{ "ticker": "COF", "company": "Capital One Financial Corporation", "filing_type": "10-K", "year_current": "2024", "year_prior": "2023", "summary": { "added": 7, "removed": 2, "modified": 12, "unchanged": 12, "total_current": 31, "total_prior": 26 }, "source": "SEC EDGAR", "url": "https://riskdiff.com/cof/2024-vs-2023/", "markdown_url": "https://riskdiff.com/cof/2024-vs-2023/index.md", "json_url": "https://riskdiff.com/cof/2024-vs-2023/index.json", "generated": "2026-05-10", "ai_summary": "Capital One's 2024 10-K reflects a major strategic shift, with the addition of seven acquisition-related risk factors stemming from its proposed merger with Discover Financial Services, including risks tied to regulatory approval, integration challenges, and operational management of the combined entity. The company removed two risks - COVID-19 pandemic impacts and LIBOR transition - signaling that these previously material concerns have been resolved or are no longer considered significant business threats. Twelve existing risks were substantively modified, with notable updates to climate change and data privacy disclosures, suggesting Capital One expanded its assessment of these evolving regulatory and environmental exposures.", "risks": [ { "status": "ADDED", "current_title": "Risks Relating to the Acquisition of Discover", "prior_title": null, "current_body": "We have identified certain additional risk factors in connection with the Merger Agreement and the proposed Transaction. These risks and the other risks associated with the proposed Transaction will be more fully discussed in the joint proxy statement/prospectus that will be included in the registration statement on Form S-4 that we intend to file with the SEC in connection with the Transaction." }, { "status": "ADDED", "current_title": "The consummation of the Transaction is contingent upon the satisfaction of a number of conditions, including stockholder and regulatory approvals, that may be outside either party’s control and that either party may be unable to satisfy or obtain or which may delay the consummation of the Transaction or result in the imposition of conditions that could reduce the anticipated benefits from the Transaction or cause the parties to abandon the Transaction.", "prior_title": null, "current_body": "Consummation of the Transaction is contingent upon the satisfaction of a number of conditions, some of which are beyond either party's control, including, among others: •adoption of the Merger Agreement by Discover’s stockholders; •approval by our stockholders of the issuance of our common stock to be issued in the Transaction; •authorization for listing on the NYSE of the shares of our common stock to be issued in the Transaction; 23Capital One Financial Corporation (COF) 23Capital One Financial Corporation (COF) 23Capital One Financial Corporation (COF) 23 Table of Contents Table of Contents •the receipt of required regulatory approvals; •effectiveness of the registration statement on Form S-4 to be filed by us in connection with the Transaction; and •the absence of any order, injunction, decree or other legal restraint preventing the completion of the Transaction. Each party’s obligation to complete the Transaction is also subject to certain additional customary conditions, including: •subject to certain exceptions, the accuracy of the representations and warranties of the other party; •performance in all material respects by the other party of its obligations under the Merger Agreement; and •receipt by such party of an opinion from its counsel to the effect that the Merger and the Second Step Merger, taken together, will qualify as a reorganization within the meaning of Section 368(a) of the Internal Revenue Code of 1986, as amended. These conditions to the closing of the Transaction may not be fulfilled in a timely manner, or at all, and, accordingly, the Transaction may not be completed. In addition, the parties can mutually decide to terminate the Merger Agreement at any time, before or after receipt of the requisite approvals by our stockholders or Discover’s stockholders, or either party may elect to terminate the Merger Agreement in certain other circumstances. As a condition to granting required regulatory approvals, governmental entities may impose conditions, limitations or costs, require divestitures or place restrictions on our conduct after the closing of the Transaction. Such conditions or changes and the process of obtaining regulatory approvals could, among other things, have the effect of delaying completion of the Transaction or of imposing additional costs or limitations on us following the Transaction, any of which may have an adverse effect on us. Either party may also be subject to lawsuits challenging the Transaction, and adverse rulings in these lawsuits may delay or prevent the Transaction from being completed or require either party to incur significant costs to defend or settle these lawsuits. Any delay in completing the Transaction could cause us not to realize, or to be delayed in realizing, some or all of the benefits that we expect to achieve if the Transaction is successfully completed within its expected time frame." }, { "status": "ADDED", "current_title": "We expect to incur substantial expenses related to the Transaction and to the integration of Discover.", "prior_title": null, "current_body": "We have incurred and expect to incur a number of costs associated with the Transaction and the integration of Discover. These costs include financial advisory, legal, accounting, consulting and other advisory fees, severance/employee benefit‐related costs, public company filing fees and other regulatory fees and financial printing and other related costs. There are also a large number of processes, policies, procedures, operations, technologies and systems that may need to be integrated. While we have assumed that a certain level of costs will be incurred, there are many factors beyond our control that could affect the total amount or the timing of the integration expenses. Moreover, many of the expenses that we will incur are, by their nature, difficult to estimate accurately. These expenses could, particularly in the near term, exceed the savings that we expect to achieve from the elimination of duplicative expenses and the realization of economies of scale. These integration expenses may result in us taking charges against earnings as a result of the Transaction or the integration of Discover, and the amount and timing of such charges are uncertain at present." }, { "status": "ADDED", "current_title": "We may fail to realize all of the anticipated benefits of the Transaction, or those benefits may take longer to realize than expected due to factors that may be outside our control or Discover’s control. We may also encounter significant difficulties in integrating Discover.", "prior_title": null, "current_body": "We may fail to realize the anticipated benefits of the proposed Transaction, including, among other things, anticipated revenue and cost synergies, due to factors that may be outside either party’s control, including, but not limited to, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, or general economic, political, legislative or regulatory conditions, and the outcome of any legal or regulatory proceedings that may be currently pending or later instituted against us (before or after the Transaction) or against Discover. Both parties have operated and, until the completion of the Transaction, will continue to operate, independently. The success of the Transaction, including anticipated benefits and cost savings, will depend, in part, on our ability to successfully integrate Discover’s operations in a manner that results in various benefits and that does not materially disrupt existing customer relationships or result in decreased revenues due to loss of customers, as well as our ability to successfully integrate Discover 24Capital One Financial Corporation (COF) 24Capital One Financial Corporation (COF) 24Capital One Financial Corporation (COF) 24 Table of Contents Table of Contents into our Framework, compliance systems and corporate culture. The process of integrating operations could result in a loss of key personnel or cause an interruption of, or loss of momentum in, the activities of one or more of our businesses following the completion of the Transaction. Inconsistencies in standards, controls, procedures and policies could adversely affect us following the completion of the Transaction. The diversion of management’s attention and any delays or difficulties encountered in connection with the Transaction and the integration of Discover’s operations could have an adverse effect on our business, financial condition, operating results and prospects. If we experience difficulties in the integration process, including those listed above, we may fail to realize the anticipated benefits of the Transaction in a timely manner, or at all." }, { "status": "ADDED", "current_title": "Our future results may suffer if we do not effectively manage our expanded operations following the Transaction.", "prior_title": null, "current_body": "Following the Transaction, the size and scope of our business will increase significantly beyond our current size and scope. Our future success depends, in part, upon the ability to manage our expanded businesses, which will pose substantial challenges for management, including challenges related to the management and monitoring of new operations and associated increased costs and complexity. There can be no assurances we will be successful or that we will realize the expected operating efficiencies, cost savings and other benefits currently anticipated from the Transaction. In addition, following the Transaction, we may be subject to increased scrutiny by, and/or additional regulatory requirements of, governmental authorities as a result of the Transaction or the size, scope and complexity of our business operations, which may have an adverse effect on our business, operations or stock price." }, { "status": "ADDED", "current_title": "While the Transaction is pending, we will be subject to business uncertainties and contractual restrictions that could adversely affect our business and operations.", "prior_title": null, "current_body": "Uncertainty about the effect of the Transaction on employees, customers, suppliers and other persons with whom we or Discover have a business relationship may have an adverse effect on our business, operations and stock price. Existing customers, suppliers and other business partners of ours and of Discover could decide to no longer do business with us or with Discover before the completion of the Transaction or with us after the Transaction is completed, reducing its anticipated benefits. Both parties are also subject to certain restrictions on the conduct of our respective businesses while the Transaction is pending. As a result, certain projects may be delayed or abandoned and business decisions could be deferred. Employee retention may be challenging for Discover before completion of the Transaction, as certain employees of Discover may experience uncertainty about their future roles with us following the Transaction, and these retention challenges will require us to incur additional expenses in order to retain key employees of Discover. If key employees of Discover depart because of issues relating to the uncertainty and difficulty of integration or a desire not to remain with Discover or with us following the Transaction, the benefits of the Transaction could be materially diminished." }, { "status": "ADDED", "current_title": "A downgrade in our credit ratings could significantly impact our liquidity, funding costs and access to the capital markets.", "prior_title": null, "current_body": "Our credit ratings are based on a number of factors, including financial strength, as well as factors not within our control, including conditions affecting the financial services industry generally, the macroeconomic environment and changes made by rating agencies to their methodologies or ratings criteria. Our ratings could be downgraded at any time and without any notice by any of the rating agencies, which could, among other things, adversely affect our ability to borrow funds, increase our funding cost, increase our cost of capital, limit the number of investors or counterparties willing to do business with or lend to us, adversely limit our ability to access the capital markets and have a negative impact on our results of operations." }, { "status": "REMOVED", "current_title": null, "prior_title": "Our results of operations may be adversely affected by the effects of the COVID-19 pandemic.", "prior_body": "Although the global economy has begun to recover from the COVID-19 pandemic, certain adverse consequences of the pandemic, including labor shortages, disruptions of global supply chains and inflationary pressures, continue to impact the macroeconomic environment and could adversely affect our business. Should these ongoing effects of the pandemic continue for an extended period or worsen, our purchase volume, loan balances and the overall demand for our products and services may be significantly impacted, which could adversely affect our financial condition and other results of operations. In addition, we could experience higher credit losses in our loan portfolios and increases in our allowance for credit losses beyond current levels. We could also experience impairments of other financial assets and other negative impacts on our financial position, including possible constraints on liquidity and capital, as well as higher costs of capital. Long-term consequences of the COVID-19 pandemic on our business, results of operations and financial condition, as well as our capital and liquidity ratios and our ability to take capital actions, will depend on future developments that remain uncertain, including, for example, future actions taken by governmental authorities, central banks and other third parties in response to the pandemic and the effects on our customers, counterparties, associates and third-party service providers. In the third quarter of 2022, we moved our associates to a hybrid work model. As a result we may experience increased costs and/or disruption as we experiment with hybrid work models, in addition to potential effects on our ability to operate effectively and maintain our corporate culture. We will continue to monitor local conditions to ensure the safety of our associates and customers while providing critical banking services. We may take further actions as required by government authorities or that we otherwise determine are in the best interests of our customers, associates and business partners. These measures could impair our ability to perform critical functions and may adversely impact our results of operations." }, { "status": "REMOVED", "current_title": null, "prior_title": "The transition away from LIBOR may adversely affect our business.", "prior_body": "A transition away from the use of LIBOR to alternative rates and other potential interest rate benchmark reforms is not yet complete. These reforms have caused and may in the future cause such rates to perform differently than in the past, or to disappear entirely, or have other consequences which cannot be predicted. Given LIBOR’s extensive use across financial markets, the ongoing transition away from LIBOR presents several risks and challenges to the financial markets and financial institutions, including Capital One. While we have substantially decreased our exposure to LIBOR, we have certain loans, derivative contracts, securitizations, and other contracts with attributes that are either directly or indirectly dependent on LIBOR. Our ability to transition those exposures away from LIBOR could be affected by market and customer acceptance of and the specific terms and parameters for alternative reference rates. The Secured Overnight Financing Rate (“SOFR”) has been recommended by the Alternative Reference Rates Committee (“ARRC”) as an alternative to U.S. dollar LIBOR. Nevertheless, the transition away from LIBOR could result in loss of market share in certain 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37 Table of Contents Table of Contents products, adverse tax or accounting impacts, compliance, legal or operational costs and risks associated with client disclosures, as well as systems disruption, model disruption and other business continuity issues for us. In addition, risks will remain for us with respect to outstanding instruments which rely on LIBOR. Those risks arise in connection with transitioning such instruments to a new reference rate, the taking of discretionary actions (for example, under fallback provisions) or the negotiation of fallback provisions and final amendments to existing LIBOR based agreements. Payments under contracts referencing new reference rates may significantly differ from those referencing LIBOR. The Adjustable Interest Rate (LIBOR) Act passed by Congress in March 2022 (“LIBOR Act”) is intended to minimize legal and economic uncertainty following U.S. dollar LIBOR’s cessation by replacing LIBOR references in certain contracts under certain circumstances with a SOFR-based rate identified in a Federal Reserve rule that incorporates a spread adjustment specified in the statute. For some instruments, the method of transitioning to a new reference rate may be challenging, especially if parties to an instrument cannot agree as to how to effect that transition and the LIBOR Act does not apply. In addition, prior to LIBOR cessation, instruments that continue to refer to LIBOR may be impacted if there is a change in the availability or calculation of LIBOR. The transition from LIBOR to an alternative reference rate has changed our market risk profile and required changes to risk and pricing models, valuation tools, product design, information technology systems, reporting infrastructure, operational processes and controls, and hedging strategies, and may result in or require further such changes in the future. In many cases, we are and may in the future be dependent on third parties to upgrade systems, software and other critical functions that could materially disrupt our readiness if they are not done on a timely basis or otherwise fail. While we have largely remediated the majority of our exposures, our effort to remediate the remaining exposures remains ongoing. Failure to adequately manage the transition could have a material adverse effect on our reputation, business, financial condition and results of operations. See “Part II—Item 7. MD&A—Market Risk Profile” for additional information." }, { "status": "MODIFIED", "current_title": "Climate change manifesting as physical or transition risks could adversely affect our businesses, operations and customers and result in increased costs.", "prior_title": "Climate change manifesting as physical or transition risks could adversely affect our businesses, operations and customers.", "similarity_score": 0.914, "confidence": "high", "key_changes": [ "Reworded sentence: \"Physical risks are the risks from the effects of climate change arising from acute, climate-related events, such as, hurricanes, flooding and wildfires, and chronic shifts in climate, such as sea level rise and higher average temperatures.\"", "Reworded sentence: \"For example, on October 24, 2023, the Federal Banking Agencies jointly issued guidance on climate-related financial risk management for large institutions, which applies to us.\"", "Added sentence: \"Further, there is increased scrutiny of climate change-related policies, goals and disclosures, which could result in litigation and regulatory investigations and actions.\"", "Added sentence: \"We may incur additional costs and require additional resources as we evolve our strategy, practices and related disclosures with respect to these matters.