Item 1A. Risk Factors

This section highlights material risks that the Company currently faces. Any of the risks described below, along with management’s discussion and analysis and the consolidated financial statements and footnotes, could materially adversely affect our business, financial condition, and results of operations. Additional risks of which management currently is not aware or which management currently considers to not be material may also adversely affect our business, financial condition and results of operations. There is no assurance that this section describes all potential risks to which the Company may be exposed.

Risks Related to Our Business

Credit and Lending Risks

Our business, like that of most banking organizations, is highly susceptible to credit risk.

As a lender, the Bank is exposed to the risk that borrowers will be unable to repay their loans according to terms of the loan agreements and that the collateral securing payment of the loans (if any) may not be sufficient to assure repayment. Credit losses could have a material adverse effect on our business, financial condition, and results of operations.

We have exposure to risks associated with commercial and residential real estate.

A substantial portion of our loan portfolio consists of commercial and residential real estate-related loans, including construction and residential and commercial mortgage loans. As of December 31, 2024, we had approximately $357.7 million of owner-occupied and $560.1 million of investment commercial real estate loans outstanding, which represented approximately 19.5% and 30.5%, respectively, of our loan portfolio as of December 31, 2024. As of that same date, we had approximately $393.4 million of construction real estate loans and $439.5 million of residential real estate loans, which represented 21.4% and 23.9% respectively. As of December 31, 2023, we had approximately $282.1 million of owner-occupied and $461.8 million of investment commercial real estate loans outstanding, which represented approximately 16.3% and 26.7%, respectively, of our loan portfolio as of December 31, 2023. As of that same date, we had approximately $429.6 million of construction real estate loans and $474.6 million of residential real estate loans, which represented 24.9% and 27.5% respectively.

The adverse consequences from real estate-related credit risks tend to be cyclical and are often driven by local and national economic developments that are not controllable or entirely foreseeable by us or our borrowers. As a result:

•

we have a greater risk of loan defaults and losses in the event of economic weaknesses associated with commercial and residential real estate in our market area and nationally, which may have a negative effect on the ability of our borrowers to timely repay their loans or the value of collateral securing those loans; and

•

loan concentrations and the associated risks related to commercial and residential real estate may pose additional regulatory credit risk concerns, including interest rate risk due to maturity considerations, liquidity risk due to funding considerations and risks to earnings and capital.

During the ordinary course of our business, we may foreclose on and take title to properties securing certain loans, in which event we become exposed to the costs and risks inherent in the ownership of commercial and residential real estate, which could have an adverse effect on our business, financial condition and results of operations. The amount that we, as a mortgagee, may realize after a default is dependent upon factors outside of our control, including:

•

general or local economic conditions;

•

environmental clean-up liabilities;

•

neighborhood values;

•

interest rates;

•

real estate tax rates;

•

operating expenses of the foreclosed properties;

•

supply of and demand for rental units or properties;

•

ability to obtain and maintain adequate occupancy of the properties;

•

zoning laws;

•

governmental rules, regulations and fiscal policies; and

•

extreme weather conditions or other natural or man-made disasters.

Certain expenditures associated with the ownership of real estate, principally real estate taxes and maintenance costs, may also adversely affect our operating expenses.

In recent years commercial real estate markets both nationally and locally have been adversely affected by the COVID-19 pandemic. Remote employee work opportunities during the pandemic have impacted, and may continue to impact, the occupancy of commercial properties. Weakness in our commercial real estate market could result in an increased delinquency rate and losses from these loans. We believe that the resilience of our market and borrowers provides an ability to adjust to and withstand such risks. However, increased losses from this portfolio could have an adverse effect on our business, financial condition and results of operations.

Commercial and industrial loans may expose us to greater financial and credit risk than other loans.

Commercial and industrial loans can involve a greater degree of financial and credit risk than other loans, including less collateral at liquidation. Any significant failure to pay on time by these customers would hurt our earnings. The increased financial and credit risks associated with these types of loans result from several factors, including the concentration of principal in a limited number of loans and borrowers, the size of loan balances, the effects of general economic conditions on income-producing properties and the increased difficulty of evaluating and monitoring these types of loans and factors outside the borrowers' control such as adverse financial conditions and governmental regulations. In addition, when underwriting a commercial or industrial loan, we may take a security interest in commercial real estate, and, in some instances upon a default by the borrower, we may foreclose on and take title to the property, which may lead to additional risks for us under applicable environmental laws described below.

The small-to-midsized businesses that we lend to may have fewer resources to weather adverse business developments, which may impair a borrower’s ability to repay a loan, and such impairment could have a material adverse effect on our business, financial condition and results of operations.

We focus our business development and marketing strategy primarily on small-to-midsized businesses. These businesses frequently have smaller market shares than their competition, may be more vulnerable to economic downturns, often need additional capital to expand or compete and may experience volatility in operating results, any of which may impair a borrower’s ability to repay a loan. In addition, the success of a small-to-midsized business often depends on the management skills, talents and efforts of one or two people or a small group of people, and the death, disability or resignation of one or more of these people could have an adverse impact on the business and its ability to repay its loan. If general economic conditions negatively impact the markets in which we operate and small-to-midsized businesses are adversely affected or our borrowers are otherwise harmed by adverse business developments, this, in turn, could have a material adverse effect on our business, financial condition and results of operations.

The borrowing needs of our customers may increase, especially during a challenging economic environment, which could result in increased borrowing against our contractual obligations to extend credit.

A commitment to extend credit is a formal agreement to lend funds to a customer as long as there is no violation of any condition established under the agreement. The actual borrowing needs of our customers under these credit commitments have historically been lower than the contractual amount of the commitments. A significant portion of these commitments expire without being drawn upon. Because of the credit profile of our customers, we typically have a substantial amount of total unfunded credit commitments, which is not reflected on our balance sheet. As of December 31, 2024, we had $232.6 million in unfunded credit commitments to our customers. Actual borrowing needs of our customers may exceed our expectations, especially during a challenging economic environment when our customers may be more dependent on our credit commitments due to the lack of available credit elsewhere, the increasing costs of credit, or the limited availability of financings from venture firms. This could adversely affect our liquidity, which could impair our ability to fund operations and meet obligations as they become due and could have a material adverse effect on our business, financial condition and results of operations.

Our allowance for credit losses may not be adequate to cover actual future losses.

Our success depends significantly on the quality of our assets, particularly loans. Like all financial institutions, we are exposed to the risk that our borrowers may not repay their loans according to their terms, and the collateral securing the payment of these loans may be insufficient to fully compensate us for the outstanding balance of the loan plus the costs to dispose of the collateral.

We maintain an allowance for credit losses ("ACL"), which includes the allowance for credit losses on loans, at a level we believe is adequate to absorb expected losses in our loan portfolio as of the corresponding balance sheet date. The process to determine the ACL uses models and assumptions that require us to make difficult and complex judgments that are often interrelated. This includes forecasting how borrowers will perform in changing and unprecedented economic conditions. The ability of our borrowers to repay their obligations will likely be impacted by changes in future economic conditions, which in turn could impact the accuracy of our loss forecasts and allowance estimates. There is also the possibility that we have failed or will fail to accurately identify the appropriate economic indicators, to accurately estimate the timing of future changes in economic conditions, or to estimate accurately the impacts of future changes in economic conditions to our borrowers, which similarly could impact the accuracy of our loss forecasts and allowance estimates.

