risk and transaction risk.
Reputation risk is managed by developing and retaining marketplace confidence in handling customers’ financial transactions in an appropriate manner and protecting our safety and soundness. Transaction risk includes losses from fraud, error, the inability to deliver products or services, and loss or theft of information. Transaction risk includes losses from fraud, error, the inability to deliver products or services, and loss or theft of information. Transaction risk also encompasses product development and delivery, transaction processing, information technology systems, and the Corporation’s internal control environment. Transaction risk also encompasses product development and delivery, transaction processing, information technology systems, and the internal control environment.
To minimize potential losses due to operational risks, we have established a robust system of internal controls that are regularly tested by our internal audit department in conjunction with external audit firms.To minimize potential losses due to operational risks, we have established a robust system of internal controls that are regularly tested by our internal audit department in conjunction with the services of certified public accounting firms who assist in performing such internal audit work. While we strive to maintain robust internal controls and oversight, there is no guarantee that operational failures will be entirely avoided.
Unauthorized disclosure of sensitive or confidential client or customer information, whether through cyber-attacks, breach of computer systems or other means could severely harm the Company’s business.Unauthorized disclosure of sensitive or confidential client or customer information, whether through cyber attacks, breach of computer systems or other meansOur products, services and systems are accessed through critical company or third-party operations.
See Item 1C.Item 1A. Cybersecurity.
8
Our operations rely on external vendors.
We rely upon certain external vendors for our daily operations, some of which provide critical functions. If one of these vendors fails to perform in accordance with their established performance standards or encounters financial, regulatory, or strategic issues, it could disrupt our operations and/or expose us to liability. Extended disruption of our vital infrastructure by fire, power loss, natural disaster, telecommunications failure, computer hacking and viruses, or other events outside of our control, could have a significant impact on our operations. While we have a formal vendor management program to assist in vendor selection and ongoing performance monitoring, the failure of a vendor to perform in accordance with contractual agreements could have a material adverse effect on our financial condition and results of operations.
The Bank may experience losses related to fraud or theft.
Reported fraud continues to increase on local, state, and national levels. The increased use of the internet and mobile devices to conduct financial and other everyday transactions, coupled with the increased sophistication and activities of criminals, increases the Bank’s security risks. Criminals are using social engineering and phishing attacks for identity theft and account takeover. ATM/debit card, check, real-time payment, and wire fraud are just a few examples of the channels used by criminals to steal money. While the Bank continues to invest in fraud prevention tactics and tools, along with educating the public about common scams, the losses from fraud and theft cannot be eliminated entirely.
The Bank’s framework for managing risk may not be effective in mitigating its risk and loss.
The Bank’s risk management framework seeks to mitigate risk and loss by ensuring a culture of risk management is integrated throughout the Bank’s operational processes, strategic planning, and business lines. The Bank has established policies and procedures intended to identify, measure, monitor, report and manage risk. This includes oversight of compliance, credit, legal, liquidity, market, operational, strategic, reputational, and wealth risk. If our risk management framework proves ineffective, we could incur losses, regulatory penalties, and reputational damage that may affect our financial condition or results of operations.
Impairment of goodwill could result in a negative impact on our results of operations.
Under current accounting standards, goodwill is not amortized but, instead, is subject to impairment tests on at least an annual basis or more frequently if an event occurs or circumstances change that reduce the fair value of a reporting unit below its carrying amount. A decline in our stock price or the occurrence of a triggering event following any of our quarterly earnings releases and prior to the filing of the periodic report for that period could, under certain circumstances, require performance of a goodwill impairment test and result in an impairment charge being recorded for that period which was not reflected in such earnings release. During 2024, our annual impairment test conducted in October, using discounted cash flows and market-based approaches, indicated that the estimated fair value of our sole reporting unit “Isabella Bank” exceeded the carrying value. In a future assessment, we could conclude that all or a portion of our goodwill is impaired, which would result in a non-cash charge to earnings.
