Quiver Quantitative

Risk Factors Dashboard

Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.

View risk factors by ticker

Search filings by term

Risk Factors - WAFD

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Item 1A. “Risk Factors,” and in any of the Company's other subsequent Securities and Exchange Commission filings, which could cause the Company's future results to differ materially from the plans, objectives, goals, estimates, intentions and expectations expressed in forward-looking statements:

Operational Risks:

•fluctuating interest rates and the impact of inflation on the Company's business and financial results;

•risks associated with cybersecurity incidents and threat actors;

•risk related to the integration of Luther Burbank Corporation;

•economic uncertainty or a deterioration in economic conditions or slowdowns in economic growth, including financial stress on borrowers (consumers and businesses) as a result of higher interest rates or an uncertain economic environment;

•the effects of and changes in monetary and fiscal policies of the Board of Governors of the Federal Reserve System and the U.S. Government;

•global economic trends, including developments related to Ukraine and Russia, the Middle East, and related negative financial impacts on our borrowers, the financial markets and the global economy;

•our ability to make accurate assumptions and judgments about the collectability of our loan portfolio, including the creditworthiness of our borrowers and the value of the assets securing these loans;

•risks related to operational, technological, and third-party provided technology infrastructure;

•risks associated with data privacy laws and regulations;

•risk associated with the development and use of artificial intelligence;

•risks associated with our failure to retain or attract key employees;

•risks associated with failures of our risk management framework;

•risks related to the impacts of climate change on our business or reputation;

•the effects of natural or man-made disasters, calamities, or conflicts, including terrorist events and pandemics (such as the COVID-19 pandemic), and the resulting governmental and societal responses, including on our asset credit quality and business operations, as well as its impact on general economic and financial market conditions;

Regulatory and Litigation Risk:

•non-compliance with the USA PATRIOT Act, Bank Secrecy Act, Community Reinvestment Act, Fair Lending Laws, Real Estate Settlement Procedures Act, Truth-in-Lending Act, Flood Insurance Reform Act or other laws and regulations;

•the Company’s ability to manage the risks and costs involved in the remediation efforts to the Bank's Home Mortgage Disclosure Act (“HMDA”) compliance and reporting, and the impact of enforcement actions or legal proceedings with respect to the Bank’s HMDA program;

•legislative and regulatory limitations, including those arising under the Dodd-Frank Act, the Washington Commercial Bank Act and potential limitations in the manner in which the Company conducts its business and undertakes new investments and activities;

•risks associated with increases to deposit insurance premiums or special assessments;

•litigation risks resulting in significant expenses, losses and reputational damage;

•environmental risks resulting from our real estate lending business;

Market and Industry Risk:

•eroding confidence in the banking system and regional banks in particular;

•downturns in the real estate market;

•changes in banking operations, including a shift from retail to online activities;

•changes in other economic, competitive, governmental, regulatory and technological factors affecting the Company's markets, operations, pricing, products, services and fees;

•risks associated with inadequate or faulty underwriting and loan collection practices;

•risks associated with our geographic concentration, including the effects of a severe economic downturn, including high unemployment rates and declines in housing prices and property values, in our primary market areas;

•industry deficiencies in foreclosure practices, including delays and challenges in the foreclosure process;

•impairment of goodwill;

Competitive Risks:

•competition from other financial institutions and new market participants, offering services similar to those offered by the Bank;

•our ability to grow organically or through acquisitions;

•risks associated with our entry into the California market;

Security Ownership Risks:

•our ability to continue to pay dividends, including on our outstanding Series A Preferred Stock;

•risks related to the volatility of our Common Stock, and future dilution;

•the ability of the Company to obtain external financing to fund its operations or obtain financing on favorable terms;

•risks related to Washington's anti-takeover statute;

•effects of activist shareholders;

General Risks:

•the success of the Company at managing the risks involved in the foregoing and managing its business; and

•the timing and occurrence or non-occurrence of events that may be subject to circumstances beyond the Company's control.

For the reasons described above, we caution you against relying on any forward-looking statements. Further, all forward-looking statements speak only as of the date on which such statements are made, and the Company undertakes no obligation to update or revise any forward-looking statements to reflect changed assumptions, the occurrence of unanticipated events, changes to future operating results over time, or the impact of circumstances arising after the date the forward-looking statement was made.

Item 1. Business

General

Washington Federal Bank, a federally-insured Washington state chartered commercial bank dba WaFd Bank (the "Bank" or "WaFd Bank"), was founded on April 24, 1917 in Ballard, Washington and is engaged primarily in providing lending, depository, insurance and other banking services to consumers, mid-sized to large businesses, and owners and developers of commercial real estate. WaFd, Inc., a Washington corporation, was formed as the Bank’s holding company in November, 1994. On September 27, 2023, the Company filed Articles of Amendment to its Restated Articles of Incorporation, as amended, with the Washington Secretary of State, to change its name from Washington Federal, Inc. to WaFd, Inc. This change was effective on September 29, 2023. As used throughout this document, the terms "WaFd," the "Company" or "we" or "us" and "our" refer to WaFd, Inc. and its consolidated subsidiaries, and the term "Bank" or "WaFd Bank" refers to its bank operating subsidiary. The Company is headquartered in Seattle, Washington.

On November 9, 1982 the Company listed and began trading on the NASDAQ. Profitable operations have been recorded every year since going public.

On February 29, 2024, WaFd, Inc. closed its merger with Luther Burbank Corporation ("Luther Burbank" or "LBC"), a California corporation, effective as of 12:00am on March 1, 2024. Pursuant to the Merger Agreement, at the Effective Time Luther Burbank merged with and into the Company (the “Corporate Merger”), with the Company surviving the Corporate Merger. Promptly following the Corporate Merger, Luther Burbank’s wholly-owned bank subsidiary, Luther Burbank Savings, merged with and into WaFd Bank with WaFd Bank as the surviving institution (the “Bank Merger”). The Corporate Merger and the Bank Merger are collectively referred to in this Annual Report on Form 10-K as the “Merger.” The Merger added approximately $7.7 billion of LBC assets at fair value to the Company's balance sheet, and the Company assumed $50,175,000 in floating rate junior subordinated debentures, due June 2036 and June 2037, and $93,514,000 in 6.5% senior unsecured term notes which matured and were paid off on September 30, 2024. The Merger expanded WaFd Bank's footprint to nine western states with the addition of ten California branches of Luther Burbank.

The Company's fiscal year end is September 30th. All references herein to 2024, 2023 and 2022 represent balances as of September 30, 2024, September 30, 2023 and September 30, 2022, respectively, or activity for the fiscal years then ended.

The business of the Bank consists primarily of accepting deposits from the general public and investing these funds in loans of various types, including first lien mortgages on single-family dwellings, construction loans, land acquisition and development loans, loans on multi-family, commercial real estate and other income producing properties, home equity loans and business loans. The Bank also invests in certain United States government and agency obligations and other investments permitted by applicable laws and regulations. As of September 30, 2024, Washington Federal Bank has 210 branches located in Washington, Oregon, Idaho, Arizona, Utah, Nevada, New Mexico, California and Texas. Through the Bank's subsidiaries, the Company is also engaged in insurance brokerage activities.

The principal sources of funds for the Company's activities are retained earnings, loan repayments, net deposit inflows, borrowings and repayments and sales of investments. WaFd's principal sources of revenue are interest on loans and interest and dividends on investments. Its principal expenses are interest paid on deposits, credit costs, general and administrative expenses, interest on borrowings and income taxes.

The Bank is subject to extensive regulation, supervision and examination by its primary state regulator, the Washington State Department of Financial Institutions (the "WDFI"), the Federal Deposit Insurance Corporation ("FDIC"), its primary federal regulator, which insures its deposits up to applicable limits, and the Consumer Financial Protection Bureau (the "CFPB"). The Company, as a bank holding company, is subject to extensive regulation, supervision and examination by the Board of Governors of the Federal Reserve System ("Federal Reserve").

The regulatory structure gives the regulatory authorities extensive discretion in connection with their supervisory and enforcement activities. Any change in such regulation, whether by the WDFI, the FDIC, the Federal Reserve, the CFPB or the U.S. Congress, could have a significant impact on the Company and its operations. See “Regulation” section below.

Lending Activities

General. The Company's net loan portfolio totaled $20,916,354,000 at September 30, 2024 and represents 74.5% of total assets. Lending activities include the origination of loans secured by real estate, including long-term fixed-rate and adjustable-rate mortgage loans, adjustable-rate construction loans, adjustable-rate land development loans, fixed-rate and adjustable-rate multi-family loans, fixed-rate and adjustable-rate commercial real estate loans and fixed-rate and adjustable-rate business loans.

The following table is a summary of loans receivable by loan portfolio segment and class.

__________________

(1) The ACL within the table does not include the reserve for unfunded commitments which was $21,500,000, $24,500,000 and $32,500,000 as of September 30, 2024, 2023 and 2022, respectively.

Lending Programs and Policies. The Bank's lending activities include commercial and consumer loans, including the following loan categories.

Commercial real estate loans. The Bank makes loans on a variety of commercial real estate (“CRE”) types which are generally secured by the subject property. Management differentiates multi-family properties from the rest of our CRE portfolio as these loans have key differences in the way they are handled from underwriting through monitoring.

The following table provides detail of the amortized cost of non-multi family CRE loans by property type:

Within the types listed above, a CRE subject property could be either owner or non-owner occupied. The following table provides the amortized cost of CRE loans by occupation status:

In underwriting, the Bank considers a number of factors, which include the projected net cash flow to the loan's debt service requirement, the age and condition of the collateral, the financial resources and income level of the borrower and the borrower's experience in owning or managing similar properties. CRE loans are originated in amounts up to 75% of the appraised value of the property securing the loan.

With CRE loans, credit risk is a result of several factors, including the concentration of principal in a limited number of loans and borrowers, the effects of general economic and societal conditions on income-producing properties and the primary source of cash flow for repayment being spread across multiple tenants (non-owner). Repayment of CRE loans depends upon the successful operation of the related real estate property. The Bank seeks to minimize these risks through its underwriting policies, which require such loans to be qualified at origination on the basis of the property's income and debt service ratio.

Multi-family residential loans. Multi-family residential (five or more dwelling units) loans generally are secured by multi-family rental properties, such as apartment buildings. In underwriting multi-family residential loans, the Bank considers the same factors considered for CRE loans.

Loans secured by multi-family residential real estate generally involve different credit risk than single-family residential loans and carry larger loan balances. This different credit risk is a result of several factors, including the concentration of principal in a limited number of loans and borrowers, the effects of general economic and societal conditions on income-

producing properties, the primary source of cash flow for repayment being spread across multiple tenants, the effects of government orders such as eviction forbearance and the increased difficulty of evaluating and monitoring these types of loans.

It is the Bank's policy to obtain title insurance ensuring that it has a valid first lien on the mortgaged real estate serving as collateral for the loan. Borrowers must also obtain hazard insurance prior to closing and, when required by regulation, flood insurance. Borrowers may be required to advance funds on a monthly basis, together with each payment of principal and interest, to a mortgage escrow account from which the Bank makes disbursements for items such as real estate taxes, hazard insurance premiums and private mortgage insurance premiums when due.

Commercial and industrial loans. The Bank makes various types of business loans to customers in its market area for working capital, acquiring real estate, equipment or other business purposes, such as acquisitions. The terms of these loans generally range from less than one year to a maximum of ten years. The loans are either negotiated on a fixed-rate basis or carry adjustable interest rates indexed to the Secured Overnight Funding Rate ("SOFR"), Prime Rate or another market rate.

Commercial loans are made based upon assessment of the borrower's ability and willingness to repay along with an evaluation of secondary repayment sources such as the value and marketability of collateral. Most such loans are extended to closely held businesses and the personal guaranty of the principal is usually obtained. Commercial loans have a relatively high risk of default compared to residential real estate loans. Pricing of commercial loans is based on the credit risk of the borrower with consideration given to the overall relationship of the borrower, including deposits and contributed equity/loan-to-value ratio. The acquisition of business deposits is an important focus of this business line. The Bank provides a full line of treasury management products to support the depository needs of its clients.

Construction loans. The Bank originates construction loans to finance construction of single-family and multi-family residences as well as commercial properties. Loans made to builders are generally tied to an interest rate index and normally have maturities of two years or less or are structured such that they convert to a permanent loan after the completion of construction or stabilization of the property. Loans made to individuals for construction of their home generally are 30-year fixed rate loans. The Bank's policies provide that for residential construction loans, loans may be made for 85% or less of the construction cost or 80% of the appraised value of the property upon completion, whichever is less. As a result of activity over the past four decades, the Bank believes that builders of single-family residences in its primary market areas consider the Bank to be a construction lender of choice. Because of this history, the Bank has developed a staff with in-depth land development and construction experience and working relationships with selected builders based on their operating histories and financial stability.

Construction lending involves a higher level of risk than single-family residential lending due to the concentration of principal in a limited number of loans and borrowers and the effects of general economic conditions in the home building industry.

Land development loans. The Bank's land development loans are of a short-term nature and are generally made for 75% or less of the appraised value of the unimproved property. Funds are disbursed periodically at various stages of completion as authorized by the Bank's personnel. The interest rate on these loans typically adjust daily or monthly in accordance with a designated index.

Land development loans involve a higher degree of credit risk than long-term financing on owner-occupied real estate. Mitigation of risk of loss on a land development loan is dependent largely upon the accuracy of the initial estimate of the property's value at completion of development compared to the estimated cost (including interest) of development and the financial strength of the borrower.

Permanent land loans. The Bank's permanent land loans (also called consumer lot loans) are generally made on improved land, with the intent of building a primary or secondary residence. These loans are limited to 70% or less of the appraised value of the property, up to a maximum loan amount of $1,500,000. The interest rate on permanent land loans is generally fixed for 20 years.

Single-family residential loans. The Bank originates 30-year fixed-rate mortgage loans secured by single-family residences. Moreover, it is the Bank's general policy to include in the documentation evidencing its conventional mortgage loans a due-on-sale clause, which facilitates adjustment of interest rates on such loans when the property securing the loan is sold or transferred.