If the models, estimates, and assumptions we use to establish reserves or the judgments we make in extending credit to our borrowers prove inaccurate in predicting future events, we may suffer unexpected losses. The ACL is our best estimate of expected credit losses; however, there is no guarantee that it will be sufficient to address credit losses, particularly if the economic outlook deteriorates significantly and quickly. In such an event, we may increase our ACL, which would reduce our earnings. Additionally, to the extent that economic conditions worsen, impacting our consumer and commercial borrowers or underlying collateral, and credit losses are worse than expected, as may be caused by persistent inflation, an economic recession or otherwise, we may increase our provision for credit losses, which could have an adverse effect on our results of operations and could negatively impact our financial condition.

Continuing deterioration in economic conditions, including inflation, a possible recession, higher interest rates, unresolved or new adverse effects of a pandemic, and unanticipated problem loans, may necessitate an increase in our allowance for credit losses. In addition, bank regulatory authorities may require an increase to the allowance for credit losses to cover future charge-offs, based on their judgments which may differ from ours. In addition, bank regulatory authorities may require an increase or future charge-offs based on their judgments which may differ from ours.

We may be required to increase our provisions for credit losses and to charge off loans in the future, which increases in provision and charges could materially adversely affect us.

There is no precise method of predicting the timing of loan losses. We can give no assurance that our allowance for credit losses is or will be sufficient to absorb actual loan losses. We maintain an allowance for credit losses on loans, which is a reserve established through a provision for credit losses charged to expense, that represents management’s estimable and observable losses within the existing portfolio of loans. The level of the allowance reflects management’s evaluation of, among other factors, the status of specific individually evaluated loans, trends in historical loss experience, delinquency trends, credit concentrations and economic conditions within our market area. The determination of the appropriate level of the allowance for credit losses inherently involves a high degree of subjectivity and judgment and requires us to make significant estimates of current and expected future credit risks and future trends, any or all of which may undergo subsequent material changes. Changes in economic conditions affecting borrowers, new information regarding existing loans, identification of additional problem loans and other factors, both within and outside of our control, may require us to increase our allowance for credit losses. Increases in nonperforming loans have a significant impact on our allowance for credit losses.

In addition, bank regulatory agencies periodically review our allowance for credit losses and may require us to increase the provision for credit losses or to recognize further loan charge-offs, based on judgments that differ from those of management. If loan charge-offs in future periods exceed our allowance for credit losses, we will need to record additional provisions to increase our allowance for credit losses. Furthermore, growth in our loan portfolio would generally lead to an increase in the provision for credit losses. Generally, increases in our allowance for credit losses will result in a decrease in net income and stockholders’ equity, and may have a material adverse effect on our financial condition, results of operations and cash flows. Material additions to our allowance could also materially decrease our net income and, possibly, capital, and may have an adverse effect on our business.

Our credit standards and judgments and our ongoing process of credit assessment might not protect us from significant credit losses.

We extend credit to a variety of customers based on internally established standards, judgments and procedures. We manage credit risk through a program of underwriting standards, the review of certain credit decisions and an on-going process of assessment of the quality of the credit already extended. We avoid highly leveraged transactions as well as excessive industry and other concentrations. Our credit administration function employs risk management techniques to ensure that loans adhere to corporate policy and problem loans are promptly identified. While these procedures are designed to provide us with the information needed to implement policy adjustments where necessary, and to take proactive corrective actions, there can be no assurance that such measures will be effective in avoiding undue credit risk.

We are subject to environmental liability risk associated with our lending activities.

In the course of our business, we may purchase real estate, or we may foreclose on and take title to real estate. Although we exercise prudent due diligence when making loans, we could be subject to environmental liabilities with respect to these properties. We may be held liable to a governmental entity or to third parties for property damage, personal injury, investigation and clean-up costs incurred by these parties in connection with environmental contamination or may be required to investigate or clean up hazardous or toxic substances or chemical releases at a property. The costs associated with investigation or remediation activities could be substantial. In addition, if we are the owner or former owner of a contaminated site, we may be subject to common law claims by third parties based on damages and costs resulting from environmental contamination emanating from the property. Any significant environmental liabilities could cause an adverse effect on our business, financial condition and results of operations.

Climate change could have a material negative impact on us.

Climate change could negatively impact our business, as well as the operations and activities of our customers. Climate change could present both immediate and long-term risks to our operations, and these risks could increase over time. Climate change could present multi-faceted risks, including operational risks from the physical effects of environmental events on our facilities and other assets, as well as those of our customers; potential credit risk from borrowers with significant exposure to environmental risk; and potential reputational risk from shareholder and public comments and concerns about our practices related to climate change and our relationships with customers and vendors who operate in environmentally sensitive industries. Our business, reputation and ability to attract and retain employees could also be harmed if our responses to climate change are negatively perceived.

Interest Rate Risks

Changes in interest rates may negatively affect our earnings, income and financial condition as well as the value of our assets.

Our earnings and cash flows depend substantially upon our net interest income. Net interest income is the difference between interest income earned on interest-earning assets, such as loans and investment securities, and interest expense paid on interest-bearing liabilities, such as deposits and borrowed funds. Interest rates are sensitive to many factors that are beyond our control, including general economic conditions, competition and policies of various governmental and regulatory agencies and, in particular, the policies of the Federal Reserve.

In an attempt to help the overall economy and in response to inflationary pressures, throughout 2022 and 2023 the Federal Reserve increased its targeted Fed Funds rate. More recently, the Federal Reserve began decreasing the federal funds rate. At this time there is considerable uncertainty regarding future interest rate levels.

Changes in monetary policy, including rapid changes in interest rates, not only could influence the interest we receive on loans and investment securities and the amount of interest we pay on deposits and borrowings, but such changes could also affect: (1) our ability to originate loans and obtain deposits; (2) the fair value of our financial assets and liabilities, including our securities portfolio; and (3) the average duration of our interest-earning assets. Interest-earning assets may be more responsive to changes in interest rates than interest-bearing liabilities, or vice versa (repricing risk), individual interest rates or rate indices underlying various interest-earning assets and interest-bearing liabilities may not change in the same degree over a given time period (basis risk), and interest rate relationships may change across the spectrum of interest-earning asset and interest-bearing liability maturities (yield curve risk), including a prolonged flat or inverted yield curve environment. Higher interest payment obligations could also adversely affect certain borrowers, particularly our floating-rate borrowers. Substantial and prolonged increases in market interest rates could have a material adverse effect on our financial condition, results of operation, and liquidity.

We have implemented strategies to lessen the potential effects of interest rate changes on our financial condition and results of operations. However, such strategies may only mitigate these effects and not always be successful.

Liquidity Risk

Liquidity risk could impair our ability to fund operations, meet our obligations as they become due, and jeopardize our financial condition.

Liquidity is essential to our business. An inability to raise funds through deposits, borrowings, the sale of loans and other sources could have a substantial negative effect on our liquidity. Our access to funding sources in amounts adequate to finance our activities, or on terms that are acceptable to us, could be impaired by factors that affect us specifically or the financial services industry or the economy in general. Factors that could detrimentally affect our access to liquidity sources include, among other things, a decrease in the level of our business activity as a result of a downturn in the markets in which our loans are concentrated and an adverse regulatory action against us. Our ability to borrow could also be impaired by factors that are not specific to us, such as a disruption in the financial markets or negative views and expectations about the prospects for the financial services industry.