STRATEGY AND EXTERNAL RISKS
Deterioration in national, state and local economic conditions may adversely affect our financial performance.
The results of operations for financial institutions, including our Bank, may be adversely affected by changes in local, state, and national economic conditions. We provide banking and financial services to individuals and businesses located primarily in the Bay, Clare, Gratiot, Isabella, Mecosta, Midland, Montcalm, and Saginaw counties in Michigan. We provide banking and financial services to customers located primarily in the Clare, Gratiot, Isabella, Mecosta, Midland, Montcalm, and Saginaw counties in Michigan. The local economic conditions in these areas have a significant impact on the demand for our products and services, as well as the ability of our customers to repay loans, the value of the collateral securing loans, and the stability of our deposit funding sources. The local economic conditions in these areas have a significant impact on the demand for our products and services, as well as the ability of our customers to repay loans, the value of the collateral securing loans, and the stability of our deposit funding sources. A significant decline in general economic conditions, caused by inflation, recession, acts of terrorism, international or domestic occurrences, a health crisis, unemployment, changes in securities markets or other factors could impact these local economic conditions and, in turn, could have a material adverse effect on our financial condition and results of operations. A significant decline in general economic 6Table of Contentsconditions, caused by inflation, recession, acts of terrorism, international or domestic occurrences, a health crisis, unemployment, changes in securities markets or other factors could impact these local economic conditions and, in turn, could have a material adverse effect on our financial condition and results of operations.
An economic downturn in the state, national, or global markets, could also negatively impact our financial condition and results of our operations. Broader economic and geopolitical developments, including global trade tensions, political instability, and natural disasters, can create volatility in financial markets and affect the economic outlook. A significant decline in U.S. GDP, rising inflation, or prolonged high unemployment rates could reduce demand for loans, increase credit risk, and reduce consumer confidence. Geopolitical events, such as trade wars or foreign conflicts, can disrupt markets and introduce volatility, which may indirectly affect our operations by influencing local economic conditions, interest rates, and the availability of capital.
We continually monitor key economic indicators to anticipate the possible effects of downturns in the local, regional, and national economies. We continually monitor key economic indicators in an effort to anticipate the possible effects of downturns in the local, regional, and national economies.
9
Monetary policy and economic environment could impact our financial performance.
Our earnings are significantly affected by the monetary and fiscal policies of governmental authorities, including the FRB. Among the instruments of monetary policy used by the FRB to implement these objectives are open-market operations in U.S. Government securities and federal funds, changes in the discount rate on member bank borrowings, and changes in reserve requirements against member bank deposits. These instruments of monetary policy are used in varying combinations to influence the overall level of bank loans, investments, and deposits, and the interest rates charged on loans and paid for deposits.
The FRB frequently uses these instruments of monetary policy, especially its open-market operations and the discount rate, to influence the level of interest rates, thereby affecting the strength of the economy, the level of inflation, or the price of the dollar in foreign exchange markets. The monetary policies of the FRB have had a significant effect on the operating results of banking institutions in the past and are expected to continue to do so in the future. It is not possible to predict the nature of future changes in monetary and fiscal policies, or the effect which they may have on our business and earnings.
Wealth management business line could create risks associated with the industry.
Our wealth management operations present special risks not borne by institutions that focus exclusively on other traditional retail and commercial banking products. For example, the investment advisory industry is subject to fluctuations in the stock market and interest rate volatility that may have a significant adverse effect on transaction fees, client activity and client investment portfolio gains and losses. Also, additional or modified regulations may adversely affect our wealth management operations. In addition, our wealth management operations are dependent on our financial advisors, whose departure could result in the loss of a significant number of client accounts. A significant decline in fees and commissions or trading losses suffered in the investment portfolio could adversely affect our income and potentially require the contribution of additional capital to support our operations.
Strong competition within our markets may significantly impact profitability.
We compete with an ever-increasing array of financial service providers. See the section entitled “General” in Item 1. Business for additional competitor information. Competition from nationwide banks, as well as local institutions, continues to mount in our markets. To compete, we focus on quality customer service, making decisions at the local level, maintaining long-term customer relationships, building customer loyalty, and providing products and services designed to address the specific needs of customers. Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect growth and profitability.
Market changes may adversely affect demand for our services and impact revenue, costs, and earnings.
Channels for servicing our customers are evolving rapidly, with less reliance on traditional branch facilities, increased use of e-commerce channels, and demand for relationship managers who can service multiple product lines. We have an ongoing process for evaluating the profitability of our branch system and other office and operational facilities. The identification of unprofitable operations and facilities can lead to restructuring charges and introduce the risk of disruptions to revenues and customer relationships. We compete with larger financial institutions who are rapidly evolving their service channels and escalating the costs of the service process.
The soundness of other financial institutions could adversely affect us.
Our ability to engage in routine funding transactions could be adversely affected by the actions and commercial soundness of other financial institutions. Financial services institutions are interrelated because of trading, clearing, counterparties and other relationships. Further, when volatility, market events or similar issues affect a subset of financial institutions, or when there are news reports or high-profile incidents relating to trends, concerns, and other issues in the banking industry, the ramifications can affect the sector, regardless of the effect, or lack thereof, on any specific institution. We have exposure to different industries and counterparties through transactions with counterparties in the bank and non-bank financial services industries, including brokers and dealers, commercial banks, investment banks and other institutional clients. As a result, defaults by, or even rumors or questions about, one or more bank or non-bank financial services companies, or the bank or non-bank financial services industries generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Future events of this nature could have an adverse effect on our business, financial condition and results of operations.
Expansion, growth, and acquisitions could negatively impact earnings if not successful.
We may grow organically both by geographic expansion and through business line expansion, as well as through acquisitions. Success of these activities depends on our ability to continue to maintain and develop an infrastructure appropriate to support
10
and integrate such growth. Success may also depend on acceptance of the Bank by customers in these new markets and, in the case of expansion through acquisitions, these factors include the long-term recruitment and retention of key personnel and acquired customer relationships. Profitability depends on whether the marginal revenue generated in the new markets will offset the increased expenses of operating a larger entity, with more staff, more locations, and more product offerings. Failure to achieve any of these success factors may have a negative impact on our financial condition and results of operations.
We may be adversely affected by continuous technological change.
The financial services industry is undergoing rapid technological change which includes the frequent introduction of new technology-driven products and services. The effective use of technology increases efficiency and enables financial institutions to better serve customers. Our future success depends, in part, upon our ability to address the needs of customers by using technology to provide products and services that will satisfy customer demands, as well as to create additional operational efficiencies.
The introduction of new products and services can entail significant time and resources. Our failure to manage risks and uncertainties associated with new products and services exposes us to enhanced risk of operational lapses which may result in the recognition of financial statement liabilities. Regulatory and internal control requirements, capital requirements, competitive alternatives, vendor relationships and shifting market preferences may also determine if such initiatives can be brought to market in a manner that is timely and attractive to our customers. Products and services relying on internet and mobile technologies may expose us to fraud and cybersecurity risks. Failure to successfully manage these risks in the development and implementation of new products or services could have a material adverse effect on our business and reputation.
LEGAL, REGULATORY AND COMPLIANCE RISKS
We are subject to extensive government regulation and supervision, and any regulatory changes may adversely affect us.
As a federally insured financial institution, we are subject to regulation and oversight by various regulatory bodies including the FDIC, DIFS, FRB, SEC, and the CFPB. Federal and state laws and regulations are designed primarily to protect the deposit insurance fund, consumers, and the stability of the U.S. financial system, and not necessarily our shareholders. If we do not appropriately comply with regulations, the Bank may be subject to fines, penalties or judgements, or material regulatory restrictions in its business.