All of the Bank's mortgage lending is subject to written, nondiscriminatory underwriting standards, loan origination procedures and lending policies approved by the Company's Board of Directors (the "Board"). Property valuations are required

on all real estate loans. Appraisals are prepared by independent appraisers, reviewed by staff of the Bank, and approved by the Bank's management. Property evaluations are sometimes utilized in lieu of appraisals on single-family real estate loans of $250,000 or less and are reviewed by the Bank's staff. Detailed loan applications are obtained to determine the borrower's ability to repay and the more significant items on these applications are verified through the use of credit reports, financial statements or written confirmations.

Depending on the size of the loan involved, a varying number of officers of the Bank must approve the loan application before the loan can be granted. Federal guidelines limit the amount of a real estate loan made to a specified percentage of the value of the property securing the loan, as determined by an evaluation at the time the loan is originated. This is referred to as the loan-to-value ratio. The Board sets the maximum loan-to-value ratios for each type of real estate loan offered by the Bank.

When establishing general reserves for loans with loan-to-value ratios exceeding 80% that are not insured by private mortgage insurance, the Bank considers the additional risk inherent in these products, as well as their relative loan loss experience, and provides reserves when deemed appropriate. The total balance for loans with loan-to-value ratios exceeding 80% at origination as of September 30, 2024, was $315,704,000, with allocated reserves of $2,939,000.

Consumer loans. The Bank's non-mortgage consumer loan portfolio consists of prime quality student loans acquired from an independent financial investment firm that retains 1% of each loan, plus various other non-mortgage consumer loans including personal lines of credit and credit cards.

Home equity loans. The Bank extends revolving lines of credit to consumers that are secured by a first or second mortgage on a single-family residence. The interest rate on these loans adjusts monthly indexed to prime. Total loan-to-value ratios when combined with any underlying first liens held by the Bank are limited to 85% or less. Total loan-to-value ratios are limited to 80% or less when underlying first liens are held by any other investor. Loan terms are a ten-year draw period followed by a fifteen-year amortization period.

Origination and Purchase of Loans. The Bank has general authority to lend anywhere in the United States; however, its primary lending areas are within the states of Washington, Oregon, Idaho, Arizona, Utah, Nevada, New Mexico, California and Texas. Loan originations come from a variety of sources. Residential loan originations result from referrals from real estate brokers, walk-in customers, purchasers of property in connection with builder projects that are financed by the Bank, mortgage brokers and refinance activity for existing customers. Business purpose loans are obtained primarily by direct solicitation of borrowers and ongoing relationships.

The Bank also purchases loans and mortgage-backed securities when lending rates and mortgage volume for new loan originations in its market area do not fulfill its needs.

The table below shows the Bank's total loan origination, purchase and repayment activities.

___________________

(1)Includes undisbursed loan in process.

(2)Includes non-cash transactions.

(3)Loans purchased in fiscal 2024 refer to those obtained in the Merger

(4)Loans sold in fiscal 2024 refer to multi-family and single-family residential loans obtained in the Merger and were classified as held for sale.

Interest Rates, Loan Fees and Service Charges. Interest rates charged by the Bank on mortgage loans are primarily determined by the competitive loan rates offered in its lending areas and in the secondary market. Mortgage loan rates reflect factors such as general interest rates, the supply of money available to the industry and the demand for such loans. General economic conditions, the regulatory programs and policies of federal and state agencies, including the Federal Reserve Bank’s monetary policies, changes in tax laws and governmental budgetary programs influence these factors.

The Bank receives fees for originating loans in addition to various fees and charges related to existing loans, including prepayment charges, late charges and assumption fees. In making one-to-four- family home mortgage loans, the Bank normally charges an origination fee and as part of the loan application, the borrower pays the Bank for out-of-pocket costs, such as the appraisal fee, whether or not the borrower closes the loan. The interest rate charged is normally the prevailing rate at the time the loan application is approved and accepted. In the case of construction loans, the Bank normally charges an origination fee. Loan origination fees and other terms of multi-family residential loans are individually negotiated.

Investment Activities

The Bank is obligated by its regulators to maintain adequate liquidity and does so by holding cash and cash equivalents and by investing in securities. These investments may include, among other things, certain certificates of deposit, repurchase

agreements, bankers’ acceptances, loans to financial institutions whose deposits are federally-insured, federal funds, United States government and agency obligations and mortgage-backed securities.

Sources of Funds

General. Deposits are the primary source of the Bank’s funds for use in lending and other general business purposes. Loan repayments are a relatively stable source of funds, while deposit inflows and outflows are influenced by general interest rates, money market conditions, the availability of FDIC insurance and the market perception of the Company’s financial stability. Borrowings may be used on a short-term basis to compensate for reductions in normal sources of funds, such as deposit inflows at lower than projected levels. Borrowings may also be used on a longer-term basis to support expanded activities and to manage interest rate risk. Borrowing capacity and availability is influenced by interest rates, market conditions, availability of collateral and the market's perception of the Bank's financial stability.

Deposits. The Bank relies on a mix of deposit types, including business and personal checking accounts, term certificates of deposit, and other savings deposit alternatives that have no fixed term, such as money market accounts and passbook savings accounts. The Bank offers several consumer checking account products, both interest bearing and non-interest bearing and three business checking accounts, two of which target small businesses with relatively simple and straightforward banking needs and one for larger, more complex business depositors with an account that prices monthly based on the volume and type of activity. Savings and money market accounts are offered to both businesses and consumers, with interest paid after certain threshold amounts are exceeded.

The Bank’s deposits are obtained primarily from residents of Washington, Oregon, Idaho, Arizona, Utah, Nevada, New Mexico, California and Texas.

Borrowings. Such advances are made pursuant to several different credit programs. Depending on the program, such limitations are based either on a fixed percentage of assets or the Company's credit worthiness. FHLB advances are used to meet seasonal and other withdrawals of deposit accounts and to fund expansion of the Bank's lending.

The Bank may need to borrow funds for short periods of time to meet day-to-day financing needs. In these instances, funds are borrowed from other financial institutions or the Federal Reserve Bank, for periods generally ranging from one to seven days at the then current borrowing rate. These borrowings are repayable at any time without penalty and were the lowest cost funding source available. The Federal Reserve ceased making new BTFP loans on March 11, 2024.

The Bank also participates in the FRB of San Francisco Borrower-in-Custody program which collateralizes primary credit borrowings and serves as a backstop for the FHLB - DM credit line. Due to differing program requirements between the FHLB - DM and FRB of San Francisco, participating in both increases the amount of eligible collateral that may be pledged in support of contingent liquidity needs.

The Bank Merger provided a credit line with the Federal Home Loan Bank of San Francisco (FHLB - SF) in support of LBC borrowings from the FHLB - SF, but the Bank is unable to take down new advances against this line as a bank is not allowed to belong to more than one FHLB. The FHLB - SF credit line is secured by a line-item pledge of single-family residential mortgages that are specifically identified.

For further information on these activities, see Note L to the Consolidated Financial Statements in “Item 8. Financial Statements and Supplementary Data” of this report.

Subsidiaries

The Company is a bank holding company that conducts its primary business through its wholly-owned subsidiary, WaFd Bank. The Bank has three active wholly-owned subsidiaries, discussed further below.

WAFD Insurance Group, Inc. is incorporated under the laws of the state of Washington and is an insurance agency that offers a full line of individual and business insurance policies to customers of the Bank, as well as to the general public. As of September 30, 2024 and September 30, 2023, WAFD Insurance Group, Inc. had total assets of $23,174,000 and $20,229,000, respectively.

Statewide Mortgage Services Company is incorporated under the laws of the state of Washington and it holds and markets real estate owned.

Washington Services, Inc. is incorporated under the laws of the state of Washington. It acts as a trustee under deeds of trust as to which the Bank is beneficiary. had total assets of $13,000.

Human Capital

At WaFd Bank, our culture is defined by our corporate values of integrity, teamwork, ownership, simplicity, service and discipline. We value our employees by investing in a healthy work-life balance, competitive compensation and benefit packages and a vibrant, team-oriented environment centered on professional service and open communication amongst employees. We strive to build and maintain a high-performing culture and be an “employer of choice” by creating a work environment that attracts and retains outstanding, engaged employees who embody our company mantra of “Love what you do. Make a difference.”

Demographics. As of September 30, 2024, we employed 2,208 full and part time employees. None of these employees are represented by a collective bargaining agreement. Our voluntary turnover rate was 15.80% in fiscal year 2024, a slight increase from 15.54% in 2023.

Diversity, Equity and Inclusion. We strive toward having a powerful and diverse team of employees, knowing we are better together with our combined wisdom and intellect. With a commitment to equity, inclusion and workplace diversity, we focus on understanding, accepting, and valuing the differences between people. To accomplish this, we have established Diversity & Inclusion Advisory Councils in each of our regions made up of a diverse group of employee representatives throughout our footprint. We show our commitment to equal employment opportunity through, among other things, our process of performing annual compensation analyses and ongoing reviews of our selection and hiring practices alongside a continued focus on building and maintaining a diverse workforce.

As of September 30, 2024, the population of our workforce was as follows:

Headcount by Gender-Ethnicity 2024 NEW.jpg

Learning and Development. We invest in the growth and development of our employees by providing a multi-dimensional approach to learning that empowers, intellectually grows, and professionally develops our colleagues. Our employees, including leadership, receive continuing education courses that are relevant to the banking industry and their job function within the Company. All new employees attend our two-day new hire orientation, Welcome to WaFd. We also offer the Retail Bank Peer Mentor Program and retail banking certifications for our retail employees. These resources provide employees with the skills they need to achieve their career goals, build management skills and become leaders within our Company.

Compensation and Benefits. We provide a competitive compensation and benefits program to help meet the needs of our employees. In addition to salaries, these programs include annual bonuses, stock awards, a 401(k) Plan with an employer matching contribution in addition to an employer annual contribution, healthcare and insurance benefits, health savings, flexible spending accounts, paid time off, family leave and an employee assistance program.

Workplace Safety & Wellness. We prioritize the importance of our employees’ health and the health of their families. We offer healthcare plans where the Company pays a significant portion of the monthly premiums for employees and their children. Our benefits program also includes a Health Savings Account ("HSA") option in addition to Flexible Spending Accounts ("FSA"). We believe maintaining a competitive benefits program is a sound investment in attracting newcomers and retaining loyal, dedicated and enthusiastic colleagues. Benefits we offer to employees include:

•Health insurance including dental & vision.

•Flexible spending plans for healthcare and childcare expenses.

•Employer-paid life insurance & accidental death and dismemberment coverage.

•Long-term disability insurance.

•Employee assistance program to provide access to counseling and support well-being.

Corporate Social and Environmental Responsibility

We recognize the social and environmental responsibility that arises from the impact of our activities on peoples’ lives and our community. The Company's Corporate and Social Environmental Policy integrates social, environmental and ethical concerns into our daily business activities and our approach to stakeholder relationships. Through this policy, we strive to carry out our banking activities in a responsible manner, placing the financial needs of our clients and economic health of our communities at the core of our focus. Below is a summary of our community activities and financial contributions in 2024.

CSR Graphic for Annual Report ESG 2024.jpg

Additional information will be provided in the Company’s forthcoming 2024 Community and Social Responsibility Report which will be made available on the Company’s website. Nothing on our website, including the aforementioned report, shall be deemed incorporated by reference into this Annual Report.

The Company

General. The Company is registered as a bank holding company and is subject to regulation, examination, supervision and reporting requirements of the Federal Reserve Bank.

Regulation. The Company operates in a highly regulated industry. The regulatory structure governing the Company’s operations is designed primarily for the protection of the deposit insurance funds and consumers, and not to benefit our shareholders. As part of this regulatory structure, the Company is subject to policies and other guidance developed by the regulatory agencies with respect to capital levels, the timing and amount of dividend payments, the classification of assets and the establishment of adequate loan loss reserves for regulatory purposes. Under this structure, regulators have broad discretion to impose restrictions and limitations on the Company’s operations if they determine, among other things, that such operations are unsafe or unsound, fail to comply with applicable law or are otherwise inconsistent with laws and regulations or with the supervisory policies of these agencies.

Failure to comply with applicable laws and regulations can result in a range of sanctions and enforcement actions, including the imposition of civil money penalties, formal agreements and cease and desist orders.

For further information on regulatory matters, see Note A to the Consolidated Financial Statements in “Item 8. Financial Statements and Supplementary Data” as well as the "Risk Factors" section of this report and the "USA Patriot Act of 2001" discussion below.

Sections below include a description of certain laws and regulations that relate to the regulation of the Company and the Bank. The description of these laws and regulations, and descriptions of laws and regulations contained elsewhere herein, do not purport to be complete and are qualified in their entirety by reference to applicable laws and regulations.

Restrictions on Activities and Acquisitions. Bank holding companies are subject to a variety of restrictions on their activities and the acquisitions they can make. Generally, the activities or acquisition of a bank holding company that is not a financial holding company are limited to those that constitute banking or managing or controlling banks or which are closely related to banking. In addition, without the prior approval of the FRB, bank holding companies are generally prohibited from acquiring more than 5% of the outstanding shares of any class of voting securities of a bank or bank holding company, taking any action that causes a bank to become a subsidiary of the bank holding company, acquiring all or substantially all of the assets of a bank, or merging with another bank holding company.

Control of Company or Bank. Pursuant to the Change in Bank Control Act, (the “CIBC Act”) individuals, corporations or other entities acquiring Company equity interests may, alone or together with other investors, be deemed to control a holding company or a bank. If an acquisition is deemed to constitute control of the holding company or bank and is not subject to approval under the Bank Holding Company Act or certain other statutes, such person or group will be required to file a notice under the CIBC Act. Generally, ownership of, or power to vote, more than 25% of any class of voting securities constitutes control. In the case of a bank or bank holding company the securities of which are registered with the Securities and Exchange Commission ("SEC"), ownership of or power to vote more than 10% of any class of voting securities creates a presumption of control.