Among other sources of funds, we rely heavily on deposits for funds to make loans and provide for our other liquidity needs. However, our loan demand has historically exceeded the rate at which we have been able to build core deposits for which there is substantial competition from a variety of different competitors, so we have relied on interest-sensitive deposits, including wholesale deposits, as sources of funds. Those deposits may not be as stable as other types of deposits and, in the future, depositors may not renew those deposits when they mature, or we may have to pay a higher rate of interest to attract or retain them or to replace them with other deposits or with funds from other sources. Not being able to attract deposits, or to retain or replace them as they mature, would adversely affect our liquidity. Paying higher deposit rates to attract, retain or replace those deposits could have a negative effect on our interest margin and operating results. A failure to maintain adequate liquidity could have a material adverse effect on our business, financial condition and results of operation.

Operational Risks

New lines of business, products, product enhancements, or services may subject us to additional risks.

General. From time to time, we implement new lines of business, or offer new products and product enhancements as well as new services within our existing lines of business and we will continue to do so in the future. There are risks and uncertainties associated with these efforts, particularly in instances where the markets are not fully developed. In implementing, developing, or marketing new lines of business, products, product enhancements or services, we may invest significant time and resources, although we may not assign the appropriate level of resources or expertise necessary to make these new lines of business, products, product enhancements or services successful or to realize their expected benefits. Further, initial timetables for the introduction and development of new lines of business, products, product enhancements or services may not be achieved, and price and profitability targets may not prove feasible. External factors, such as compliance with regulations, competitive alternatives and shifting market preferences, may also impact the ultimate implementation of a new line of business or offerings of new products, product enhancements or services. Furthermore, any new line of business, product, product enhancement or service could have a significant impact on the effectiveness of our system of internal controls. Failure to successfully manage these risks in the development and implementation of new lines of business or offerings of new products, product enhancements or services could have an adverse impact on our business, financial condition or results of operations.

Payments Services. In 2016, we added a new funding source by way of facilitating payment services. We are continuing to identify and solicit new customers in need of these specialized services. The primary reasons for expanding into payment services are to secure an additional source of low-cost deposits and to capture additional fee income. A bank’s risks when dealing with a processor account are similar to risks from other activities in which customers conduct transactions through the bank on behalf of the customers’ clients. It is necessary for a bank to implement an adequate processor approval, monitoring and auditing program that extends beyond credit risk management and is conducted on an ongoing basis. When a bank is not able to identify and understand the nature and source of transactions processed through accounts, the bank’s risks and the likelihood of suspicious activity can increase. Without these precautions, a bank could be vulnerable to processing illicit or sanctioned transactions.

BAAS Software Solutions. Developing and deploying a software program has added, and may contain to add, additional risk, including financial, cybersecurity, compliance and reputational concerns. Developing and deploying a software program may add additional risk, including cybersecurity, compliance, financial, and reputational concerns.

In 2021, the Company began development of a proprietary BAAS solution, Avenu, to provide an embedded banking solution that connects our partners (fintech, application developers, money movers, and entrepreneurs) directly and seamlessly to our Software as a Service (SAAS). At the end of 2024, management reviewed the Avenu platform’s performance. Delays in bringing Avenu to market and subsequent changes in revenue generation potential necessitated a review for impairment and a resulting charge to earnings of the full value of its capitalized intangible software. For additional information, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

We face risks related to our operational, technological, and organizational infrastructure.

Our ability to grow and compete is dependent on the Company’s ability to build or acquire the necessary operational and technological infrastructure and to manage the cost of that infrastructure as we expand. In our case, operational risk can manifest itself in many ways, such as errors related to failed or inadequate processes, faulty or disabled computer systems, fraud by employees or outside persons and exposure to external events. As discussed below, we are dependent on our operational infrastructure to help manage these risks. In addition, we are heavily dependent on the strength and capability of our technology systems that the Company uses both to interface with customers and to manage internal financial and other systems. Our ability to develop and deliver new products that meet the needs of our existing customers and attract new ones depends on the functionality of our technology systems. Additionally, our ability to run our business in compliance with applicable laws and regulations is dependent on these infrastructures.

We continuously monitor our operational and technological capabilities and make modifications and improvements as circumstances warrant. In some instances, the Company may build and maintain these capabilities itself. We outsource many of these functions to third parties. These third parties may experience errors or disruptions that could adversely impact the Company and over which it may have limited control. We also face risk from the integration of new infrastructure platforms and/or new third-party providers of such platforms into the Company’s existing businesses.

Many of our larger competitors have substantially greater resources to invest in technological improvements. As a result, they may be able to offer additional or superior technologies compared to those that we will be able to provide, which could put us at a competitive disadvantage. Accordingly, we may lose customers seeking new technology-driven products and services to the extent we are unable to compete effectively.

A failure or a breach of our operational systems or infrastructure, or those of third party service providers, could disrupt our business, result in the unauthorized disclosure of confidential or proprietary information, damage our reputation, and cause financial losses.

Operations Risk. Our business is dependent on our ability to process, store and transmit, on a daily basis, numerous transactions. These transactions, as well as the information technology services we provide to clients, often must adhere to client-specific guidelines, as well as legal and regulatory standards. Developing and maintaining our operational systems and infrastructure is challenging, particularly as a result of rapidly evolving legal and regulatory requirements and technological shifts. Our financial, accounting, data processing or other operating systems and facilities may fail to operate properly or become disabled as a result of events that are wholly or partially beyond the Company’s control, such as a spike in transaction volume, cyber-attack or other unforeseen catastrophic events, which may adversely affect our ability to process these transactions or provide services.

In addition, our operations rely on the secure processing, storage and transmission of confidential, proprietary and other information on our computer systems, networks. and cloud infrastructure. Although we take protective measures to maintain the confidentiality, integrity, and availability of our and our clients’ information across all geographic and product lines, and endeavor to modify these protective measures as circumstances warrant, the nature of the threats continues to evolve. As a result, our computer systems, software, and networks may be vulnerable to unauthorized access, loss or destruction of data (including confidential and proprietary client information), account takeovers, unavailability of service, computer viruses or other malicious code, cyber-attacks and other events that could have an adverse security impact. Despite the defensive measures we take to manage our internal technological and operational infrastructure, these threats may originate externally from third parties such as foreign governments, organized crime and other hackers, and outsource or infrastructure-support providers and application developers or may originate internally from within our organization. Given the increasingly high volume of our transactions, certain errors may be repeated or compounded before they can be discovered and rectified.

We also face the risk of operational disruption, failure, termination or capacity constraints of any of the third parties that facilitate our business activities, including exchanges, clearing agents, clearing houses or other financial intermediaries. Such parties could also be the source of an attack on, or breach of, our operational systems, data or infrastructure. In addition, as interconnectivity with our clients grows, we increasingly face the risk of operational failure with respect to our clients’ systems.