\"" ], "current_body": "Climate change risks can manifest as physical or transition risks. Physical risks are the risks from the effects of climate change arising from acute, climate-related events, such as, hurricanes, flooding and wildfires, and chronic shifts in climate, such as sea level rise and higher average temperatures. Such events could lead to financial losses or disrupt our operations or those of our customers or third parties on which we rely, including through direct damage to assets and indirect impacts from supply chain disruption and market volatility. Transition risks are the risks resulting from the shift toward a lower-carbon economy arising from the changes in policy, consumer and business sentiment or technologies in regards to limiting climate change. Transition risks, including changes in consumer preferences and additional regulatory requirements or taxes, could increase our expenses, affect credit performance, and impact our strategies or those of our customers. For example, on October 24, 2023, the Federal Banking Agencies jointly issued guidance on climate-related financial risk management for large institutions, which applies to us. For more information on climate-related regulatory developments, see “Item 1. Business—Supervision and Regulation.” Physical and transition risks could also affect the financial health of certain customers in impacted industries or geographies. In addition, we face reputational risk as a result of our policies, practices, disclosures and decisions related to climate change and the environment, or the practices or involvement of our clients or vendors and suppliers, in certain industries or projects associated with causing or exacerbating climate change. Further, there is increased scrutiny of climate change-related policies, goals and disclosures, which could result in litigation and regulatory investigations and actions. We may incur additional costs and require additional resources as we evolve our strategy, practices and related disclosures with respect to these matters. As climate risk is interconnected with many risk types, we continue to enhance processes to embed evolving climate risk considerations into our existing risk management strategies; however, because the timing and severity of climate change may not be predictable, our risk management strategies may not be effective in mitigating climate risk exposure.", "prior_body": "Climate change risks can manifest as physical or transition risks. Physical risks are the risks from the effects of climate change arising from acute, climate-related events, such as, hurricanes and wildfires, and chronic shifts in climate, such as sea level rise and higher average temperatures. Such events could lead to financial losses or disrupt our operations or those of our customers or third parties on which we rely, including through direct damage to assets and indirect impacts from supply chain disruption and market volatility. Transition risks are the risks resulting from the shift toward a lower-carbon economy arising from the changes in policy, consumer and business sentiment or technologies in regards to limiting climate change. Transition risks, including changes in consumer preferences and additional regulatory requirements or taxes, could increase our expenses, affect credit performance, and impact our strategies or those of our customers. For more information on climate-related regulatory developments, see “Part I—Item 1. Business—Supervision and Regulation” for additional information. Physical and transition risks could also affect the financial health of certain customers in impacted industries or geographies. In addition, we face reputational risk as a result of our policies, practices, disclosures and decisions related to climate change and the environment, or the practices or involvement of our clients or vendors and suppliers, in certain industries or projects associated with causing or exacerbating climate change. As climate risk is interconnected with many risk types, we continue to enhance processes to embed evolving climate risk considerations into our existing risk management strategies; however, because the timing and severity of climate change may not be predictable, our risk management strategies may not be effective in mitigating climate risk exposure." }, { "status": "MODIFIED", "current_title": "Our required compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties, may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities.", "prior_title": "Our required compliance with applicable laws and regulations related to privacy, data protection and data security may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities.", "similarity_score": 0.895, "confidence": "high", "key_changes": [ "Reworded sentence: \"For example, at the federal level, we are subject to the GLBA and the FCRA, among other laws and regulations.\"", "Reworded sentence: \"For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and may become subject to additional privacy, data protection and data security laws and regulations in Canada, including those which may differ from PIPEDA, if passed.\"", "Reworded sentence: \"Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to individuals, including our customers, about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by individuals, to protect personal information from unauthorized disclosure, or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control.\"", "Reworded sentence: \"The enactment of more restrictive laws or regulations, or future enforcement actions, litigation or investigations, could impact us through increased costs or restrictions on our business, and any noncompliance or perceived noncompliance could result in monetary or other penalties, harm to our reputation, distraction to our management and technical personnel and significant legal liability.\"" ], "current_body": "We are subject to a variety of continuously evolving and developing laws and regulations in the United States at the federal, state and local level regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information. For example, at the federal level, we are subject to the GLBA and the FCRA, among other laws and regulations. Moreover, legislative changes have been proposed in the U.S. Congress for more comprehensive privacy, data protection and data security legislation, to which we may be subject if passed. The enactment of CIRCIA, once rulemaking is complete, will require, among other things, certain companies to report significant cyber incidents to the CISA within 72 hours from the time the company reasonably believes the incident occurred. At the state level, California has enacted the CPRA, and various other states also have enacted or are in the process of enacting state-level privacy, data protection and/or data security laws and regulations, with which we may be required to comply. Additionally, the Federal Banking Agencies, as well as the SEC and related self‐regulatory organizations, regularly issue guidance regarding cybersecurity that is intended to enhance cyber risk management among financial institutions. We also are, or may become, subject to continuously evolving and developing laws and regulations in other jurisdictions regarding privacy, data protection and data security. For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and may become subject to additional privacy, data protection and data security laws and regulations in Canada, including those which may differ from PIPEDA, if passed. In addition, subject to 34Capital One Financial Corporation (COF) 34Capital One Financial Corporation (COF) 34Capital One Financial Corporation (COF) 34 Table of Contents Table of Contents limited exceptions, the EU General Data Protection Regulation (“EU GDPR”) applies EU data protection laws to certain companies processing personal data of individuals in the EU, regardless of the company’s location. We also are subject to the U.K. General Data Protection Regulation (“U.K. GDPR”), which is how the EU GDPR has been implemented into U.K. law. These laws and regulations, and similar laws and regulations in other jurisdictions, impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information, which may have adverse consequences, including significant compliance costs and severe monetary penalties for non-compliance. Significant uncertainty exists as privacy, data protection, and data security laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. Further, we make public statements about our use, collection, disclosure and other processing of personal information through our privacy policies, information provided on our website and press statements. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy policies and other statements that provide promises and assurances about privacy, data protection and data security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to individuals, including our customers, about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by individuals, to protect personal information from unauthorized disclosure, or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control. Our efforts to comply with GLBA, FCRA, CPRA, PIPEDA, EU GDPR, U.K. GDPR and other privacy, data protection and data security laws and regulations, as well as our posted privacy policies, and related contractual obligations to third parties, entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy, data protection and data security violations continue to increase. The enactment of more restrictive laws or regulations, or future enforcement actions, litigation or investigations, could impact us through increased costs or restrictions on our business, and any noncompliance or perceived noncompliance could result in monetary or other penalties, harm to our reputation, distraction to our management and technical personnel and significant legal liability.", "prior_body": "We are subject to a variety of continuously evolving and developing laws and regulations in the United States at the federal, state and local level regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information. For example, at the federal level, we are subject to the GLBA, among other laws and regulations. Moreover, the U.S. Congress is currently considering various proposals for more comprehensive privacy, data protection and data security legislation, to which we may be subject if passed. In addition, in November 2021, the Federal Reserve, OCC, and FDIC issued a final rule that, among other things, requires all banking organizations in the United States to notify their primary federal regulators of certain material computer-security incidents as soon as possible and no later than 36 hours after determining that the incident has occurred. The enactment of CIRCIA, once rulemaking is complete, will require, among other things, certain companies to report significant cyber incidents to the CISA within 72 hours from the time the company reasonably believes the incident occurred, and a proposed rule by the SEC, if enacted, would mandate public disclosure of material cybersecurity incidents within four business days of determining that such an incident has occurred. At the state level, California has enacted the California Privacy Rights Act (“CPRA”), and various other states also have enacted or are in the process of enacting state-level privacy, data protection and/or data security laws and regulations, with which we may be required to comply. We also are, or may become, subject to continuously evolving and developing laws and regulations in other jurisdictions regarding privacy, data protection and data security. For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”). In addition, subject to limited exceptions, the EU General Data Projection Regulation (“EU GDPR”) applies EU data protection law to all companies processing personal data of EU residents, regardless of the company’s location. We also are subject to the UK General Data Protection Regulation (“U.K. GDPR”), which is how the EU GDPR has been implemented into U.K. law. These laws and regulations, and similar laws and regulations in other jurisdictions, impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information, which may have adverse consequences, including significant compliance costs and severe monetary penalties for non-compliance. Significant uncertainty exists as privacy, data protection, and data security laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. Further, we make public statements about our use, collection, disclosure and other processing of personal information through our privacy policies, information provided on our website and press statements. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy policies and other statements that provide promises and assurances about privacy, data protection and data security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. Our efforts to comply with GLBA, CPRA, PIPEDA, EU GDPR, U.K. GDPR and other privacy, data protection and data security laws and regulations, as well as our posted privacy policies, and related contractual obligations to third parties, entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy, data protection and data security violations continue to increase. The enactment of more restrictive laws or regulations, or future 30Capital One Financial Corporation (COF) 30Capital One Financial Corporation (COF) 30Capital One Financial Corporation (COF) 30 Table of Contents Table of Contents enforcement actions or investigations, could impact us through increased costs or restrictions on our business, and any noncompliance or perceived noncompliance could result in monetary or other penalties, harm to our reputation and significant legal liability." }, { "status": "MODIFIED", "current_title": "We face risks from catastrophic events.", "prior_title": "We face risks from catastrophic events.", "similarity_score": 0.894, "confidence": "high", "key_changes": [ "Reworded sentence: \"Natural disasters, geopolitical events and other catastrophic events could harm our employees, business and infrastructure, including our information technology systems and third-party platforms.\"", "Reworded sentence: \"In addition, if a natural disaster or other catastrophic event occurs in certain regions where our business, customers or assets securing our loans are concentrated, such as the mid-Atlantic, New York, California or Texas metropolitan areas, or in regions where our third-party platforms are located, we could be disproportionately impacted as compared to our competitors.\"" ], "current_body": "Natural disasters, geopolitical events and other catastrophic events could harm our employees, business and infrastructure, including our information technology systems and third-party platforms. Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia and New York metropolitan areas, Richmond, Virginia and Plano, Texas. This may include a disruption involving damage or loss of access to a physical site, cyber-attacks and other security incidents, terrorist activities, the occurrence or worsening of disease outbreaks or pandemics, natural disasters, extreme weather events, electrical outage, environmental hazards, disruption to technological infrastructure, communications or other services we use, our employees or third parties with whom we conduct business. Our business, financial condition and results of operations may be impacted by any such disruption and our ability to implement corresponding response measures quickly. In addition, if a natural disaster or other catastrophic event occurs in certain regions where our business, customers or assets securing our loans are concentrated, such as the mid-Atlantic, New York, California or Texas metropolitan areas, or in regions where our third-party platforms are located, we could be disproportionately impacted as compared to our competitors. The impact of such events and other catastrophes on the overall economy and our physical and transition risks may also adversely affect our financial condition and results of operations.", "prior_body": "Despite the business contingency plans we have in place, such plans do not fully mitigate all potential business continuity risks to us. Geopolitical events, natural disasters and other catastrophic events could harm our employees, business and infrastructure, including our information technology systems and third-party platforms. Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia and New York metropolitan areas, as well as Richmond, Virginia and Plano, Texas. This may include a disruption involving damage or loss of access to a physical site, cyber-attacks and other security incidents, terrorist activities, the occurrence or worsening of disease outbreaks or pandemics (including the COVID-19 pandemic), natural disasters, extreme weather events, electrical outage, environmental hazards, disruption to technological infrastructure, communications or other services we use, our employees or third parties with whom we conduct business. Our business, financial condition and results of operations may be impacted by any such disruption and our ability to implement corresponding response measures quickly. In addition, if a natural disaster or other catastrophic event occurs in certain regions 38Capital One Financial Corporation (COF) 38Capital One Financial Corporation (COF) 38Capital One Financial Corporation (COF) 38 Table of Contents Table of Contents where our business and customers are concentrated, such as the mid-Atlantic, New York, California or Texas metropolitan areas, or in regions where our third-party platforms are located, we could be disproportionately impacted as compared to our competitors. The impact of such events and other catastrophes on the overall economy and our physical and transition risks may also adversely affect our financial condition and results of operations." }, { "status": "MODIFIED", "current_title": "We face risks related to our operational, technological and organizational infrastructure.", "prior_title": "We face risks related to our operational, technological and organizational infrastructure.", "similarity_score": 0.891, "confidence": "high", "key_changes": [ "Reworded sentence: \"Similar to other large corporations in our industry, we are exposed to operational risk that can manifest itself in many ways, such as errors in execution, inadequate processes, inaccurate models, faulty or disabled technological infrastructure, malicious disruption and fraud by employees or persons outside of our company, whether through attacks on Capital One directly, or on our third-party service providers or customers.\"", "Added sentence: \"For example, when we launch a new product, service or platform for the delivery or distribution of products or services, acquire or invest in a business or make changes to an existing product, service or delivery platform, there is the risk of execution issues related to changes to operations or processes.\"", "Added sentence: \"These issues could be driven by insufficient mitigation of operational risks associated with the change implementation, inadequate training, failure to account for new or changed requirements, or failure to identify or address impacted downstream processes.\"", "Added sentence: \"In addition, we may experience increased costs and/or disruptions due to our hybrid work model, which could also affect our ability to operate effectively and maintain our corporate culture.\"", "Reworded sentence: \"We also are subject to disruptions to our systems arising from events that are wholly or partially beyond our control, which may include computer viruses; computer, telecommunications, network, utility, electronic or physical infrastructure outages; bugs, errors, insider threats, design flaws in systems or platforms; availability and quality of vulnerability patches from key vendors, cyber-attacks and other security incidents, natural disasters, other damage to property or physical assets, or events arising from local or larger scale politics, including civil unrest, terrorist acts and military conflict.\"" ], "current_body": "Our ability to retain and attract customers depends on our ability to develop, operate, and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions. Digital technology, cloud-based services, data and software development are deeply embedded into our business model and how we work. Similar to other large corporations in our industry, we are exposed to operational risk that can manifest itself in many ways, such as errors in execution, inadequate processes, inaccurate models, faulty or disabled technological infrastructure, malicious disruption and fraud by employees or persons outside of our company, whether through attacks on Capital One directly, or on our third-party service providers or customers. In addition, the increasing use of near real-time money movement solutions, 29Capital One Financial Corporation (COF) 29Capital One Financial Corporation (COF) 29Capital One Financial Corporation (COF) 29 Table of Contents Table of Contents among other risks, increases the complexity of preventing, detecting and recovering fraudulent transactions. We are also heavily dependent on the security, capability, integrity and continuous availability of the technology systems that we use to manage our internal financial and other systems, monitor risk and compliance with regulatory requirements, provide services to our customers, develop and offer new products and communicate with stakeholders. We also face risk of adverse customer impacts and business disruption arising from the execution of strategic initiatives and operational plans we may pursue across our operations. For example, when we launch a new product, service or platform for the delivery or distribution of products or services, acquire or invest in a business or make changes to an existing product, service or delivery platform, there is the risk of execution issues related to changes to operations or processes. These issues could be driven by insufficient mitigation of operational risks associated with the change implementation, inadequate training, failure to account for new or changed requirements, or failure to identify or address impacted downstream processes. In addition, we may experience increased costs and/or disruptions due to our hybrid work model, which could also affect our ability to operate effectively and maintain our corporate culture. If we do not maintain the necessary operational, technological and organizational infrastructure to operate our business, including to maintain the resiliency and security of that infrastructure, our business and reputation could be materially adversely affected. We also are subject to disruptions to our systems arising from events that are wholly or partially beyond our control, which may include computer viruses; computer, telecommunications, network, utility, electronic or physical infrastructure outages; bugs, errors, insider threats, design flaws in systems or platforms; availability and quality of vulnerability patches from key vendors, cyber-attacks and other security incidents, natural disasters, other damage to property or physical assets, or events arising from local or larger scale politics, including civil unrest, terrorist acts and military conflict. Any failure to maintain our infrastructure or prevent disruption of our systems and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or result in potential liability to customers, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect. We also rely on the business infrastructure and systems of third parties (and their supply chains) with which we do business and/or to whom we outsource the operation, maintenance and development of our information technology and communications systems. We have substantially migrated primarily all aspects of our core information technology systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS. If we fail to architect, administer or oversee these environments in a well-managed, secure and