Source of Strength. Under long-standing FRB policy, a bank holding company is expected to serve as a source of financial and management strength to its subsidiary bank. Under this policy, a bank holding company is expected to stand ready to provide adequate capital funds to its subsidiary bank during periods of financial adversity and to maintain financial flexibility and capital raising capacity to assist its subsidiary bank. The Dodd-Frank Act codified the source of strength doctrine by adopting a statutory provision requiring, among other things, that bank holding companies serve as a source of financial strength to their subsidiary banks.

Restrictions on Company Dividends. The Company’s ability to pay dividends to its shareholders is affected by several factors. Since the Company is a separate legal entity from the Bank and its subsidiaries and does not have significant operations of its own, the Company may not be able to pay dividends to its shareholders if the Bank is unable to pay dividends to the Company. The Bank’s ability to pay dividends is subject to various regulatory restrictions.

In addition, the Company’s ability to pay dividends is subject to rules and policies of the FRB. It is the policy of the Federal Reserve that bank holding companies should pay cash dividends only out of income available over the past year and only if prospective earnings retention is consistent with the company’s expected future needs and financial condition. Capital rules adopted by the Federal Reserve, effective January 2015, may limit the Company’s ability to pay dividends if the Company fails to meet certain requirements under the rules. In addition, if we do not or are unable to pay quarterly dividends on our Series A Preferred Stock, we may not pay a dividend to the holders of our Common Stock. See “Washington Federal Bank, wholly-owned operating subsidiary - Restrictions on Dividends” below.

Since the Company is a Washington state corporation, it is also subject to restrictions under Washington corporate law relating to dividends. Generally, under Washington law, a corporation may not pay a dividend if, after giving effect to the dividend, the corporation would be unable to pay its liabilities as they become due in the ordinary course of business or the corporation’s total assets would be less than the sum of its total liabilities plus (with some exceptions) the amount that would be needed, if the corporation were to be dissolved at the time of the dividend payment, to satisfy the dissolution preferences of senior equity securities.

Enterprise Risk Management. The Company faces a number of risks, including credit risk, interest rate risk, liquidity risk, operations risk, cybersecurity risk, regulatory risk, compliance and legal risk, strategic risk, and reputational risk. The Risk Management Committee of the Board (“RMC”) establishes the Company's risk appetite and sets appropriate risk limits and policies. The RMC is responsible for providing ongoing review, guidance and oversight of the Company's enterprise risk management function. Management is responsible for managing the Company's risks on a day-to-day basis in accordance with the policies established by the Board.

The Company's Chief Risk Officer (“CRO”) chairs the Enterprise Risk Management Committee (“ERMC”), a management-level committee that is responsible for executing the risk management framework adopted by the Board. The ERMC maintains enterprise-wide oversight of risk assessment, monitoring and reporting. The ERMC meets at least quarterly to identify, evaluate, monitor, and account for new, existing and emerging risks to the Company. Identified risks are evaluated, analyzed, prioritized and tracked by the ERMC in a manner to be compatible with effective internal controls, risk management practices and the policies adopted by the Board. The ERMC develops risk management programs and processes to incorporate risk considerations into day-to-day business activities across the Company’s risk categories, business lines and functions. To support the ERMC’s risk management function, certain types of risks are overseen by other management level committees. For

example, the Company’s Asset Liability Committee is responsible for managing interest rate and liquidity risks and the credit administration department tracks credit risks.

On at least a quarterly basis, the Company’s CRO, Chief Financial Officer, Chief Information Officer, Chief Information Security Officer, Chief Credit Officer, and other members of management report directly to the RMC to provide reporting on risk levels, key risks, emerging risks and the Company’s compliance with the risk management framework, risk limits and risk appetites adopted by the RMC.

The Company carries out its risk management practices through its “three lines of defense” model, which is designed to establish effective checks and balances within its risk management framework. The first line of defense is business units and process owners within the Company which are responsible for maintaining effective internal controls and executing risk and control procedures on a day to day basis. The second line of defense is the Company’s risk management, compliance and other control functions which are responsible for ensuring that the first line of defense is properly designed, in place, and operating effectively. The third line of defense is the Company’s internal audit function, which provides independent assessment and assurance regarding the effectiveness of governance, risk management and internal controls.

Washington Federal Bank, wholly-owned operating subsidiary

General. The Bank is a federally-insured Washington state chartered commercial bank dba WaFd Bank. The WDFI is the Bank's primary state regulator and the FDIC is its primary federal regulatory. The Bank is a member of the FDIC and its deposits are insured up to applicable limits of the Depository Insurance Fund (“DIF”), which is administered by the FDIC.

Regulation. The WDFI and FDIC have extensive authority over the operations of the Bank. As part of this authority, the Bank is required to file periodic reports with the WDFI and FDIC and is subject to periodic examinations by the WDFI and FDIC. Various laws and regulations prescribe the investment and lending authority of the Bank, and the Bank is prohibited from engaging in any activities not permitted by such laws and regulations. While the Bank has broad authority to engage in all types of lending activities, a variety of restrictions apply to certain other investments by the Bank.

Interstate Banking. Subject to certain limitations and restrictions, a bank holding company, with prior approval of the FRB, may acquire an out-of-state bank; banks in states that do not prohibit out-of-state mergers may merge with the approval of the appropriate federal banking agency, and a bank may establish a de novo branch out of state if such branching is permitted by the other state for state banks chartered by such other state.

Insurance of Deposit Accounts. Under the Dodd-Frank Act, the maximum amount of federal deposit insurance coverage was permanently increased from $100,000 to $250,000 per depositor, per institution. The Dodd-Frank Act also broadened the base for FDIC insurance assessments. Assessments are now based on the average consolidated total assets less tangible equity capital of a financial institution. In addition, the Dodd-Frank Act raised the minimum designated reserve ratio, which the FDIC is required to set each year for the DIF, to 1.35%. The Dodd-Frank Act eliminated the requirement that the FDIC pay dividends to depository institutions when the reserve ratio exceeds certain thresholds. The FDIC has established a higher reserve ratio of 2% as a long-term goal beyond what is required by statute.

Brokered Deposits. The Federal Deposit Insurance Act prohibits an insured depository institution from accepting brokered deposits or offering interest rates on any deposits significantly higher than the prevailing rate in the bank’s normal market area or nationally (depending upon where the deposits are solicited), unless it is well-capitalized or is adequately capitalized and receives a waiver from the FDIC. A depository institution that is adequately capitalized and accepts brokered deposits under a waiver from the FDIC may not pay an interest rate on any deposit in excess of national and local rate caps set by the FDIC and published on its website.

Transactions with Affiliates; Insider Loans. Under current federal law, all transactions between and among a bank and its affiliates, including holding companies, are subject to Sections 23A and 23B of the Federal Reserve Act and Regulation W promulgated thereunder. Generally, these requirements limit extensions of credit and certain other such transactions by the bank to affiliates to a percentage of the institution's capital and generally such transactions must be collateralized. Generally, all affiliate transactions must be on terms at least as favorable to the bank as transactions with non-affiliates. In addition, a bank may not lend to any affiliate engaged in non-banking activities that are not permissible for a bank holding company or acquire

shares of any affiliate that is not a subsidiary. Federal law authorizes the imposition of additional restrictions on transactions with affiliates if necessary to protect the safety and soundness of a bank.

Extensions of credit by a bank to executive officers, directors and principal shareholders are subject to Section 22(h) of the Federal Reserve Act, which, among other things, generally prohibits loans to any such individual where the aggregate amount exceeds an amount equal to 15% of an institution's unimpaired capital and surplus plus an additional 10% of unimpaired capital and surplus in the case of loans that are fully secured by readily marketable collateral. Section 22(h) permits loans to directors, executive officers and principal shareholders made pursuant to a benefit or compensation program that is widely available to employees of a subject bank provided that no preference is given to any officer, director or principal shareholder, or related interest thereto, over any other employee. In addition, the aggregate amount of extensions of credit by a bank to all insiders cannot exceed the institution's unimpaired capital and surplus. Furthermore, Section 22(g) places additional restrictions on loans to executive officers.

The affiliate transaction rules in Sections 23A and 23B of the Federal Reserve Act broaden the definition of affiliate and apply these rules to securities lending, repurchase agreements and derivatives. These rules also strengthen collateral requirements and limit Federal Reserve exemptive authority. Further, the definition of “extension of credit” for transactions with executive officers, directors and principal shareholders includes credit exposure arising from a derivative transaction, a repurchase or reverse repurchase agreement or a securities lending or borrowing transaction. These provisions have not had a material effect on the Company or the Bank.

Restrictions on Dividends. The amount of dividends payable by the Bank to the Company depends upon its earnings and capital position, and is limited by federal and state laws, regulations and policies, including the capital conservation buffer requirement. Federal law further provides that no insured depository institution may make any capital distribution (which includes a cash dividend) if, after making the distribution, the institution would be “undercapitalized,” as defined in the prompt corrective action regulations. Moreover, the federal bank regulatory agencies also have the general authority to limit the dividends paid by insured banks if such payments should be deemed to constitute an unsafe and unsound practice. In addition, under Washington law, no bank may declare or pay any dividend in an amount greater than its retained earnings without the prior approval of the WDFI. WDFI also has the power to require any bank to suspend the payment of any and all dividends.

Federal Home Loan Bank System. The Bank is a member of the Federal Home Loan Bank of Des Moines, which is one of 11 regional FHLBs that provide funding to their members for making home mortgage loans, as well as loans for affordable housing and community development. Each FHLB serves members within its assigned region and is funded primarily through proceeds derived from the sale of consolidated obligations of the FHLB system. Loans are made to members in accordance with the policies and procedures established by the Board of Directors of the FHLB. The Bank also acquired the stock of the FHLB San Francisco in the Merger but is not a member of this FHLB. At September 30, 2024, the Bank held $73,910,000 in FHLB of Des Moines stock and $21,707,000 in FHLB of San Francisco stock, which was in compliance with requirements.

Community Reinvestment Act and Fair Lending Laws. Banks have a responsibility under the Community Reinvestment Act ("CRA") and related regulations of the FDIC to help meet the credit needs of their communities, including low- and moderate-income neighborhoods. In addition, the Equal Credit Opportunity Act and the Fair Housing Act (together, the "Fair Lending Laws") prohibit lenders from discriminating in their lending practices on the basis of characteristics specified in those statutes. An institution's failure to comply with the provisions of the CRA could, at a minimum, result in regulatory restrictions on its activities. Failure to comply with the Fair Lending Laws could result in enforcement actions by the FDIC, the CFPB and other federal regulatory agencies, including the U.S. Department of Justice.

USA Patriot Act of 2001. The USA PATRIOT Act of 2001 ("Patriot Act"), through amendments to the federal Bank Secrecy Act (“BSA”), substantially broadened the scope of United States anti money-laundering laws and regulations by imposing significant new compliance and due diligence obligations, creating new crimes and penalties and expanding the extra-territorial scope of United States jurisdiction. The United States Treasury Department has issued a number of regulations under the Patriot Act that apply to financial institutions such as the Bank. These regulations impose obligations on financial institutions to maintain appropriate policies, procedures and controls to detect, prevent and report money laundering and terrorist financing and to verify the identity of their customers. Failure of a financial institution to maintain and implement adequate risk-based programs reasonably designed to combat money laundering and terrorist financing, or to comply satisfactorily with all relevant Patriot Act and BSA requirements, could have serious legal and reputational consequences for the institution.

Anti-Money Laundering Act of 2020. The Anti-Money Laundering Act of 2020 (“AML Act”) was enacted as part of the National Defense Authorization Act and requires the U.S. Treasury Department to issue National Anti-Money Laundering and

Countering the Financing of Terrorism Priorities ("AML/CFT"), which occurred in June 2021. The AML Act also includes a requirement to conduct studies and issue regulations that may alter some of the due diligence, recordkeeping and reporting requirements that the BSA and Patriot Act impose on financial institutions. The AML Act also promotes increased information-sharing and use of technology and increases penalties for violations of the BSA and includes whistleblower incentives, both of which could increase the prospect of regulatory enforcement.

Regulatory Capital Requirements. Bank holding companies and federally insured banks are required to maintain minimum levels of regulatory capital. The Federal Reserve establishes capital standards applicable to all bank holding companies, and the WDFI and FDIC establish capital standards applicable to Washington state chartered, non-member banks. The capital rules reflect, in part, certain standards initially adopted by the Basel Committee on Banking Supervision in December 2010 (which standards are commonly referred to as “Basel III”) as well as requirements contemplated by the Dodd-Frank Act.

The capital rules require a capital ratio of common equity Tier 1 capital to risk based assets. Common equity Tier 1 capital generally consists of retained earnings and common stock instruments (subject to certain adjustments) as well as accumulated other comprehensive income (“AOCI”) except to the extent that the Company and the Bank exercise a one-time irrevocable option to exclude certain components of AOCI, which the Company and the Bank have done. Tier 1 capital also includes non-cumulative perpetual preferred stock and limited amounts of minority interests. Regulatory deductions from capital include goodwill and intangible assets. The capital rules prescribe the manner in which certain capital elements are determined, including but not limited to, requiring certain deductions related to mortgage servicing rights and deferred tax assets. Total capital consists of Tier 1 capital and supplementary capital. Supplementary capital consists of certain capital instruments that do not qualify as core capital as well as general valuation loan and lease loss allowances up to a maximum of 1.25% of risk-weighted assets. Supplementary capital may be used to satisfy the risk-based requirement only in an amount equal to the amount of Tier 1 capital.