Vendor Support Risk. As discussed below, we rely on external vendors to support our operations. We also rely on vendors to provide part of the services we deliver to customers. While we have a vendor management program policy in place and believe we have selected our vendors appropriately, we cannot directly control their employees or their operating environments. A breach or failure of a chosen vendor could have a material adverse impact on our operating environment and may expose the Company’s or our customers’ data which could result in operational, compliance and/or reputational risks. A breach or failure of a chosen vendor could have a material adverse impact on our operating environment. Replacing a chosen vendor could also result in a significant delay and expense.

Internet Risk. Our services and technology solutions rely on internet communications. Computers connected to the internet are vulnerable to many types of threats by cyber criminals. Although none of these types of attacks have had a material impact on our business to date, we anticipate that the efforts to attack our systems, and those of our customers and vendors, will grow in complexity and volume. As such, we have developed an incident response plan to coordinate the efforts following the identification of an attack.

Failure to maintain a secure computing environment, stay up to date on security vulnerabilities or deploy adequate technologies to protect against attacks, may subject our information and systems to security breaches that could compromise confidential information and damage our reputation and business. We rely on industry-standard encryption and authentication security systems to provide the security required to protect our data. Periodically our systems are subjected to scans, exploitations and audits by a qualified independent third party to evaluate the effectiveness of our security controls and system configurations.

Cyber criminals may attempt to trick employees, customers or vendors through phishing schemes or other methods to disclose sensitive information. Employees receive annual security training and are periodically assessed through simulated attack tools to assist with behavior shaping and coaching against social engineering threats.

If one or more of these events occurs, it could potentially jeopardize the confidential, proprietary and other information processed and stored in, and transmitted through, the Company’s computer systems and networks, or otherwise cause interruptions or malfunctions in our, as well as our clients’ or other third parties’ operations, which could result in damage to our reputation, substantial costs, regulatory penalties and/or client dissatisfaction or loss.

Potential costs of a cyber incident may include, but would not be limited to, remediation costs, increased protection costs, lost revenue from the unauthorized use of proprietary information or the loss of current and/or future customers, and litigation.

Insurance Risk. We maintain an insurance policy through the Company’s blanket bond at the maximum of currently available limits. However, we cannot assure you that this policy would be sufficient to cover all financial losses, damages, and penalties, including lost revenues, should the Company experience any one or more of our or a third party’s systems failing or experiencing attack.

A cyber-attack or other security incident, including one that results in the theft, loss, manipulation, or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions.

A “deep fake” incident, which involves synthetic media that is created using artificial intelligence to create realistic images, videos, or audio recordings of people that appear to be real but are not. This technology has the potential to be used for malicious purposes, such as spreading misinformation or impersonating individuals. Deep fakes could have a material impact on the Company in a number of ways, including:

●

Loss of reputation - deep fakes could be used to damage a company's reputation by creating false or misleading content that is attributed to the company,

●

Financial losses - deep fakes could be used to manipulate the stock market by creating false or misleading information about a company's financial performance, and

●

Legal liability - deep fakes could expose companies to legal liability for defamation, copyright infringement, or other claims.

Our ability to provide our products and services, many of which are internet-based, and communicate with our customers, depends upon the management and safeguarding of information systems and infrastructure, networks, software, data, technology, methodologies and business secrets, including those of our service providers. Our products and services involve the collection, authentication, management, usage, storage, transmission and eventual destruction of sensitive and confidential information, including personal information, regarding our customers and their accounts, our employees, our partners and other third parties with which we do business. We also have arrangements in place with third parties through which we share and receive information about their customers who are or may become our customers. The financial services industry, including the Company, is particularly at risk because of the use of and reliance on digital banking products and other digital services, including mobile banking products, such as mobile payments, and other internet- and cloud-based products and applications, and the development of additional remote connectivity solutions, which increase cybersecurity risks and exposure.

Technologies, systems, networks, and other devices of the Bank as well as those of our employees, service providers, partners and other third parties with whom we interact, have been and may continue to be the subject of cyber-attacks and other security incidents, including computer viruses, hacking, malware, ransomware, supply chain attacks, vulnerabilities, credential stuffing, or phishing or other forms of social engineering. Such cyber-attacks and other security incidents are designed to lead to various harmful outcomes, such as unauthorized transactions in the Bank’s accounts, unauthorized or unintended access to or release, gathering, monitoring, disclosure, loss, destruction, corruption, disablement, encryption, misuse, modification or other processing of confidential or sensitive information (including personal information), intellectual property, software, methodologies or business secrets, disruption, sabotage or degradation of service, systems or networks, or other damage. These threats may derive from, among other things, error, fraud or malice on the part of our employees, insiders, or third parties or may result from accidental technological failure or design flaws. Any of these parties may also attempt to fraudulently induce employees, service providers, customers, partners or other third-party users of our systems or networks to disclose confidential or sensitive information (including personal information) in order to gain access to our systems, networks or data or that of our customers, partners, or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment. For instance, any party that obtains our confidential or sensitive information (including personal information) through a cyber-attack or other security incident may use this information for ransom, to be paid by us or a third party, as part of a fraudulent activity that is part of a broader criminal activity, or for other illicit purposes.

Cyber and information security risks for financial institutions like us continue to increase due to the proliferation of new technologies, the industry-wide shift to reliance upon the internet to conduct financial transactions, and the increased sophistication and activities of malicious actors, organized crime, perpetrators of fraud, hackers, terrorists, activists, extremist parties, formal and informal instrumentalities of foreign governments, state-sponsored actors and other external parties. In addition, our customers access our products and services using personal devices that are necessarily external to our security control systems. There has also been a significant proliferation of consumer information available on the internet resulting from breaches of third-party entities, including personal information, log-in credentials and authentication data. This threat could include the risk of unauthorized account access, data loss and fraud. The use of artificial intelligence, “bots” or other automation software can increase the velocity and efficacy of these types of attacks. We will likely face an increasing number of attempted cyber-attacks as we expand our mobile and other internet-based products and services, as well as our usage of mobile and cloud technologies and as we provide more of these services to a greater number of banking customers.

The methods and techniques employed by malicious actors change frequently, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and persist for an extended period of time before being detected and remediated. We may also be unable to hire, develop and retain talent that keeps pace with the rapidly changing cyber threat landscape, and which are capable of preventing, detecting, mitigating or remediating these risks. Although we seek to maintain a robust suite of authentication and layered information security controls, any one or combination of these controls could fail to prevent, detect, mitigate or remediate these risks in a timely manner.

A disruption or breach, including as a result of a cyber-attack or media reports of perceived security vulnerabilities at the Bank or at our service providers, could result in legal and financial exposure, regulatory intervention, litigation, remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. There can be no assurance that unauthorized access or cyber incidents will not occur or that we will not suffer material losses in the future. If future attacks are successful or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services. In addition, a breach or attack affecting one of our service providers or other third parties with which we interact could harm our business even if we do not control the service that is attacked.

Further, our ability to monitor our service providers’ cybersecurity practices is limited. Although the agreements that we have in place with our service providers generally include requirements relating to cybersecurity and data privacy, we cannot guarantee that such agreements will prevent a cyber incident impacting our systems or information or enable us to obtain adequate or any reimbursement from our service providers in the event we should suffer any such incidents.