effective manner, or if such platforms become unavailable, are disrupted, fail to scale, do not operate as designed, or do not meet their service level agreements for any reason, we may experience unplanned service disruption or unforeseen costs which could result in material harm to our business and operations. We must successfully develop and maintain information, financial reporting, disclosure, privacy, data protection, data security and other controls adapted to our reliance on outside platforms and providers. In addition, AWS, or other service providers (including, without limitation, those who also rely on AWS) could experience system or telecommunication breakdowns or failures, outages, degradation in service, downtime, failure to scale, software bugs, design flaws, cyber-attacks and other security incidents, insider threats, adverse changes to financial condition, bankruptcy, or other adverse conditions, (including conditions which interfere with our access to and use of AWS), which could have a material adverse effect on our business and reputation. We also face a risk that our third-party service providers might be unable or unwilling to continue to provide these or other services to meet our current or future needs in an efficient, cost-effective, or favorable manner or may terminate or seek to terminate their contractual relationship with us. Any transition to alternative third-party service providers or internal solutions may be difficult to implement, may cause us to incur significant time and expense and may disrupt or degrade our ability to deliver our products and services. Thus, the substantial amount of our infrastructure that we outsource to AWS or to other third-party service providers may increase our risk exposure. Any disruptions, failures or inaccuracies of our operational processes, technology systems and models, including those associated with improvements or modifications to such technology systems and models, or failure to identify or effectively respond to operational risks in a timely manner and continue to deliver our services through an operational disruption, could cause us to be unable to market and manage our products and services, manage our risk, meet our regulatory obligations or report our financial results in a timely and accurate manner, all of which could have a negative impact on our results of operations. In addition, our ongoing investments in infrastructure, which are necessary to maintain a competitive business, integrate acquisitions and establish scalable operations, may increase our expenses. As our business develops, changes or expands, additional expenses can arise as a result of a reevaluation of business strategies or risks, management of outsourced services, asset purchases or other acquisitions, structural reorganization, compliance with new laws or regulations, the integration of newly acquired businesses, or the prevention or occurrence of cyber-attacks and other security incidents. If we are 30Capital One Financial Corporation (COF) 30Capital One Financial Corporation (COF) 30Capital One Financial Corporation (COF) 30 Table of Contents Table of Contents unable to successfully manage our expenses, our financial results will be negatively affected. Changes to our business, including those resulting from our strategic imperatives, also require robust governance to ensure that our objectives are executed as intended without adversely impacting our customers, associates, operations or financial performance. Ineffective change management oversight and governance over the execution of our key projects and initiatives could expose us to operational, strategic and reputational risk and could negatively impact customers or our financial performance.", "prior_body": "Our ability to retain and attract customers depends on our ability to develop, operate, and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions. Digital technology, cloud-based services, data and software development are deeply embedded into our business model and how we work. Similar to other large corporations in our industry, we are exposed to operational risk that can manifest itself in many ways, such as errors in execution, inadequate processes, inaccurate models, faulty or disabled technological infrastructure, malicious disruption and fraud by employees or persons outside of our company, whether through attacks on Capital One directly or on our customers. In addition, the increasing use of near real-time money movement solutions, among other risks, increases the complexity of preventing, detecting and recovering fraudulent transactions. In addition, we are heavily dependent on the security, capability, integrity and continuous availability of the technology systems that we use to manage our internal financial and other systems, monitor risk and compliance with regulatory requirements, provide services to our customers, develop and offer new products and communicate with stakeholders. We also face risk of adverse customer impacts and business disruption arising from the execution of strategic initiatives and operational plans we may pursue across our operations. If we do not maintain the necessary operational, technological and organizational infrastructure to operate our business, including to maintain the resiliency and security of that infrastructure, our business and reputation could be materially adversely affected. We also are subject to disruptions to our systems arising from events that are wholly or partially beyond our control, which may include computer viruses, electrical or telecommunications outages, bugs, design flaws in foundational components or platforms, availability and quality of vulnerability patches from key vendors, cyber-attacks and other security incidents, natural disasters, other damage to property or physical assets, or events arising from local or larger scale politics, including terrorist acts. Any failure to maintain our infrastructure or prevent disruption of our systems and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or result in potential liability to customers, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect. 27Capital One Financial Corporation (COF) 27Capital One Financial Corporation (COF) 27Capital One Financial Corporation (COF) 27 Table of Contents Table of Contents We also rely on the business infrastructure and systems of third parties with which we do business and to whom we outsource the operation, maintenance and development of our information technology and communications systems. We have substantially migrated all aspects of our core information technology systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS. If we fail to architect, administer or oversee these environments in a well-managed, secure and effective manner, or if such platforms become unavailable, are disrupted, fail to scale, do not operate as designed, or do not meet their service level agreements for any reason, we may experience unplanned service disruption or unforeseen costs which could result in material harm to our business and operations. We must successfully develop and maintain information, financial reporting, disclosure, privacy, data protection, data security and other controls adapted to our reliance on outside platforms and providers. In addition, AWS, or other service providers could experience system or telecommunication breakdowns or failures, outages, degradation in service, downtime, failure to scale, software bugs, cyber-attacks and other security incidents, adverse changes to financial condition, bankruptcy, or other adverse conditions, (including conditions which interfere with our access to and use of AWS), which could have a material adverse effect on our business and reputation. Thus, the substantial amount of our infrastructure that we outsource to AWS or to other third parties may increase our risk exposure. Any disruptions, failures or inaccuracies of our operational processes, technology systems and models, including those associated with improvements or modifications to such technology systems and models, could cause us to be unable to market and manage our products and services, manage our risk, meet our regulatory obligations or report our financial results in a timely and accurate manner, all of which could have a negative impact on our results of operations. In addition, our ongoing investments in infrastructure, which are necessary to maintain a competitive business, integrate acquisitions and establish scalable operations, may increase our expenses. As our business develops, changes or expands, additional expenses can arise as a result of a reevaluation of business strategies, management of outsourced services, asset purchases or other acquisitions, structural reorganization, compliance with new laws or regulations, the integration of newly acquired businesses, or the prevention or occurrence of cyber-attacks and other security incidents. If we are unable to successfully manage our expenses, our financial results will be negatively affected. Changes to our business, including those resulting from our strategic objectives, also requires robust governance to ensure that our objectives are executed as intended without adversely impacting our customers, associates, operations or financial performance. Ineffective change management oversight and governance over the execution of our strategic objectives could expose us to operational, strategic and reputational risk and could negatively impact customers or our financial performance." }, { "status": "MODIFIED", "current_title": "Compliance with new and existing domestic and foreign laws, regulations and regulatory expectations is costly and complex.", "prior_title": "Compliance with new and existing laws, regulations and regulatory expectations is costly and complex.", "similarity_score": 0.887, "confidence": "high", "key_changes": [ "Reworded sentence: \"A wide array of laws and regulations, including banking and consumer lending laws and regulations, apply to every aspect of our business and these laws can be uncertain and evolving.\"", "Added sentence: \"In addition, actions, behaviors or practices by us, our employees or representatives that are illegal, unethical or contrary to our core values could harm us, our stockholders or customers or damage the integrity of the financial markets and are subject to regulatory scrutiny across jurisdictions.\"", "Added sentence: \"Violations of law by other financial institutions may also result in increased regulatory scrutiny of our business.\"", "Reworded sentence: \"For example, the CFPB has announced several initiatives related to the amounts and types of fees financial institutions may charge, including by issuing a proposed rule that would, among other things, significantly lower the safe harbor amount for past due fees that a credit card issuer can charge on consumer credit card accounts.\"", "Reworded sentence: \"For a description of the material laws and regulations, including those related to the consumer lending business, to which we are subject, see “Item 1.\"" ], "current_body": "A wide array of laws and regulations, including banking and consumer lending laws and regulations, apply to every aspect of our business and these laws can be uncertain and evolving. We and our subsidiaries are also subject to supervision and examination by multiple regulators both in the U.S. and abroad, and the manner in which our regulators interpret applicable laws and regulations may affect how we comply with them. Failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation or conflicting legal requirements, could subject us to restrictions 33Capital One Financial Corporation (COF) 33Capital One Financial Corporation (COF) 33Capital One Financial Corporation (COF) 33 Table of Contents Table of Contents on our business activities, fines, criminal sanctions and other penalties, and/or damage to our reputation with regulators, our customers or the public. Hiring, training and retaining qualified compliance and legal personnel, and establishing and maintaining risk management and compliance-related systems, infrastructure and processes, is difficult and may lead to increased expenses. These efforts and the associated costs could limit our ability to invest in other business opportunities. In addition, actions, behaviors or practices by us, our employees or representatives that are illegal, unethical or contrary to our core values could harm us, our stockholders or customers or damage the integrity of the financial markets and are subject to regulatory scrutiny across jurisdictions. Violations of law by other financial institutions may also result in increased regulatory scrutiny of our business. Applicable rules and regulations may affect us disproportionately compared to our competitors or in an unforeseen manner. For example, we have a large number of customer accounts in our credit card and auto lending businesses and we have made the strategic choice to originate and service subprime credit card and auto loans, which typically have higher delinquencies and charge-offs than prime customer accounts. As a result, we have significant involvement with credit bureau reporting and the collection and recovery of delinquent and charged-off debt, primarily through customer communications, the filing of litigation against customers in default, the periodic sale of charged-off debt and vehicle repossession. These and other consumer lending activities are subject to enhanced legal and regulatory scrutiny from regulators, courts and legislators. Any future changes to or legal liabilities resulting from our business practices in these areas, including our debt collection practices and the fees we charge, whether mandated by regulators, courts, legislators or otherwise, could have a material adverse impact on our financial condition. The legislative and regulatory environment is beyond our control, may change rapidly and unpredictably, and may negatively influence our revenue, costs, earnings, growth, liquidity and capital levels. For example, the CFPB has announced several initiatives related to the amounts and types of fees financial institutions may charge, including by issuing a proposed rule that would, among other things, significantly lower the safe harbor amount for past due fees that a credit card issuer can charge on consumer credit card accounts. Such changes could affect our ability or willingness to provide certain products or services, necessitate changes to the our business practices, or reduce our revenues. There may also be future rulemaking in emerging regulatory areas such as climate-related risks and new technologies. Adoption of new technologies, such as distributed ledger technologies, tokenization, cloud computing, AI and machine learning technologies, can present unforeseen challenges in applying and relying on existing compliance systems. In addition, some laws and regulations may be subject to litigation or other challenges that delay or modify their implementation and impact on us. Certain laws and regulations, and any interpretations and applications with respect thereto, are generally intended to protect consumers, borrowers, depositors, the DIF, the U.S. banking and financial system, and financial markets as a whole, but not stockholders. Our success depends on our ability to maintain compliance with both existing and new laws and regulations. For a description of the material laws and regulations, including those related to the consumer lending business, to which we are subject, see “Item 1. Business—Supervision and Regulation.”", "prior_body": "A wide array of laws and regulations, including banking and consumer lending laws and regulations, apply to every aspect of our business. We and our subsidiaries are also subject to supervision and examination by multiple regulators, and the manner in which our regulators interpret applicable laws and regulations may affect how we comply with them. Failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines, criminal sanctions and other penalties, and/or damage to our reputation with regulators, our customers or the public. Hiring, training and retaining qualified compliance and legal personnel, and establishing and maintaining risk management and compliance-related systems, infrastructure and processes, is difficult and may lead to increased expenses. These efforts and the associated costs could limit our ability to invest in other business opportunities. Applicable rules and regulations may affect us disproportionately compared to our competitors or in an unforeseen manner. For example, we have a large number of customer accounts in our credit card and auto lending businesses and we have made the strategic choice to originate and service subprime credit card and auto loans, which typically have higher delinquencies and charge-offs than prime customer accounts. As a result, we have significant involvement with credit bureau reporting and the collection and recovery of delinquent and charged-off debt, primarily through customer communications, the filing of litigation against customers in default, the periodic sale of charged-off debt and vehicle repossession. These and other consumer lending activities are subject to enhanced legal and regulatory scrutiny from regulators, courts and legislators. Any future changes to or legal liabilities resulting from our business practices in these areas, including our debt collection practices and the fees we charge, whether mandated by regulators, courts, legislators or otherwise, could have a material adverse impact on our financial condition. The legislative and regulatory environment is beyond our control, may change rapidly and unpredictably, and may negatively influence our revenue, costs, earnings, growth, liquidity and capital levels. For example, there may be future rulemaking in emerging regulatory areas such as climate-related risks and new technologies. In addition, some rules and regulations may be subject to litigation or other challenges that delay or modify their implementation and impact on us. Adoption of new technologies, such as distributed ledger technologies, tokenization, cloud computing, artificial intelligence and machine learning technologies, can present unforeseen challenges in applying and relying on existing compliance systems. 31Capital One Financial Corporation (COF) 31Capital One Financial Corporation (COF) 31Capital One Financial Corporation (COF) 31 Table of Contents Table of Contents Certain laws and regulations, and any interpretations and applications with respect thereto, are generally intended to protect consumers, borrowers, depositors, the DIF, the U.S. banking and financial system, and financial markets as a whole, but not stockholders. Our success depends on our ability to maintain compliance with both existing and new laws and regulations. For a description of the material laws and regulations, including those related to the consumer lending business, to which we are subject, see “Part I—Item 1. Business—Supervision and Regulation.”" }, { "status": "MODIFIED", "current_title": "Reputational risk and social factors may impact our results and damage our brand.", "prior_title": "Reputational risk and social factors may impact our results and damage our brand.", "similarity_score": 0.871, "confidence": "high", "key_changes": [ "Reworded sentence: \"Capital One’s brand is one of our most important assets.\"", "Reworded sentence: \"Adverse perceptions regarding our reputation in the consumer, commercial, and funding markets could lead to difficulties in generating, maintaining and financing accounts.\"", "Reworded sentence: \"In addition, our co-brand and private label credit card partners or other third parties with whom we have important relationships may take actions over which we have limited control that could negatively impact perceptions about us or the financial services industry.\"", "Added sentence: \"There has also been an increased focus by investor advocacy groups, investment funds and shareholder activists, among others, on topics related to environmental, social and corporate governance policies, and our policies, practices and disclosure in these areas, including those related to climate change.\"", "Added sentence: \"Reputation risk related to corporate policies and practices on environmental, social and corporate governance topics is increasingly complex.\"" ], "current_body": "Our ability to attract and retain customers is highly dependent upon the perceptions of consumer and commercial borrowers and deposit holders and other external perceptions of our products, services, trustworthiness, business practices, workplace culture, compliance practices or our financial health. Capital One’s brand is one of our most important assets. Maintaining and enhancing our brand depends largely on our ability to continue to provide high-quality products and services. Adverse perceptions regarding our reputation in the consumer, commercial, and funding markets could lead to difficulties in generating, maintaining and financing accounts. In particular, negative public perceptions regarding our reputation, including negative perceptions regarding our ability to maintain the security of our technology systems and protect customer data, could lead to decreases in the levels of deposits that current and potential consumer and commercial customers choose to maintain with us. Negative perceptions may also significantly increase the costs of attracting and retaining customers. In addition, negative perceptions regarding certain industries, partners or clients could also prompt us to cease business activities associated with those entities in order to manage reputational risk. Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending practices, regulatory compliance, cyber-attacks or other security incidents, corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct. Such conduct could fall short of our customers’ and the public’s heightened expectations of companies of our size with rigorous privacy, data protection, data security and compliance practices, and could further harm our reputation. In addition, our co-brand and private label credit card partners or other third parties with whom we have important relationships may take actions over which we have limited control that could negatively impact perceptions about us or the financial services industry. The proliferation of social media may increase the likelihood that negative public opinion from any of the actual or alleged events discussed above could impact our reputation and business. In addition, a variety of economic or social factors may cause changes in borrowing activity, including credit card use, payment patterns and the rate of defaults by account holders and borrowers domestically and internationally. These economic and social factors include changes in consumer confidence levels, the public’s perception regarding the banking industry and consumer debt, including credit card use, and changing attitudes about the stigma of bankruptcy. If consumers develop or maintain negative attitudes about incurring debt, or consumption trends decline or if we fail to maintain and enhance our brand, or we incur significant expenses to do so, our reputation and business and financial results could be materially and negatively affected. There has also been an increased focus by investor advocacy groups, investment funds and shareholder activists, among others, on topics related to environmental, social and corporate governance policies, and our policies, practices and disclosure in these areas, including those related to climate change. Reputation risk related to corporate policies and practices on environmental, social and corporate governance topics is increasingly complex. Divergent ideological and social views may create competing stakeholder, legislative, and regulatory scrutiny that may impact our reputation. Furthermore, responding to environmental, social and corporate governance considerations and implementing our related goals and initiatives involve risk and uncertainties, require investments and depend in part on third-party performance or data that is outside of our control. There can be no assurance that we will achieve these goals and initiatives or that any such achievements will have the desired results. Our failure to achieve progress in these areas on a timely basis, if at all, could impact our reputation and public perceptions of our business.", "prior_body": "Our ability to attract and retain customers is highly dependent upon the perceptions of consumer and commercial borrowers and deposit holders and other external perceptions of our products, services, trustworthiness, business practices, workplace culture, compliance practices or our financial health. In addition, our brand is very important to us. Maintaining and enhancing our brand depends largely on our ability to continue to provide high-quality products and services. Adverse perceptions regarding our reputation in the consumer, commercial and funding markets could lead to difficulties in generating and maintaining accounts as well as in financing them. In particular, negative public perceptions regarding our reputation, including negative perceptions regarding our ability to maintain the security of our technology systems and protect customer data, could lead to decreases in the levels of deposits that consumer and commercial customers and potential customers choose to maintain with us or significantly increase the costs of attracting and retaining customers. In addition, negative perceptions regarding certain industries, partners or clients could also prompt us to cease business activities associated with those entities. Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending practices, regulatory compliance, security breaches (including the use and protection of customer data, such as resulting from the Cybersecurity Incident), corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct. Such conduct could fall short of our customers’ and the public’s heightened expectations of companies of our size with rigorous privacy, data protection, data security and compliance practices, and could further harm our reputation. In addition, our co-brand and private label partners or other third parties with whom we have important relationships may take actions over which we have limited control that could negatively impact perceptions about us or the financial services industry. The proliferation of social media may increase the likelihood that negative public opinion from any of the events discussed above will impact our reputation and business. In addition, a variety of social factors may cause changes in borrowing activity, including credit card use, payment patterns and the rate of defaults by account holders and borrowers domestically and internationally. These social factors include changes in consumer confidence levels, the public’s perception regarding the banking industry and consumer debt, including credit card use, and changing attitudes about the stigma of bankruptcy. There has also been increased focus by investor advocacy groups, investment funds and shareholder activists, among others, on topics related to environmental, social and corporate governance 36Capital One Financial Corporation (COF) 36Capital One Financial Corporation (COF) 36Capital One Financial Corporation (COF) 36 Table of Contents Table of Contents policies, and our policies, practices and disclosure in these areas, including related to climate change. If these groups consider our efforts unsatisfactory, whether real or perceived, it could also harm our reputation. If consumers develop or maintain negative attitudes about incurring debt, or consumption trends decline or if we fail to maintain and enhance our brand, or we incur significant expenses to do so, our reputation and business and financial results could be materially and negatively affected." }, { "status": "MODIFIED", "current_title": "Our business, financial condition and results of operations may be adversely affected by merchants’ efforts to reduce the fees charged by credit and debit card networks to facilitate card transactions, and by legislation and regulation impacting such fees.", "prior_title": "Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit and debit card networks and by legislation and regulation impacting such fees.", "similarity_score": 0.853, "confidence": "high", "key_changes": [ "Reworded sentence: \"Interchange fees are the amounts established by credit and debit card networks for the purpose of compensating debit and credit card issuers for their role in facilitating card transactions and are a meaningful source of revenue for our credit and debit card businesses.\"", "Reworded sentence: \"In some jurisdictions, such as Canada and certain countries in Europe, including the U.K., interchange fees and related practices are subject to regulatory activity, including in some cases, imposing caps on permissible interchange fees.\"", "Reworded sentence: \"In addition, in Canada, Visa and MasterCard payment networks have entered into voluntary 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37 Table of Contents Table of Contents agreements with the Department of Finance Canada to maintain an agreed upon average interchange rate.\"", "Reworded sentence: \"Merchants and their trade groups have filed numerous lawsuits against payment card networks and banks that issue cards on those networks, claiming that their practices toward merchants, including interchange fees, violate federal antitrust laws.\"", "Reworded sentence: \"For additional information about the lawsuits, see “Part II—Item 8.\"" ], "current_body": "Interchange fees are the amounts established by credit and debit card networks for the purpose of compensating debit and credit card issuers for their role in facilitating card transactions and are a meaningful source of revenue for our credit and debit card businesses. Interchange fees are a revenue source that, for example, covers the issuer’s costs associated with credit and debit card payments, fund rewards programs, offset fraud, management and dispute costs and fund competition and innovation. Interchange fees continue to be the subject of significant and intense global legal, legislative and regulatory focus, and the resulting decisions, legislation and regulation may have a material adverse impact on our overall business, financial condition and results of operations. Legislative and regulatory bodies in a number of countries have sought, or are currently seeking, to reduce interchange fees through legislation, competition-related regulatory proceedings, voluntary agreements, central bank regulation and/or litigation. For credit transactions, interchange reimbursement rates in the United States are set by credit card networks such as MasterCard and Visa. In some jurisdictions, such as Canada and certain countries in Europe, including the U.K., interchange fees and related practices are subject to regulatory activity, including in some cases, imposing caps on permissible interchange fees. Our international card businesses have been impacted by these restrictions. For example, in the U.K., interchange fees are capped for both credit and debit card transactions. In addition, in Canada, Visa and MasterCard payment networks have entered into voluntary 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37 Table of Contents Table of Contents agreements with the Department of Finance Canada to maintain an agreed upon average interchange rate. Lowering interchange fees remains an area of domestic and international governmental attention by certain parties. In addition to this regulatory activity, merchants are also seeking avenues to reduce interchange fees. Merchants and their trade groups have filed numerous lawsuits against payment card networks and banks that issue cards on those networks, claiming that their practices toward merchants, including interchange fees, violate federal antitrust laws. In 2005, a number of entities filed antitrust lawsuits against MasterCard and Visa and several member banks, including our subsidiaries and us, alleging among other things, that the defendants conspired to fix the level of interchange fees. For additional information about the lawsuits, see “Part II—Item 8. Financial Statements and Supplementary Data—Note 18—Commitments, Contingencies, Guarantees and Others” for further details. Some major retailers or industry sectors could independently negotiate lower interchange fees with MasterCard and Visa, which could, in turn, result in lower interchange fees for us when our cardholders undertake purchase transactions with these retailers. Merchants continue to lobby Congress aggressively for legislation that would require additional routing requirements for credit cards that are issued on four-party networks, like Visa or MasterCard, which could create a downward pressure on interchange fees should their efforts be successful. Retailers may continue to bring legal proceedings against us or other credit card and debit card issuers and networks in the future. For debit transactions, Regulation II (Debit Card Interchange Fees and Routing) which was issued by the Federal Reserve in 2011, place limits on the interchange fees we may charge and requires additional routing requirements for debit cards issued on four-party networks, like Visa or Mastercard. On October 25, 2023, the Federal Reserve released a notice of proposed rulemaking to revise Regulation II to further reduce the interchange fee cap that debit card issuers covered by Regulation II can receive for debit card transactions. For more information on these rules, please see “Item 1. Business—Supervision and Regulation.” Beyond pursuing litigation, legislation and regulation, merchants may also promote forms of payment with lower fees or seek to impose surcharges or discounts at the point of sale for use of credit or debit cards. New payment systems, particularly mobile-based payment technologies, could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit or debit cards as a payment method. The heightened focus by merchants and legislative and regulatory bodies on the fees charged by credit and debit card networks, and the ability of certain merchants to successfully negotiate discounts to interchange fees with MasterCard and Visa or develop alternative payment systems, could result in a loss of income. Any resulting loss in income to us could have a material adverse effect on our business, financial condition and results of operations.", "prior_body": "Interchange fees are generally one of the largest components of the costs that merchants pay in connection with the acceptance of credit and debit cards and are a meaningful source of revenue for our credit and debit card businesses. Interchange fees are the subject of significant and intense global legal, legislative and regulatory focus, and the resulting decisions, legislation and regulation may have a material adverse impact on our overall business, financial condition and results of operations. Legislative and regulatory bodies in a number of countries are seeking to reduce interchange fees through legislation, competition-related regulatory proceedings, voluntary agreements, central bank regulation and/or litigation. For credit transactions, interchange reimbursement rates in the United States are set by credit card networks such as MasterCard and Visa. For debit transactions, Federal Reserve rules place limits on the interchange fees we may charge. For more information on these rules, please see “Part I—Item 1. Business—Supervision and Regulation.” In some jurisdictions, such as Canada and certain countries in Europe, including the U.K., interchange fees and related practices are subject to regulatory activity, including in some cases, imposing caps on permissible interchange fees. Our international card businesses have been impacted by these restrictions. For example, in the U.K., interchange fees are capped for both credit and debit card transactions. In addition, in Canada, Visa and Mastercard payment networks have entered into voluntary agreements with the Department of Finance Canada to maintain an agreed upon average interchange rate. Lowering interchange fees remains an area of domestic and international governmental focus. Legislators and regulators around the world are aware of each other’s approaches to the regulation of the payments industry. Consequently, a development in one country, state or region may influence regulatory approaches in another, such as our primary market, the United States. In addition to this regulatory activity, merchants are also seeking avenues to reduce interchange fees. In the past, merchants and their trade groups have filed numerous lawsuits against Visa, MasterCard, American Express and their card-issuing banks, claiming that their practices toward merchants, including interchange and similar fees, violate federal antitrust laws. In 2005, a number of entities filed antitrust lawsuits against MasterCard and Visa and several member banks, including our subsidiaries and us, alleging among other things, that the defendants conspired to fix the level of interchange fees. In December 2013, the U.S. District Court for the Eastern District of New York granted final approval of the proposed class settlement. The settlement provided, among other things, that merchants would be entitled to join together to negotiate lower interchange fees. The settlement was appealed to the Second Circuit Court of Appeals, which rejected the settlement in June 2016; a revised settlement was reached in the second half of 2018, and the trial court issued its final approval of the settlement in December 2019. See “Part II—Item 8. Financial Statements and Supplementary Data—Note 18—Commitments, Contingencies, Guarantees and Others” for further details. Some major retailers have sufficient bargaining power to independently negotiate lower interchange fees with MasterCard and Visa, which could, in turn, result in lower interchange fees for us when our cardholders undertake purchase transactions with these retailers. Merchants also continue to lobby Congress aggressively for restrictions on interchange fees and their efforts may be successful. Retailers may in the future bring legal proceedings against us or other credit card and debit card issuers and networks. Beyond pursuing litigation, legislation and regulation, merchants may also promote forms of payment with lower fees, such as ACH-based payments, or seek to impose surcharges at the point of sale for use of credit or debit cards. New payment systems, particularly mobile-based payment technologies, could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit card accounts as a payment method. The heightened focus by merchants and legislative and regulatory bodies on the fees charged by credit and debit card networks, and the ability of certain merchants to successfully negotiate discounts to interchange fees with MasterCard and Visa or develop alternative payment systems, could result in a reduction of interchange fees. Any resulting loss in income to us could have a material adverse effect on our business, financial condition and results of operations. 34Capital One Financial Corporation (COF) 34Capital One Financial Corporation (COF) 34Capital One Financial Corporation (COF) 34 Table of Contents Table of Contents" }, { "status": "MODIFIED", "current_title": "Summary of Risk Factors", "prior_title": "Summary of Risk Factors", "similarity_score": 0.827, "confidence": "high", "key_changes": [ "Reworded sentence: \"•The Transaction is contingent upon a number of conditions, including stockholder and regulatory approvals, which may fail to be satisfied or which may delay the consummation of the Transaction or result in the imposition of conditions that could reduce the anticipated benefits from the Transaction or cause the parties to abandon the Transaction.\"", "Reworded sentence: \"•Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase our common stock.\"", "Reworded sentence: \"•A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions.\"", "Reworded sentence: \"•We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operations.\"", "Reworded sentence: \"•Our business could be negatively affected if we are unable to attract, develop, retain and motivate key senior leaders and skilled employees.\"" ], "current_body": "The following is a summary of the Risk Factors disclosure in this Item 1A. This summary does not address all of the risks that we face. Additional discussion of the risks summarized in this risk factor summary, and other risks that we face, can be found below and should be carefully considered, together with other information in this Form 10-K and our other filings with the SEC, before making an investment decision regarding our securities. •The Transaction is contingent upon a number of conditions, including stockholder and regulatory approvals, which may fail to be satisfied or which may delay the consummation of the Transaction or result in the imposition of conditions that could reduce the anticipated benefits from the Transaction or cause the parties to abandon the Transaction. •We are expected to incur substantial expenses related to the Transaction and to the integration of Discover. •We may fail to realize all of the anticipated benefits of the Transaction or those benefits may take longer, or be more difficult, to realize than expected. •Our future results may suffer if we do not effectively manage our expanded operations following the Transaction. •We will be subject to business uncertainties and contractual restrictions while the Transaction is pending. •Changes and instability in the macroeconomic environment could disrupt capital markets, reduce consumer and business activity, and weaken the labor market, all of which could impact borrowers’ ability to service their debt obligations and adversely impact our financial results. •Fluctuations in interest rates or volatility in the capital markets could adversely affect our business, results of operations and financial condition. •We may experience increases or fluctuations in delinquencies and credit losses, or we may incorrectly estimate expected losses, which could result in inadequate reserves. •We may not be able to maintain adequate capital or liquidity levels or may become subject to revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders. •Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase our common stock. •A downgrade in our credit ratings could significantly impact our liquidity, funding costs and access to the capital markets. •We face risks related to our operational, technological and organizational infrastructure. •A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions. •We face risks resulting from the extensive use of models, AI, and data. 22Capital One Financial Corporation (COF) 22Capital One Financial Corporation (COF) 22Capital One Financial Corporation (COF) 22 Table of Contents Table of Contents •Compliance with new and existing domestic and foreign laws, regulations and regulatory expectations is costly and complex. •Our required compliance with applicable laws and regulations related to privacy, data protection and data security, in addition to compliance with our own privacy policies and contractual obligations to third parties, may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities. •Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. •We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operations. •Our business, financial condition and results of operations may be adversely affected by merchants’ efforts to reduce the fees charged by credit and debit card networks to facilitate card transactions, and by legislation and regulation impacting such fees. •If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. •We may fail to realize the anticipated benefits of our mergers, acquisitions and strategic partnerships. •Reputational risk and social factors may impact our results and damage our brand. •If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. •Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. •Our business could be negatively affected if we are unable to attract, develop, retain and motivate key senior leaders and skilled employees. •We face risks from catastrophic events. •Climate change manifesting as physical or transition risks could adversely affect our businesses, operations and customers and result in increased costs. •We face risks from the use of or changes to assumptions or estimates in our financial statements. •The soundness of other financial institutions and other third parties, actual or perceived, could adversely affect us.", "prior_body": "The following is a summary of the Risk Factors disclosure in this Item 1A. This summary does not address all of the risks that we face. Additional discussion of the risks summarized in this risk factor summary, and other risks that we face, can be found below and should be carefully considered, together with other information in this Form 10-K and our other filings with the SEC, before making an investment decision regarding our securities. •Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business. •Fluctuations in market interest rates or volatility in the capital markets could adversely affect our business. •Our results of operations may be adversely affected by the effects of the COVID-19 pandemic. 21Capital One Financial Corporation (COF) 21Capital One Financial Corporation (COF) 21Capital One Financial Corporation (COF) 21 Table of Contents Table of Contents •We may experience increases or fluctuations in delinquencies and credit losses, inaccurate estimates and inadequate reserves. •We may not be able to maintain adequate capital or liquidity levels or may become subject to revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders. •Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock. •We face risks related to our operational, technological and organizational infrastructure. •A cyber-attack or other security incident, including one that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions. •Our required compliance with applicable laws and regulations related to privacy, data protection and data security may increase our costs, reduce our revenue, increase our legal exposure and limit our ability to pursue business opportunities. •We face risks resulting from the extensive use of models and data. •Compliance with new and existing laws, regulations and regulatory expectations is costly and complex. •Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. •We face intense competition in all of our markets. •Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit and debit card networks and by legislation and regulation impacting such fees. •If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. •We may fail to realize the anticipated benefits of our mergers, acquisitions and strategic partnerships. •Reputational risk and social factors may impact our results and damage our brand. •If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. •Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. •The transition away from London Interbank Offered Rate may adversely affect our business. •Our business could be negatively affected if we are unable to attract, retain and motivate key senior leaders and skilled employees. •We face risks from catastrophic events. •Climate change manifesting as physical or transition risks could adversely affect our businesses, operations and customers. •We face risks from the use of or changes to assumptions or estimates in our financial statements. •The soundness of other financial institutions and other third parties could adversely affect us. 22Capital One Financial Corporation (COF) 22Capital One Financial Corporation (COF) 22Capital One Financial Corporation (COF) 22 Table of Contents Table of Contents" }, { "status": "MODIFIED", "current_title": "Fluctuations in interest rates or volatility in the capital markets could adversely affect our business, results of operations and financial condition.", "prior_title": "Fluctuations in market interest rates or volatility in the capital markets could adversely affect our business.", "similarity_score": 0.815, "confidence": "high", "key_changes": [ "Reworded sentence: \"Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions, uncertainty or volatility in the capital markets.\"", "Reworded sentence: \"For example, if inflation were to remain elevated or begin to increase, interest rates could increase further.\"", "Reworded sentence: \"Furthermore, interest rate fluctuations and competitor responses to those changes may have a material adverse effect on our financial condition and results of operations, as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, reduce demand for credit or (for existing customers) the level of borrowing or purchase activity.\"", "Reworded sentence: \"These changes could reduce the overall yield on our interest-earning asset portfolio.\"", "Reworded sentence: \"26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26 Table of Contents Table of Contents Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio.\"" ], "current_body": "Like other financial institutions, our business is sensitive to interest rate movements and the performance of the capital markets. We rely on access to the capital markets to fund our operations and to grow our business. Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions, uncertainty or volatility in the capital markets. Additionally, increased charge-offs, rising interest rates, increased refinancing activity and other events may cause our securitization transactions to amortize earlier than scheduled or reduce the value of the securities that we hold for liquidity purposes, which could accelerate our need for additional funding from other sources. We could also experience impairments of other financial assets and other negative impacts on our financial position, including possible constraints on liquidity and capital, as well as higher costs of capital. Additionally, changes in interest rates could adversely affect the results of our operations and financial condition. For example, if inflation were to remain elevated or begin to increase, interest rates could increase further. Higher interest rates increase our borrowing costs and may require us to increase the interest we pay on funds deposited with us and may reduce the market value of our securities holdings. If interest rates continue to increase or if higher interest rates persist for an extended period of time, our expenses may increase further. If the rate of economic growth decreased sharply, causing the Federal Reserve to lower interest rates, our net income could be adversely affected. Additionally, a shrinking yield premium between short-term and long-term market interest rates could adversely impact the rates that we pay on our liabilities and the rates that we earn on our assets and thus affect our profitability. We assess our interest rate risk by estimating the effect on our earnings, economic value and capital under various scenarios that differ based on assumptions about the direction and the magnitude of interest rate changes. We take risk mitigation actions based on those assessments. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. Furthermore, interest rate fluctuations and competitor responses to those changes may have a material adverse effect on our financial condition and results of operations, as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, reduce demand for credit or (for existing customers) the level of borrowing or purchase activity. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional or fluctuating delinquencies or charge-offs and negatively impact our results of operations. These changes could reduce the overall yield on our interest-earning asset portfolio. An inability to attract or maintain deposits could materially affect our ability to fund our business and our liquidity position. Many other financial institutions have increased their reliance on deposit funding and, as such, we expect continued competition in the deposit markets. We cannot predict how this competition will affect our costs. If we are required to offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26 Table of Contents Table of Contents Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. See “Part II—Item 7. MD&A—Market Risk Profile” and “We face intense competition in all of our markets” for additional information.", "prior_body": "Like other financial institutions, our business is sensitive to interest rate movements and the performance of the capital markets. We rely on access to the capital markets to fund our operations and to grow our business. Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions, uncertainty or volatility in the capital markets or other events, including changing credit rating agency requirements. For example, a credit rating downgrade could affect our ability to access the capital markets, increase our funding costs and have a negative impact on our results of operations. Additionally, increased charge-offs, rising interest rates and other events may cause our securitization transactions to amortize earlier than scheduled or reduce the value of the securities that we hold for liquidity purposes, which could accelerate our need for additional funding from other sources. Additionally, changes in interest rates could adversely affect the results of our operations and financial condition. For example, we borrow money from other institutions and depositors, which we use to make loans to customers and invest in debt securities and other interest-earning assets. We earn interest on these loans and assets and pay interest on the money we borrow from institutions and depositors. In response to inflationary pressures, the Federal Reserve has reversed its policy of maintaining the low benchmark federal funds interest rate over the last several years. In March 2022, the Federal Reserve began increasing the benchmark federal funds interest rate and has signaled its intention to continue to raise interest rates in an effort to tame 23Capital One Financial Corporation (COF) 23Capital One Financial Corporation (COF) 23Capital One Financial Corporation (COF) 23 Table of Contents Table of Contents inflation. Thus, the amount of interest that we pay on certain borrowings has increased and could increase further. Additionally, a shrinking yield premium between short-term and long-term market interest rates and in the relationship between our funding basis rate and our lending basis rate and inflation could affect our profitability. We assess our interest rate risk by estimating the effect on our earnings, economic value and capital under various scenarios that differ based on assumptions about the direction and the magnitude of interest rate changes. We take risk mitigation actions based on those assessments. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. See “Part II—Item 7. MD&A—Market Risk Profile” for additional information. Furthermore, interest rate fluctuations and competitor responses to those changes may affect the rate of customer prepayments for auto and other term loans and may affect the balances customers carry on their credit cards and their balances in the deposits accounts they have with us. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional or fluctuating delinquencies or charge-offs and negatively impact our results of operations. These changes can reduce the overall yield on our interest-earning asset portfolio. An inability to attract or maintain deposits could materially affect our ability to fund our business and our liquidity position. Many other financial institutions have increased their reliance on deposit funding and, as such, we expect continued competition in the deposit markets. We cannot predict how this competition will affect our costs. If we are required to offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing." }, { "status": "MODIFIED", "current_title": "The soundness of other financial institutions and other third parties, actual or perceived, could adversely affect us.", "prior_title": "The soundness of other financial institutions and other third parties could adversely affect us.", "similarity_score": 0.796, "confidence": "high", "key_changes": [ "Reworded sentence: \"42Capital One Financial Corporation (COF) 42Capital One Financial Corporation (COF) 42Capital One Financial Corporation (COF) 42 Table of Contents Table of Contents Our ability to engage in routine funding and other transactions could be adversely affected by the stability and actions of other financial services institutions.\"", "Reworded sentence: \"Recently, several financial services institutions have failed or required outside liquidity support, in many cases, as a result of the inability of the institutions to obtain needed liquidity.\"", "Reworded sentence: \"In addition, adverse developments with respect to third parties with whom we have important relationships also could negatively impact perceptions about us.\"", "Added sentence: \"Moreover, the speed with which information spreads through social media, enhanced technology and other news sources on the Internet and the ease with which customers transact may amplify the onset and negative effects from such perceptions.\"" ], "current_body": "42Capital One Financial Corporation (COF) 42Capital One Financial Corporation (COF) 42Capital One Financial Corporation (COF) 42 Table of Contents Table of Contents Our ability to engage in routine funding and other transactions could be adversely affected by the stability and actions of other financial services institutions. Financial services institutions are interrelated as a result of trading, clearing, servicing, counterparty and other relationships. We have exposure to financial institutions, intermediaries and counterparties that are exposed to risks over which we have little or no control. Recently, several financial services institutions have failed or required outside liquidity support, in many cases, as a result of the inability of the institutions to obtain needed liquidity. For example, during 2023, Silicon Valley Bank, Signature Bank and First Republic Bank were closed and placed under FDIC receivership. This has led to additional risk for other financial services institutions and the financial services industry generally as a result of increased lack of confidence in the financial sector. The failure of other banks and financial institutions and the measures taken by governments, businesses and other organizations in response to these events could adversely impact our business, financial condition and results of operations. For information on the FDIC’s special assessment following the closures of Silicon Valley Bank and Signature Bank, see “Item 1. Business—Supervision and Regulation.” In addition, we routinely execute transactions with counterparties in the financial services industry, including brokers and dealers, commercial banks, investment banks, mutual and hedge funds and other institutional clients, resulting in a significant credit concentration with respect to the financial services industry overall. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Likewise, adverse developments affecting the overall strength and soundness of our competitors, the financial services industry as a whole and the general economic climate and the U.S. Treasury market could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. In addition, adverse developments with respect to third parties with whom we have important relationships also could negatively impact perceptions about us. These perceptions about us could cause our business to be negatively affected and exacerbate the other risks that we face. Moreover, the speed with which information spreads through social media, enhanced technology and other news sources on the Internet and the ease with which customers transact may amplify the onset and negative effects from such perceptions.", "prior_body": "Our ability to engage in routine funding and other transactions could be adversely affected by the stability and actions of other financial services institutions. Financial services institutions are interrelated as a result of trading, clearing, servicing, counterparty and other relationships. We have exposure to financial institutions, intermediaries and counterparties that are exposed to risks over which we have little or no control. In addition, we routinely execute transactions with counterparties in the financial services industry, including brokers and dealers, commercial banks, investment banks, mutual and hedge funds and other institutional clients, resulting in a significant credit concentration with respect to the financial services industry overall. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Likewise, adverse developments affecting the overall strength and soundness of our competitors, the financial services industry as a whole and the general economic climate and the U.S. Treasury market could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. In addition, adverse 39Capital One Financial Corporation (COF) 39Capital One Financial Corporation (COF) 39Capital One Financial Corporation (COF) 39 Table of Contents Table of Contents developments with respect to third parties with whom we have important relationships also could negatively impact perceptions about us. These perceptions about us could cause our business to be negatively affected and exacerbate the other risks that we face." }, { "status": "MODIFIED", "current_title": "We face risks resulting from the extensive use of models, AI, and data.", "prior_title": "We face risks resulting from the extensive use of models and data.", "similarity_score": 0.68, "confidence": "medium", "key_changes": [ "Reworded sentence: \"We rely on quantitative models and the use of AI, as well as our ability to manage and aggregate data in an accurate and timely manner, to assess and manage our various risk exposures, create estimates and forecasts, and manage compliance with regulatory capital requirements.\"", "Reworded sentence: \"In addition, models and AI based on historical data sets might not be accurate predictors of future outcomes and their ability to appropriately predict future outcomes may degrade over time due to limited historical patterns, extreme or unanticipated market movements or customer behavior and liquidity, especially during severe market downturns or stress events (e.g., geopolitical or pandemic events).\"", "Reworded sentence: \"Also, any information we provide to the public or to our regulators based on incorrectly designed or implemented models or AI could be inaccurate or misleading.\"" ], "current_body": "We rely on quantitative models and the use of AI, as well as our ability to manage and aggregate data in an accurate and timely manner, to assess and manage our various risk exposures, create estimates and forecasts, and manage compliance with regulatory capital requirements. We continue to invest in building new capabilities that employ new AI technologies such as generative AI, and we expect our use of these technologies to increase over time. However, there are significant risks involved in utilizing models and AI and no assurance can be provided that our use will produce only intended or beneficial results. AI may subject us to new or heightened legal, regulatory, ethical, or other challenges; and negative public opinion of AI could impair the acceptance of AI solutions. If the models or AI solutions that we create or use are deficient, inaccurate or controversial, we could incur operational inefficiencies, competitive harm, legal liability, brand or reputational harm, or other adverse impacts on our business and financial results. We also may incur liability through the violation of applicable laws and regulations, third-party intellectual property, privacy or other rights, or contracts to which we are a party. We may use models and AI in processes such as determining the pricing of various products, identifying potentially fraudulent transactions, grading loans and extending credit, measuring interest rate and other market risks, predicting deposit levels or loan losses, assessing capital adequacy, calculating managerial and regulatory capital levels, estimating the value of financial instruments and balance sheet items, and other operational functions. Development and implementation of some of these models , such as the models for credit loss accounting under CECL, require us to make difficult, subjective and complex judgments. Our risk reporting and management, including business decisions based on information incorporating models and the use of AI, depend on the effectiveness of our models and AI and our policies, programs, processes and practices governing how data, models and AI, as applicable, are acquired, validated, stored, protected, processed and analyzed. Any issues with the quality or effectiveness of our data aggregation and validation procedures, as well as the quality and integrity of data inputs, formulas or algorithms, could result in inaccurate forecasts, ineffective risk management practices or inaccurate risk reporting. In addition, models and AI based on historical data sets might not be accurate predictors of future outcomes and their ability to appropriately predict future outcomes may degrade over time due to limited historical patterns, extreme or unanticipated market movements or customer behavior and liquidity, especially during severe market downturns or stress events (e.g., geopolitical or pandemic events). While we continuously update our policies, programs, processes and practices, many of our data management, modeling, AI, aggregation and implementation processes are manual and may be subject to human error, data limitations, process delays or system failure. Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risk, to produce accurate financial, regulatory and operational reporting as well as to manage changing business needs. If our Framework is ineffective, we could suffer unexpected losses which could materially adversely affect our results of operation or financial condition. Also, any information we provide to the public or to our regulators based on incorrectly designed or implemented models or AI could be inaccurate or misleading. Some of the decisions that our regulators make, including those related to capital distribution to our stockholders, could be affected adversely due to the perception that the quality of the data, models and AI used to generate the relevant information is insufficient. In addition, regulation of AI is rapidly evolving worldwide as legislators and regulators are increasingly focused on these powerful emerging technologies. The technologies underlying AI and its uses are subject to a variety of laws and regulations, including intellectual property, privacy, data protection and information security, consumer protection, competition, and equal opportunity laws, and are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations. AI is the subject of ongoing review by various U.S. governmental and regulatory agencies, and various U.S. states and other foreign jurisdictions are applying, or are considering applying, their platform moderation, privacy, data protection and data security laws and regulations to AI or are considering general legal frameworks for AI. We may not be able to anticipate how to respond to these rapidly evolving frameworks, and we may need to expend resources to adjust our offerings in certain jurisdictions if the legal frameworks are inconsistent across jurisdictions. Furthermore, because AI technology itself is highly complex and rapidly developing, it is not possible to predict all of the legal, operational or technological risks that may arise relating to the use of AI.", "prior_body": "We rely on quantitative models and our ability to manage and aggregate data in an accurate and timely manner to assess and manage our various risk exposures, create estimates and forecasts, and manage compliance with regulatory capital requirements. Models may be used in processes such as determining the pricing of various products, grading loans and extending credit, measuring interest rate and other market risks, predicting deposit levels or loan losses, assessing capital adequacy, calculating managerial and regulatory capital levels, estimating the value of financial instruments and balance sheet items, and other operational functions. Our risk reporting and management, including business decisions based on information incorporating models, depend on the effectiveness of our models and our policies, programs, processes and practices governing how data or models, as applicable, are acquired, validated, stored, protected, processed and analyzed. Any issues with the quality or effectiveness of our data aggregation and validation procedures, as well as the quality and integrity of data inputs, formulas or algorithms, could result in inaccurate forecasts, ineffective risk management practices or inaccurate risk reporting. In addition, models based on historical data sets might not be accurate predictors of future outcomes and their ability to appropriately predict future outcomes may degrade over time. While we continuously update our policies, programs, processes and practices, many of our data management, modeling, aggregation and implementation processes are manual and may be subject to human error, data limitations, process delays or system failure. Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risk, to produce accurate financial, regulatory and operational reporting as well as to manage changing business needs. If our Framework is ineffective, we could suffer unexpected losses which could materially adversely affect our results of operation or financial condition. Also, any information we provide to the public or to our regulators based on poorly designed or implemented models could be inaccurate or misleading. Some of the decisions that our regulators make, including those related to capital distribution to our stockholders, could be affected adversely due to the perception that the quality of the models used to generate the relevant information is insufficient." }, { "status": "MODIFIED", "current_title": "Changes and instability in the macroeconomic environment could disrupt capital markets, reduce consumer and business activity, and weaken the labor market, all of which could impact borrowers’ ability to service their debt obligations and adversely impact our financial results.", "prior_title": "Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business.", "similarity_score": 0.553, "confidence": "low", "key_changes": [ "Reworded sentence: \"Changes and instability in the macroeconomic environment may lead to changes in payment patterns, increases or fluctuations in delinquencies and default rates and decrease consumer spending.\"" ], "current_body": "Changes and instability in the macroeconomic environment may lead to changes in payment patterns, increases or fluctuations in delinquencies and default rates and decrease consumer spending. Because we offer a broad array of financial products and services to consumers, small businesses and commercial clients, our financial results are impacted by the level of consumer and business activity and the demand for our products and services. A prolonged period of economic weakness, volatility, slow growth, or a significant deterioration in economic conditions, in the U.S., Canada or the U.K., could have a material adverse effect on our financial condition and results of operations as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the factors that could disrupt capital markets, reduce consumer and business activity, and weaken the labor market include the following: •Monetary policy actions, such as changes to interest rates, taken by the Federal Reserve and other central banks, such as the central banks in the United Kingdom and Canada; •Geopolitical conflicts or instabilities, such as the war between Ukraine and Russia and the war between Israel and Hamas, and increased geopolitical tensions between the U.S. and China; 25Capital One Financial Corporation (COF) 25Capital One Financial Corporation (COF) 25Capital One Financial Corporation (COF) 25 Table of Contents Table of Contents •Trade wars, tariffs, labor shortages and disruptions of global supply chains; •The effects of divided government in the U.S., including government shutdowns whether recurring, prolonged or otherwise, and developments related to the U.S. federal debt ceiling; •Inflation and deflation, including the effects of related governmental responses; •Concerns over a potential recession, which may lead to adjustments in spending patterns; •Lower demand for credit and shifts in consumer behavior, including shifts away from using credit cards, changes in deposit practices, and changes in and payment patterns; and •Ongoing changes in usage of commercial real estate, which may have a sustained negative impact on utilization rates and values. Decreases in overall business activity and changes in customer behavior may lead to increases in our charge-off rate caused by bankruptcies and may reduce our ability to recover debt that we have previously charged-off. Such changes may also decrease the reliability of our internal processes and models, including those we use to estimate our allowance for credit losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models, AI, and data.”", "prior_body": "We offer a broad array of financial products and services to consumers, small businesses and commercial clients. A prolonged period of economic volatility, slow growth, or a significant deterioration in economic conditions, in the U.S., Canada or the U.K., could have a material adverse effect on our financial condition and results of operations as customers default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the risks we face in connection with adverse changes and instability in the macroeconomic environment and changes in consumer confidence levels and behavior, include the following: •Monetary policies and actions taken by the Federal Reserve and other central banks or governmental authorities; •Economic deterioration due to escalation of military hostilities or other geopolitical instabilities; •Changes in payment patterns, increases or fluctuations in delinquencies and default rates, decreased consumer spending, inflation, fluctuation in interest rates, lower demand for credit and shifts in consumer behavior, including deposits and payments; •Increases in our charge-off rate caused by bankruptcies and reduced ability to recover debt that we have previously charged-off; •Recent changes in usage of commercial real estate, which may have a sustained negative impact on utilization rates and values; •Decreased reliability of the process and models, including those we use to estimate our allowance for credit losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models and data.” The U.K. and the EU agreed to a free trade deal at the end of 2020 relating to the U.K.’s exit from the EU. Although this deal has provided greater near-term stability, there is still some degree of uncertainty as to the relationship between the U.K and the EU, which may increase volatility in the regional and global financial markets. In addition, the global economy, including economic conditions in the U.K., has been negatively impacted by the war between Russia and Ukraine. Continued escalation of geopolitical tensions related to the war, including increased trade barriers or restrictions on global trade, could further deteriorate international economic conditions. We continue to consider and monitor the potential impacts of the relationship between the U.K. and EU, as well as the war between Russia and Ukraine." }, { "status": "UNCHANGED", "current_title": "We face risks from the use of or changes to assumptions or estimates in our financial statements.", "prior_title": "We face risks from the use of or changes to assumptions or estimates in our financial statements.", "current_body": "Pursuant to generally accepted accounting principles in the U.S. (“U.S. GAAP”), we are required to use certain assumptions and estimates in preparing our financial statements, including determining our allowance for credit losses, the fair value of certain assets and liabilities, and goodwill impairment, among other items. In addition, the FASB, the SEC and other regulatory bodies may change the financial accounting and reporting standards, including those related to assumptions and estimates we use to prepare our financial statements, in ways that we cannot predict and that could impact our financial statements. If actual results differ from the assumptions or estimates underlying our financial statements or if financial accounting and reporting standards are changed, we may experience unexpected material losses. For a discussion of our use of estimates in the preparation of our consolidated financial statements, see “Part II—Item 7. MD&A—Critical Accounting Policies and Estimates” and “Part II—Item 8. Financial Statements and Supplementary Data—Note 1—Summary of Significant Accounting Policies.”" }, { "status": "UNCHANGED", "current_title": "Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk.", "prior_title": "Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk.", "current_body": "Management of market, credit, liquidity, strategic, reputational, operational and compliance risk requires, among other things, policies and procedures to properly record and verify a large number of transactions and events. See “Part II—Item 7. MD&A—Risk Management” for further details. Our Framework is designed to identify, measure, assess, monitor, test, control, report, escalate, and mitigate the risks that we face. Even though we continue to devote significant resources to developing and operating our Framework, our risk management strategies may not be fully effective in identifying and mitigating our risk exposure in all market environments or against all types of risk, including risks that are unidentified or unanticipated. Some of our methods of managing these risks are based upon our use of observed historical market behavior, the use of analytical and/or forecasting models and management’s judgment. These methods may not accurately predict future exposures, which could be significantly greater than the historical measures or models indicate and market conditions, particularly during a period of financial market stress, can involve unprecedented dislocations. For example, credit risk is inherent in the financial services business and results from, among other things, extending credit to customers. Our ability to assess the creditworthiness of our customers may be impaired if the models and approaches we use to select, manage and underwrite our consumer and commercial customers become less predictive of future charge-offs due, for example, to rapid changes in the economy, or degradation in the predictive nature of credit bureau and other data used in underwriting. While we employ a broad and diversified set of risk monitoring and risk mitigation techniques, those techniques and the judgments that accompany their application cannot anticipate every economic and financial outcome or the timing of such outcomes. For example, our ability to implement our risk management strategies may be hindered by adverse changes in the volatility or liquidity conditions in certain markets and as a result, may limit our ability to distribute such risks (for instance, when we seek to syndicate exposure in bridge financing transactions we have underwritten). We may, therefore, incur losses in the course of our risk management or investing activities." }, { "status": "UNCHANGED", "current_title": "We may fail to realize the anticipated benefits of our mergers, acquisitions and strategic partnerships.", "prior_title": "We may fail to realize the anticipated benefits of our mergers, acquisitions and strategic partnerships.", "current_body": "We engage in merger and acquisition activity and enter into strategic partnerships from time to time. We continue to evaluate and anticipate engaging in, among other merger and acquisition activity, additional strategic partnerships and selected acquisitions of financial institutions and other businesses or assets, including credit card and other loan portfolios. We may not be able to identify and secure future acquisition targets on terms and conditions that are acceptable to us, or successfully complete and integrate the businesses within the anticipated time frame and achieve the anticipated benefits of proposed mergers, acquisitions and strategic partnerships, which could impair our growth. Any merger, acquisition or strategic partnership we undertake entails certain risks, which may materially and adversely affect our results of operations. If we experience greater than anticipated costs to integrate acquired businesses into our existing operations, or are not able to achieve the anticipated benefits of any merger, acquisition or strategic partnership, including cost savings and other synergies, our business could be negatively affected. In addition, it is possible that the ongoing integration processes could result in the loss of key employees, errors or delays in systems implementation, exposure to cybersecurity risks associated with acquired businesses, exposure to additional regulatory oversight, the disruption of our ongoing businesses or inconsistencies in standards, controls, procedures and policies that adversely affect our ability to maintain relationships with partners, clients, customers, depositors and employees or to achieve the anticipated benefits of any merger, acquisition or strategic partnership. Integration efforts also may divert management attention and resources. These integration matters may have an adverse effect on us during any transition period. See additional risk factors under the heading “Risks Relating to the Acquisition of Discover.” In addition, we may face the following risks in connection with any merger, acquisition or strategic partnership: •New Businesses and Geographic or Other Markets: Our merger, acquisition or strategic partnership activity may involve our entry into new businesses or new geographic areas or markets in the U.S. or internationally, that present risks resulting from our relative inexperience in these new businesses, localities or markets. These new businesses, localities or markets may change the overall character of our consolidated portfolio of businesses and alter our exposure to economic and other external factors. We also face the risk that we will not be successful in these new businesses, localities or markets. •Identification and Assessment of Merger and Acquisition Targets and Deployment of Acquired Assets: We may not be able to identify, acquire or partner with suitable targets. Further, our ability to achieve the anticipated benefits of any merger, acquisition or strategic partnership will depend on our ability to assess the asset quality, risks and value of the particular assets or institutions we partner with, merge with or acquire. We may be unable to profitably deploy any assets we acquire. •Accuracy of Assumptions: In connection with any merger, acquisition or strategic partnership, we may make certain assumptions relating to the proposed merger, acquisition or strategic partnership that may be, or may prove to be, inaccurate, including as a result of the failure to anticipate the costs, timeline or ability to realize the expected benefits of any merger, acquisition or strategic partnership. The inaccuracy of any assumptions we may make could result in unanticipated consequences that could have a material adverse effect on our results of operations or financial condition. •Target-specific Risk: Assets and companies that we acquire, or companies that we enter into strategic partnerships with, will have their own risks that are specific to a particular asset or company. These risks include, but are not limited to, particular or specific regulatory, accounting, operational, reputational and industry risks, any of which could have a material adverse effect on our results of operations or financial condition. For example, we may face challenges associated with integrating other companies due to differences in corporate culture, compliance systems or standards of 39Capital One Financial Corporation (COF) 39Capital One Financial Corporation (COF) 39Capital One Financial Corporation (COF) 39 Table of Contents Table of Contents conduct. Indemnification rights, if any, may be insufficient to compensate us for any losses or damages resulting from such risks. In addition to regulatory approvals discussed below, certain of our merger, acquisition or partnership activity may require third-party consents in order for us to fully realize the anticipated benefits of any such transaction. •Conditions to Regulatory Approval: We may be required to obtain various governmental and regulatory approvals to consummate certain acquisitions. We cannot be certain whether, when or on what terms and conditions, such approvals may be granted. Consequently, we may not obtain governmental or regulatory approval for a proposed acquisition on acceptable terms or at all, in which case we would not be able to complete the acquisition despite investing resources in pursuing it." }, { "status": "UNCHANGED", "current_title": "If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer.", "prior_title": "If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer.", "current_body": "Our industry is subject to rapid and significant technological changes and our ability to meet our customers’ needs and expectations is key to our ability to grow revenue and earnings. We expect digital technologies to continue to have a significant impact on banking over time. Consumers expect robust digital experiences from their financial services providers. The ability for customers to access their accounts and conduct financial transactions using digital technology, including mobile applications, is an important aspect of the financial services industry and financial institutions are rapidly introducing new digital and other technology-driven products and services that aim to offer a better customer experience and to reduce costs. We continue to invest in digital technology designed to attract new customers, facilitate the ability of existing customers to conduct financial transactions and enhance the customer experience related to our products and services. Our continued success depends, in part, upon our ability to assess and address the needs of our customers by using digital technology to provide products and services that meet their expectations. The development and launch of new digital products and services depends in large part on our ability to invest in and build the technology platforms that can enable them, in a cost effective and timely manner. We expect that new technologies in the payments industry will continue to emerge, and these new technologies may be superior to our existing technology. See “We face intense competition in all of our markets” and “We face risks related to our operational, technological and organizational infrastructure.” Some of our competitors are substantially larger than we are, which may allow those competitors to invest more money into their technology infrastructure and digital innovation than we do. In addition, smaller competitors may experience lower cost structures and different regulatory requirements and scrutiny than we do, which may allow them to innovate more rapidly than we can. See “We face intense competition in all of our markets.” Further, our success depends on our ability to attract and retain 38Capital One Financial Corporation (COF) 38Capital One Financial Corporation (COF) 38Capital One Financial Corporation (COF) 38 Table of Contents Table of Contents strong digital and technology leaders, engineers and other specialized personnel. The competition is intense and the compensation costs continue to increase for such talent. If we are unable to attract and retain digital and technology talent, our ability to offer digital products and services and build the necessary technology infrastructure could be negatively affected, which could negatively impact our business and financial results. A failure to maintain or enhance our competitive position with respect to digital products and services, whether because we fail to anticipate customer expectations or because our technological developments fail to perform as desired or are not implemented in a timely or successful manner, could negatively impact our business and financial results." }, { "status": "UNCHANGED", "current_title": "Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase our common stock.", "prior_title": "Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock.", "current_body": "We are a separate and distinct legal entity from our subsidiaries, including, without limitation, the Bank and our broker-dealer subsidiaries. Dividends to us from these direct and indirect subsidiaries have represented a major source of funds for us to pay dividends on our common and preferred stock, repurchase our common stock, make payments on corporate debt securities and meet other obligations. These capital distributions may be limited by law, regulation or supervisory policy. There are various federal law limitations on the extent to which the Bank can finance or otherwise supply funds to us through dividends and loans. These limitations include minimum regulatory capital and capital buffer requirements, federal banking law requirements concerning the payment of dividends out of net profits or surplus, and Sections 23A and 23B of the Federal Reserve Act and Regulation W governing transactions between an insured depository institution and its affiliates, as well as general federal regulatory oversight to prevent unsafe or unsound practices. Our broker-dealer subsidiaries are also subject to laws and regulations, including net capital requirements, that may limit their ability to pay dividends or make other distributions to us. If our subsidiaries’ earnings are not sufficient to make dividend payments to us while maintaining adequate capital levels, our liquidity may be affected and we may not be able to make dividend payments to our common or preferred stockholders, repurchase our common stock, make payments on outstanding corporate debt securities or meet other obligations, each and any of which could have a material adverse impact on our results of operations, our financial position or the perception of our financial health. The frequency and size of any future dividends to our stockholders and our stock repurchases will depend upon regulatory limitations imposed by our regulators and our results of operations, financial condition, capital levels, cash requirements, future prospects, regulatory review and other factors as further described in “Item 1. Business—Supervision and Regulation.”" }, { "status": "UNCHANGED", "current_title": "Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement.", "prior_title": "Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement.", "current_body": "Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry. Given the inherent uncertainties involved in litigation, government investigations and regulatory enforcement decisions, and the very large or indeterminate damages sought in some matters asserted against us, there can be significant uncertainty as to the ultimate liability we may incur from these kinds of matters. The finding, or even the assertion, of substantial legal liability against us could have a material adverse effect on our business and financial condition and could cause significant reputational harm to us, which could seriously harm our business. For example, the 2019 Cybersecurity Incident has resulted in litigation, consent orders, settlements, government investigations and other regulatory enforcement inquiries. In addition, financial institutions, such as ourselves, face significant regulatory scrutiny, which can lead to public enforcement actions or nonpublic supervisory actions. We and our subsidiaries are subject to comprehensive regulation and periodic examination by, among other regulatory bodies, the Federal Banking Agencies, SEC, CFTC and CFPB. We have been subject to enforcement actions by many of these and other regulators and may continue to be involved in such actions, including governmental inquiries, investigations and enforcement proceedings, including by the OCC, Department of Justice, the FinCEN and state Attorneys General. Over the last several years, federal and state regulators have focused on risk management, compliance with anti-money laundering (“AML”) and sanctions laws, privacy, data protection and data security, use of service providers, fair lending and other consumer protection issues and innovative activities, such as those that utilize new technology. In August 2020, we entered into consent orders with the Federal Reserve and the OCC resulting from regulatory reviews of the 2019 Cybersecurity Incident and relating to ongoing enhancements of our cybersecurity and operational risk management processes, and we paid a civil monetary penalty as part of the OCC agreement. The OCC and the Federal Reserve have since terminated their consent orders. In January 2021, we also paid a civil monetary penalty assessed by FinCEN against the Bank in connection with AML 35Capital One Financial Corporation (COF) 35Capital One Financial Corporation (COF) 35Capital One Financial Corporation (COF) 35 Table of Contents Table of Contents violations alleged to have occurred between 2008 and 2014. Regulatory scrutiny is expected to continue in these areas, including as a result of implementation of the AML Act of 2020. We expect that regulators and governmental enforcement bodies will continue taking public enforcement actions against financial institutions in addition to addressing supervisory concerns through nonpublic supervisory actions or findings, which could involve restrictions on our activities, or our ability to make acquisitions or otherwise expand our business, among other limitations that could adversely affect our business. In addition, a violation of law or regulation by another financial institution is likely to give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Furthermore, a single event may give rise to numerous and overlapping investigations and proceedings. These and other initiatives from governmental authorities and officials may subject us to further judgments, settlements, fines or penalties, or cause us to restructure our operations and activities or to cease offering certain products or services, all of which could harm our reputation or lead to higher operational costs. Litigation, government investigations and other regulatory actions could generally subject us to significant fines, increased expenses, restrictions on our activities and damage to our reputation and our brand, and could adversely affect our business, financial condition and results of operations. For additional information regarding legal and regulatory proceedings to which we are subject, see “Part II—Item 8. Financial Statements and Supplementary Data—Note 18—Commitments, Contingencies, Guarantees and Others.”" }, { "status": "UNCHANGED", "current_title": "We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operations.", "prior_title": "We face intense competition in all of our markets.", "current_body": "We operate in a highly competitive environment across all of our lines of business, whether in making loans, attracting deposits or in the global payments industry, and we expect competitive conditions to continue to intensify with respect to most of our products particularly in our credit card and consumer banking businesses. We compete on the basis of the rates we pay on deposits and the rates and other terms we charge on the loans we originate or purchase, as well as the quality and range of our customer service, products, innovation and experience. This competitive environment is primarily a result of changes in technology, product delivery systems and regulation, as well as the emergence of new or significantly larger financial services providers, all of which may affect our customers’ expectations and demands. In addition to offering competitive products and services, we invest in and conduct marketing campaigns to attract and inform customers. If our marketing campaigns are unsuccessful, it may adversely impact our ability to attract new customers and grow market share. Some of our competitors, including new and emerging competitors in the digital and mobile payments space and other financial technology providers, are not subject to the same regulatory requirements or scrutiny to which we are subject, which also could place us at a competitive disadvantage, in particular in the development of new technology platforms or the ability to rapidly innovate. We compete with many forms of payments offered by both bank and non-bank providers, including a variety of new and evolving alternative payment mechanisms, systems and products, such as aggregators and web-based and wireless payment platforms or technologies, digital or cryptocurrencies, prepaid systems and payment services targeting users of social networks, communications platforms and online gaming. If we are unable to continue to keep pace with innovation, do not effectively market our products and services or are prohibited from or unwilling to enter emerging areas of competition, our business and results of operations could be adversely affected. In addition, government actions or initiatives may also provide competitors with increased opportunities to derive competitive advantages and may create new competitors. For example, the CFPB has proposed a rule that would require certain financial institutions, including the Company, to share certain financial information with third parties upon a customer’s request, which could enable those third parties to offer competing financial services to consumers. Some of our competitors are substantially larger than we are, which may give those competitors advantages, including a more diversified product and customer base, the ability to reach more customers and potential customers, operational efficiencies, broad-based local distribution capabilities, lower-cost funding and larger existing branch networks. Many of our competitors are also focusing on cross-selling their products and developing new products or technologies, which could affect our ability to maintain or grow existing customer relationships or require us to offer lower interest rates or fees on our lending products or higher interest rates on deposits. Competition for loans could result in origination of fewer loans, earning less on our loans or an increase in loans that perform below expectations. We operate as an online direct bank in the United States. While direct banking provides a significant opportunity to attract new customers that value greater and more flexible access to banking services at reduced costs, we face strong and increasing competition in the direct banking market. Aggressive pricing throughout the industry may adversely affect the retention of existing balances and the cost-efficient acquisition of new deposit funds and may affect our growth and profitability. Customers 36Capital One Financial Corporation (COF) 36Capital One Financial Corporation (COF) 36Capital One Financial Corporation (COF) 36 Table of Contents Table of Contents could also close their online accounts or reduce balances or deposits in favor of products and services offered by competitors for other reasons. These shifts, which could be rapid, could result from general dissatisfaction with our products or services, including concerns over pricing, online security or our reputation. The potential consequences of this competitive environment are exacerbated by the flexibility of direct banking and the financial and technological sophistication of our online customer base. In our credit card business, competition for rewards customers may result in higher rewards expenses, or we may fail to attract new customers or retain existing rewards customers due to increasing competition for these consumers. As of December 31, 2023, we have a number of large partnerships in our credit card loan portfolio. The market for key business partners, especially in the credit card business, is very competitive, and we may not be able to grow or maintain these partner relationships or assure that these relationships will be profitable or valued by our customers. Additionally, partners themselves may face changes in their business, including market factors and ownership changes, that could impact the partnership. We face the risk that we could lose partner relationships, even after we have invested significant resources into acquiring and developing the relationships. The loss of any key business partner could have a negative impact on our results of operations, including lower returns, excess operating expense and excess funding capacity. We depend on our partners to effectively promote our co-brand and private label products and integrate the use of our credit cards into their retail operations. The failure by our partners to effectively promote and support our products as well as changes they may make in their business models could adversely affect card usage and our ability to achieve the growth and profitability objectives of our partnerships. In addition, if our partners do not adhere to the terms of our program agreements and standards, or otherwise diminish the value of our brand, we may suffer reputational damage and customers may be less likely to use our products. Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have, may offer richer value propositions or a wider range of programs and services than we offer, or may use more effective advertising, marketing or cross-selling strategies to acquire and retain more customers, capture a greater share of spending and borrowings, attain and develop more attractive co-brand card programs and maintain greater merchant acceptance than we have. We may not be able to compete effectively against these threats or respond or adapt to changes in consumer spending habits as effectively as our competitors. In such a competitive environment, we may lose entire accounts or may lose account balances to competing firms, or we may find it more costly to maintain our existing customer base. Customer attrition from any or all of our lending products, together with any lowering of interest rates or fees that we might implement to retain customers, could reduce our revenues and therefore our earnings. Similarly, unexpected customer attrition from our deposit products, in addition to an increase in rates or services that we may offer to retain deposits, may increase our expenses and therefore reduce our earnings." }, { "status": "UNCHANGED", "current_title": "We may not be able to maintain adequate capital or liquidity levels or may become subject to revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders.", "prior_title": "We may not be able to maintain adequate capital or liquidity levels or may become subject to revised capital or liquidity requirements, which could have a negative impact on our financial results and our ability to return capital to our stockholders.", "current_body": "Financial institutions are subject to extensive and complex capital and liquidity requirements, which are subject to change. These requirements affect our ability to lend, grow deposit balances, make acquisitions and distribute capital. Failure to maintain adequate capital or liquidity levels, whether due to adverse developments in our business or the economy or to changes in the applicable requirements, could subject us to a variety of restrictions and/or remedial actions imposed by our regulators. These include limitations on the ability to pay dividends or repurchase shares and the issuance of a capital directive to increase capital. Such limitations or capital directive could have a material adverse effect on our business and results of operations. For example, changes to applicable capital, liquidity, or other regulations, such as the changes proposed in the Basel III Finalization Proposal and the LTD Proposal, could result in increased regulatory capital requirements, operating expenses or cost of funding, which could negatively affect our financial results or our ability to distribute capital. We consider various factors in the management of capital, including the impact of both internal and supervisory stress scenarios on our capital levels as determined by our internal modeling and the Federal Reserve’s estimation of losses in supervisory stress scenarios that are used to annually set our stress capital buffer requirement. There can be significant differences between our modeling and the Federal Reserve’s projections for a given supervisory stress scenario and between the capital needs suggested by our internal stress scenarios and the supervisory scenarios. Therefore, although our estimated capital levels under stress disclosed as part of the stress testing processes may suggest that we have a particular capacity to return capital to stockholders 28Capital One Financial Corporation (COF) 28Capital One Financial Corporation (COF) 28Capital One Financial Corporation (COF) 28 Table of Contents Table of Contents and remain well capitalized under stress, the Federal Reserve’s modeling, our internal modeling of another scenario or other factors related to our capital management process may reflect a lower capacity to return capital to stockholders than that indicated by the projections released in the stress testing processes. This in turn, could lead to restrictions on our ability to pay dividends and engage in repurchases of our common stock. See “Item 1. Business—Supervision and Regulation” for additional information. We also consider various factors in the management of liquidity, including maintaining sufficient liquid assets to meet the requirements of several internal and regulatory stress tests. There can be significant differences in estimated liquidity needs between internal and regulatory stress testing, and liquidity resources required to meet regulatory requirements, such as applicable LCR and NSFR requirements, may exceed what would otherwise be required to satisfy internal liquidity metrics and stress testing. Regulatory liquidity stress testing and regulatory liquidity requirements may, therefore, require us to take actions to increase our liquid assets or alter our activities or funding sources, which could negatively affect our financial results or our ability to return capital to our stockholders. See “Item 1. Business—Supervision and Regulation” for additional information." }, { "status": "UNCHANGED", "current_title": "If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected.", "prior_title": "If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected.", "current_body": "We rely on a variety of measures to protect and enhance our intellectual property, including copyrights, trademarks, trade secrets, patents and certain restrictions on disclosure, solicitation and competition. We also undertake other measures to control access to and distribution of our other proprietary and confidential information. These measures may not prevent 40Capital One Financial Corporation (COF) 40Capital One Financial Corporation (COF) 40Capital One Financial Corporation (COF) 40 Table of Contents Table of Contents misappropriation of our proprietary or confidential information or infringement, misappropriation or other violations of our intellectual property rights and a resulting loss of competitive advantage. In addition, our competitors or other third parties may obtain patents for innovations that are used in our industry or allege that our systems, processes or technologies infringe, misappropriate or violate their intellectual property rights. Given the complex, rapidly changing and competitive technological and business environments in which we operate, if our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation against us, we could lose significant revenues, incur significant license, royalty, technology development or other expenses, or pay significant damages." }, { "status": "UNCHANGED", "current_title": "Our business could be negatively affected if we are unable to attract, develop, retain and motivate key senior leaders and skilled employees.", "prior_title": "Our business could be negatively affected if we are unable to attract, retain and motivate key senior leaders and skilled employees.", "current_body": "Our success depends, in large part, on our ability to retain key senior leaders and to attract, develop and retain skilled employees, particularly employees with advanced expertise in credit, risk, digital and technology skills. We depend on our senior leaders and skilled employees to oversee simultaneous, transformative initiatives across the enterprise and execute on our business plans in an efficient and effective manner. Competition for such senior leaders and employees, and the costs associated with attracting, developing and retaining them, is high and competitive. While we engage in robust succession planning, our key senior leaders have deep and broad industry experience and could be difficult to replace without some degree of disruption. Our ability to attract, develop and retain qualified employees also is affected by perceptions of our culture and management, including our position on remote and hybrid work arrangements, our profile in the regions where we have offices and the professional opportunities we offer. In addition, an increase in remote working arrangements by other companies may create more job opportunities for employees and make it more difficult for us to attract and retain key talent. Regulation or regulatory guidance restricting executive compensation, as well as evolving investor expectations, may limit the types of compensation arrangements that we may enter into with our most senior leaders and could have a negative impact on our ability to attract, retain and motivate such leaders in support of our long-term strategy. These laws and regulations may not apply in the same manner to all financial institutions and technology companies, which therefore may subject us to more restrictions than other institutions and companies with which we compete for talent and may also hinder our ability to compete for talent with other industries. We rely upon our senior leaders not only for business success, but also to lead with integrity. To the extent our senior leaders behave in a manner that does not comport with our values, the consequences to our brand and reputation could be severe and could adversely affect our financial condition and results of operations. If we are unable to attract, develop and retain talented senior leadership and employees, or to implement appropriate succession plans for our senior leadership, our business could be negatively affected. 41Capital One Financial Corporation (COF) 41Capital One Financial Corporation (COF) 41Capital One Financial Corporation (COF) 41 Table of Contents Table of Contents" }, { "status": "UNCHANGED", "current_title": "We may experience increases or fluctuations in delinquencies and credit losses, or we may incorrectly estimate expected losses, which could result in inadequate reserves.", "prior_title": "We may experience increases or fluctuations in delinquencies and credit losses, inaccurate estimates and inadequate reserves.", "current_body": "Like other lenders, we face the risk that our customers will not repay their loans. A customer’s ability and willingness to repay us can be adversely affected by decreases in the income of the borrower or increases in their payment obligations to other lenders, whether as a result of a job loss, higher debt levels or rising cost of servicing debt, inflation outpacing wage growth, or by restricted availability of credit generally. We may fail to quickly identify and reduce our exposure to customers that are likely to default on their payment obligations, whether by closing credit lines or restricting authorizations. Our ability to manage credit risk also is affected by legal or regulatory changes (such as restrictions on collections, bankruptcy laws, minimum payment regulations and re-age guidance), competitors’ actions and consumer behavior, and depends on the effectiveness of our collections staff, techniques and models. Rising credit losses or leading indicators of rising credit losses (such as higher delinquencies, higher rates of nonperforming loans, higher bankruptcy rates, lower collateral values, elevated unemployment rates or changing market terms) may require us to increase our allowance for credit losses, which would decrease our profitability if we are unable to raise revenue or reduce costs to compensate for higher credit losses, whether actual or expected. In particular, we face the following risks in this area: •Missed Payments: Our customers may fail to make required payments on time and may default or become delinquent. Loan charge-offs (including from bankruptcies) are generally preceded by missed payments or other indications of worsening financial conditions for our customers. Historically, customers are more likely to miss payments during an economic downturn, recession, periods of high unemployment, or prolonged periods of slow economic growth. Customers might also be more likely to miss payments if the payment burdens on their existing debt grow due to rising interest rates, or if inflation outpaces wage growth. Additionally, the CFPB has, among other things, proposed changes to lower the safe harbor amount for past due fees that a credit card issuer can charge on consumer credit card accounts, which could result in changes in consumer repayment patterns. •Incorrect Estimates of Expected Credit Losses: The credit quality of our loan portfolios can have a significant impact on our earnings. We allow for and reserve against credit risks based on our assessment of expected credit losses in our loan portfolios. This process, which is critical to our financial condition and results of operations, requires complex judgments, including forecasts of economic conditions. We may underestimate our expected credit losses and fail to hold an allowance for credit losses sufficient to account for these credit losses. Incorrect assumptions could lead to material underestimations of expected credit losses and an inadequate allowance for credit losses. See “We face risks resulting from the extensive use of models, AI, and data.” •Inaccurate Underwriting: Our ability to accurately assess the creditworthiness of our customers may diminish, which could result in an increase in our credit losses and a deterioration of our returns. See “Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk.” •Business Mix: We engage in a diverse mix of businesses with a broad range of potential credit exposure. Because we originate a relatively greater proportion of consumer loans in our loan portfolio compared to other large bank peers and originate both prime and subprime credit card accounts and auto loans, we may experience higher delinquencies and a greater number of accounts charging off, as well as greater fluctuations in those metrics, compared to other large bank peers, which could result in increased credit losses, operating costs and regulatory scrutiny. Additionally, a change in this business mix over time to include proportionally more consumer loans or subprime credit card accounts or auto loans could adversely affect the credit quality of our loan portfolios. 27Capital One Financial Corporation (COF) 27Capital One Financial Corporation (COF) 27Capital One Financial Corporation (COF) 27 Table of Contents Table of Contents •Increasing Charge-off Recognition/Allowance for Credit Losses: We account for the allowance for credit losses according to accounting and regulatory guidelines and rules, including Financial Accounting Standards Board (“FASB”) standards and the Federal Financial Institutions Examination Council (“FFIEC”) Account Management Guidance. We measure our allowance for credit losses under the CECL standard, which is based on management’s best estimate of expected lifetime credit losses. The impact of measuring our allowance for credit losses on our results will depend on the characteristics of our financial instruments, economic conditions, and our economic and loss forecasts. The application of the CECL standard may require us to increase reserves faster and to a higher level in an economic downturn, resulting in greater adverse impact to our results and our capital ratios than we would have experienced in similar circumstances prior to the adoption of CECL. Due to our business mix and the impact of credit losses on our income statement as compared to many of our large bank peers, we could be disproportionately affected by use of the CECL standard. •Insufficient Asset Values: The collateral we have on secured loans could be insufficient to compensate us for credit losses. When customers default on their secured loans, we attempt to recover collateral where permissible and appropriate. However, the value of the collateral may not be sufficient to compensate us for the amount of the unpaid loan, and we may be unsuccessful in recovering the remaining balance from our customers. Decreases in real estate and other asset values adversely affect the collateral value for our commercial lending activities, while the auto business is similarly exposed to collateral risks arising from the auction markets that determine used car prices. Borrowers may be less likely to continue making payments on loans if the value of the property used as collateral for the loan is less than what the borrower owes, even if the borrower is still financially able to make the payments. In that circumstance, the recovery of such property could be insufficient to compensate us for the value of these loans upon a default. In our auto business, business and economic conditions that negatively affect household incomes and savings, housing prices and consumer behavior, as well as technological advances that make older cars obsolete faster, could decrease (i) the demand for new and/or used vehicles and (ii) the value of the collateral underlying our portfolio of auto loans, which could cause the number of consumers who become delinquent or default on their loans to increase. •Geographic and Industry Concentration: Although our consumer lending is geographically diversified, approximately 40.5% of our commercial real estate loan portfolio is concentrated in the Northeast region. The regional economic conditions in the Northeast affect the demand for our commercial products and services as well as the ability of our customers to repay their commercial real estate loans and the value of the collateral securing these loans. An economic downturn or prolonged period of slow economic growth in, or a catastrophic event or natural disaster that disproportionately affects the Northeast region could have a material adverse effect on the performance of our commercial real estate loan portfolio and our results of operations. In addition, our Commercial Banking strategy includes an industry-specific focus. If any of the industries that we focus on experience changes, we may experience increased credit losses and our results of operations could be adversely impacted." }, { "status": "UNCHANGED", "current_title": "A cyber-attack or other security incident on us or third parties (including their supply chains) with which we conduct business, including an incident that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions.", "prior_title": "A cyber-attack or other security incident, including one that results in the theft, loss, manipulation or misuse of information (including personal information), or the disabling of systems and access to information critical to business operations, may result in increased costs, reductions in revenue, reputational damage, legal exposure and business disruptions.", "current_body": "Our ability to provide our products and services and communicate with our customers, depends upon the management and safeguarding of information systems and infrastructure, networks, software, data, technology, methodologies and business secrets, including those of our service providers. Our products and services involve the collection, authentication, management, usage, storage, transmission and destruction of sensitive and confidential information, including personal information, regarding our customers and their accounts, our employees, our partners and other third parties with which we do business. We also have arrangements in place with third-party business partners through which we share and receive information about their customers who are or may become our customers. The financial services industry, including Capital One, is particularly at risk because of the increased use of and reliance on digital banking products and other digital services, including mobile banking products, such as mobile payments, and other internet- and cloud-based products and applications, and the development of additional remote connectivity solutions, which increase cybersecurity risks and exposure. In addition, global events and geopolitical instability (including, without limitation, the war between Israel and Hamas, the war between Ukraine and Russia and the related sanctions imposed by the U.S. and other countries, and increased geopolitical tensions between the U.S. and China) may lead to increased nation state targeting of financial institutions in the U.S. and abroad. Technologies, systems, networks and other devices of Capital One, as well as those of our employees, service providers, partners and other third parties with whom we interact, have been and may continue to be the subject of cyber-attacks and other security incidents, including computer viruses, hacking, malware, ransomware, supply chain attacks, vulnerabilities, credential stuffing, account takeovers, insider threats, business email compromise scams or phishing or other forms of social engineering. Such cyber-attacks and other security incidents are designed to lead to various harmful outcomes, such as unauthorized transactions in Capital One accounts, unauthorized or unintended access to or release, gathering, monitoring, disclosure, loss, destruction, corruption, disablement, encryption, misuse, modification or other processing of confidential or sensitive information (including personal information), intellectual property, software, methodologies or business secrets, disruption, sabotage or degradation of service, systems or networks, an attempt to extort Capital One, its third-party service providers or its business partners or other damage. Cyber-attacks and other security incidents that occur in the supply chain of third parties with which we interact could also negatively impact Capital One. These threats may derive from, among other things, error, fraud or malice on the part of our employees, insiders, or third parties or may result from accidental technological failure or design flaws. Any of these parties may also attempt to fraudulently induce employees, service providers, customers, partners or other third-party users of our systems or networks to disclose confidential or sensitive information (including personal information) in order to gain access to our systems, networks or data or that of our customers, partners, or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment. For instance, any party that obtains our confidential or sensitive information (including personal information) through a cyber-attack or other security incident may use this information for ransom, to be paid by us or a third party, as part of a fraudulent activity that is part of a broader criminal activity, or for other illicit purposes. Additionally, the failure of our employees, third-party service providers or business partners, or their respective supply chains, to exercise sound judgment and vigilance when targeted with social engineering or other cyber-attacks may increase our vulnerability. For example, on July 29, 2019, we announced that on March 22 and 23, 2019 an outside individual gained unauthorized access to our systems (the “2019 Cybersecurity Incident”). This individual obtained certain types of personal information relating to people who had applied for our credit card products and to our credit card customers. While the 2019 Cybersecurity Incident has been remediated, it resulted in fines, litigation, consent orders, settlements, government investigations and other regulatory enforcement inquiries. Cyber and information security risks for large financial institutions like us continue to increase due to the proliferation of new technologies, the industry-wide shift to reliance upon the internet to conduct financial transactions, the increased sophistication and activities of malicious actors, organized crime, perpetrators of fraud, hackers, terrorists, activists, extremist parties, formal and informal instrumentalities of foreign governments, state-sponsored or nation-state actors and other external parties and the growing use of AI by threat actors. In addition, our customers access our products and services using personal devices that are necessarily external to our security control systems. There has also been a significant proliferation of 31Capital One Financial Corporation (COF) 31Capital One Financial Corporation (COF) 31Capital One Financial Corporation (COF) 31 Table of Contents Table of Contents consumer information available on the internet resulting from breaches of third-party entities, including personal information, log-in credentials and authentication data. These third-party breach events could create a threat for our customers if their Capital One log-in credentials are the same as or similar to the credentials that have been compromised on other internet sites. This threat could include the risk of unauthorized account access, data loss and fraud. The use of AI, “bots” or other automation software can increase the velocity and efficacy of these types of attacks. As our employees are operating under our hybrid work model, our remote interaction with employees, service providers, partners and other third parties on systems, networks and environments over which we have less control (such as through employees’ personal devices) increases our cybersecurity risk exposure. We will likely face an increasing number of attempted cyber-attacks as we expand our mobile and other internet-based products and services, as well as our usage of mobile and cloud technologies and as we provide more of these services to a greater number of retail banking customers. The methods and techniques employed by malicious actors develop and evolve rapidly, including from emerging technologies, such as advanced forms of AI and quantum computing, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and persist for an extended period of time before being detected and remediated. For example, although we immediately fixed the configuration vulnerability that was exploited in the 2019 Cybersecurity Incident once we discovered the unauthorized access, a period of time elapsed between the occurrence of the unauthorized access and the time when we discovered it. In other circumstances, we and our service providers and other third parties with which we interact may be unable to anticipate or identify certain attack methods or techniques in order to implement effective preventative or detective measures or mitigate or remediate the damages caused in a timely manner. We may also be unable to hire, develop and retain talent that keeps pace with the rapidly changing cyber threat landscape, and which are capable of preventing, detecting, mitigating or remediating these risks. Although we seek to maintain a robust suite of authentication and layered information security controls, any one or combination of these controls could fail to prevent, detect, mitigate, remediate or recover from these risks in a timely manner. An actual, suspected, threatened or alleged disruption or breach, including as a result of a cyber-attack such as the 2019 Cybersecurity Incident, or media (including social media) reports of alleged or perceived security vulnerabilities or incidents at Capital One or at our service providers, could result in significant legal and financial exposure, regulatory intervention, litigation, enforcement actions, remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. Moreover, new regulations may require us to publicly disclose certain information about certain cybersecurity incidents before they have been resolved or fully investigated. There can be no assurance that unauthorized access or cyber incidents similar to the 2019 Cybersecurity Incident will not occur or that we will not suffer material losses in the future. If future attacks are successful or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services. In addition, a breach or attack affecting one of our service providers or other third parties with which we interact could harm our business even if we do not control the service that is attacked. Further, our ability to monitor our service providers’ and other business partners’ cybersecurity practices is inherently limited. Although the agreements that we have in place with our service providers (and other business partners) generally include requirements relating to privacy, data protection and data security, we cannot guarantee that such agreements will prevent a cyber incident impacting our systems or information or enable us to obtain adequate or any reimbursement from our service providers or other business partners in the event we should suffer any such incidents. However, due to applicable laws and regulations or contractual obligations, we may be held responsible for cyber incidents attributed to our service providers and other business partners as they relate to the information we share with them. In addition, we continue to incur increased costs with respect to preventing, detecting, investigating, mitigating, remediating, and recovering from cybersecurity risks, as well as any related attempted fraud. In order to address ongoing and future risks, we must expend significant resources to support protective security measures, investigate and remediate any vulnerabilities of our information systems and infrastructure and invest in new technology designed to mitigate security risks. Further, high profile cyber incidents at Capital One or other large financial institutions could undermine our competitive advantage and divert management attention and resources, lead to a general loss of customer confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the global financial system in general, which could result in reduced use of our financial products. We have insurance against some cyber risks and attacks; nonetheless, our insurance coverage may not be sufficient to offset the impact of a material loss event (including if our insurer denies coverage as to any particular claim in the future), and such insurance may increase in cost or cease to be available on commercially reasonable terms, or at all, in the future. 32Capital One Financial Corporation (COF) 32Capital One Financial Corporation (COF) 32Capital One Financial Corporation (COF) 32 Table of Contents Table of Contents" } ] }