In determining the required amount of risk-based capital, total assets, including certain off-balance-sheet items, are multiplied by a risk-weight factor based on the risks inherent in the type of assets held by an institution. The risk categories range from 0% for low-risk assets such as U.S. Treasury securities and GNMA securities to 1,250% for various types of loans and other assets deemed to be of higher risk. Single-family residential loans having loan-to-value ratios not exceeding 90% and meeting certain additional criteria, as well as certain multi-family residential loans, qualify for a 50% risk-weight treatment. The book value of each asset is multiplied by the risk factor applicable to the asset category, and the sum of the products of this calculation equals total risk-weighted assets. The rules set forth the methods of calculating certain risk-based assets, which in turn affects the calculation of risk-based ratios. Higher or more sensitive risk weights are assigned to various categories of assets, among which are commercial real estate, credit facilities that finance the acquisition, development or construction of real property, certain exposures or credit that are 90 days past due or are non-accrual, foreign exposures, certain corporate exposures, securitization exposures, equity exposures and in certain cases mortgage servicing rights and deferred tax assets.

Both the Company and the Bank are required to have a common equity Tier 1 capital ratio of 4.5%. In addition, both the Company and the Bank are required to have a Tier 1 leverage ratio of 4.0%, a Tier 1 risk-based ratio of 6.0% and a total risk-based ratio of 8.0%. Both the Company and the Bank are required to establish a “conservation buffer,” consisting of common equity Tier 1 capital, equal to 2.5%. The capital conservation buffer is designed to ensure that banks build up capital buffers outside periods of stress, which can be drawn down as losses are incurred. An institution that does not meet the conservation buffer will be subject to restrictions on certain activities including payment of dividends, stock repurchases and discretionary bonuses to executive officers.

The Federal Reserve and the FDIC are also authorized to impose capital requirements in excess of these standards on individual institutions on a case-by-case basis. Management believes that the current capital levels of the Company and the Bank are sufficient to be in compliance with the fully phased-in standards under the rules.

Any bank holding company or bank that fails to meet the capital requirements is subject to possible enforcement actions. Such actions could include a capital directive, a cease and desist or consent order, civil money penalties, restrictions on an institution's operations and/or the appointment of a conservator or receiver.

For information regarding compliance with each of these capital requirements by the Company and the Bank as of September 30, 2024, see Note R to the Consolidated Financial Statements included in Item 8 hereof.

Prompt Corrective Action. Federal statutes establish a supervisory framework based on five capital categories: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. An institution’s category depends upon its capital levels in relation to relevant capital measures, which include a risk-based capital measure, a leverage ratio capital measure and certain other factors. The federal banking agencies have adopted regulations that implement this statutory framework.

The prompt corrective action rules, which apply to the Bank but not the Company, are modified to include a common equity Tier 1 risk-based ratio and to increase certain other capital requirements for the various thresholds. For example, the requirements for the Bank to be considered well-capitalized under the rules are a 5.0% Tier 1 leverage ratio, a 6.5% common equity Tier 1 risk-based ratio, an 8.0% Tier 1 risk-based capital ratio and a 10.0% total risk-based capital ratio. To be adequately capitalized, those ratios are 4.0%, 4.5%. 6.0% and 8.0%, respectively.

An institution that is not well capitalized is subject to certain restrictions on brokered deposits, including restrictions on the rates it can offer on its deposits, generally. Any institution that is neither well capitalized nor adequately capitalized is considered undercapitalized. Federal law authorizes the FDIC to reclassify a well-capitalized institution as adequately capitalized and may require an adequately capitalized institution or an undercapitalized institution to comply with supervisory actions as if it were in the next lower category. The FDIC may not reclassify a significantly undercapitalized institution as critically undercapitalized. As of September 30, 2024, the Bank exceeded the requirements of a well-capitalized institution.

Dodd-Frank Act Stress Tests ("DFAST"). On July 6, 2018, bank regulatory agencies (the FRB, FDIC and the Office of the Comptroller of the Currency) issued a joint interagency statement regarding the impact of the Economic Growth, Regulatory Relief, and Consumer Protection Act ("EGRRCPA") on financial institutions. The EGRRCPA gave immediate relief from stress testing for applicable bank holding companies but not financial institutions until November 25, 2019. Pursuant to direction from the Bank's regulators, the Bank was provided similar relief and is no longer required to submit company-run annual stress tests. Notwithstanding these amendments to the stress testing requirements, the federal banking agencies indicated through interagency guidance that the capital planning and risk management practices of institutions with total assets less than $100 billion would continue to be reviewed through the regular supervisory process. Although the Bank will continue to monitor its capital consistent with the safety and soundness expectations of the federal regulators, the Bank will no longer conduct company-run stress testing as a result of the legislative and regulatory amendments. The Bank continues to use customized stress testing to support the business and as part of its risk management and capital planning process.

EGRRCPA also enacted several important changes in some technical compliance areas that we believe will help reduce our regulatory burden, including:

•Prohibiting federal banking regulators from imposing higher capital standards on High Volatility Commercial Real Estate (“HVCRE”) exposures unless they are for acquisition, development or construction (“ADC”), and clarifying ADC status;

•Exempting from appraisal requirements certain transactions involving real property in rural areas and valued at less than $400,000; and

•Directing the Consumer Financial Protection Bureau to provide guidance on the applicability of the Truth in Lending and Real Estate Settlement Procedures Act Integrated Disclosure rule to mortgage assumption transactions and construction-to-permanent home loans, as well the extent to which lenders can rely on model disclosures that do not reflect recent regulatory changes.

Despite the improvements for mid-size financial institutions such as the Company that has resulted from EGRRCPA, many provisions of the Dodd-Frank Act and its implementing regulations remain in place and will continue to result in additional operating and compliance costs that could have a material adverse effect on our business, financial condition, and results of operation. In addition, the EGRRCPA requires the enactment of a number of implementing regulations, the details of which may have a material effect on the ultimate impact of the law.

Cybersecurity. The federal banking agencies have established certain expectations with respect to an institution's information security and cybersecurity programs, with an increasing focus on risk management, processes related to information technology and operational resiliency, and the use of third parties in the provision of financial services. In January 2020, the federal banking agencies jointly issued a statement reminding supervised financial institutions of sound cybersecurity risk management principles that expanded on areas articulated in the Interagency Guidelines Establishing Information Security Standards written in Section 39 of the Federal Deposit Insurance Act and Sections 501 and 505(b) of the Gramm-Leach-Bliley Act.

In November 2021, the U.S. federal bank regulatory agencies adopted a rule regarding notification requirements for banking organizations related to significant computer security incidents. Under the final rule, a bank holding company, such as the Company, and an FDIC-supervised insured depository institution, such as the Bank, are required to notify the Federal Reserve or FDIC, respectively, within 36 hours of incidents that have materially disrupted or degraded, or are reasonably likely to materially disrupt or degrade, the banking organization’s ability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of the banking organization, or impact the stability of the financial sector. Service providers are required under the rule to notify any affected bank client it provides services to as soon as possible when it determines it has experienced a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, covered services provided by that entity to the Bank for four or more hours.

See Item 1C - Cybersecurity, for additional disclosures regarding the Company's cybersecurity risk management, strategy and governance.

Financial Privacy. Under the Gramm-Leach-Bliley Act of 1999, as amended, a financial institution may not disclose non-public personal information about a consumer to unaffiliated third parties unless the institution satisfies various disclosure requirements and the consumer has not elected to opt out of the information sharing. The financial institution must provide its customers with a notice of its privacy policies and practices. The Federal Reserve, the FDIC, and other financial regulatory agencies issued regulations implementing notice requirements and restrictions on a financial institution's ability to disclose non-public personal information about consumers to unaffiliated third parties.

In addition, privacy and data protection are areas of increasing state legislative focus, and several states have recently enacted consumer privacy laws that impose significant compliance obligations with respect to personal information. For example, the Company is subject to the California Consumer Privacy Act (“CCPA”) and its implementing regulations. The CCPA gives consumers the right to request disclosure of information collected about them, and whether that information has been sold or shared with others, the right to request deletion of personal information (subject to certain exceptions), the right to opt out of the sale of the consumer’s personal information, and the right not to be discriminated against for exercising these rights. The CCPA contains several exemptions, including an exemption applicable to information that is collected, processed, sold, or disclosed pursuant to the Gramm-Leach-Bliley Act of 1999, as amended. In November 2020, voters in the state of California approved the California Privacy Rights Act (“CPRA”), a ballot measure that amends and supplements the substantive requirements of the CCPA by, among other things, expanding certain rights relating to personal information and its use, collection, and disclosure by covered businesses and providing certain mechanisms for administration and enforcement of the statue by creating the California Privacy Protection Agency, a watchdog privacy agency. Similar laws may in the future be adopted by other states where the Company does business. The Company has made and will make operational adjustments in accordance with the requirements of the CCPA and other state privacy laws.

Furthermore, privacy and data protection areas are expected to receive further attention at the federal level. Congress and federal regulatory agencies are considering similar laws or regulations that could create new individual privacy rights and impose increased obligations on companies handling personal data. On April 1, 2022, the federal banking agencies’ new rule became effective, providing for new notification requirements for banking organizations and their service providers for significant cybersecurity incidents. Specifically, the new rule requires banking organizations to notify their primary federal regulator as soon as possible, and no later than 36 hours after, the discovery of a computer-security incident that rises to the level of a notification incident as defined by the rule. Notification is required for incidents that have materially affected or are reasonably likely to materially affect the viability of a banking organization’s operations, its ability to deliver banking products and services, or the stability of the financial sector. The potential effects of state or federal privacy and data protection laws on the Company’s business cannot be determined at this time and will depend both on whether such laws are adopted by states in which the Company does business and/or at the federal level and the requirements imposed by any such laws.

Taxation

In addition to federal income tax, the Company is also subject to income, franchise, excise or gross receipts tax in states (and some cities) where the Company has branches or is deemed to have sufficient nexus for tax purposes. The Company generally files consolidated federal and state income tax returns with its subsidiaries.

The Company's federal income tax returns are open and subject to potential examination by the IRS for fiscal year 2021 and later.

Competition

We operate in a highly competitive environment. We compete with some competitors within our geographic market area, and with others on a product specific basis, such as the residential mortgage market. Our ability to compete effectively depends on our ability to provide first-rate, friendly and professional customer service and deliver the banking solutions that our customers want and need. We are also dependent upon our ability to attract and retain employees while managing compensation and other costs.

Availability of Financial Data

Under the Securities Exchange Act of 1934 ("Exchange Act"), the Company is required to file annual, quarterly and current reports, proxy statements and other information with the SEC. We file reports on Forms 10-K, 10-Q and 8-K, and amendments to those reports, with the SEC. The public may obtain copies of these reports at the SEC's website: www.sec.gov.

The Company has adopted and posted on its website a code of ethics that applies to its senior financial officers. The Company’s website also includes the charters for its audit committee, compensation committee, risk management committee, executive committee, technology committee and nominating and governance committee.

The address for the Company’s website is www.wafdbank.com. The Company makes available on its website, free of charge, its annual reports on Form 10-K, current quarterly reports on Form 10-Q, reports on Form 8-K, proxy statements and any amendments to those reports (among others), as soon as reasonably practicable after we electronically file such material with, or furnish it to, the Securities and Exchange Commission (SEC). We also make available on our website public financial information for which a report is not required to be filed with or furnished to the SEC. Our SEC reports and such other information can be accessed through the investor relations section of our website (https://www.wafdbank.com/about-us/investor-relations). The Company’s website provides a link to all our filings on the SEC’s Edgar website, and the company will provide a printed copy of any of our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, proxy statements and any amendments to those reports (among others) to any requesting shareholder, free of charge. The information found on our website is not part of this or any other report that we file or furnish to the SEC.

Item 1A. Risk Factors

Ownership of our Common Stock involves risk. Investors should carefully consider, in addition to the other information included in this Annual Report on Form 10-K, the following risk factors. The risks described below may adversely affect our business, financial condition and results of operations. These risks are not the only risks we face; additional risks and uncertainties not currently known or that are currently considered to be immaterial may also materially and adversely affect our business.

Operational Risks

Fluctuating interest rates could adversely affect our business.

Significant increases in market interest rates on loans, or the perception that an increase may occur, could adversely affect both our ability to originate new loans and our ability to grow. Although the FRB reduced its benchmark rates in September 2024, the inflationary outlook in the United States is currently uncertain. Rapid changes in interest rates make it difficult for the Bank to balance its loan and deposit portfolios, which may adversely affect our results of operations by, for example, reducing asset yields or spreads, creating operating and system issues, or having other adverse impacts on our business. Persistent inflation could lead to higher interest rates, which could, in turn, increase the borrowing costs of our customers, making it more difficult for them to repay their loans or other obligations. High interest rates could also push down asset prices and weaken economic activity.

Further, our profitability is dependent to a large extent upon net interest income, which is the difference (or “spread”) between the interest earned on loans, securities and other interest-earning assets and the interest paid on deposits, borrowings, and other interest-bearing liabilities. The level of net interest income is a function of the average balances of interest-earning assets and interest-bearing liabilities and the spread between the amounts of the yield on such assets and the cost of such liabilities. These factors are influenced by both the pricing and the mix of interest-earning assets and interest-bearing liabilities which, in turn, are impacted by such external factors as the local economy, competition for loans and deposits, the monetary policy of the Federal Open Market Committee of the Federal Reserve Board of Governors (the “FOMC”) and market interest rates. Furthermore, movements in interest rates, the pace at which such movements occur and the volume and mix of our interest-bearing assets and liabilities influence the level of net interest income. The cost of customer deposits is largely based on short-term interest rates, the level of which is driven by the FOMC. However, the yields generated by long-term loans, such as single-family residential and multifamily mortgage loans, and securities are typically driven by longer-term (10 year) interest rates, which are set by the market and vary from day to day.