In addition, the increasing prevalence and the evolution of cyber-attacks and other efforts to breach or disrupt our systems or networks or those of our customers, service providers, partners or other third parties with which we interact has led, and will likely continue to lead, to increased costs to us with respect to preventing, detecting, mitigating and remediating these risks, as well as any related attempted fraud. In order to address ongoing and future risks, we must expend resources to support protective security measures, investigate and remediate any vulnerabilities of our information systems and infrastructure and invest in new technology designed to mitigate security risks. Further, high profile cyber incidents at the Bank or other financial institutions could lead to a general loss of customer confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the global financial system in general, which could result in reduced use of our financial products. We have insurance against some cyber risks and attacks; nonetheless, our insurance coverage may not be sufficient to offset the impact of a material loss event (including if our insurer denies coverage as to any particular claim in the future), and such insurance may increase in cost or cease to be available on commercially reasonable terms, or at all, in the future.

We rely on third party service providers to provide key components of our business infrastructure, and a failure of these parties to perform for any reason could disrupt our operations.

Third parties provide key components of our business infrastructure such as data processing, internet connections, network access, cloud computing access, core application processing, statement production and account analysis. Our business depends on the successful and uninterrupted functioning of our information technology and telecommunications systems and third-party servicers. The failure of these systems, or the termination of a third-party software license or service agreement on which any of these systems is based, could interrupt our operations. Because our information technology and telecommunications systems interface with and depend on third-party systems, we could experience service denials if demand for such services exceeds capacity or such third-party systems fail or experience interruptions. Replacing vendors or addressing other issues with our third-party service providers could entail significant delay and expense. If we are unable to efficiently replace ineffective service providers, or if we experience a significant, sustained or repeated system failure or service denial, it could compromise our ability to operate effectively, damage our reputation, result in a loss of customer business, and subject us to additional regulatory scrutiny and possible financial liability, any of which could have an adverse effect on our business, financial condition and results of operations.

Reputational risk and social factors may impact our results.

Our ability to originate and maintain accounts is highly dependent upon consumer and other external perceptions, whether or not true, of our business practices and/or our financial health. Adverse perceptions could damage our reputation in both the customer and funding markets, leading to difficulties in generating and maintaining accounts as well as in financing them. Adverse developments with respect to the consumer or other external perceptions regarding the practices of our competitors, or our industry as a whole, may also adversely impact our reputation. In addition, adverse reputational impacts on third parties with whom we have important relationships may also adversely impact our reputation. Adverse impacts on our reputation, or the reputation of our industry, may also result in greater regulatory and/or legislative scrutiny, which may lead to laws or regulations that may change or constrain the manner in which the Company engages with its customers and the products the Company offers. Adverse reputational impacts or events may also increase our litigation risk. We carefully monitor internal and external developments for areas of potential reputational risk and have established governance structures to assist in evaluating such risks in our business practices and decisions.

We could be subject to losses, regulatory action, or reputational harm due to fraudulent and negligent acts on the part of loan applicants, our employees, and vendors.

In deciding whether to extend credit or enter into other transactions with clients and counterparties, and the terms of any such transaction, we may rely on information furnished by or on behalf of clients and counterparties, including financial statements, property appraisals, title information, employment and income documentation, account information and other financial information. We may also rely on representations of clients and counterparties as to the accuracy and completeness of that information and, with respect to financial statements, on reports of independent auditors. Any such misrepresentation or incorrect or incomplete information, whether fraudulent or inadvertent, may not be detected prior to funding. In addition, one or more of our employees or vendors could cause a significant operational breakdown or failure, either as a result of human error or where an individual purposefully sabotages or fraudulently manipulates our loan documentation, operations or systems. Whether a misrepresentation is made by the applicant or another third party, we generally bear the risk of loss associated with the misrepresentation. A loan subject to a material misrepresentation is typically unsellable or subject to repurchase if it is sold prior to detection of the misrepresentation. The sources of the misrepresentations may also be difficult to locate, and we may be unable to recover any of the monetary losses we may suffer as a result of the misrepresentations. Any of these developments could have an adverse effect on our business, financial condition and results of operations.

We are subject to claims and litigation pertaining to intellectual property.

Banking and other financial services companies, such as ours, rely on technology companies to provide information technology products and services necessary to support their day-to-day operations. Technology companies frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they have purchased or otherwise obtained. Competitors of our vendors, or other individuals or companies, may from time to time claim to hold intellectual property sold to us by our vendors. Such claims may increase in the future as the financial services sector becomes more reliant on information technology vendors. The plaintiffs in these actions frequently seek injunctions and substantial damages.

Regardless of the scope or validity of such patents or other intellectual property rights, or the merits of any claims by potential or actual litigants, we may have to engage in protracted litigation. Such litigation is often expensive, time-consuming, disruptive to our operations and distracting to management. If we are found to infringe one or more patents or other intellectual property rights, we may be required to pay substantial damages or royalties to a third party. In certain cases, we may consider entering into licensing agreements for disputed intellectual property, although no assurance can be given that such licenses can be obtained on acceptable terms or that litigation will not occur. These licenses may also significantly increase our operating expenses. If legal matters related to intellectual property claims were resolved against us or settled, we could be required to make payments in amounts that could have an adverse effect on our business, financial condition and results of operations. As described below these competitors include banks, other financial institution and non-banks offering services and products previously only provided by banks.

The decreased soundness of other financial institutions could adversely affect us.

Our ability to engage in routine funding transactions could be adversely affected by the actions and commercial soundness of other financial institutions. Financial services institutions are interrelated as a result of trading, clearing, counterparty or other relationships. We have exposure to many different industries and counterparties, and we routinely execute transactions with counterparties in the financial industry. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led in the past to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Many of these transactions expose us to credit risk in the event of default of our counterparty or client. In addition, our credit risk may be exacerbated when the collateral that we hold cannot be realized upon or is liquidated at prices insufficient to recover the full amount of the loan. We cannot assure you that any such losses would not materially and adversely affect our business, financial condition or results of operations.

COVID-19 and its variants have not been completely eliminated.

The Company has resumed pre-COVID-19 pandemic business activities, and our employees have returned to the office. The Bank’s branch offices are open and operating during normal business hours. To protect the health of its customers and employees, the Company continues to take precautions. Those actions have not impaired our ability to conduct business and fully serve our customers. While the adverse impacts of the COVID-19 pandemic have dissipated, COVID-19 and its variants have not been completely eliminated. New variants could adversely disrupt our future operations.

The re-emergence of widespread health emergencies or pandemics, such as coronavirus, could lead to quarantines, business shutdowns, increases in unemployment, labor shortages, disruptions to supply chains, and overall economic instability. Events such as these may become more common in the future and could cause significant damage such as disrupt power and communication services, impact the stability of our facilities and result in additional expenses, impair the ability of our borrowers to repay their loans, reduce the value of collateral securing the repayment of our loans, which could result in the loss of revenue. While we have established and regularly test disaster recovery procedures, the occurrence of any such event could have a material adverse effect on our business, operations and financial condition.

Strategic Risks

Strong competition within our market area could reduce our profits and slow growth.

We face strong competition in making loans, attracting deposits and hiring and retaining experienced employees from various competitors, many of which are larger and have greater financial resources than the Company. Price competition for loans and deposits may result in our charging lower interest rates on loans and paying higher interest rates on deposits, thereby reducing our net interest income. Price competition also may limit our ability to originate loans and adversely affect our growth and profitability. Competition makes it more difficult and costly to attract and retain qualified employees.

Our financial performance will be negatively affected if we are unable to execute our growth strategy.

Our stated growth strategy is to grow organically and supplement that growth with select acquisitions, if available. Our success depends primarily on generating loans and deposits of acceptable risk and expense. There can be no assurance that we will be successful in continuing our organic, or internal, growth strategy. Our ability to identify appropriate markets for expansion, recruit and retain qualified personnel, and fund growth at reasonable cost, depends upon prevailing economic conditions, maintenance of sufficient capital, competitive factors, changes in banking laws, and other factors.

We cannot be certain as to our ability to manage increased levels of assets and liabilities without increased expenses and higher levels of nonperforming assets. We may be required to make additional investments in equipment and personnel to manage higher asset levels and loan balances, which may adversely affect earnings, shareholder returns, and our efficiency ratio. Increases in operating expenses or nonperforming assets may decrease our earnings and the value of the Company’s capital stock.

We may face increasing deposit-pricing pressures, which may, among other things, reduce our profitability.

Deposit pricing pressures may result from competition as well as changes to the interest rate environment. Current economic conditions have intensified competition for deposits. The competition has had an impact on interest rates paid to attract deposits as well as fees charged on deposit products. In addition to the competitive pressures from other depository institutions, we face heightened competition from non-depository financial products such as securities and other alternative investments.

Furthermore, technology and other market changes have made it more convenient for bank customers to transfer funds for investing purposes. Bank customers also have greater access to deposit vehicles that facilitate spreading deposit balances among different depository institutions to maximize FDIC insurance coverage. In addition to competitive forces, we also are at risk from market forces as they affect interest rates. It is not uncommon when interest rates transition from a low interest rate environment to a rising rate environment, for deposit and other funding costs to rise in advance of yields on earning assets. In order to keep deposits required for funding purposes, it may be necessary to raise deposit rates without commensurate increases in asset pricing in the short term.

Prior to 2022, it had been the policy of the Federal Reserve to maintain interest rates at historically low levels through its targeted federal funds rate and the purchase of mortgage-backed securities. As a result, market rates on the loans we originated and the yields on securities we purchased during that period have been at historically low levels. As a result, market rates on the loans we have originated and the yields on securities we have purchased have been at historically low levels. As discussed above, rates are fluctuating, and due to a number of factors including changes in monetary policies of the Federal Reserve, will likely continue to fluctuate.

External and Market-Related Risks

Changes in general business, economic and political conditions, especially in our market area, could adversely affect our growth and earnings.

Our success depends, to a certain extent, upon general business economic and political conditions, local and national, as well as governmental monetary policies. Conditions such as inflation, recession, unemployment, changes in interest rates, money supply and other factors beyond our control may adversely affect our asset quality, deposit levels and loan demand and, therefore our growth and earnings. In addition, there are continuing concerns related to, among other things, the level of U.S. government debt and fiscal actions that may be taken to address that debt, a potential resurgence of economic and political tensions with or between other countries may have a destabilizing effect on financial markets and economic activity. Economic pressure on consumers, businesses and overall economic uncertainty may result in changes in spending, borrowing, and saving habits. These economic conditions and other negative developments in the domestic or international credit markets and economies may significantly affect the markets in which we do business. Adverse changes in the economy may also have a negative effect on the ability of our borrowers to make timely repayments of their loans, which would have an adverse impact on our earnings.

Inflationary pressures and rising prices may affect our results of operations and financial condition.

Inflation began to rise sharply at the beginning of 2022 and remained at an elevated level through the present time. Small to medium-sized businesses may be impacted more during periods of high inflation as they are not able to leverage economies of scale to mitigate cost pressures compared to larger businesses. Consequently, the ability of our business customers to repay their loans may deteriorate, and in some cases this deterioration may occur quickly, which would adversely impact our results of operations and financial condition. Furthermore, a prolonged period of inflation could cause wages and other costs to the Company to increase, which could adversely affect our results of operations and financial condition.

If we do not adjust to rapid changes in the financial services industry, our financial performance may suffer.

We face substantial competition for customer relationships, as well as other sources of funding in the communities we serve. Competing providers include other banks, savings institutions and trust companies, insurance companies, mortgage banking operations, credit unions, finance companies, title companies, money market funds and other financial and nonfinancial companies which offer products functionally equivalent to those available at the Bank. Many competing providers have greater financial resources than we do and offer services within and outside the market areas we serve. In addition to this challenge of attracting and retaining customers for traditional banking services, our competitors include securities dealers, brokers, mortgage bankers, investment advisors and finance and insurance companies who seek to offer one-stop financial services to their customers that may include services that financial institutions have not been able or allowed to offer to their customers in the past. The increasingly competitive environment is primarily a result of changes in regulation, changes in technology and product delivery systems and the accelerating pace of consolidation among financial service providers. If we are unable to adjust both to increased competition for traditional banking services and changing customer needs and preferences, our financial performance and your investment in our capital stock could be adversely affected.

The results of mainstream media and social media contagion and speculation resulting from externalities could have a broad impact on the banking system and have an adverse effect on us.

The results of poorly executed decisions in a financial institution of significant size can negatively impact other financial institutions, despite the quality of leadership and decision making of the other financial institutions or their ability to effectively identify, measure, manage and control risk.

Misinformed or inaccurate reporting regarding an incident or incidents can impact the broader banking industry. Any adverse financial market or economic condition could be reported in a way to exert downward pressure on the price of financial institution securities and could negatively impact credit availability for certain issuers without regard to their underlying financial strength.

This contagion risk can also occur when a perceived lack of trust in the banking system spreads throughout the industry based upon the results of a few poorly managed larger financial institutions.

Our stock price and our required liquidity may be negatively impacted by unrelated bank failures and negative customer confidence in financial institutions.

On March 9, 2023, Silvergate Bank, La Jolla, California, announced its decision to voluntarily liquidate its assets and wind down operations; on March 10, 2023, Silicon Valley Bank, Santa Clara, California, was closed by the California Department of Financial Protection and Innovation (the “DFPI”); on March 12, 2023, Signature Bank, New York, New York was closed by the New York State Department of Financial Services; and on May 1, 2023, First Republic Bank, San Francisco, California, was closed by the DFPI. In each case the FDIC was appointed receiver for the failed institution. These banks had elevated levels of uninsured deposits, which may be less likely to remain at a bank over time and are a less stable funding source than insured deposits. These failures led to volatility and declines in the market for bank securities and less confidence in financial institutions.

These events have led to a greater focus by institutions, investors and regulators on the on-balance sheet liquidity of and funding sources for financial institutions, the composition of their deposits, including the amount of uninsured deposits, the amount of accumulated other comprehensive loss, capital levels and interest rate risk management. If we are unable to adequately manage our liquidity, we may experience an adverse effect on our financial condition and results of operations.

Additional required capital may not be available.

We are required by federal regulatory authorities to maintain adequate levels of capital to support our operations. In addition, we may elect to raise additional capital to support our business or to finance acquisitions, if any, or we may otherwise elect or be required to raise additional capital. Our ability to raise additional capital, if needed, will depend on conditions in the capital markets, economic conditions and a number of other factors, many of which are outside of our control, and on our financial performance. Accordingly, there can be no assurance that we can raise additional capital if needed or on terms acceptable to us. If we cannot raise additional capital when needed, it may have a material adverse effect on our financial condition, results of operations and prospects.

Compliance, Legislative, and Regulatory Risks

We operate in a highly regulated environment, and we may be adversely affected by changes in laws and regulations.

We are subject to extensive regulation, supervision and examination by the Federal Reserve, our primary federal regulator, the Virginia Bureau of Financial Institutions, our chartering authority and the FDIC, as insurer of our deposits. Such regulation and supervision govern the activities in which we may engage, and are intended primarily for the protection of the insurance fund and the depositors and borrowers of the Bank rather than for holders of our capital stock. Various consumers and compliance laws also affect our operations.

Regulatory authorities have extensive discretion in their supervisory and enforcement activities, including the imposition of restrictions on our operations, the classification of our assets and determination of the level of our allowance for credit losses. Any change in such regulation and oversight, whether in the form of regulatory policy, regulations, legislation or supervisory action, may have a material impact on our operations. The earnings of the Bank, and therefore the earnings of the Company, are affected by changes in federal and state legislation and actions of various regulatory authorities.

We may be affected by possible regulatory reform and legislation.

Legislative and regulatory initiatives introduced in Congress and state legislatures, as well as by regulatory agencies, may include proposals to expand or contract the powers of financial institutions, or proposals to substantially change the overall financial institution regulatory system. Such legislation could change banking statutes and the operating environment of the Company in substantial and unpredictable ways. If enacted, such legislation could increase or decrease our cost of doing business, limit or expand permissible activities, or affect the balance among competing financial institutions. The Company cannot predict the effect that any such legislation and/or implementing regulations, if adopted, may have on the Company. A change in statutes, regulations and/or regulatory policies applicable to us, if material, could have an adverse effect on our business, financial condition, results of operations and prospects.

We may be adversely affected by changes in federal and state tax laws and regulations.

We are subject to federal and applicable state tax laws and regulations. Such tax requirements are often complex and require interpretation. Material changes in these laws and regulations could negatively impact our business, financial condition, results of operations and prospects. In the normal course of business, we are routinely subject to examinations and challenges from federal and applicable state tax authorities regarding our tax obligations. Federal and state taxation authorities may challenge tax positions of financial institutions, including us. These positions may relate to tax compliance, sales and use, franchise, gross receipts, payroll, property and income taxation issues, including tax base, apportionment and available tax credits. The challenges made by tax authorities may adjust the timing or amount of taxable income or deductions or the allocation of income. Any such challenges not resolved in our favor could have a material adverse effect.

Our participation in the New Markets Tax Credit (“NMTC”) Program entails certain risks.

Our Bank is a participant as an investor and lender in the NMTC Program which provides a tax incentive for private investment into projects and businesses located in low-income communities. NMTCs are allocated by the Community Development Financial Institutions Fund to qualified community development interests. Refer to Note 3 for additional information regarding the current investments in the NMTC Program.

NMTCs are subject to recapture for seven years after an equity investment is made in a CDE if:

•

The CDE ceases to be certified; or

•

“Substantially all” of the equity investment proceeds are no longer used for qualified businesses; or

•

The CDE redeems the investment.

Risks Associated with Our Common Stock

The market price for the Company’s common stock price may be volatile.

The market price of our common stock may be highly volatile, which may make it difficult for you to resell your shares at the volume, prices and times desired. There are many factors that may impact the market price and trading volume of our common stock, including, without limitation:

•

actual or anticipated fluctuations in our operating results, financial condition or asset quality;

•

operating results that vary from the expectations of management, securities analysts and investors;

•

changes in expectations as to our future financial performance;

•

operating and stock price performance of companies that investors deem comparable to us;

•

future issuances of our common stock or other securities;

•

changes in general economic or business conditions;

•

changes in the credit, mortgage and housing markets, the markets for securities relating to mortgages or housing, and developments with respect to financial institutions generally;

•

proposed or adopted changes in laws, regulations or policies affecting us;

•

significant acquisitions or business combinations, strategic partnerships, joint ventures or capital commitments by or involving our competitors or us; and

•

other economic, competitive, governmental, regulatory and technological factors affecting our operations, pricing, products and services.

The Company depends on the Bank for dividends, distributions and other payments.

There can be no assurance of whether or when we may pay dividends in the future. Cash available to pay dividends to our shareholders is derived primarily, if not entirely, from dividends paid to us from the Bank. The ability of the Bank to pay dividends to us as well as our ability to pay dividends to our shareholders is limited by regulatory and legal restrictions and the need to maintain sufficient consolidated capital. We may also decide to limit the payment of dividends even when we have the legal ability to pay them in order to retain capital for use in our business. Further, any lenders making loans to us may impose financial covenants that may be more restrictive than regulatory requirements with respect to the payment of dividends.

We are prohibited from paying dividends on our common stock if the required payments on our subordinated debentures have not been made. Additionally, dividends on our common stock could be adversely impacted if dividend payments on our preferred stock have not been made.

Although we have paid cash dividends on shares of our common stock in the past, we may not pay cash dividends on shares of our common stock in the future.

Holders of shares of our common stock are only entitled to receive such dividends as our Board of Directors may declare out of funds legally available for such purpose. We have a history of paying dividends to our shareholders. However, future cash dividends will depend upon our results of operations, financial condition, cash requirements, the need to maintain adequate capital levels, the need to comply with safe and sound banking practices as well as meet regulatory expectations, and other factors, including the ability of the Bank to make distributions to us, which ability may be restricted by statutory, contractual or other constraints. There can be no assurance that we will continue to pay dividends even if the necessary financial and regulatory conditions are met and if sufficient cash is available for distribution.

Our common stock is subordinate to our existing and future preferred stock and to our subordinated notes.

The Company has outstanding preferred stock that is senior to the common stock and could adversely affect the ability of the Company to declare or pay dividends or distributions of common stock. In addition, the terms of the Company’s outstanding fixed-to-floating rate subordinated notes prohibit it from declaring or paying any dividends, or purchasing, acquiring, or making a liquidation payment with respect to, its capital stock, during an event of default under the subordinated note purchase agreement. Furthermore, if the Company experiences a material deterioration in its financial condition, liquidity, capital, results of operations or risk profile, the Company’s regulators may not permit it to make future payments on its preferred stock, thereby preventing the payment of dividends on the common stock.

General Risk Factors

We will depend on our management team to implement our business strategy and execute successful operations, and we could be harmed by the loss of their services.

We are dependent upon the services of the members of our senior management team who direct our strategy and operations. Members of our senior management team, as well as commercial lending specialists who possess expertise in our markets and key business relationships, could be difficult to replace. The loss of these persons, or our inability to hire additional qualified personnel, could impact our ability to implement our business strategy and could have a material adverse effect on our results of operations and our ability to compete in our markets.

We may not be able to attract and retain skilled people.

Our success depends, in large part, on our ability to attract and retain key people. Competition for the best people in most activities in which we engage can be intense, and we may not be able to retain or hire the people we want or need. In order to attract and retain qualified employees, we must compensate our employees at market levels. If we are unable to continue to attract and retain qualified employees, or do so at rates necessary to maintain our competitive position, our performance, including our competitive position, could suffer, and, in turn, adversely affect our business, financial condition and results of operations. The number of experienced banking professionals in our markets may not be the same as in certain other markets.

