Bank of America Corporation: 10-K Risk Factor Changes

2026 vs 2025  ·  SEC EDGAR  ·  2026-07-05
✓ Deterministic extraction — no AI-generated data

Classification is based on semantic text similarity scoring and may include approximations. “No match” means no high-confidence textual match was found — not necessarily that a section was removed.

2
New Risks
1
Removed
12
Modified
16
Unchanged
🟢 New in Current Filing Severity9/10Det 9

The Corporation and third parties with whom we interact and/or on whom we rely, are subject to cybersecurity incidents,

information and security breaches, and technology failures that have and in the future could adversely affect our ability to conduct our businesses, result in the alteration, unavailability, misuse, destruction or disclosure of information, damage our reputation, increase our…

Read full text

information and security breaches, and technology failures that have and in the future could adversely affect our ability to conduct our businesses, result in the alteration, unavailability, misuse, destruction or disclosure of information, damage our reputation, increase our regulatory and legal risks, result in additional costs or financial losses and/or otherwise adversely impact our businesses and results of operations.Our business is highly dependent on the security, controls and efficacy of our information systems, and the information systems of our clients and third parties (e.g., providers of products and services, law firms, other financial institutions, financial counterparties, financial data aggregators, the financial services industry, financial intermediaries (e.g., such as clearing agents, exchanges and clearing houses), U.S. and non-U.S. federal and state governments and regulators, providers of outsourced software, services and infrastructure (e.g., internet access, cloud service providers and electrical power) and retailers for whom we process transactions) with whom we interact, on whom we rely or who have access to our clients’ information and other sensitive data. We rely on effective access management and the secure collection, processing, maintenance, use, transmission, storage, dissemination and disposition of information in our and our third parties’ information systems. Our cybersecurity risk and exposure remains heightened, including because of our prominent size and scale, high-profile brand, global presence and role in the financial services industry and the broader economy. We and our employees, regulators, clients and third parties are ongoing targets of an increasing number of cybersecurity threats and cyberattacks. The tactics, techniques and procedures used in cyberattacks are pervasive, sophisticated, rapidly evolving and designed to evade security measures. Cybersecurity threats, including computer viruses, malicious or destructive code (such as ransomware), social engineering, real and virtual impersonation, denial of service or information attacks and other security breach tactics targeting us or third parties have and in the future are likely to result in disruptions to our businesses and operations, loss of funds, including from attempts to defraud us and/or our clients, and impacts to the confidentiality, integrity or availability of our systems and information (e.g., intellectual property and the personal and/or confidential information of our employees, clients and third parties). Cyberattacks are carried out globally by a growing number of actors, including organized crime groups, hackers, terrorist organizations, hostile foreign governments and their proxies, state-sponsored actors, activists, disgruntled employees and other persons or entities.Our risk from cybersecurity threats and incidents, information and security breaches and technology failures continues to increase due to the acceptance and use of digital banking and other digital products and services, including mobile banking products, and reliance on remote access tools and other technology, which have resulted in increased reliance on virtual or digital interactions, a growing number of access points to our information systems and greater amounts of information being available for access. Greater demand on our information systems and security tools and processes are expected.Emerging technologies, such as AI and quantum computing, are expected to increase these risks. For example, AI lowers the entry barriers to plan and execute cyberattacks, enables more personalized and harder to detect social engineering, and improves vulnerability discovery, which may result in the increased likelihood of exploitation and the speed, scope, scale, and sophistication of cyberattacks. Advances in quantum computing may introduce cryptography risks that threaten the

🟢 New in Current Filing Changes in the structure of and relationship among the GSEs could adversely impact our business. 🔒
🟡 Modified We are subject to significant financial and reputational harm from potential liability arising from lawsuits and regulatory and government action. 🔒
🟡 Modified Our risk management framework may not be effective in mitigating risk and reducing the potential for losses. 🔒
🟡 Modified We may be adversely affected by changes in U.S. and non-U.S. tax laws and regulations. 🔒
🟡 Modified U.S. federal banking agencies may require increased capital and liquidity levels, which could adversely impact the Corporation. 🔒
🟡 Modified We may be adversely affected by weaknesses in the U.S. housing market. 🔒
🟡 Modified Our operations, businesses and clients could be adversely affected by climate-related matters and impacts. 🔒
🔴 No Match in Current Filing Failure to satisfy our obligations as servicer for residential mortgage securitizations, loans owned by other entities and other related losses could adversely impact our reputation, servicing costs or results of operations. 🔒
🟡 Modified If we are unable to access capital markets, we experience sustained net deposit outflows, or our borrowing costs increase, our liquidity and competitive position may be negatively affected. 🔒
🟡 Modified Failure to satisfy our obligations as servicer for residential mortgage securitizations, loans owned by other entities and other related losses could adversely impact our reputation, servicing costs or results of operations. 🔒
🟡 Modified We could suffer operational, reputational and financial harm if our models fail to properly anticipate and manage risk. 🔒
🟡 Modified Our inability to adapt our business strategies, products and services could harm our business. 🔒
🟡 Modified Reduction in our credit ratings could limit our access to funding or the capital markets, increase borrowing costs or trigger additional collateral or funding requirements. 🔒
🟡 Modified We face significant and increasing competition in the financial services industry. 🔒
14 more changes in this filing

Full diff access, historical comparisons, and cross-company signal tracking.

Get full access — from $29/month Already a Pro subscriber? View full diff →