As a result of the interest rate increases experienced in 2022 and 2023, our interest expense on both deposits and borrowings increased significantly. Because of the differences in maturities and repricing characteristics of our interest-earning assets and interest-bearing liabilities, changes in interest rates do not produce equivalent changes in interest income earned on interest-earning assets and interest paid on interest-bearing liabilities. Accordingly, fluctuations in interest rates could adversely affect our interest rate spread, and, in turn, our profitability. For example, if the interest rates on interest-bearing liabilities increase at a faster pace than the interest rates on interest-earning assets, the result could be a reduction in our net interest income and with it, a reduction in earnings. The same could be true if interest rates on interest-earning assets decline faster than the rates on interest-bearing liabilities. In addition, changes in interest rates could affect the Bank's ability to originate loans and attract and retain deposits; the fair values of its securities and other financial assets; the fair values of its liabilities; and the average lives of its loan and securities portfolios. Additionally, decreases in interest rates could lead to increased loan refinancing activity, which, in turn, would alter the balance of our interest-earning assets and impact net interest income. Increases in interest rates could reduce loan refinancing activity, which could result in compression of the spread between loan yields and more quickly rising funding rates. We may also be exposed to movements in market rates to a degree not experienced by other financial institutions, as a result of our significant portfolio of fixed-rate single-family home loans, which are longer-term in nature than the customer accounts and borrowed money that constitute our liabilities.

We are currently anticipating that there will be further decreases in the target federal funds rate in 2025 but the inflationary outlook remains uncertain. However, if interest rates do not decrease, or if the Federal Reserve were to rapidly increase the target federal funds rate, the increase in rates could continue to constrain our interest rate spread and may adversely affect our business forecasts. We are unable to predict changes in interest rates, which are affected by factors beyond our control, including inflation, deflation, recession, unemployment, money supply and other changes in financial markets.

We are exposed to risks related to fraud and cyber-attacks.

Cybersecurity, and the continued development and enhancement of controls, processes, and practices designed to protect customer information, systems, computers, software, data, and networks from attack, damage, or unauthorized access remain a priority for the Company. As cybersecurity threats continue to evolve, we may be required to expend additional resources to continue to enhance, modify, and refine our protective measures against these evolving threats.

We are continuously enhancing and expanding our digital products and services to meet customer and business needs with desired outcomes. These digital products and services often include storing, transmitting, and processing confidential customer, employee, financial, and business information. Due to the nature of this information, and the value it has for internal and external threat actors, we, and our third-party service providers, continue to be subject to cyber-attacks and fraud activity that attempts to gain unauthorized access, misuse information and information systems, steal information, disrupt or degrade information systems, spread malicious software, and other illegal activities.

We believe we have robust preventive, detective, and administrative safeguards and security controls to minimize the probability and magnitude of a material event. However, if we are unable to maintain them, we may fall victim to a material adverse cybersecurity event. Because the tactics and techniques used by threat actors to bypass safeguards and security controls change frequently, and often are not recognized until after an event has occurred, we may be unable to anticipate future tactics and techniques, or to implement adequate and timely protective measures.

We are subject to additional risk with respect to third-party vendors that process or handle personal and financial data of our customers, partners, suppliers or employees. These third-party vendors may themselves use other vendors to store or process our data, which further elevates our risk exposure. Our third-party vendors have been, and may in the future be, subject to security incidents, including those caused by computer viruses, malware, ransomware, phishing attempts, social engineering, hacking or other means of unauthorized access. Control failures of security measures managed by our third-party service providers could cause us to suffer damage to our reputation and could require us to incur substantial expenses, which could have a materially adverse effect on our business, financial condition, and results of operations.

To date, we have no knowledge of a material cyber-attack or other material information security incident affecting the systems we operate and control. However, our risk and exposure to these matters remains heightened because of, among other things, the evolving nature of these threats, the continuation of a remote or hybrid work environment for our employees and service providers, and our plans to continue to implement and expand digital banking services, expand operations, and use third-party information systems that includes cloud-based infrastructure, platforms, and software. Recent instances of attacks specifically targeting banks and financial services businesses indicate that the risk to our systems remains significant. Threat actors, including nation state attackers, could also use artificial intelligence for malicious purposes, increasing the frequency and complexity of their attacks. Such cyber-attacks and other security incidents are designed to lead to various harmful outcomes, such as unauthorized transactions against our customers’ accounts, unauthorized or unintended access to confidential information, or the release, gathering, monitoring, disclosure, loss, destruction, corruption, disablement, encryption, misuse, modification or other processing of confidential or sensitive information (including personal information), intellectual property, software, methodologies or business secrets, disruption, sabotage or degradation of service, systems or networks, or other damage. These threats may derive from, among other things, error, fraud or malice on the part of our employees, insiders, or third parties or may result from accidental technological failure. Any of these parties may also attempt to fraudulently induce employees, service providers, customers, partners or other third-party users of our systems or networks to disclose confidential or sensitive information (including personal information) in order to gain access to our systems, networks or data or that of our customers, partners, or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment. A cyber-attack or other security incident on the systems we operate and control could cause us to suffer damage to our reputation, result in productivity losses, require us to incur substantial expenses, including response costs associated with investigation and resumption of services, remediation expenses costs associated with customer notification and credit monitoring services, increased insurance premiums, regulatory penalties and fines, and costs associated with civil litigation, any of which could have a materially adverse effect on our business, financial condition, and results of operations.

We also face additional costs when our customers become the victims of cyber-attacks. For example, various retailers have reported that they have been the victims of a cyber-attack in which large amounts of their customers’ data, including debit and credit card information, is obtained. Our customers may be the victims of phishing scams, providing cyber criminals access to their accounts, or credit or debit card information. In these situations, we incur costs to replace compromised cards and address fraudulent transaction activity affecting our customers, as well as potential increases to insurance premiums for policies we may maintain to cover these losses.

Both internal and external fraud and theft are risks. If confidential customer, employee, monetary, or business information were to be mishandled or misused, we could suffer significant regulatory consequences, reputational damage, and financial loss. Such mishandling or misuse could include, for example, if such information were erroneously provided to parties who are not permitted to have the information, either by fault of our systems, employees, or counterparties, or if such information were to be intercepted or otherwise inappropriately taken by third parties, or if our own employees abused their access to financial systems to commit fraud against our customers and the Company. These activities can occur in connection with activities such as the origination of loans and lines of credit, ACH transactions, wire transactions, ATM transactions, and checking transactions, and result in financial losses as well as reputational damage.

Operational errors can include information system misconfiguration, clerical or record-keeping errors, or disruptions from faulty or disabled computer or telecommunications systems. Because the nature of the financial services business involves a high volume of transactions, certain errors, which may be automated or manual, may be repeated or compounded before they are discovered and successfully rectified. Because of the Company’s large transaction volume and its necessary dependence upon automated systems to record and process these transactions, there is a risk that technical flaws, tampering, or manipulation of those automated systems, arising from events wholly or partially beyond its control, may give rise to disruption of service to customers and to financial loss or liability.

The occurrence of any of these risks could result in a diminished ability for us to operate our business, additional costs to correct defects, potential liability to clients, reputational damage, and regulatory intervention, any of which could adversely affect our business, financial condition and results of operations.

Inflationary pressures and rising prices may affect our results of operations and financial condition.

Inflation rates moved closer to the FRB’s target rate in 2024, but remained somewhat elevated and as of September 2024, above the FRB’s target of 2%. The inflation experienced in 2022 and 2023 has led to increased costs to our customers, making it more difficult for them to repay their loans or other obligations increasing our credit risk. The inflationary outlook in the United States is currently uncertain. If inflationary pressures do not subside, sustained higher interest rates by the Federal Reserve may be needed to tame persistent inflationary price pressures, which could push down asset prices and weaken economic activity. A deterioration in economic conditions in the United States and our markets could result in a further increase in loan delinquencies and non-performing assets, decreases in loan collateral values and a decrease in demand for our products and services, all of which, in turn, would adversely affect our business, financial condition and results of operations.

Integrating Luther Burbank with the Company may prove more difficult, costly or time consuming than expected, and the anticipated benefits and cost savings of the Merger may not be realized.

On March 1, 2024, the Company closed the Merger with Luther Burbank. The Merger involves the integration of two companies that have previously operated independently and with different business models. The ultimate success of the Merger will depend, in part, on our ability to realize the anticipated cost savings from combining the businesses of WaFd and Luther Burbank. To realize the anticipated benefits and cost savings from the Merger, we must successfully integrate Luther Burbank’s operations with ours in a manner that permits those cost savings to be realized, without adversely affecting current revenues and future growth. If the integration is more costly than projected, the anticipated benefits of the Merger may not be realized fully or at all or may take longer to realize than expected. While we have realized 45% in annualized cost-savings due to the merger as of September 30, 2024, exceeding the original 25% target, an inability to maintain the full extent of these cost savings following the Merger, as well as any delays encountered in the integration process, could have an adverse effect upon the revenues, levels of expenses and operating results of the combined company, which may adversely affect the value of our Common Stock. It is possible that the integration process could result in the loss of key employees, the disruption of each company’s ongoing businesses or inconsistencies in standards, controls, procedures, and policies that adversely affect the companies’ ability to maintain relationships with clients, customers, depositors, and employees or to achieve the anticipated benefits and cost savings of the Merger. Integration efforts between the companies may also divert management attention and resources. These integration matters could have an adverse effect on the combined company for an undetermined period after completion of the Merger.

Current uncertain economic conditions pose challenges, and could adversely affect our business, financial condition and results of operations.

We are operating in an uncertain economic environment. The pandemic caused a global economic slowdown, and while we have seen some economic recovery, continuing supply chain issues, labor shortages and inflation risks continue to affect the economic recovery. U.S. debt ceiling and budget deficit concerns have increased the possibility of additional credit-rating downgrades and economic slowdowns, or a recession in the United States. There remain increased risks of a government shutdown if the spending bills necessary to fund the government through the fiscal year that ends September 30, 2025 are not

passed by Congress. Future deterioration in the U.S. credit and financial markets could result in losses or significant deterioration in the fair value of our U.S. government issued, sponsored or guaranteed investments. At September 30, 2024, we had $2.2 billion invested in U.S. government and agency obligations, and further downgrades could affect the stability of securities issued or guaranteed by the federal government and the valuation or liquidity of our portfolio of such investment securities.

Economic uncertainty, or a recessionary or stagnant economy, could result in financial stress on the Bank's borrowers, which could adversely affect our business, financial condition and results of operations. Deteriorating conditions in the regional economies we serve, or in certain sectors of those economies, in excess of the reasonable and supportable forecasts we used to estimate credit losses, could drive losses beyond that which is provided for in our allowance for loan losses. We could also face the following risks in connection with the following events:

•Market developments and economic stagnation or slowdown may affect consumer confidence levels and may cause adverse changes in payment patterns, resulting in increased delinquencies and default rates on loans and other credit facilities.

•The processes we use to estimate the allowance for credit losses and other reserves may prove to be unreliable. Such estimates rely upon complex modeling inputs and judgments, including forecasts of economic conditions, which may be rendered inaccurate and/or no longer subject to accurate forecasting.

•Our ability to assess the creditworthiness of our borrowers may be impaired if the models and approaches we use to select, manage, and underwrite loans become less predictive of future charge-offs.

•Regulatory scrutiny of the industry could increase, leading to increased regulation of the industry that could lead to a higher cost of compliance, limit our ability to pursue business opportunities and increase our exposure to litigation or fines.

•Ineffective monetary policy or other market conditions could cause rapid changes in interest rates and asset values that would have a materially adverse impact on our profitability and overall financial condition.

•Further erosion in the fiscal condition of the U.S. Treasury could lead to new taxes that would limit our ability to pursue growth and return profits to shareholders.

If these conditions or similar ones continue to exist or worsen, we could experience continuing or increased adverse effects on our financial condition.

Changes to monetary policy by the Federal Reserve could adversely impact our results of operations.

The Federal Reserve is responsible for regulating the supply of money in the United States, including open market operations used to stabilize prices in times of economic stress, as well as setting monetary policies. These activities strongly influence our rate of return on certain investments, our hedge effectiveness for mortgage servicing and our mortgage origination pipeline, as well as our costs of funds for lending and investing, all of which may adversely impact our liquidity, results of operations, financial condition and capital position.

Unstable global economic conditions may have serious adverse consequences on our business, financial condition, and operations.

Changes in trade policies by the United States or other countries, such as tariffs or retaliatory tariffs, may cause inflation which could impact the prices of products sold by our borrowers and have the potential to reduce demand for their products impacting their profitability and making it difficult for our borrowers to repay their loans. The financial markets and the global economy may also be adversely affected by the current or anticipated impact of military conflict, including the conflict between Russia and Ukraine, and the evolving conflict in the Middle East. These events have increased and are expected to continue to increase volatility in commodity and energy prices, including oil, and continuing hostilities raise the possibility of supply disruptions. Rising tensions and global instability have the potential to affect consumer confidence in the U.S. and abroad, therefore having a broader effect on financial markets. Our general business strategy may be adversely affected by any such economic downturn, volatile business environment, hostile third-party action or continued unpredictable and unstable market conditions.

Our allowance for credit losses ("ACL") may not be adequate to cover future loan losses, which could adversely affect our financial condition and results of operations.

If our customers are unable to repay their loans according to the original terms, and the collateral securing the payment of those loans is insufficient to pay any remaining loan balance, we will be required to characterize the loan as non-performing or write it off as a loss. We maintain an ACL to provide for loan defaults and non-performance, however, losses may exceed the value of the collateral securing the loans and the allowance may not fully cover any excess loss.

We make various assumptions and judgments about the collectability of our loan portfolio, including the creditworthiness of our borrowers and the value of the real estate and other assets serving as collateral for the repayment of loans. Our ACL is based on these judgments, as well as historical loss experience and an evaluation of the other risks associated with our loan portfolio, including but not limited to, economic trends and conditions, changes in underwriting standards, management, competition, and trends in delinquencies, non-accrual and adversely classified loans, the size and composition of the loan portfolio, current economic conditions and geographic concentrations within the portfolio. If our assumptions and judgments used to determine the ACL prove to be incorrect, if the value of the collateral securing the loans decreases substantially or if regulators disagree with our judgments, we may need to increase the ACL in amounts that exceed our expectations.

We are exposed to risks related to our operational, technological, and third-party provided technology infrastructure.

