Capital One Financial Corporation: 10-K Risk Factor Changes

Changes or instability in the macroeconomic environment may impact payment patterns, consumer spending, and credit losses. Because we offer a broad array of financial products and services to consumers, small businesses and commercial clients, our financial results are impacted by the level of consumer and business activity and the demand for our products and services. A prolonged period of economic weakness, volatility, slow growth, or a significant deterioration in economic conditions, in the countries in which we operate, could have a material adverse effect on our financial condition and results of operations as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the factors that could disrupt capital markets, reduce consumer and business activity, and weaken the labor market include the following: •Monetary policy actions, such as changes to interest rates, taken by the Federal Reserve and other central banks, such as the central banks in the United Kingdom and Canada, and a growing fiscal deficit and increase in the U.S. debt to gross domestic product ratio; •Fiscal policy actions, such as changes to applicable tax codes; •Geopolitical conflicts or instabilities, such as the war between Ukraine and Russia and the conflict in the Middle East, and increased geopolitical tensions between the U.S. and China; •Trade wars, tariffs, labor shortages and disruptions of global supply chains; •The effects of stalemates in the U.S. government, including government shutdowns whether recurring, prolonged or otherwise, developments related to the U.S. federal debt ceiling, default by the U.S. government on its debt obligations, or related credit-rating downgrades; •Inflation and deflation, including the effects of related governmental responses; •Concerns over a potential recession, which may lead to adjustments in spending patterns; •Technology-driven disruption of certain industries, such as those due to advances in AI, robotics and cryptocurrency; •Lower demand for credit and shifts in consumer behavior, including shifts away from using credit cards, changes in deposit practices, and changes in payment patterns; and •Changes in usage of commercial real estate, which may have a sustained negative impact on utilization rates and values. Decreases in overall business activity and changes in customer behavior may lead to increases in our charge-off rate caused by bankruptcies and may reduce our ability to recover debt that we have previously charged-off. Such changes may also decrease the reliability of our internal processes and models, including those we use to estimate our allowance for credit losses, 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26 Table of Contents Table of Contents particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models and data, as well as our evolving use of AI.”

Changes and instability in the macroeconomic environment may lead to changes in payment patterns, increases or fluctuations in delinquencies and default rates and decrease consumer spending. Because we offer a broad array of financial products and services to consumers, small businesses and commercial clients, our financial results are impacted by the level of consumer and business activity and the demand for our products and services. A prolonged period of economic weakness, volatility, slow growth, or a significant deterioration in economic conditions, in the U.S., Canada or the U.K., could have a material adverse effect on our financial condition and results of operations as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the factors that could disrupt capital markets, reduce consumer and business activity, and weaken the labor market include the following: •Monetary policy actions, such as changes to interest rates, taken by the Federal Reserve and other central banks, such as the central banks in the United Kingdom and Canada; •Geopolitical conflicts or instabilities, such as the war between Ukraine and Russia and the war between Israel and Hamas, and increased geopolitical tensions between the U.S. and China; 25Capital One Financial Corporation (COF) 25Capital One Financial Corporation (COF) 25Capital One Financial Corporation (COF) 25 Table of Contents Table of Contents •Trade wars, tariffs, labor shortages and disruptions of global supply chains; •The effects of divided government in the U.S., including government shutdowns whether recurring, prolonged or otherwise, and developments related to the U.S. federal debt ceiling; •Inflation and deflation, including the effects of related governmental responses; •Concerns over a potential recession, which may lead to adjustments in spending patterns; •Lower demand for credit and shifts in consumer behavior, including shifts away from using credit cards, changes in deposit practices, and changes in and payment patterns; and •Ongoing changes in usage of commercial real estate, which may have a sustained negative impact on utilization rates and values. Decreases in overall business activity and changes in customer behavior may lead to increases in our charge-off rate caused by bankruptcies and may reduce our ability to recover debt that we have previously charged-off. Such changes may also decrease the reliability of our internal processes and models, including those we use to estimate our allowance for credit losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models, AI, and data.”

We are subject to a variety of continuously evolving and developing laws and regulations in the United States at the federal, state and local level regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information. For further discussion of applicable privacy, data protection and data security laws and regulations, see “Item 1. Business—Supervision and Regulation” under the headings “Privacy, Data Protection and Data Security” and “Regulation by Authorities Outside the United States.” These laws and regulations, and similar laws and regulations in other jurisdictions, impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information, which may have adverse consequences, including significant compliance costs and severe monetary penalties for non-compliance. Significant uncertainty exists as privacy, data protection, and data security laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. Further, we make public statements about our use, collection, disclosure and other processing of personal information through our privacy policies, information provided on our website and press statements. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our 36Capital One Financial Corporation (COF) 36Capital One Financial Corporation (COF) 36Capital One Financial Corporation (COF) 36 Table of Contents Table of Contents privacy policies and other statements that provide promises and assurances about privacy, data protection and data security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. We have been subject to these types of claims in the past, and there can be no assurance that we will not be subject to these types of claims in the future. Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to individuals, including our customers, about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by individuals, to protect personal information from unauthorized disclosure, or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control. Our efforts to comply with GLBA, FCRA, CCPA, PIPEDA and provincial privacy laws, EU GDPR, U.K. GDPR and other privacy, data protection and data security laws and regulations, as well as our posted privacy policies, and related contractual obligations to third parties, entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy, data protection and data security violations continue to increase. The enactment of more restrictive laws or regulations, or future enforcement actions, litigation or investigations, could impact us through increased costs or restrictions on our business, and any noncompliance or perceived noncompliance could result in monetary or other penalties, harm to our reputation, distraction to our management and technical personnel and significant legal liability.

We are subject to a variety of continuously evolving and developing laws and regulations in the United States at the federal, state and local level regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information. For example, at the federal level, we are subject to the GLBA and the FCRA, among other laws and regulations. Moreover, legislative changes have been proposed in the U.S. Congress for more comprehensive privacy, data protection and data security legislation, to which we may be subject if passed. The enactment of CIRCIA, once rulemaking is complete, will require, among other things, certain companies to report significant cyber incidents to the CISA within 72 hours from the time the company reasonably believes the incident occurred. At the state level, California has enacted the CPRA, and various other states also have enacted or are in the process of enacting state-level privacy, data protection and/or data security laws and regulations, with which we may be required to comply. Additionally, the Federal Banking Agencies, as well as the SEC and related self‐regulatory organizations, regularly issue guidance regarding cybersecurity that is intended to enhance cyber risk management among financial institutions. We also are, or may become, subject to continuously evolving and developing laws and regulations in other jurisdictions regarding privacy, data protection and data security. For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”) and may become subject to additional privacy, data protection and data security laws and regulations in Canada, including those which may differ from PIPEDA, if passed. In addition, subject to 34Capital One Financial Corporation (COF) 34Capital One Financial Corporation (COF) 34Capital One Financial Corporation (COF) 34 Table of Contents Table of Contents limited exceptions, the EU General Data Protection Regulation (“EU GDPR”) applies EU data protection laws to certain companies processing personal data of individuals in the EU, regardless of the company’s location. We also are subject to the U.K. General Data Protection Regulation (“U.K. GDPR”), which is how the EU GDPR has been implemented into U.K. law. These laws and regulations, and similar laws and regulations in other jurisdictions, impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer, security and other processing of personal information, which may have adverse consequences, including significant compliance costs and severe monetary penalties for non-compliance. Significant uncertainty exists as privacy, data protection, and data security laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. Further, we make public statements about our use, collection, disclosure and other processing of personal information through our privacy policies, information provided on our website and press statements. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. The publication of our privacy policies and other statements that provide promises and assurances about privacy, data protection and data security can subject us to potential government or legal action if they are found to be deceptive, unfair or misrepresentative of our actual practices. Additional risks could arise in connection with any failure or perceived failure by us, our service providers or other third parties with which we do business to provide adequate disclosure or transparency to individuals, including our customers, about the personal information collected from them and its use, to receive, document or honor the privacy preferences expressed by individuals, to protect personal information from unauthorized disclosure, or to maintain proper training on privacy practices for all employees or third parties who have access to personal information in our possession or control. Our efforts to comply with GLBA, FCRA, CPRA, PIPEDA, EU GDPR, U.K. GDPR and other privacy, data protection and data security laws and regulations, as well as our posted privacy policies, and related contractual obligations to third parties, entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy, data protection and data security violations continue to increase. The enactment of more restrictive laws or regulations, or future enforcement actions, litigation or investigations, could impact us through increased costs or restrictions on our business, and any noncompliance or perceived noncompliance could result in monetary or other penalties, harm to our reputation, distraction to our management and technical personnel and significant legal liability.

Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry. Given the inherent uncertainties involved in litigation, government investigations and regulatory enforcement decisions, and the very large or indeterminate damages sought in some matters asserted against us, there can be significant uncertainty as to the ultimate liability we may incur from these kinds of matters. The finding, or even the assertion, of substantial legal liability against us could have a material adverse effect on our business and financial condition and could cause significant reputational harm to us, which could seriously harm our business. For example, the 2019 Cybersecurity Incident has resulted in litigation, consent orders, settlements, government investigations and other regulatory enforcement inquiries. In addition, financial institutions, such as ourselves, face significant regulatory scrutiny, which can lead to public enforcement actions or nonpublic supervisory actions. We and our subsidiaries are subject to comprehensive regulation and periodic examination by, among other regulatory bodies, the Federal Banking Agencies, SEC, CFTC and CFPB. We have been subject to enforcement actions by many of these and other regulators and may continue to be involved in such actions, including governmental inquiries, investigations and enforcement proceedings, including by the OCC, CFPB, Department of Justice, FinCEN and state Attorneys General. For example, on January 14, 2025, the CFPB brought an action in the United States District Court for the Eastern District of Virginia making claims similar to the ongoing previously disclosed savings account litigation. Over the last several years, federal and state regulators have focused on risk management, compliance with anti-money laundering (“AML”) and sanctions laws, privacy, data protection and data security, use of service providers, fair lending, unfair or deceptive practices, and other consumer protection issues and innovative activities, such as those that utilize AI and other new technology. Regulators have indicated the potential for escalating consequences for banks that do not timely resolve open issues or have repeat issues. Regulatory scrutiny is expected to continue in these areas, including as a result of implementation of the AML Act of 2020. We expect that regulators and governmental enforcement bodies will continue taking public enforcement actions against financial institutions in addition to addressing supervisory concerns through nonpublic supervisory actions or findings, which could involve restrictions on our activities, or our ability to make acquisitions or otherwise expand our business, among other limitations that could adversely affect our business. In addition, a violation of law or regulation by another financial institution is likely to give rise to supervisory review or an investigation by regulators and other governmental agencies of the same or similar practices by us. Furthermore, a single event may give rise to numerous and overlapping investigations and proceedings. These and other initiatives from governmental authorities and officials may subject us to further customer remuneration, judgments, settlements, fines or penalties, or cause us to restructure our operations and activities or to cease offering certain products or services, all of which could harm our reputation or lead to higher operational costs. Litigation, government 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37Capital One Financial Corporation (COF) 37 Table of Contents Table of Contents investigations and other regulatory actions could generally subject us to significant fines, increased expenses, restrictions on our activities and damage to our reputation and our brand, and could adversely affect our business, financial condition and results of operations. For additional information regarding legal and regulatory proceedings to which we are subject, see “Part II—Item 8. Financial Statements and Supplementary Data—Note 19—Commitments, Contingencies, Guarantees and Others.”

Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry. Given the inherent uncertainties involved in litigation, government investigations and regulatory enforcement decisions, and the very large or indeterminate damages sought in some matters asserted against us, there can be significant uncertainty as to the ultimate liability we may incur from these kinds of matters. The finding, or even the assertion, of substantial legal liability against us could have a material adverse effect on our business and financial condition and could cause significant reputational harm to us, which could seriously harm our business. For example, the 2019 Cybersecurity Incident has resulted in litigation, consent orders, settlements, government investigations and other regulatory enforcement inquiries. In addition, financial institutions, such as ourselves, face significant regulatory scrutiny, which can lead to public enforcement actions or nonpublic supervisory actions. We and our subsidiaries are subject to comprehensive regulation and periodic examination by, among other regulatory bodies, the Federal Banking Agencies, SEC, CFTC and CFPB. We have been subject to enforcement actions by many of these and other regulators and may continue to be involved in such actions, including governmental inquiries, investigations and enforcement proceedings, including by the OCC, Department of Justice, the FinCEN and state Attorneys General. Over the last several years, federal and state regulators have focused on risk management, compliance with anti-money laundering (“AML”) and sanctions laws, privacy, data protection and data security, use of service providers, fair lending and other consumer protection issues and innovative activities, such as those that utilize new technology. In August 2020, we entered into consent orders with the Federal Reserve and the OCC resulting from regulatory reviews of the 2019 Cybersecurity Incident and relating to ongoing enhancements of our cybersecurity and operational risk management processes, and we paid a civil monetary penalty as part of the OCC agreement. The OCC and the Federal Reserve have since terminated their consent orders. In January 2021, we also paid a civil monetary penalty assessed by FinCEN against the Bank in connection with AML 35Capital One Financial Corporation (COF) 35Capital One Financial Corporation (COF) 35Capital One Financial Corporation (COF) 35 Table of Contents Table of Contents violations alleged to have occurred between 2008 and 2014. Regulatory scrutiny is expected to continue in these areas, including as a result of implementation of the AML Act of 2020. We expect that regulators and governmental enforcement bodies will continue taking public enforcement actions against financial institutions in addition to addressing supervisory concerns through nonpublic supervisory actions or findings, which could involve restrictions on our activities, or our ability to make acquisitions or otherwise expand our business, among other limitations that could adversely affect our business. In addition, a violation of law or regulation by another financial institution is likely to give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Furthermore, a single event may give rise to numerous and overlapping investigations and proceedings. These and other initiatives from governmental authorities and officials may subject us to further judgments, settlements, fines or penalties, or cause us to restructure our operations and activities or to cease offering certain products or services, all of which could harm our reputation or lead to higher operational costs. Litigation, government investigations and other regulatory actions could generally subject us to significant fines, increased expenses, restrictions on our activities and damage to our reputation and our brand, and could adversely affect our business, financial condition and results of operations. For additional information regarding legal and regulatory proceedings to which we are subject, see “Part II—Item 8. Financial Statements and Supplementary Data—Note 18—Commitments, Contingencies, Guarantees and Others.”

We may fail to realize the anticipated benefits of the proposed Transaction, including, among other things, anticipated revenue and cost synergies, due to factors that may be outside either party’s control. These factors include, but are not limited to, changes in laws or regulations or the implementation or interpretation of laws or regulation due to changes in government or general economic, political, legislative or regulatory conditions. For example, debit card transactions on three-party networks—comprising the cardholder, merchant and network provider—could become subject to the Federal Reserve’s Regulation II limitation on interchange fees or its prohibition on network exclusivity, and other changes in laws or regulation could impose additional limitations on the fees issuers or networks can charge on debit or credit card transactions or require merchants to be provided an alternative network for transaction routing, any of which may have an adverse effect on our business. Other factors that may impact our ability to achieve the anticipated benefits of the proposed Transaction include the outcome of any legal or regulatory proceedings that may be currently pending or later instituted against us (before or after completion of the Transaction) or against Discover, including those related to Discover’s card product misclassification issue. As a result of the Transaction, we will be the legal successor to Discover and as a result we will assume the risks relating to actions that may be currently pending or later instituted against Discover, as well as any ongoing expense in defending and resolving these actions, and may be subject to reputational and other risks associated with Discover’s actions. Both parties have operated and, until the completion of the Transaction, will continue to operate, independently. The success of the Transaction, including anticipated benefits and cost savings, will depend, in part, on our ability to successfully integrate Discover’s operations in a manner that results in various benefits and that does not materially disrupt existing customer relationships or materially decrease revenues due to loss of customers, as well as our ability to successfully integrate Discover into our Framework, compliance systems and corporate culture, which we believe will require extensive investment, including to enhance the risk management function at Discover consistent with our risk management standards and those of regulators, as well as to address remediation obligations under existing and possible future regulatory orders. The costs of these investments may be greater than anticipated and the benefits thereof may take longer than expected to realize. The process of integrating operations could result in a loss of key personnel or cause an interruption of, or loss of momentum in, the activities of one or more of our businesses following the completion of the Transaction. Inconsistencies in standards, controls, procedures and policies between us and Discover could adversely affect us following the completion of the Transaction. The diversion of management’s attention and any delays or difficulties encountered in connection with the Transaction and the integration of Discover’s operations could have an adverse effect on our business, financial condition, operating results and prospects. An inability to realize the full extent of the anticipated benefits of Transaction, as well as any delays encountered in the integration process, could have an adverse effect on our revenues, levels of expenses and operating results following the completion of the Transaction.

We may fail to realize the anticipated benefits of the proposed Transaction, including, among other things, anticipated revenue and cost synergies, due to factors that may be outside either party’s control, including, but not limited to, changes in laws or regulations or in the interpretation of existing laws or regulations, whether caused by a change in government or otherwise, or general economic, political, legislative or regulatory conditions, and the outcome of any legal or regulatory proceedings that may be currently pending or later instituted against us (before or after the Transaction) or against Discover. Both parties have operated and, until the completion of the Transaction, will continue to operate, independently. The success of the Transaction, including anticipated benefits and cost savings, will depend, in part, on our ability to successfully integrate Discover’s operations in a manner that results in various benefits and that does not materially disrupt existing customer relationships or result in decreased revenues due to loss of customers, as well as our ability to successfully integrate Discover 24Capital One Financial Corporation (COF) 24Capital One Financial Corporation (COF) 24Capital One Financial Corporation (COF) 24 Table of Contents Table of Contents into our Framework, compliance systems and corporate culture. The process of integrating operations could result in a loss of key personnel or cause an interruption of, or loss of momentum in, the activities of one or more of our businesses following the completion of the Transaction. Inconsistencies in standards, controls, procedures and policies could adversely affect us following the completion of the Transaction. The diversion of management’s attention and any delays or difficulties encountered in connection with the Transaction and the integration of Discover’s operations could have an adverse effect on our business, financial condition, operating results and prospects. If we experience difficulties in the integration process, including those listed above, we may fail to realize the anticipated benefits of the Transaction in a timely manner, or at all.

We have incurred and expect to incur a number of significant non-recurring costs associated with the Transaction and the integration of Discover. These costs include legal, financial advisory, accounting, consulting and other advisory fees, severance/employee benefit‐related costs, public company filing fees and other regulatory fees, financial printing and other printing costs and other related costs. In addition, we will incur integration costs following the completion of the Transaction as we integrate Discover’s business with ours, including facilities and systems consolidation costs and employment-related costs. There are a large number of processes, policies, procedures, operations, technologies and systems that may need to be integrated, including purchasing, accounting and finance, payroll, compliance, treasury management, branch operations, vendor management, risk management, lines of business, pricing and benefits. While we have assumed that a certain level of costs will be incurred, there are many factors beyond our control that could affect the total amount or the timing of these expenses. Moreover, many of the expenses that we will incur are, by their nature, difficult to estimate accurately. These expenses could, particularly in the near term, exceed the savings that we expect to 24Capital One Financial Corporation (COF) 24Capital One Financial Corporation (COF) 24Capital One Financial Corporation (COF) 24 Table of Contents Table of Contents achieve from the elimination of duplicative expenses and the realization of economies of scale. These expenses may result in us recording increased expenses as a result of the Transaction or the integration of Discover, and the amount and timing of such charges are uncertain at the present and could exceed initial estimates.

We have incurred and expect to incur a number of costs associated with the Transaction and the integration of Discover. These costs include financial advisory, legal, accounting, consulting and other advisory fees, severance/employee benefit‐related costs, public company filing fees and other regulatory fees and financial printing and other related costs. There are also a large number of processes, policies, procedures, operations, technologies and systems that may need to be integrated. While we have assumed that a certain level of costs will be incurred, there are many factors beyond our control that could affect the total amount or the timing of the integration expenses. Moreover, many of the expenses that we will incur are, by their nature, difficult to estimate accurately. These expenses could, particularly in the near term, exceed the savings that we expect to achieve from the elimination of duplicative expenses and the realization of economies of scale. These integration expenses may result in us taking charges against earnings as a result of the Transaction or the integration of Discover, and the amount and timing of such charges are uncertain at present.

Like other financial institutions, our business is sensitive to interest rate movements. Changes in interest rates could adversely affect the results of our operations and financial condition. For example, higher interest rates may increase our borrowing costs and may require us to increase the interest we pay on funds deposited with us and may reduce the market value of our securities holdings. If interest rates increase or if higher interest rates persist for an extended period of time, our expenses may increase further. On the other hand, lower interest rates could also adversely affect our business, results of operations and financial condition. If the rate of economic growth decreased sharply, causing the Federal Reserve to lower interest rates, our net income could be adversely affected. While higher interest rates generally enhance our ability to grow our net interest income, there are potential risks associated with operating in a higher interest rate environment. For example, some customers have been and may continue to be less willing or able overall to borrow at higher interest rates. Higher interest rates also have hindered and may continue to hinder the ability of some borrowers to support required loan payments. Additionally, interest rate fluctuations and competitor responses to those changes may have a material adverse effect on our financial condition and results of operations, as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, reduce demand for credit or (for existing customers) the level of borrowing or purchase activity. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional or fluctuating delinquencies or charge-offs and negatively impact our results of operations. These changes could reduce the overall yield on our interest-earning asset portfolio. We assess our interest rate risk by estimating the effect on our net interest income and earnings, economic value and capital under various interest rate scenarios of different direction and magnitude. We take risk mitigation actions based on those assessments. For example, the Company employs various hedging strategies to mitigate the interest rate, foreign exchange, and market risks inherent in many of our assets and liabilities. The Company’s hedging strategies rely considerably on assumptions and projections regarding our assets and liabilities as well as general market factors. If any of these assumptions or projections prove to be incorrect or our hedges do not adequately mitigate the impact of changes in interest rates, foreign exchange rates, and other market factors, the Company may experience volatility in our earnings that could adversely affect our profitability and financial condition. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. See “Part II—Item 7. MD&A—Market Risk Profile” and “We face intense competition in all of our markets, which could have a material adverse effect on our business and results of operation” for additional information.

Like other financial institutions, our business is sensitive to interest rate movements and the performance of the capital markets. We rely on access to the capital markets to fund our operations and to grow our business. Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions, uncertainty or volatility in the capital markets. Additionally, increased charge-offs, rising interest rates, increased refinancing activity and other events may cause our securitization transactions to amortize earlier than scheduled or reduce the value of the securities that we hold for liquidity purposes, which could accelerate our need for additional funding from other sources. We could also experience impairments of other financial assets and other negative impacts on our financial position, including possible constraints on liquidity and capital, as well as higher costs of capital. Additionally, changes in interest rates could adversely affect the results of our operations and financial condition. For example, if inflation were to remain elevated or begin to increase, interest rates could increase further. Higher interest rates increase our borrowing costs and may require us to increase the interest we pay on funds deposited with us and may reduce the market value of our securities holdings. If interest rates continue to increase or if higher interest rates persist for an extended period of time, our expenses may increase further. If the rate of economic growth decreased sharply, causing the Federal Reserve to lower interest rates, our net income could be adversely affected. Additionally, a shrinking yield premium between short-term and long-term market interest rates could adversely impact the rates that we pay on our liabilities and the rates that we earn on our assets and thus affect our profitability. We assess our interest rate risk by estimating the effect on our earnings, economic value and capital under various scenarios that differ based on assumptions about the direction and the magnitude of interest rate changes. We take risk mitigation actions based on those assessments. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. Furthermore, interest rate fluctuations and competitor responses to those changes may have a material adverse effect on our financial condition and results of operations, as customers or commercial clients default on their loans, maintain lower deposit levels or, in the case of credit card accounts, reduce demand for credit or (for existing customers) the level of borrowing or purchase activity. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional or fluctuating delinquencies or charge-offs and negatively impact our results of operations. These changes could reduce the overall yield on our interest-earning asset portfolio. An inability to attract or maintain deposits could materially affect our ability to fund our business and our liquidity position. Many other financial institutions have increased their reliance on deposit funding and, as such, we expect continued competition in the deposit markets. We cannot predict how this competition will affect our costs. If we are required to offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26Capital One Financial Corporation (COF) 26 Table of Contents Table of Contents Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. See “Part II—Item 7. MD&A—Market Risk Profile” and “We face intense competition in all of our markets” for additional information.

We have identified certain additional risk factors in connection with the Merger Agreement and the proposed Transaction. For additional information concerning these risks, uncertainties and assumptions, please refer to the section entitled “Risk Factors” included in our joint proxy statement/prospectus included in the registration statement declared effective by the SEC on January 6, 2025.

We have identified certain additional risk factors in connection with the Merger Agreement and the proposed Transaction. These risks and the other risks associated with the proposed Transaction will be more fully discussed in the joint proxy statement/prospectus that will be included in the registration statement on Form S-4 that we intend to file with the SEC in connection with the Transaction.

We rely on a variety of measures to protect and enhance our intellectual property rights, including copyrights, trademarks, trade secrets, patents, licenses and certain restrictions on disclosure, solicitation and competition. We also undertake other measures to control access to and distribution of our other proprietary and confidential information. These measures may not be successful in protecting or enforcing our rights in every jurisdiction or preventing misappropriation of our proprietary or 42Capital One Financial Corporation (COF) 42Capital One Financial Corporation (COF) 42Capital One Financial Corporation (COF) 42 Table of Contents Table of Contents confidential information or infringement, a misappropriation or other violations of our intellectual property rights and a resulting loss of competitive advantage. In certain situations, we may be compelled to engage in intellectual property-related litigation to enforce our intellectual property rights, which may incur significant expense and may be perceived negatively by customers or industry partners, thus potentially resulting in reputational harm and may adversely impact our business, financial position and results of operations. In addition, our competitors or other third parties may obtain patents for innovations that are used in our industry or allege that our operations, marketing, trademarks, systems, processes, or technologies infringe, misappropriate or violate their intellectual property rights. Given the complex, rapidly changing and competitive technological and business environments in which we operate, if our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation or demands against us, we could lose significant revenues, incur significant license, royalty, technology development or other expenses, or pay significant damages. We license certain intellectual property and technology that are important to our business, and in the future, we may enter into additional agreements that provide us with licenses to valuable intellectual property or technology. If we fail to comply with any of these obligations under our license agreements, we may be required to pay damages and the licensor may have the right to terminate the license. Termination by the licensor (or other applicable counterparty) may cause us to lose valuable rights, and could disrupt our operations and harm our reputation. In the future, we may identify additional third-party intellectual property and technology we need, including to develop and offer new products and services. However, such licenses may not be available on acceptable terms or at all. While we believe that we have all the necessary licenses from third parties for any intellectual property, including technology and software, that we use in the operations of our business but do not own, a third party could nonetheless allege that we are infringing its rights, which may deter our ability to obtain licenses on commercially reasonable terms from the third party, if at all, or cause the third party to commence litigation against us. Our failure to obtain necessary licenses or other rights, or litigation or claims arising out of intellectual property matters, may adversely impact our business, financial position and results of operations.

We rely on a variety of measures to protect and enhance our intellectual property, including copyrights, trademarks, trade secrets, patents and certain restrictions on disclosure, solicitation and competition. We also undertake other measures to control access to and distribution of our other proprietary and confidential information. These measures may not prevent 40Capital One Financial Corporation (COF) 40Capital One Financial Corporation (COF) 40Capital One Financial Corporation (COF) 40 Table of Contents Table of Contents misappropriation of our proprietary or confidential information or infringement, misappropriation or other violations of our intellectual property rights and a resulting loss of competitive advantage. In addition, our competitors or other third parties may obtain patents for innovations that are used in our industry or allege that our systems, processes or technologies infringe, misappropriate or violate their intellectual property rights. Given the complex, rapidly changing and competitive technological and business environments in which we operate, if our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation against us, we could lose significant revenues, incur significant license, royalty, technology development or other expenses, or pay significant damages.