The nature, extent, and timing of the adoption of significant new laws, changes in existing laws, or repeal of existing laws may have a material impact on our business, results of operations, and financial condition, the effect of which is impossible to predict in advance. The nature, extent, and timing of the adoption of significant new laws, changes in existing laws, or repeal of existing laws may have a material impact on our business, results of operations, and financial condition, the effect of which is impossible to predict at this time.
The Bank has a formal Compliance Risk Management Program in place to mitigate the risk of noncompliance with laws, regulations, or rulings. However, changes or stricter enforcement of these laws could lead to higher compliance costs or require adjustments to our business practices, which may affect profitability. Regulatory authorities have extensive discretion in connection with their supervisory and enforcement activities. This includes the imposition of restrictions on the operations of an institution, the classification of assets by the institution, and the appropriateness of an institution’s allowance for credit losses. Future regulatory changes or accounting pronouncements may also increase our regulatory capital requirements or adversely affect our regulatory capital levels. 7Table of ContentsFuture regulatory changes or accounting pronouncements may increase our regulatory capital requirements or adversely affect our regulatory capital levels.
Legal and regulatory proceedings could adversely affect us or the financial services industry in general.
We may be subject to various legal and regulatory proceedings in the future. Actions by regulatory agencies or significant litigation against us could require significant time and resources to respond to those actions and may lead to penalties. Additionally, actions by regulatory agencies or significant litigation against us could require the dedication of significant time and resources to defend our business and may lead to penalties. Whether the claims and legal action related to our performance are founded or unfounded, if such claims and legal actions are not resolved in a manner favorable to us, they may result in significant liability, adversely affect reputation, and reduce demand for our products and services. Any financial liability or reputational damage could have a material adverse effect on our business, financial condition and results of operations.
Societal responses to climate change could adversely affect the Bank’s business and performance, including indirectly through impacts on the Bank’s customers.
Concerns over the long-term impacts of climate change have led and may continue to lead to governmental efforts around the world to mitigate those impacts. Consumers and businesses also may change their behavior on their own because of these concerns. The Bank and its customers will need to respond to new laws and regulations, as well as consumer and business preferences resulting from climate change concerns. The Bank and its customers may face cost increases, asset value reductions, operating process changes, among other impacts. The impact on our customers will likely vary depending on their
11
specific attributes, including reliance on our role in carbon intensive activities that may be negatively affected by economic transition towards a lower-carbon economy. The Bank could experience a drop in demand for its products and services, particularly in certain sectors. In addition, the Bank could face reductions in creditworthiness on the part of some customers or in the value of assets securing loans. The Bank’s efforts to take these risks into account in making lending and other decisions, including by increasing business relationships with climate-resilient companies, may not be effective in protecting use from the negative impact of new laws and regulations or changes in consumer or business behavior.
Pandemics, severe weather, natural disasters, acts of war or terrorism, and other external events could significantly impact our business and the business of our customers.
Pandemics, severe weather, natural disasters, acts of war or terrorism, and other adverse external events could have a significant impact on our ability to conduct business. Such events could affect the stability of borrowers to repay outstanding loans, impair the value of collateral securing loans, cause significant property damage, result in loss of revenue and/or cause us to incur additional expenses. Such events may have a particularly negative impact upon the business of customers who are engaged in the hospitality industry in our markets, which could have a direct negative impact on our business and results of operations. Further, work-from-home and other modified business practices may introduce additional operational risks, including cybersecurity and execution risks, which may result in inefficiencies or delays, and may affect our ability to, or the way we conduct our business activities.We have developed and tested disaster recovery plans for all significant aspects of our operations to minimize disruption.
GENERAL RISK FACTORS
Changes in accounting policies or in accounting standards could materially affect our results of operations, and financial condition.
Accounting policies are fundamental to understanding our results of operations, and financial condition. Some of the accounting policies are critical because they require us to make difficult, subjective and complex judgments about matters that are inherently uncertain and because it is likely that materially different amounts would be reported under different conditions or using different assumptions. We may experience material losses if such estimates or assumptions underlying in our financial statements are incorrect.
From time to time, the FASB and the SEC change the financial accounting and reporting standards or the interpretation of those standards that govern the preparation of our external financial statements. These changes could materially impact how we report our results of operations and financial condition. New or revised standards could also require retroactive application, which could result in the restatement of our prior period financial statements in material amounts.
Internal controls may become ineffective in preventing or detecting material errors.
We regularly review and update our internal controls, disclosure controls and procedures, and corporate governance policies and procedures. Any system of controls, however well designed and operated, is based in part on certain assumptions and can provide only reasonable, not absolute, assurances that the objectives of the controls are met. Any failure or circumvention of our controls and procedures or failure to comply with regulations related to controls and procedures could have a material adverse effect on our business, results of operations, and financial condition.
We may be unable to attract and retain key personnel.
Our success depends, in large part, on our ability to attract and retain key personnel. Competition for qualified personnel in the financial services industry can be intense, and we may not be able to hire or retain the key personnel. The unexpected loss of key personnel could have an adverse impact on our business because of their skills, knowledge of the markets in which we operate, years of industry experience and the difficulty of promptly finding a qualified replacement.
Although publicly traded, our common stock has substantially less liquidity than stocks listed on NYSE, NYSE American and NASDAQ exchanges.
Our common stock is traded on the OTC market under the symbol “ISBA.” The development and maintenance of an active public trading market depends upon the existence of willing buyers and sellers, the presence of which is beyond our control. While we are a publicly traded company, the volume of trading activity in our stock is still relatively limited. Even if a more active market develops, there can be no assurance that such a market will continue, or that our shareholders will be able to sell their shares at or above the price at which they acquired shares.
12
Item 1B. Unresolved Staff Comments.
None.
Item 1C.Item 1A. Cybersecurity.
Cybersecurity Risk
As a financial institution, we may be the target of a security breach due to a cybersecurity attack. While we have not encountered a cybersecurity incident that has materially impacted our operations or financial results, a security breach due to a cyber-attack in the future could result in a material impact to us, our customers, and our third-party vendors. The risk of such event could increase in the future due to the expansion of mobile banking and other internet-based product offerings, our use of internet-based services for internal and external purposes, acquisition and integration of new products and other offerings, increased use of third-party software solutions, and the growing customer reliance on mobile devices.
Cybersecurity incidents have increased in number and severity and it is expected that these trends will continue. Techniques used in cyber-attacks evolve frequently, are increasingly sophisticated, and may not be recognized until launched. Cyber-attacks can originate from a wide variety of sources, including both internal and external sources, cyber-criminals, hacktivists, groups linked to terrorist organizations or hostile countries, or third parties whose objective is to broadly disrupt the operations of financial institutions. We may be unable to fully prevent cyber-attacks due to the inability to anticipate, detect, or recognize threats to our systems, or to implement effective preventative measures against all breaches. In addition, we do not have control over the cybersecurity of the systems of our customers, counterparty, and third-party service providers.
Our products, services and systems are accessed through critical company or third-party operations. These operations involve the storage, processing and transmission of sensitive data, including proprietary or confidential data, regulated data, and personal information of employees and customers. This involves the storage, processing and transmission of sensitive data, including proprietary or confidential data, regulated data, and personal information of employees and customers. Successful breaches, employee wrongdoing, or human or technological error could result in unauthorized access, disclosure, modification, misuse, loss, or destruction of company, customer, or other third-party data or systems. Successful breaches, employee wrongdoing, or human or technological error could result in unauthorized access to, disclosure, modification, misuse, loss, or destruction of company, customer, or other third party data or systems. Examples of a breach include theft of sensitive, regulated, or confidential data, including personal information; loss of access to critical data or systems through ransomware, destructive attacks, or other means; and business delays, service or system disruptions, or denials of service. Examples include theft of sensitive, regulated, or confidential data including personal information; loss of access to critical data or systems through ransomware, destructive attacks or other means; and business delays, service or system disruptions or denials of service.
Should we, or the third parties we do business with, fall victim to successful cyber-attacks or experience other cybersecurity incidents, the result could include negative consequences. Such consequences could include, but are not limited to: significant disruption of our operations and those with whom we do business, including losing access to important business systems; misappropriation of confidential information related to customers, counterparties, employees, or other parties; severe damage to our reputation; the inability, or extended delays in the ability, to fully recover and restore data that has been stolen, manipulated, or destroyed, or the inability to prevent systems from processing fraudulent transactions; violations of applicable privacy and other laws; financial loss to us or our customers, counterparties, or employees; exposure to the risk of litigation, regulation, and other liability, which may include fines or other penalties and increased cybersecurity or other insurance premiums. The extent of a particular cyber-attack and the steps we must take to investigate and respond to it may not be immediately clear, and it may take a significant amount of time before such an investigation can be completed.
We have cybersecurity insurance intended to cover expenses related to notification, credit monitoring, investigation, crisis management, public relations, and legal advice.We have cybersecurity insurance, in the event a cybersecurity attack were to occur, covering expenses related to notification, credit monitoring, investigation, crisis management, public relations, and legal advice. In addition, we maintain insurance to cover restoration of data, certain physical damage, and third-party injuries caused by potential cybersecurity incidents. In addition, we maintain insurance to cover restoration of data, certain physical damage or third-party injuries caused by potential cybersecurity incidents. However, damage and claims arising from such incidents may not be covered or may exceed the amount of any insurance available. However, damage and claims arising from such incidents may not be covered or may exceed the amount of any insurance available. Insurance policies and coverage are reviewed at least annually in detail.
Risk Management
Cybersecurity threats are assessed, identified, and managed within our Enterprise Risk Management Framework. We use a multi-layered approach to effectively manage risk. This approach includes, but is not limited to: (1) employees who are responsible for and manage risk; (2) employees and systems that oversee, monitor, and report risk: and (3) independent assurance, evaluation, and oversight of risk management activities.
Our security strategy is a layered approach. We utilize multiple layers of defense, both internally and externally, to ensure the integrity of our systems and data. We engage reputable security partners (assessors, consultants, auditors, and other third parties) for real time analysis and protection of our network infrastructure. This includes the use of preventative and detective tools to monitor, block, and alert us to suspicious activity. We utilize industry and regulator recognized assessment tools, such as the FFIEC Cybersecurity Assessment Tool and the Ransomware Self-Assessment Tool, to identify potential cybersecurity
13
threats as well as the impact they could have on the Bank. Dashboards are used to track and monitor cybersecurity activity and trends.
We have established programs in place to proactively mitigate and respond to cybersecurity risk. The Vendor Management Program provides management with a framework to evaluate new vendors and ensure ongoing monitoring of third parties, including the evaluation of cybersecurity risk. The Incident Response Plan provides a framework for management to respond to and minimize the impact of an incident involving our information technology systems, or that of one of our third-party providers. The Business Continuity Plan provides information to prepare for and manage a business disruption.
Governance
All employees play a critical role in managing cybersecurity risk. Our Enterprise Risk Management Framework utilizes the three lines of defense model to define roles and responsibilities to effectively manage risk. First line employees own and manage risk, the second line oversees, monitors, and reports risk, and the third line provides independent assurance of risk management activities.
We employ Information Technology staff to analyze and protect our network infrastructure. Members of our IT staff have relevant training and education in computer networks and systems, information security and intelligence, and hold industry certifications related to network security, enterprise IT governance, and risk and information systems control. In addition, our employees’ network with peer banks, participate in industry groups, and attend ongoing training to stay abreast of cybersecurity threats and best practices.
Within the Enterprise Risk Management Framework, we have established committees, both at the management and board level, to oversee risk, and ensure cybersecurity risk is escalated appropriately to the Board.
The Information Technology Risk Management Committee is chaired by the Chief Technology Officer and comprised of IT management and other key stakeholders from across the Bank. They are responsible for identifying, measuring, monitoring, and controlling risk generated within IT, including cybersecurity risk. This committee reviews and updates risk assessments as necessary and monitors activity through risk reports and dashboards. A cybersecurity dashboard, which includes a summary of key risk metrics, is reviewed and monitored by the IT Risk Management. The Chief Technology Officer and Information Security Officer provide quarterly reports to the Board Risk Committee.
The Board Risk Committee assists the Board in fulfilling its responsibilities related to the oversight of the Bank’s Enterprise Risk Management Framework. The Board Risk Committee oversees executive management's design, implementation, and maintenance of an effective risk management program to ensure compliance with laws and regulations, and operation within the parameters established in the Bank’s risk appetite statement. This includes a review of the cybersecurity dashboard which summarizes key risk indicators and identifies emerging risks.
The Board Risk Committee provides a verbal risk report and meeting minutes to the Board periodically. In addition, the full Board reviews the Risk Management processes and results, and the Board's Audit Committee tracks any corrective actions identified in the Internal Audit process. Cybersecurity incidents are escalated to the Board in a timely manner using the processes defined within the Bank’s Incident Response Plan.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| AVAH | 20 hours ago |
| BLMH | 20 hours ago |
| PESI | 21 hours ago |
| NOTR | 21 hours ago |
| MCRB | 22 hours ago |
| MGTX | 22 hours ago |
| NDOI | 23 hours ago |
| LPCN | 1 day ago |
| STRW | 1 day ago |
| TRML | 1 day, 1 hour ago |
| INDP | 1 day, 2 hours ago |
| AFCG | 1 day, 2 hours ago |
| VIGL | 1 day, 2 hours ago |
| AKBA | 1 day, 2 hours ago |
| VFF | 1 day, 2 hours ago |
| RNAC | 1 day, 2 hours ago |
| MIST | 1 day, 2 hours ago |
| CLRB | 1 day, 2 hours ago |
| USEG | 1 day, 3 hours ago |
| CION | 1 day, 12 hours ago |
| CNTY | 1 day, 15 hours ago |
| MVBF | 1 day, 15 hours ago |
| ONTF | 1 day, 15 hours ago |
| FMFG | 1 day, 15 hours ago |
| SNES | 1 day, 16 hours ago |
| TALK | 1 day, 16 hours ago |
| LEGH | 1 day, 16 hours ago |
| CPSS | 1 day, 16 hours ago |
| ZVRA | 1 day, 16 hours ago |
| SKIN | 1 day, 16 hours ago |
| NN | 1 day, 16 hours ago |
| ASRT | 1 day, 16 hours ago |
| AACT | 1 day, 16 hours ago |
| AEYE | 1 day, 16 hours ago |
| PEBK | 1 day, 16 hours ago |
| HDSN | 1 day, 16 hours ago |
| AVR | 1 day, 16 hours ago |
| PGY | 1 day, 16 hours ago |
| SCYX | 1 day, 16 hours ago |
| ECOR | 1 day, 16 hours ago |
| MGRM | 1 day, 16 hours ago |
| LCNB | 1 day, 16 hours ago |
| BRT | 1 day, 17 hours ago |
| VRME | 1 day, 17 hours ago |
| ISBA | 1 day, 17 hours ago |
| TGT | 1 day, 17 hours ago |
| FOSL | 1 day, 17 hours ago |
| THM | 1 day, 17 hours ago |
| CDLX | 1 day, 17 hours ago |
| LOGC | 1 day, 17 hours ago |