We rely extensively on the successful and uninterrupted functioning of information technology and telecommunications systems to conduct our business. This includes internally developed systems, internally managed systems, outsourced systems provided by third-party service providers, internet facing digital products and services, mobile technologies and the on-going operational maintenance of each service. Any disruptions, failures, or inaccuracies of these systems, including changes and improvements, could result in our inability to service customers, manage operations, manage risk, meet regulatory obligations, or provide timely and accurate financial reporting which could damage our reputation, result in loss of customer business, subject us to regulatory scrutiny, or expose us to civil litigation and possible financial liability.

In many instances, the Company’s products and services to customers are dependent upon third-party service providers, who provide necessary, or critical, services and support. Any disruption of such services, or an unplanned termination of a third-party license or service agreement related thereto, could adversely affect our ability to provide necessary products and services for our customers.

In recent years, we have made a significant ongoing investment to enhance our technological capabilities with the objectives of enhancing customer experience, growing revenue, and improving operating efficiency. There is a risk that these investments may not provide the anticipated benefits and/or will prove significantly more costly and time consuming to produce. If this occurs, we may see a loss of customers, and our financial results and ability to execute on our strategic plan may be adversely impacted.

We are subject to complex state and federal laws, rules, regulations and standards regarding data privacy and cybersecurity, which impact how we conduct our business.

We are subject to complex and evolving data privacy laws, rules, regulations, standards and contractual obligations (collectively “data privacy laws”) that relate to the privacy and security of the personal information of customers, employees or others. State and federal regulators may also hold us responsible for privacy and data protection obligations performed by our third-party service providers while providing services to us, as well as disclosures and notifications during a cyber or information security incident. Consumers also have the option to direct banks and other financial institutions not to share information about transactions and experiences with affiliated companies for the purpose of marketing products or services.

State regulators have also been increasingly active in implementing privacy and cybersecurity standards and regulations. Recently, several states have adopted regulations requiring certain financial institutions to implement cybersecurity programs and provide detailed requirements with respect to these programs, including data encryption requirements. Many states have also recently implemented or modified their data breach notification and data privacy requirements. We expect this trend of state-level activity in those areas to continue and are continually monitoring developments in the states in which the Company operates. As the regulatory environment becomes more rigorous, we anticipate that compliance with these requirements will result in additional costs and expenses, and may impact the way we conduct business. Our failure to comply with data privacy laws could result in potentially significant regulatory or governmental investigations, litigation, fines, or

sanctions, or cause damage to our reputation, which could have a material adverse effect on our business, financial condition or results of operations.

The development and use of Artificial Intelligence (“AI”) presents risks and challenges that may adversely impact our business.

We or our third-party (or fourth party) vendors, clients or counterparties may develop or incorporate AI technology in certain business processes, services, or products. The development and use of AI presents a number of risks and challenges to our business. The legal and regulatory environment relating to AI is uncertain and rapidly evolving, both in the U.S. and internationally, and includes regulatory schemes targeted specifically at AI as well as provisions in intellectual property, privacy, consumer protection, employment, and other laws applicable to the use of AI. These evolving laws and regulations could require changes in our implementation of AI technology and increase our compliance costs and the risk of non-compliance. AI models, particularly generative AI models, may produce output or take action that is incorrect, that reflects biases included in the data on which they are trained, that results in the release of private, confidential, or proprietary information, that infringes on the intellectual property rights of others, or that is otherwise harmful. In addition, the complexity of many AI models makes it difficult to understand why they are generating particular outputs. This limited transparency increases the challenges associated with assessing the proper operation of AI models, understanding and monitoring the capabilities of the AI models, reducing erroneous output, eliminating bias, and complying with regulations that require documentation or explanation of the basis on which decisions are made. Further, we may rely on AI models developed by third parties, and, to that extent, would be dependent in part on the manner in which those third parties develop and train their models, including risks arising from the inclusion of any unauthorized material in the training data for their models and the effectiveness of the steps these third parties have taken to limit the risks associated with the output of their models, matters over which we may have limited visibility. Any of these risks could expose us to liability or adverse legal or regulatory consequences and harm our reputation and the public perception of our business or the effectiveness of our security measures.

If we are not able to retain or attract key employees, or if we were to suffer the loss of a significant number of employees, we could experience a disruption in our business.

If a key employee or a substantial number of employees depart or become unable to perform their duties, it may negatively impact our ability to conduct business as usual. Unanticipated departures, including in connection with acquisition activity, such as our recent acquisition of Luther Burbank, might require us to divert resources from other areas of our operations, which could create additional stress for other employees, including those in key positions. The loss of qualified and key personnel, or an inability to continue to attract, retain and motivate key personnel could adversely affect our business and consequently impact our financial condition and results of operations.

Our risk management framework may not be effective in mitigating risks and losses to us.

Our framework also includes financial or other modeling methodologies that involve management assumptions and judgment. Because we rely on assumptions and judgment calls, our risk management framework may not be effective under all circumstances and may not adequately mitigate any risk of loss to us. If our framework is not effective, we could suffer unexpected losses and our financial condition, operations or business prospects could be materially and adversely affected. We may also be subject to potentially adverse regulatory consequences.

Climate change could adversely affect our business, affect client activity levels and damage our reputation.

Concerns over the long-term impacts of climate change have led and will continue to lead to governmental efforts around the world to mitigate those impacts. Consumers and businesses are also changing their behavior and business preferences as a result of these concerns. New governmental regulations or guidance relating to climate change, as well as changes in consumers’ and businesses’ behaviors and business preferences, may affect whether and on what terms and conditions we will engage in certain activities or offer certain products or services. The governmental and supervisory focus on climate change could also result in our becoming subject to new or heightened regulatory requirements, such as requirements relating to operational resiliency or stress testing for various climate stress scenarios. Any such new or heightened requirements could result in increased regulatory, compliance or other costs or higher capital requirements. In connection with the transition to a low carbon economy, legislative or public policy changes and changes in consumer sentiment could negatively impact the businesses and financial condition of our clients, which may decrease revenues from those clients and increase the credit risk associated with loans and other credit exposures to those clients. Our business, reputation and ability to attract and retain employees may also be harmed if our response to climate change is perceived to be ineffective or insufficient.

Furthermore, the long-term impacts of climate change have and will continue to have a negative impact on our business, as well as on our customers and their business. Physical risks include extreme storms, tsunamis, floods, wildfires or other catastrophic events that damage or destroy offices or other assets, or that damage or destroy property and inventory securing loans we make. These catastrophic events may also interrupt our customer’s business operations, putting them in financial difficulty, and increasing the risk of default. Our customers are also facing increases in energy, insurance and commodity costs driven by climate change, as well as new regulatory requirements resulting in increased operational costs.

Throughout the pandemic our operations were impacted by the need to close certain offices and limit how customers conduct business through our branch network. Many of our employees continue to work remotely, which exposes us to increased cybersecurity risks such as phishing, malware, and other cybersecurity attacks, all of which could expose us to liability and could seriously disrupt our business operations.

A similar pandemic or major health crisis could negatively impact our capital, liquidity, and other financial positions and our business, results of operations, and prospects, affect significantly more households and businesses, or cause additional limitations on commercial activity, increased unemployment, increased property vacancy rates and general economic and financial instability. A slow-down or reversal in the economic recovery of the regions in which we conduct our business could result in declines in loan demand and collateral values. Future actions of governmental authorities taken in response to a pandemic or similar crisis, such as eviction forbearance, occupancy restrictions, vaccine mandates, or suspension of mortgage foreclosures, could have a negative impact on our business.

Regulatory and Litigation Risks

Non-Compliance with banking rules and regulations, including the USA PATRIOT Act, Bank Secrecy Act, Community Reinvestment Act, Fair Lending Laws, Real Estate Settlement Procedures Act, Truth-in-Lending Act, Flood Insurance Reform Act or other laws and regulations could result in fines or sanctions, and curtail our expansion opportunities.

Financial institutions are required under the USA PATRIOT Act of 2001 (the “Patriot Act”) and Bank Secrecy Act ("BSA") to develop programs to prevent financial institutions from being used for money-laundering and terrorist activities. Financial institutions are also obligated to file suspicious activity reports with the U.S. Treasury Department's Office of Financial Crimes Enforcement Network. These rules also require financial institutions to establish procedures for identifying and verifying the identity of customers seeking to open new financial accounts. Our failure or our inability to comply with the Patriot Act and BSA statutes and regulations could result in fines or penalties, curtailment of expansion opportunities, enforcement actions, intervention or sanctions by regulators and costly litigation or expensive additional controls and systems.

The Bank was previously subject to a Consent Order from the Office of the Comptroller of the Currency (“OCC”) for its BSA program that was issued in February 2018 (the “BSA Consent Order”). The BSA Consent Order resulted in the Bank incurring significant expenses to implement an effective AML/CFT Program, including payment of a $2,500,000 civil money penalty. The OCC terminated the BSA Consent Order in December 2021. However, the Bank remains subject to the BSA, the Patriot Act, and other laws and regulations requiring financial institutions, among other duties, to institute and maintain an effective anti-money laundering program and file suspicious activity and currency transaction reports as appropriate. Expanded laws and regulations relating to residential and consumer lending activities could create significant new compliance burdens and financial costs. Failure to maintain an effective AML/CFT program could have serious business, financial and reputational consequences for the Bank.

The Community Reinvestment Act (“CRA”), the Equal Credit Opportunity Act, the Fair Housing Act and other fair lending laws and regulations impose community investment requirements and nondiscriminatory lending requirements on financial institutions. The FDIC, CFPB, the United States Department of Justice and other federal agencies are responsible for enforcing these laws and regulations. A successful regulatory challenge to our performance under the CRA, receiving a less than satisfactory CRA rating, or challenges related to other fair lending laws and regulations could result in a wide variety of sanctions, including the required payment of damages, civil money penalties, injunctive relief, imposition of restrictions on merger and acquisition activity, and restrictions on expansion activity, including opening new branches or entering new lines of business. Private parties may also have the ability to challenge an institution’s performance under fair lending laws in private

class action litigation.

In March 2020, the Consumer Financial Protection Bureau (the “CFPB”) Office of Enforcement formally notified us of alleged violations of the Home Mortgage Disclosure Act (“HMDA”) associated with our HMDA reporting submissions. The CFPB alleged that the Bank did not accurately report all required relevant information within the annual HMDA submissions. We responded to the CFPB, noting that the Bank has instituted enhanced procedures to ensure compliance with HMDA, and submitted amended HMDA filings. In October 2020, after further discussions with the CFPB, we entered into a consent order related to our HMDA reporting, under which we agreed to pay a $200,000 civil money penalty and implement a HMDA compliance management system while adhering to a compliance plan. The consent order will be in effect for 10 years. We had previously entered into a consent order with the CFPB in 2013, also relating to HMDA reporting deficiencies, resulting in a $34,000 civil money penalty. The 2013 HMDA consent order remains in effect. Any further deficiencies in our HMDA reporting submissions could result in additional regulatory enforcement actions, cause us to incur additional significant compliance costs and subject us to larger fines. Moreover, continued deficiencies in our HMDA reporting could have serious reputational consequences for the Bank. Any of these results could have a material adverse effect on our business, financial condition and results of operations.

We operate in a highly regulated industry, which limits the manner and scope of our business activities.

We are subject to extensive supervision, regulation and examination by the WDFI, the FDIC and the CFPB. This regulatory structure is designed primarily for the protection of the deposit insurance funds and consumers and not to benefit our shareholders. This regulatory structure also gives the regulatory authorities extensive discretion in connection with their supervisory and enforcement activities and examination policies to address not only compliance with applicable laws and regulations (including laws and regulations governing consumer credit, CRA, and anti-money laundering and anti-terrorism laws), but also capital adequacy, asset quality and risk, management ability and performance, earnings, liquidity, data reporting and various other factors. As part of this regulatory structure, we are subject to policies and other guidance developed by the regulatory agencies with respect to capital levels, the timing and amount of dividend payments, the classification of assets and the establishment of adequate loan loss reserves for regulatory purposes. Under this structure the WDFI, the FDIC, the CFPB and the Federal Reserve have broad discretion to impose restrictions and limitations on our operations if they determine, among other things, that our operations are unsafe or unsound, fail to comply with applicable law or are otherwise inconsistent with laws and regulations or with the supervisory policies of these agencies. This supervisory framework could materially impact the conduct, growth and profitability of our operations. In particular, the FDIC has specific authority to take “prompt corrective action,” if the Bank’s capital falls below its current “well capitalized” level, including limiting the Bank’s ability to take brokered deposits, requiring the Bank to raise additional capital and subject it to progressively more severe restrictions on its operations, management and capital distributions, and replacement of senior executive officers and directors. If the Bank ever became “critically undercapitalized,” it would also be subject to the appointment of a conservator or receiver.

Failure to meet regulatory requirements could require the Bank to incur additional significant costs in order to bring our programs and operations into compliance, negatively impact our reputation, and have a material adverse effect on our business, financial condition and results of operations.

Recent national and state legislation and regulatory initiatives to support the financial services industry have been coupled with numerous restrictions and requirements that could detrimentally affect our business.

The Dodd-Frank Act has had a substantial impact on the financial services industry since its passage in 2010. The Dodd-Frank Act creates a framework through which regulatory reform has been and continues to be written. While many of the rules required by the Dodd-Frank Act have been implemented, others are still being drafted. As a result, the impact of the future regulatory requirements continue to be uncertain. We expect the way we conduct business to continue to be affected by these regulatory requirements, including through limitations on our ability to pursue certain lines of business, capital requirements, enhanced reporting obligations, and increased costs.

The failures of Silicon Valley Bank and Signature Bank are expected to result in modifications to or additional laws and regulations governing banks and bank holding companies, including increasing capital requirements, modifications to regulatory requirements with respect to liquidity risk management, deposit concentrations, capital adequacy, stress testing and contingency planning, and safe and sound banking practices, or enhanced supervisory or enforcement activities. Other legislative initiatives could detrimentally impact our operations in the future. For example, the Biden Administration announced a government-wide effort to eliminate “junk fees” which could subject our business practices to even further scrutiny. The CFPB’s action on junk fees thus far has largely focused on fees associated with deposit products, such as “surprise” overdraft fees and non-sufficient funds fees. However, what constitutes a “junk fee” remains undefined. The CFPB is actively soliciting consumer input on fee practices associated with other consumer financial products or services, signaling that the “junk fee” initiative is likely to continue to broaden in scope. As a result of this regulatory focus, we have changed how we assess overdraft and non-sufficient funds fees and we may be required to implement additional changes based on regulatory directives or guidance. Such changes have led to and may continue to cause a reduction in our non-interest income thus impacting our overall net income.