We may be subject to increased litigation which could result in legal liability and damage to our reputation.

We may be named from time to time as a defendant in litigation relating to our business and activities. Litigation may include claims for substantial compensatory or punitive damages or claims for indeterminate amounts of damages. We are also involved from time to time in other reviews, investigations and proceedings (both formal and informal) by governmental and self- regulatory agencies regarding our business. These matters also could result in adverse judgments, settlements, fines, penalties, injunctions or other relief.

In addition, in recent years, a number of judicial decisions have upheld the right of borrowers to sue lending institutions on the basis of various evolving legal theories, collectively termed “lender liability.” Generally, lender liability is founded on the premise that a lender has either violated a duty, whether implied or contractual, of good faith and fair dealing owed to the borrower or has assumed a degree of control over the borrower resulting in the creation of a fiduciary duty owed to the borrower or its other creditors or shareholders.

Substantial legal liability or significant regulatory action against the Company could materially adversely affect its business, financial condition or results of operations, or cause significant harm to our reputation.

Our reported financial results depend on management’s selection of accounting methods and certain assumptions and estimates.

Our accounting policies and assumptions are fundamental to the Company’s reported financial condition and results of operations. Management must exercise judgment in selecting and applying many of these accounting policies and methods so that they comply with generally accepted accounting principles and reflect management’s judgment of the most appropriate manner to report our financial condition and results. In some cases, management must select the accounting policy or method to apply from two or more alternatives, any of which may be reasonable under the circumstances, yet may result in the Company’s reporting materially different results than would have been reported under an alternative method.

The obligations associated with being a public company require significant resources and management attention.

As a public company, we face increased legal, accounting, administrative and other costs and expenses that we have not previously incurred, particularly after we are no longer an emerging growth company. We are subject to the reporting requirements of the Exchange Act, which requires that we file annual, quarterly and current reports with respect to our business and financial condition and proxy and other information statements, and the applicable rules and regulations implemented by the SEC, the Sarbanes-Oxley Act, the Dodd-Frank Act, the PCAOB and the Nasdaq Stock Market, each of which imposes additional reporting and other obligations on public companies.

As a public company, we are required to:

•

prepare and distribute periodic reports, proxy statements and other shareholder communications in compliance with the federal securities laws and rules;

•

expand the roles and duties of our board of directors and committees thereof;

•

institute more comprehensive financial reporting and disclosure compliance procedures;

•

involve and retain to a greater degree outside counsel and accountants in the activities listed above;

•

enhance our investor relations function;

•

establish new internal policies, including those relating to trading in our securities and disclosure controls and procedures;

•

retain additional personnel;

•

comply with Nasdaq Stock Market listing standards; and

•

comply with applicable requirements of the Sarbanes-Oxley Act.

We expect these rules and regulations and changes in laws, regulations and standards relating to corporate governance and public disclosure, which have created uncertainty for public companies, to increase legal and financial compliance costs and make some activities more time consuming and costly. These laws, regulations and standards are subject to varying interpretations, in many cases due to their lack of specificity, and, as a result, their application in practice may evolve over time as new guidance is provided by regulatory and governing bodies. This could result in continuing uncertainty regarding compliance matters and higher costs necessitated by ongoing revisions to disclosure and governance practices. Our investment in compliance with existing and evolving regulatory requirements will result in increased administrative expenses and a diversion of management’s time and attention from revenue-generating activities to compliance activities, which could have an adverse effect on our business, financial condition and results of operations. These increased costs could require us to divert a significant amount of money that we could otherwise use to expand our business and achieve our strategic objectives.

Item 1B. Unresolved Staff Comments

None.

Item 1C. Cybersecurity

The Company recognizes the critical importance of identifying, assessing and managing material risks from cybersecurity threats and is committed to implementing and maintaining a comprehensive information security program to manage such risks and safeguard its systems and data.

The Company’s Board of Directors has ultimate oversight of cybersecurity-related risks and it is assisted in this role by the Technology Committee and the Audit & Risk Committee. Processes for identifying, assessing, and managing cybersecurity-related risks are integrated into the Company’s overall enterprise risk management process, which is overseen by the Audit & Risk Committee. The Audit & Risk Committee is responsible for monitoring risks that are being taken by the Company, understanding the enterprise-wide effect of those risks and reporting such risks to the Board. In fulfilling this role, the Technology Committee has primary oversight responsibility over management’s efforts to manage and mitigate cybersecurity-related risk and reviews and approves the Company’s cybersecurity strategy for protecting the Company’s information assets and technology platforms. The Audit & Risk Committee oversees the Company’s outsourced Internal Audit Department, which conducts reviews and assessments related to information security. Management provides periodic reports to the Technology Committee and the Audit & Risk Committee, both of which provide reports of their meetings to the full Board. These reports to the Board and its Committees address the threat environment, vulnerability assessments, specific cyber incidents and management’s efforts to monitor, detect and prevent cyber threats.

The Company’s information security program is primarily administered at the management level by the Information Security Department, which is led by the Company’s Chief Information Officer (CIO), and is supported by Chief Information Security Officer (CISO), and the Information Technology Department, which is led by the Company’s Chief Technology Officer (CTO). The Company’s Information Security Department is responsible for day-to-day management of the Company’s information security program, including data loss prevention, access control, threat monitoring, incident response and employee education and training. The Information Security Department also maintains policies related to cybersecurity and data security that provide the required governance for the information security program. Additionally, the Company’s Information Technology Department maintains policies that govern technical aspects of the Company’s information security program. Each policy is reviewed and approved by the Board at least annually. The Information Security team maintains and runs the Company’s security operations center and is responsible for cybersecurity event management and maintaining security tooling. The Company also maintains an Information Technology Management Committee, which is comprised of representatives from the Information Security, Information Technology, Enterprise Risk, Operations, and members of executive management. This committee meets at least quarterly to discuss and review the Company’s information security program and receives qualitative and quantitative update reports from the Information Security Department, Internal Audit Department, and Information Technology Department.

The Company engages third party assessors, consultants and auditors in connection with its information security program, including to conduct external penetration testing, independent audits and risk assessments. The Company also utilizes third party service providers in the ordinary course of business. The Information Security Department performs information security assessments for third party service providers that store or process Company confidential data. These information security assessments include a review of any systems and organization control reports, proof of the vendor’s independent testing of their data protection controls, as well as a review of any exceptions noted and assessment of management responses, results of vulnerability and penetration testing, incident response processes and third party data protection controls (which can include, but is not limited to: access reviews and controls, backups, monitoring, encryption standards and disaster recovery). The review of these areas is taken into account in order to provide an overall information security conclusion and risk rating for the vendor.

As a regulated financial institution, the Company is also subject to financial privacy laws and its cybersecurity practices are subject to oversight by the federal banking agencies. For additional information, see Item 1A – Risk Factors.

Although the Company has not, as of the date of this Annual Report on Form 10-K, experienced a cybersecurity threat or incident that materially affected its business strategy, results of operations or financial condition, there can be no guarantee that the Company will not experience such an incident in the future.