The extent of the impact of any future legislation will be dependent on the specific details of the final legislation passed, if any, but the potential changes outlined above could, among other things, increase our costs, limit our ability to pursue business opportunities and the types of financial services and products we may offer, and impact future growth, any of which could materially and adversely affect our business, results of operations or financial condition.

Deposit insurance premiums could increase further in the future.

The FDIC insures deposits at FDIC-insured financial institutions, including the Bank. The FDIC charges insured financial institutions premiums to maintain the Deposit Insurance Fund ("DIF") at a specific level. Historically, unfavorable economic conditions increased bank failures and these additional bank failures decreased the DIF. Extraordinary growth in insured deposits during the first and second quarters of 2020 caused the ratio of the DIF to total insured deposits to fall below the current statutory minimum of 1.35%. In order to restore the DIF to its statutorily mandated minimums, the FDIC significantly increased deposit insurance premium rates, including the Bank's, resulting in increased expenses. The revised assessment rate schedules became effective January 1, 2023, and were applicable to the first quarterly assessment period of 2023 (i.e., January 1 through March 31, 2023, with an invoice payment date of June 30, 2023). In November 2023, the FDIC approved a final rule to impose a special assessment to recover the losses to the deposit insurance fund resulting from the closures of Silicon Valley Bank and Signature Bank. Beginning in the first calendar quarter of 2024, the FDIC began collecting the special assessment and it is expected to continue collecting the special assessment for a total of eight quarters. The FDIC may further increase the assessment rates or impose additional special assessments in the future to restore and then steadily increase the DIF. FDIC insurance premiums could increase in the future in response to similar declining economic conditions.

We are subject to various claims and litigation, which could result in significant expenses, losses and damage to our reputation.

We are, from time to time, subject to claims and proceedings related to our operations. These claims and legal actions could include supervisory or enforcement actions by our regulators, criminal proceedings by prosecutorial authorities, or civil claims by our customers, former customers, contractual counterparties, and current and former employees. These claims could involve large monetary demands, including civil money penalties or fines imposed by government authorities, and significant defense costs. If such claims and legal actions are brought, and are not resolved in a manner favorable to the Company, they could result in financial liability and/or reputational harm, which could have a material adverse effect on our financial condition and results of operations.

Banking institutions are also increasingly the target of class action lawsuits, including claims alleging deceptive practices or violations of account terms in connection with non-sufficient funds or overdraft charges and violations of the Fair Labor Standards Act (“FLSA”). In 2022, the Bank paid $495,000 plus claims administrative expenses to settle a class action lawsuit related to allegations of improper assessments of overdraft and insufficient funds fees. In May 2024, we received court approval for the settlement of a class action claim related to alleged violations of the FLSA associated with claims for allegedly unpaid wages and overtime for certain of our non-exempt employees under which the Bank ultimately paid approximately $2.1 million.

Our real estate lending also exposes us to the risk of environmental liabilities.

In the course of our business, it is necessary to foreclose and take title to real estate, which could subject us to environmental liabilities with respect to these properties. Hazardous substances or waste, contaminants, pollutants or sources thereof may be discovered on properties during our ownership or after a sale to a third party. We could be held liable to a governmental entity or to third parties for property damage, personal injury, investigation and clean-up costs incurred by these parties in connection with environmental contamination, or may be required to investigate or clean up hazardous or toxic substances or chemical releases at such properties. The costs associated with investigation or remediation activities could be substantial and could substantially exceed the value of the real property. In addition, as the owner or former owner of a contaminated site, we may be subject to common law claims by third parties based on damages and costs resulting from environmental contamination emanating from the property. We may be unable to recover costs from any third party. These occurrences may materially reduce the value of the affected property, and we may find it difficult or impossible to use or sell the property prior to or following any environmental remediation. If we ever become subject to significant environmental liabilities, our business, financial condition and results of operations could be materially and adversely affected.

Market and Industry Risks

Recent negative developments affecting the banking industry, and resulting media coverage, have eroded customer confidence in the banking system.

The high-profile bank failures of 2023 generated significant market volatility among publicly traded bank holding companies and, in particular, regional banks like the Company. If other bank failures occur and financial institutions enter receivership or become insolvent in the future due to financial conditions affecting the banking system and financial markets, it could disrupt the financial services industry and customers may choose to maintain deposits with larger financial institutions or invest in higher yielding short-term fixed income securities, all of which could materially adversely impact the Company’s liquidity, loan funding capacity, net interest margin, capital and results of operations.

As a result of the bank failures, the FDIC imposed a special assessment to recoup losses to the deposit fund. If additional bank failures were to occur, we could face increased regulation of our industry, including increased compliance costs and limitations on our ability to pursue business opportunities; significantly higher Federal Deposit Insurance Corporation premiums or additional special assessments; adverse impacts on our stock price and volatility of our Common Stock; and increased competition for deposits due to a lack of consumer confidence in regional banks. If these conditions or similar ones continue to exist or worsen, we could experience continuing or increased adverse effects on our financial condition.

A downturn in the real estate market would hurt our business.

The Bank’s business activities and credit exposure are concentrated in real estate lending, in particular commercial real estate loans which are generally viewed as having more risk of default than residential real estate loans or certain other types of loans or investments. The market for real estate is cyclical and the outlook for this sector is uncertain. A downturn in the real estate market, accompanied by falling values and increased foreclosures would hurt our business because a large majority of our loans are secured by real estate.

If a significant decline in market values occurs, the collateral for loans will provide decreasing levels of security. As a result, our ability to recover the principal amount due on defaulted loans by selling the underlying real estate will be diminished, and we will be more likely to suffer losses on defaulted loans. Because our loan portfolio contains commercial real estate loans with relatively large balances, the deterioration of these loans may cause a significant increase in our nonperforming loans which could result in a loss of earnings from these loans, an increase in the provision for loan losses, or an increase in loan charge-offs, any of which would have an adverse impact, which could be material, on our business, financial condition, and results of operations.

We own real estate as a result of foreclosures resulting from non-performing loans. If other lenders or borrowers liquidate significant amounts of real estate in a rapid or disorderly fashion, or if the FDIC elects to dispose of significant amounts of real estate from failed financial institutions in a similar fashion, it could have an adverse effect on the values of the properties owned by the Company by depressing the value of these real estate holdings. In such a case, we may incur further write-downs and charge-offs, which could, in turn, adversely affect our business, financial condition and results of operations.

Changes in retail distribution strategies and consumer behavior may adversely impact our business, financial condition and results of operations.

We have significant investments in bank premises and equipment for our branch network as well as our retail work force and other branch banking assets. Advances in technology, as well as changing customer preferences for accessing our products and services, are requiring us to change our retail distribution strategy. As a result of the current market environment and customer behavior, we have undertaken a branch optimization strategy that has led to the closure, consolidation or sale of certain branches in our network. These actions could lead to losses on these assets or could adversely impact the carrying value of other long-lived assets and may lead to increased expenditures to renovate and reconfigure remaining branches or to otherwise further reform our retail distribution channel. In addition, any changes in our branch network strategy could adversely impact our business, financial condition or operations if it results in the loss of customers or deposits which we rely on as a low cost and stable source of funds for our loans and operations.

We may suffer losses in our loan portfolio due to inadequate or faulty underwriting and loan collection practices.

There are risks inherent in any loan portfolio, which we attempt to address by adhering to specific underwriting and loan collection practices. Underwriting practices often include analysis of a borrower's prior credit history; financial statements; tax returns; cash flow projections; valuation of collateral; personal guarantees of loans to businesses; and verification of liquid assets. If the underwriting process fails to capture accurate information or proves to be inadequate, we may incur losses on loans that appeared to meet our underwriting criteria, and those losses may exceed the amounts set aside as reserves in the allowance for credit losses. Loan collection resources may be expanded to meet increases in nonperforming loans resulting from economic downturns or to service any loans acquired, resulting in higher loan administration costs. We are also exposed to the risk of improper documentation of foreclosure proceedings that would also increase the cost of collection.

Our operations are focused in the western United States, subjecting us to the risks of general economic conditions in these market areas.

Substantially all of the Bank's loans are to individuals, businesses and real estate developers in the Pacific Northwest, California, Arizona, Utah, Texas, New Mexico and Nevada. As a result, our business depends significantly on general economic conditions in these market areas. A substantial increase in unemployment rates, or severe declines in housing prices and property values in any of these primary market areas could have a material adverse effect on our business due to a number of factors, including:

•Loan delinquencies may increase.

•Problem assets and foreclosures may increase.

•Demand for the Bank's products and services may decline.

•Collateral for loans made by the Bank, especially real estate, may decline in value, in turn reducing a customer's borrowing power and reducing the value of assets and collateral associated with the loans.

•Natural disasters and catastrophic events such as wildfires, floods and earthquakes may damage or destroy collateral for loans made by the Bank and negatively impact the collateral’s value and a customer’s ability to repay loans.

Our liquidity may be adversely impacted by issues arising from certain industry deficiencies in foreclosure practices, including delays and challenges in the foreclosure process.

Foreclosure process issues and the potential legal and regulatory responses to them could negatively impact the process and timing to completion of foreclosures for residential mortgage lenders, including the Bank. Even before the adoption of these emergency policies, foreclosure timelines have increased in recent years due to, among other reasons, delays associated with the significant increase in the number of foreclosure cases as a result of economic downturns, additional consumer protection initiatives related to the foreclosure process and voluntary or mandatory programs intended to permit or require lenders to consider loan modifications or other alternatives to foreclosure. Should these stays or rights to forbearance be enacted again, or if new legislation is passed regarding residential foreclosures, we may be limited in our ability to take timely possession of real estate assets collateralizing loans, which may increase our loan losses.

Impairment of goodwill may adversely impact future results of operations.

Accounting standards require that we account for acquisitions using a method that could result in goodwill. If the purchase price of the acquired company exceeds the fair value of the acquired net assets, the excess will be included in the

Company's Statement of Financial Condition as goodwill. The Company has a significant goodwill balance and, in accordance with GAAP, we evaluate it for impairment at least annually and more often if events or circumstances indicate the possibility of impairment. Evaluations may be based on many factors, some of which are the price of our Common Stock, discounted cash flow projections and data from comparable market acquisitions. A significant and sustained decline in our stock price and market capitalization, a significant decline in our expected future cash flows, a significant adverse change in the business climate or slower growth rates could result in impairment of our goodwill. Future evaluations of goodwill may result in the impairment and write-down of our goodwill balance which could have a material adverse impact on our earnings and adversely affect our operating results.

Competitive Risks

The Bank faces strong competition from other financial institutions and new market participants, offering services similar to those offered by the Bank.

Many competitors, including fintech companies, offer the same types of loan and deposit services that the Company offers. These competitors include national and multinational banks, other regional banks, savings associations, community banks, credit unions, fintechs, and other financial intermediaries. In particular, our competitors include national banks and major financial companies whose greater resources may afford them a marketplace advantage by enabling them to maintain numerous banking locations, launch new technologies and mount extensive promotional and advertising campaigns. The effective use of technology increases efficiency and enables financial institutions to better serve customers and to reduce costs. Many of our competitors have substantially greater resources to invest in technological improvements than we do. Our future success will depend, in part, upon our ability to address the needs of our clients by using technology to provide products and services that will satisfy client demands for convenience, as well as to create additional efficiencies in our operations. We may not be able to effectively implement new technology-driven products and services or be successful in marketing these products and services to our customers. In addition, the implementation of technological changes and upgrades to maintain current systems and integrate new ones may also cause service interruptions, transaction processing errors and system conversion delays and may cause us to fail to comply with applicable laws. There can be no assurance that we will be able to successfully manage the risks associated with our increased dependency on technology. Increased competition within our geographic market area may result in reduced loan originations and deposits. Ultimately, competition from current and future competitors may affect our business materially and adversely.

We may not be able to continue to grow organically or through acquisitions.

Historically, we have expanded through a combination of organic growth and acquisitions. If market and regulatory conditions change, we may be unable to grow organically or successfully compete for, complete, and integrate potential future acquisitions at the same pace as we have achieved in recent years, or at all. We have historically used our strong stock currency and capital resources to complete acquisitions. Downturns in the stock market and the market price of our stock, changes in our capital position, and changes in our regulatory standing could each have a negative impact on our ability to complete future acquisitions.

The Merger with Luther Burbank resulted in the Bank’s initial entry into the state of California. We have no operating experience in California, are new to this market area, and will be relying on the experience and expertise of Luther Burbank’s lending and business development officers to help with our transition. We may be unsuccessful in retaining those existing employees. The banking and financial services business in California is highly competitive. The entry of the Bank into California presents us with different competitive conditions, and we will be required to compete for loans, deposits and customers for financial services with other commercial banks, savings and loan associations, securities and brokerage companies, mortgage companies, insurance companies, finance companies, money market funds, credit unions, fintechs, and other nonbank financial service providers in California. Many of these competitors are much larger in total assets and capitalization, have greater access to capital markets and offer a broader array of financial services than the Company.

Security Ownership Risks

Our ability to pay dividends is subject to limitations that may affect our ability to continue to pay dividends to shareholders.

The Company is a separate legal entity from the bank subsidiary and does not have significant operations of its own. The availability of dividends from the Bank is limited by the Bank's earnings and capital, as well as various federal and state statutes and regulations. It is possible, depending upon the financial condition of the Bank and other factors, that the Bank may not be able to pay dividends to the Company. If the Bank is unable to pay dividends to the Company, then we may not be able to pay dividends on our preferred or Common Stock to our shareholders.

Our 4.875% Fixed Rate Non-Cumulative Perpetual Preferred Stock, Series A (“Series A Preferred Stock”) ranks senior to our Common Stock, and we are prohibited from paying dividends on our Common Stock unless we have paid dividends on our Series A Preferred.

Shares of our Series A Preferred Stock rank senior to our Common Stock with respect to the payment of dividends and distributions of assets upon liquidation, dissolution or winding up. Holders of Series A Preferred Stock are entitled to receive, when, as, and if declared by our Board of Directors (or a duly authorized committee of our Board of Directors), out of assets legally available for the payment of dividends under Washington law, non-cumulative cash dividends based on the liquidation preference of the Series A Preferred Stock at a rate equal to 4.875% per annum for each quarterly dividend period, beginning on April 15, 2021. If we do not or are unable to pay quarterly dividends on our Series A Preferred Stock, we may not pay a dividend to the holders of our Common Stock. Our stock price may be negatively affected by our inability to pay dividends, which will have an adverse impact on both the Company and our shareholders.

In addition, if we fail to pay, or declare and set apart for payment, dividends on our Series A Preferred Stock for six quarterly dividend periods, whether or not consecutive, the number of directors on our Board of Directors will automatically be increased by two, and the holders of shares of Series A Preferred Stock will have the right to elect two additional members of our Board of Directors (the “Preferred Stock Directors”) to fill such newly created directorships.

The market price for our Common Stock may be volatile.

The market price of our Common Stock could fluctuate substantially in the future in response to a number of factors, including those discussed below. We expect to see additional volatility in the financial markets due to the uncertainty caused by the continuing global conflicts, commodity shortages and price fluctuations, recent bank failures, uncertainty over the U.S. government debt ceiling, risks of government shutdowns and changing Federal Reserve policy. Some additional factors that may cause the price of our Common Stock to fluctuate include:

•general conditions in the financial markets and real estate markets.

•bank failures and the regulatory response.

•macro-economic and political conditions in the U. S. and the financial markets generally.

•variations in the operating results of the Company and our competitors.

•events affecting other companies that the market deems comparable to the Company.

•changes in securities analysts' estimates of our future performance and the future performance of our competitors.

•announcements by the Company or our competitors of mergers, acquisitions and strategic partnerships.

•additions or departure of key personnel.

•the presence or absence of short selling of the Company's Common Stock.

•future sales by us of our Common Stock or debt securities.

The stock markets in general have experienced substantial price and trading fluctuations. These fluctuations have resulted in volatility in the market prices of securities that often has been unrelated or disproportionate to changes in operating performance. These broad market fluctuations are expected to continue for the near future, and may adversely affect the trading price of our Common Stock.

There may be future sales or other dilution of the Company's equity, which may adversely affect the market price of our Common Stock or depositary shares.

Our Board of Directors is authorized to cause the Company to issue one or more classes or series of preferred stock junior to our Series A Preferred Stock from time to time without any action on the part of our shareholders, and our Board of Directors also has the power, without shareholder approval, to set the terms of any such classes or series of preferred stock that

may be issued, including voting rights, dividend rights, and preferences over the Common Stock with respect to dividends or upon our dissolution, winding up and liquidation and other terms.

The issuance of any additional shares of common or of preferred stock or convertible securities or the exercise of such securities could be substantially dilutive to existing shareholders. As we did for the Merger with Luther Burbank, we may also elect to use Common Stock to fund new acquisitions, which will further dilute existing shareholders. Holders of our Common Stock have no preemptive rights that entitle holders to purchase their pro rata share of any offering of shares of any class or series and, therefore, such sales or offerings could result in increased dilution to our shareholders.

We rely, in part, on external financing to fund our operations and the unavailability of such funding in the future could adversely impact our growth and prospects.

We rely on customer deposits, advances from the FHLB and other borrowings to fund our operations. Management has historically been able to replace maturing deposits, if desired; however, we may not be able to replace such funds at any given point in time if our financial condition or market conditions change or if the cost of doing so might adversely affect our business, financial condition and results of operations.

If we need additional funds for our liquidity needs, we may seek additional debt to achieve our long-term business objectives. Such borrowings, if sought, may not be available to us or, if available, may not be on favorable terms. If additional financing sources are unavailable or are not available on reasonable terms, our business, financial condition and results of operations may be adversely affected.

A person holding our Common Stock could have the voting power of their shares of Common Stock on all matters significantly reduced under Washington's anti-takeover statutes, if the person acquires 10% or more of the voting stock of the Company.

We are incorporated in the state of Washington and subject to Washington state law. Some provisions of Washington state law could interfere with or restrict takeover bids or other change-in-control events affecting us. For example, Chapter 23B.19 of the Washington Business Corporation Act, with limited exceptions, prohibits a “target corporation” from engaging in specified “significant business transactions” for a period of five years after the share acquisition by an acquiring person, without complying with certain shareholder approval requirements. An acquiring person is defined as a person or group of persons that beneficially own 10% or more of our voting securities. Such prohibited transactions include, among other things:

•certain mergers, or consolidations with, disposition of assets to, or issuances of stock to or redemption of stock from, the acquiring person;

•termination of 5% or more of the employees of the target corporation as a result of the acquiring person's acquisition of 10% or more of the shares;

•allowing the acquiring person to receive any disproportionate benefit as a shareholder; and

•liquidating or dissolving the target corporation.

After the five-year period, certain “significant business transactions” are permitted, if they comply with certain “fair price” provisions of the statute or are approved by a majority of the outstanding shares other than those of which the acquiring person has beneficial ownership. As a Washington corporation, the Company is not permitted to “opt out” of this statute.

The Company’s business or the value of its common shares could be negatively affected as a result of actions by activist shareholders.

The Company values constructive input from shareholders, and our Board of Directors and management team are committed to acting in the best interests of all of the Company’s shareholders. Activist shareholders who disagree with the composition of the Board of Directors, the Company’s strategic direction, or the way the Company is managed may seek to effect change through various strategies that range from private engagement to public filings, proxy contests, efforts to force transactions not supported by the Board of Directors, and litigation. Responding to some of these actions can be costly and time-consuming, may disrupt the Company’s operations and divert the attention of the Board of Directors and management. Such activities could interfere with the Company’s ability to execute its strategic plan and to attract and retain qualified executive leadership. The perceived uncertainty as to the Company’s future direction resulting from activist strategies could also affect the market price and volatility of the Company’s common shares.

Item 1B. Unresolved Staff Comments

None.

Cybersecurity

Cybersecurity risk management and strategy

We recognize the value of personal and financial information and are dedicated to protecting the confidentiality, integrity, and availability of our data and systems. From the Board of Directors to our Customer Service Representatives, all individuals at the organization are responsible for handling confidential data with care.

Our Information Security Program is aligned with applicable federal and state regulations, the Federal Financial Institutions Examination Council (FFIEC) Examination Guidance, and industry-accepted security standards such as the National Institute of Standards and Technology (NIST) Cybersecurity Framework, which are at the forefront of cybersecurity guidelines for federal agencies in the U.S. We employ a defense in depth strategy that incorporates preventive, detective, and administrative safeguards including, but not limited to, advanced anti-malware and firewall technologies, anti-phishing and web filtering controls, robust patch management and vulnerability management processes, configuration hardening, participation with FS-ISAC (Financial Services Information Sharing and Analysis Center) for sharing and consuming threat information, and we perform regular security testing to evaluate our defenses against real-world threats. We have an extensive information security training program that aims to regularly educate our colleagues on current best practices on handling sensitive information and expectations for protecting the organization and our clients. All employees complete mandatory cybersecurity training on at least a quarterly basis, including how to identify phishing attacks. Colleagues are tested regularly with simulated social engineering attacks to ensure awareness and preparedness. As an additional risk mitigation measure, the Bank maintains cybersecurity insurance in the event that a material incident does occur.

The ability to mitigate cybersecurity risks is dependent upon an effective risk assessment process that identifies, measures, controls, and monitors material risks stemming from cybersecurity threats. These threats include any potential unauthorized activities occurring through the Company’s information systems that could adversely affect the confidentiality, integrity, or availability of the Company’s information systems or the data contained therein. The Company’s Information Security Program includes a comprehensive information security risk assessment process that incorporates the following elements:

•Identifying threats, measuring risk, defining information security requirements, and implementing controls to reduce risk.

•Identifying reasonably foreseeable internal and external threats that may lead to unauthorized disclosure, misuse, alteration, or destruction of sensitive information or information systems.

•Assessing the likelihood and potential damage posed by these threats, considering the degree of information sensitivity and the Company’s operations, inclusive of substantive changes to people, processes and technology.

•Aligning the Information Security Program with the Company’s enterprise-wide risk management program, which identifies, measures, mitigates, and monitors risk.

•Evaluating the adequacy of policies, procedures, information systems, and other arrangements designed to control identified risks.

•Providing input for internal and external auditors and independent third-party engagements, including in relation to third party operated penetration tests.

•Exercising risk oversight to conduct appropriate, risk-based due diligence and monitoring to understand risks associated with our third-party vendors and outsourced services.

The risk assessment process is designed to identify assets requiring risk reduction strategies and includes an evaluation of the key factors applicable to the operation. The Company conducts a variety of information security assessments throughout the year, both internally and through third-party specialists. We partner with the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security, to conduct regular vulnerability scanning against our public facing assets, and on a recurring basis we partner with outside firms to conduct thorough security assessments against our external and internal environment. Results of those assessments are further evaluated, and remediation activity is prioritized.

Our cybersecurity and IT teams prepare for and respond to cybersecurity attacks and incidents, including defending against unauthorized access to our systems, and crafting response plans intended to significantly reduce impacts on operations and customers. We understand that cyber threats are unwavering and evolving in this digital age, and because of that we continue to increase investments in people and technology to help us mature our practices and maintain confidence in our ability to safeguard our assets. While cybersecurity risks have the potential to materially affect the Company’s business,

financial condition, and results of operations, the Company does not believe that risks from cybersecurity threats or attacks, including as a result of any previous cybersecurity incidents, have materially affected the Company, including our business strategy, results of operations or financial condition. With regard to the possible impact of future cybersecurity threats or incidents, see Item 1A, Risk Factors.

Cybersecurity Governance

The Risk Management Committee ("RMC") and the Technology Committee of our Board of Directors oversee the company's approach to managing cybersecurity risks. On a quarterly basis, the Board committees receive a comprehensive update from management on our cybersecurity risk management strategy. This includes information on emerging threats, the company’s cybersecurity posture, progress toward risk mitigation goals, significant cybersecurity incidents or developments, and the steps management has taken to address these risks. During these sessions, the Board committees typically review materials detailing current and potential risks, as well as the company’s capacity to mitigate those risks. The committee also engages in discussions with our Chief Information Security Officer and Chief Information Officer about these matters. Additionally, Board committee members are encouraged to engage in ongoing, informal conversations with management regarding cybersecurity news and updates to our risk management and strategy initiatives. Material cybersecurity risks are also reviewed during Board discussions on key topics such as enterprise risk management, operational budgeting, business continuity planning, mergers and acquisitions, and brand management. Three individuals on the Board of Directors have deep technology expertise, while one of those individuals is responsible for leading cloud security at a Fortune 50 technology company.

Our cybersecurity risk management and strategy are overseen by our Chief Information Security Officer, who leads a team with decades of combined experience in information security management, cybersecurity strategy development, and the implementation of effective cybersecurity programs. The team holds a variety of relevant degrees and professional certifications.

These members of management are responsible for overseeing and monitoring the prevention, mitigation, detection, and remediation of cybersecurity incidents as part of their involvement in the cybersecurity risk management and strategy processes, including the execution of our incident response plan.

Recently Filed

Click on a ticker to see risk factors

Ticker *	File Date
VVV	21 hours ago
GEOS	22 hours ago
HZEN	22 hours ago
CYAP	22 hours ago
GXLM	22 hours ago
MATW	1 day ago
DGII	1 day, 1 hour ago
NFG	1 day, 2 hours ago
IESC	1 day, 6 hours ago
TFSL	1 day, 20 hours ago
NINK	1 day, 21 hours ago
MMS	2 days ago
APD	2 days ago
TRXA	2 days, 1 hour ago
DSNY	2 days, 5 hours ago
WMG	2 days, 7 hours ago
JACK	2 days, 19 hours ago
ATKR	2 days, 20 hours ago
WAFD	2 days, 21 hours ago
WNDW	2 days, 22 hours ago
SBUX	2 days, 22 hours ago
MULG	2 days, 22 hours ago
JCTCF	2 days, 22 hours ago
CBT	2 days, 22 hours ago
MWA	2 days, 23 hours ago
POWL	2 days, 23 hours ago
AZEK	3 days, 2 hours ago
SR	3 days, 4 hours ago
SRDX	3 days, 5 hours ago
NTIC	4 days, 6 hours ago
OCSL	4 days, 21 hours ago
FFIV	4 days, 21 hours ago
ASH	4 days, 22 hours ago
ATO	4 days, 22 hours ago
ADNT	4 days, 22 hours ago
TWST	4 days, 22 hours ago
SONO	1 week ago
SWKS	1 week ago
CLFD	1 week, 1 day ago
POST	1 week, 1 day ago
SPB	1 week, 1 day ago
PLXS	1 week, 1 day ago
PTC	1 week, 1 day ago
SBH	1 week, 1 day ago
KNW	1 week, 1 day ago
UNF	1 week, 1 day ago
EPC	1 week, 1 day ago
HZO	1 week, 1 day ago
KLIC	1 week, 2 days ago
DIS	1 week, 2 days ago

OTHER DATASETS

House Trading

Dashboard

Corporate Flights

Dashboard

App Ratings

Dashboard

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - WAFD

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

Strategies

Alerts

Browse Data

Risk Factors Dashboard

View risk factors by ticker

Search filings by term

Risk Factors - WAFD

-New additions in green-Changes in blue-Hover to see similar sentence in last filing

Recently Filed

OTHER DATASETS

House Trading

Corporate Flights

App Ratings

TRADE SMARTER

TRADE SMARTER

-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing