← back to summary

COF, §1A diff (2019 → 2020)

Similarity1.00
Added+14521 words
Removed-12746 words

Added paragraphs (14521 words)

Item 1A. Risk Factors This section highlights significant factors, events, and uncertainties that make an investment in our securities risky. The events and consequences discussed in these risk factors could, in circumstances we may not be able to accurately predict, recognize, or control, have a material adverse effect on our business, growth, reputation, prospects, financial condition, operating results, cash flows, liquidity, and stock price. These risk factors do not identify all risks that we face; our operations could also be affected by factors, events, or uncertainties that are not presently known to us or that we currently do not consider to present significant risks to our operations. In addition, the global economic and political climate may amplify many of these risks. Summary of Risk Factors Below is a summary of the principal factors that make an investment in our securities risky. This summary does not address all of the risks that we face. Additional discussion of the risks summarized in this risk factor summary, and other risks that we face, can be found below and should be carefully considered, together with other information in this Form 10-K and our other filings with the SEC, before making an investment decision regarding our common stock. •The COVID-19 pandemic has adversely impacted our business and financial results, and the extent to which the pandemic and measures taken in response to the pandemic could materially and adversely impact our business, financial condition, liquidity, capital and results of operations will depend on future developments, which are highly uncertain and are difficult to predict. •Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business. •Financial market instability and volatility could adversely affect our business. •We may experience increased delinquencies, credit losses, inaccurate estimates and inadequate reserves. •We may not be able to maintain adequate capital or liquidity levels, which could have a negative impact on our financial results and our ability to return capital to our stockholders. •We face risks related to our operational, technological and organizational infrastructure. •Theft, loss or misuse of information as a result of a cyber-attack may result in increased costs, reductions in revenue, reputational damage and business disruptions. •Potential data protection and privacy incidents, and our required compliance with regulations related to these areas, may increase our costs, reduce our revenue and limit our ability to pursue business opportunities. •Compliance with new and existing laws, regulations and regulatory expectations is costly and complex. •Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. •We face intense competition in all of our markets. •Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit card networks and by legislation and regulation impacting such fees. •If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. •We may fail to realize all of the anticipated benefits of our mergers, acquisitions and strategic partnerships. •Reputational risk and social factors may impact our results and damage our brand. •If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. •Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. •Fluctuations in market interest rates or volatility in the capital markets could adversely affect our income and expense, the value of assets and obligations, our regulatory capital, cost of capital or liquidity. •Uncertainty regarding, and transition away from, LIBOR may adversely affect our business. •Our business could be negatively affected if we are unable to attract, retain and motivate skilled employees. •We face risks from unpredictable catastrophic events. •We face risks from the use of or changes to assumptions or estimates in our financial statements. •Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock. •The soundness of other financial institutions and other third parties could adversely affect us. General Economic and Market Risks The COVID-19 pandemic has adversely impacted our business and financial results, and the extent to which the pandemic and measures taken in response to the pandemic could materially and adversely impact our business, financial condition, liquidity, capital and results of operations will depend on future developments, which are highly uncertain and are difficult to predict. Global health concerns relating to the COVID-19 pandemic and related government actions taken to reduce the spread of the virus have impacted the macroeconomic environment, significantly increased economic uncertainty and reduced economic activity. The pandemic has also caused governmental authorities to implement numerous measures to try to contain the virus, including travel bans and restrictions, quarantines, shelter-in-place orders, and business limitations and shutdowns. These measures have negatively impacted and may further negatively impact consumer and business payment and spending patterns. The COVID-19 pandemic has adversely impacted, and may continue to adversely impact, our business, operations, financial condition, capital and results of operations. The extent of these impacts depends on future developments, which are highly uncertain and difficult to predict, including, but not limited to, the duration and magnitude of the pandemic, the actions taken to contain the virus or treat its impact, the effectiveness of economic stimulus measures in the United States, and how quickly and to what extent economic and operating conditions and consumer and business spending can return to their pre-pandemic levels. As of December 31, 2020, several vaccines have been authorized for limited distribution. The plan for larger community-based distribution is being developed and may begin during the second quarter of 2021. However, the timing and extent of any such widespread distribution of vaccines remains uncertain. As a result of this uncertainty, our purchase volume, loan growth and the overall demand for our products and services may be significantly impacted, which could adversely affect our revenue and other results of operations. In addition, we could experience higher credit losses in our loan portfolios and increases in our allowance for credit losses beyond current levels. For example, as a result of the significant uncertainty due to the COVID-19 pandemic, we realized a substantial build in our allowance for credit losses for the first two quarters of 2020. We could also experience impairments of other financial assets and other negative impacts on our financial position, including possible constraints on liquidity and capital, as well as higher costs of capital. Even after the COVID-19 pandemic has subsided, we may continue to experience adverse impacts to our business and results of operations, which could be material, as a result of the macroeconomic impact and any recession that has occurred or may occur in the future. The spread of COVID-19 has caused us to modify our business practices and operations, including providing a range of forbearance options to our customers in certain circumstances, which could impact our credit metrics, financial condition, capital and results of operations. We may need to further modify our practices and operations as this event unfolds. We have also implemented work-from-home policies for a vast majority of our employees, and social distancing plans for our employees who are working from Capital One facilities. Nearly all of our Cafés and bank branches across our network are open with increased safety precautions. We will continue to monitor local conditions to ensure the safety of our associates and customers while providing critical banking services. These measures could impair our ability to perform critical functions and may adversely impact our results of operations. In addition, these measures and other changes in consumer behavior as a result of the COVID-19 pandemic may require changes to retail distribution strategies and adversely impact our investments in our bank premises and equipment and other retail distribution assets, leading to increased costs and exposure to additional risks. We may take further actions as required by government authorities or that we otherwise determine are in the best interests of our customers, employees and business partners. Federal, state, local and foreign governmental authorities have enacted, and may enact in the future, legislation, regulations and protocols in response to the COVID-19 pandemic, including governmental programs intended to provide economic relief to businesses and individuals. We have participated in certain of these programs, including participating as an eligible lender in the Small Business Administration’s Paycheck Protection Program. Our participation in and execution of any such programs may cause operational, compliance, reputational and credit risks, which could result in litigation, governmental action or other forms of loss. The extent of these impacts, which may be substantial, will depend on the degree of our participation in these programs. There remains significant uncertainty regarding the measures that authorities will enact in the future and the ultimate impact of the legislation, regulations and protocols that have been and will be enacted. Moreover, we expect that the effects of the COVID-19 pandemic will heighten many of the other known risks described herein. See Part I-Item 1.-Business-Overview-Coronavirus Disease 2019 (COVID-19) Pandemic. Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business. We offer a broad array of financial products and services to consumers, small businesses and commercial clients. A prolonged period of economic volatility, slow growth, or a significant deterioration in economic conditions, in the U.S., Canada or the U.K., could have a material adverse effect on our financial condition and results of operations as customers default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the risks we face in connection with adverse changes and instability in the macroeconomic environment, including changes in consumer confidence levels and behavior, include the following: •Changes in payment patterns, increases in delinquencies and default rates, decreased consumer spending, lower demand for credit and shifts in consumer payment behavior towards avoiding late fees, finance charges and other fees; •Increases in our charge-off rate caused by bankruptcies and reduced ability to recover debt that we have previously charged-off; •Decreased reliability of the process and models we use to estimate our allowance for loan and lease losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models and data.” The U.K. and the European Union agreed to a free trade deal at the end of 2020 relating to the U.K.’s exit from the European Union (“Brexit”). While this deal provides greater near-term stability, the on-going impact of Brexit and its full effects on the U.K. economy and our business related thereto remain uncertain. We continue to consider and monitor the potential impacts, and other factors, including the COVID-19 pandemic, that could also impact U.K. economic performance. Financial market instability and volatility could adversely affect our business. Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions in the capital markets or other events, including actions by rating agencies and deteriorating investor expectations, which could limit our access to funding. In addition, fluctuations in interest rates, credit spreads and other market factors could negatively impact our results of operations. Both shorter-term and longer-term interest rates remain below long-term historical averages and the yield curve has been relatively flat compared to past periods. A flat yield curve combined with low interest rates generally leads to lower revenue and reduced margins because it tends to limit our ability to increase the spread between asset yields and funding costs. Sustained periods of time with a flat yield curve coupled with low interest rates, or an inversion of the yield curve, could have a material adverse effect on our net interest margin and earnings. In response to the economic consequences of the COVID-19 pandemic, the Federal Reserve lowered its target for the federal funds rate to a range of 0% to 0.25%. Such low rates increase the risk in the U.S. of a negative interest rate environment in which interest rates drop below zero, either broadly or for some types of instruments. For example, yields on one-month and three-month Treasuries briefly dropped below zero in March 2020. Such an occurrence would likely further reduce the interest we earn on loans and other interest-earning assets, while also likely requiring us to pay to maintain our deposits with the Federal Reserve. Our systems may not be able to handle adequately a negative interest rate environment and not all variable rate instruments are designed for such a circumstance. We cannot predict the nature or timing of future changes in monetary policies in response to the COVID-19 pandemic or the precise effects that they may have on our activities and financial results. Credit Risk We may experience increased delinquencies, credit losses, inaccurate estimates and inadequate reserves. Like other lenders, we face the risk that our customers will not repay their loans. A customer’s ability and willingness to repay us can be adversely affected by increases in their payment obligations to other lenders, whether as a result of higher debt levels or rising interest rates, by restricted availability of credit generally, or by the revenue and income of the borrower. We may fail to quickly identify and reduce our exposure to customers that are likely to default on their payment obligations, whether by closing credit lines or restricting authorizations. Our ability to manage credit risk also is affected by legal or regulatory changes (such as restrictions on collections, bankruptcy laws, minimum payment regulations and re-age guidance), competitors’ actions and consumer behavior, and depends on the effectiveness of our collections staff, techniques and models. Rising losses or leading indicators of rising losses (such as higher delinquencies, higher rates of nonperforming loans, higher bankruptcy rates, lower collateral values, elevated unemployment rates or changing market terms) may require us to increase our allowance for credit losses, which may degrade our profitability if we are unable to raise revenue or reduce costs to compensate for higher losses. In particular, we face the following risks in this area: •Missed Payments: Our customers may miss payments. Loan charge-offs (including from bankruptcies) are generally preceded by missed payments or other indications of worsening financial condition for our customers. Historically, customers are more likely to miss payments during an economic downturn or prolonged periods of slow economic growth. In addition, we face the risk that consumer and commercial customer behavior may change (for example, an increase in the unwillingness or inability of customers to repay debt, which may be heightened by increasing interest rates or levels of consumer debt), causing a long-term rise in delinquencies and charge-offs. •Incorrect Estimates of Expected Losses: The credit quality of our portfolio can have a significant impact on our earnings. We allow for and reserve against credit risks based on our assessment of expected credit losses in our loan portfolios. This process, which is critical to our financial condition and results of operations, requires complex judgments, including forecasts of economic conditions. We may underestimate our expected losses and fail to hold an allowance for credit losses sufficient to account for these losses. Incorrect assumptions could lead to material underestimations of expected credit losses and an inadequate allowance for credit losses. •Inaccurate Underwriting: Our ability to accurately assess the creditworthiness of our customers may diminish, which could result in an increase in our credit losses and a deterioration of our returns. See “Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk.” •Business Mix: We engage in a diverse mix of businesses with a broad range of potential credit exposure. Because we originate a relatively greater proportion of consumer loans in our loan portfolio compared to other large bank peers and originate both prime and subprime credit card accounts and auto loans, we may experience higher delinquencies and a greater number of accounts charging off compared to other large bank peers, which could result in increased credit losses, operating costs and regulatory scrutiny. Additionally, a change in this business mix over time to include proportionally more consumer loans or subprime credit card accounts or auto loans could adversely affect the credit quality of our portfolio. •Increasing Charge-off Recognition/Allowance for Credit Losses: We account for the allowance for credit losses according to accounting and regulatory guidelines and rules, including Financial Accounting Standards Board (“FASB”) standards and the Federal Financial Institutions Examination Council (“FFIEC”) Account Management Guidance. Effective as of January 1, 2020, we adopted the CECL standard which is based on expected lifetime losses rather than incurred losses. Adoption of the CECL standard has resulted and may continue to result in an increase to our reserves for credit losses on financial instruments with a resulting adverse impact on our financial condition. The continued impact of CECL on our future results will depend on the characteristics of our financial instruments, economic conditions, and our economic and loss forecasts. The application of the CECL standard requires us to increase reserves faster and to a higher level in an economic downturn, resulting in greater impact to our results and our capital ratios than we would have experienced in similar circumstances prior to the adoption of CECL. In addition, because credit cards represent a significant portion of our product mix, we could be disproportionately affected by use of the CECL standard, as compared to our large bank peers with a different product mix. See “MD&A-Accounting Changes and Developments” for additional information. •Insufficient Asset Values: The collateral we have on secured loans could be insufficient to compensate us for credit losses. When customers default on their secured loans, we attempt to recover collateral where permissible and appropriate. However, the value of the collateral may not be sufficient to compensate us for the amount of the unpaid loan, and we may be unsuccessful in recovering the remaining balance from our customers. Decreases in real estate and other asset values adversely affect the collateral value for our commercial lending activities, while the auto business is similarly exposed to collateral risks arising from the auction markets that determine used car prices. Borrowers may be less likely to continue making payments on loans if the value of the property used as collateral for the loan is less than what the borrower owes, even if the borrower is still financially able to make the payments. In that circumstance, the recovery of such property could be insufficient to compensate us for the value of these loans upon a default. In our auto business, business and economic conditions that negatively affect household incomes, housing prices and consumer behavior, as well as technological advances that make older cars obsolete faster, could decrease (i) the demand for new and used vehicles and (ii) the value of the collateral underlying our portfolio of auto loans, which could cause the number of consumers who become delinquent or default on their loans to increase. •Geographic and Industry Concentration: Although our consumer lending is geographically diversified, approximately 27% of our commercial loan portfolio is concentrated in the tri-state area of New York, New Jersey and Connecticut. The regional economic conditions in the tri-state area affect the demand for our commercial products and services as well as the ability of our customers to repay their commercial loans and the value of the collateral securing these loans. An economic downturn or prolonged period of slow economic growth in, or a catastrophic event that disproportionately affects, the tri-state area could have a material adverse effect on the performance of our commercial loan portfolio and our results of operations. In addition, our Commercial Banking strategy includes an industry-specific focus. If any of the industries that we focus on experience changes, we may experience increased credit losses and our results of operations could be adversely impacted. For example, as of December 31, 2020, healthcare and healthcare-related real estate loans represented approximately 19% of our total commercial loan portfolio. If healthcare-related industries or any of the other industries that we focus on experience adverse changes, we may experience increased credit losses and our results of operations could be adversely impacted. Capital and Liquidity Risk We may not be able to maintain adequate capital or liquidity levels, which could have a negative impact on our financial results and our ability to return capital to our stockholders. Financial institutions are subject to extensive and complex capital and liquidity requirements. These requirements affect our ability to lend, grow deposit balances, make acquisitions and make most capital distributions. Failure to maintain adequate capital or liquidity levels, whether due to adverse developments in our business or the economy or to changes in the applicable requirements, could subject us to a variety of remedies available to our regulators. These include limitations on the ability to pay dividends, repurchase shares and the issuance of a capital directive to increase capital. Such limitations could have a material adverse effect on our business and results of operations. We consider various factors in the management of capital, including the impact of stress on our capital levels, as determined by both our internal modeling and the Federal Reserve’s modeling of our capital position in supervisory stress tests and CCAR. There can be significant differences between our modeling and the Federal Reserve’s estimates for a given scenario and between the capital needs suggested by our internal bank holding company scenarios relative to the supervisory scenarios. Therefore, although our estimated capital levels under stress disclosed as part of the CCAR or DFAST processes may suggest that we have substantial capacity to return capital to stockholders and remain well capitalized under stress, the Federal Reserve’s modeling, our internal modeling of another scenario or other factors related to our capital management process may result in a materially lower capacity to return capital to stockholders than that indicated by the projections released in the CCAR or DFAST processes. This in turn, could lead to restrictions on our ability to pay dividends and engage in share repurchase transactions. See “Part I-Item 1. Business-Supervision and Regulation” for additional information. In addition, the current capital and liquidity requirements are subject to change. The Federal Banking Agencies finalized the Tailoring Rule in the fourth quarter of 2019. Under the Tailoring Rule, we are a Category III institution, and are no longer subject to the Basel III Advanced Approaches and associated capital requirements, but we continue to be subject to the countercyclical capital buffer and supplementary leverage ratio. In March 2020, the Federal Reserve issued a final rule to implement the stress capital buffer requirement. This final rule became effective in May 2020. Pursuant to the Stress Capital Buffer Rule, the Federal Reserve will use the results of its supervisory stress test to determine the size of a large banking institution’s stress capital buffer requirement, which replaces the previous 2.5% capital conservation buffer under the Basel III Standardized Approach. Our stress capital buffer requirement is 5.6% for the period from October 1, 2020 through September 30, 2021, at which point a revised stress capital buffer requirement will be applicable to us based on our 2021 stress testing results. In addition, on June 25, 2020 the Federal Reserve introduced measures to ensure that large BHCs maintained a high level of capital resilience. Specifically, the Federal Reserve required certain large BHCs, including us, to suspend share repurchases and cap common dividends during the third and fourth quarters of 2020. Consistent with the Federal Reserve’s capital distribution restrictions, we reduced our quarterly dividend on our common stock from $0.40 per share to $0.10 per share for the third quarter of 2020, which we maintained into the fourth quarter of 2020. The Federal Banking Agencies also finalized rules to implement the NSFR in October 2020. The NSFR is designed to ensure that banking organizations maintain a stable, long-term funding profile in relation to their asset composition and off-balance sheet activities and its requirements will become effective as of July 1, 2021. On December 18, 2020, the Federal Reserve extended the capital distribution restrictions for all participating BHCs to the first quarter of 2021, with certain modifications. In particular, for the first quarter of 2021, participating BHCs may resume share repurchases however the aggregate amount of dividend payments and share repurchases will be limited to an amount based on net income earned in the preceding four calendar quarters. See “Part I-Item 1. Business-Supervision and Regulation” for additional information. Further changes to applicable capital and liquidity requirements could result in unexpected or new limitations on our ability to pay dividends and engage in share repurchases. Operational Risk We face risks related to our operational, technological and organizational infrastructure. Our ability to retain and attract customers depends on our ability to develop, operate, and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions. Digital technology, data and software development are deeply embedded into our business model and how we work. Similar to other large corporations, we are exposed to operational risk that can manifest itself in many ways, such as errors in execution, inadequate processes, inaccurate models, faulty or disabled technological infrastructure, and fraud by employees or persons outside of our company. In addition, we are heavily dependent on the security, capability and continuous availability of the technology systems that we use to manage our internal financial and other systems, monitor risk and compliance with regulatory requirements, provide services to our customers, develop and offer new products and communicate with stakeholders. We also face risk of adverse customer impacts and business disruption arising from the execution of strategic initiatives we may pursue across our operations. If we do not maintain the necessary operational, technological and organizational infrastructure to operate our business, including to maintain the security of that infrastructure, our business and reputation could be materially adversely affected. We also are subject to disruptions to our operating systems arising from events that are wholly or partially beyond our control, which may include computer viruses, electrical or telecommunications outages, design flaws in foundational components or platforms, availability and quality of vulnerability patches from key vendors, cyber-attacks (including Distributed Denial of Service (“DDOS”) and other attacks on our infrastructure as discussed below), natural disasters, other damage to property or physical assets, or events arising from local or larger scale politics, including terrorist acts. Any failure to maintain our infrastructure or disruption of our operating systems and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or result in potential liability to customers, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect. We also rely on the business infrastructure and systems of third parties with which we do business and to whom we outsource the operation, maintenance and development of our information technology and communications systems. We have migrated substantially all, and intend to migrate all, of our core information technology systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS. If we do not complete the transition or fail to administer these new environments in a well-managed, secure and effective manner, or if AWS platforms become unavailable or do not meet their service level agreements for any reason, we may experience unplanned service disruption or unforeseen costs which could result in material harm to our business and results of operations. We must successfully develop and maintain information, financial reporting, disclosure, data-protection and other controls adapted to our reliance on outside platforms and providers. In addition, AWS, or other service providers, could experience system breakdowns or failures, outages, downtime, cyber-attacks, adverse changes to financial condition, bankruptcy, or other adverse conditions, which could have a material adverse effect on our business and reputation. Thus, the substantial amount of our infrastructure that we outsource to AWS or to other third parties may increase our risk exposure. Any disruptions, failures or inaccuracies of our operational and technology systems and models, including those associated with improvements or modifications to such systems and models, could cause us to be unable to market and manage our products and services, manage our risk, meet our regulatory obligations or report our financial results in a timely and accurate manner, all of which could have a negative impact on our results of operations. In addition, our ongoing investments in infrastructure, which are necessary to maintain a competitive business, integrate acquisitions and establish scalable operations, may increase our expenses. As our business develops, changes or expands, additional expenses can arise as a result of a reevaluation of business strategies, management of outsourced services, asset purchases or other acquisitions, structural reorganization, compliance with new laws or regulations, or the integration of newly acquired businesses, or the prevention or occurrence of data security incidents. If we are unable to successfully manage our expenses, our financial results will be negatively affected. Changes to our business, including as a result of our strategic objectives, also requires robust governance to ensure that our objectives are executed as intended without adversely impacting our customers, associates, operations or financial performance. Ineffective change management oversight and governance over the execution of our strategic objectives could expose us to operational, strategic and reputational risk and could negatively impact customers or our financial performance. Theft, loss or misuse of information as a result of a cyber-attack may result in increased costs, reductions in revenue, reputational damage and business disruptions. Our products and services involve the gathering, authenticating, managing, processing, and the storing and transmission of sensitive and confidential information regarding our customers and their accounts, our employees and third parties with which we do business. Our ability to provide such products and services, many of which are web-based, depends upon the management and safeguarding of information, software, methodologies and business secrets. To provide these products and services to, as well as communicate with, our customers, we rely on information systems and infrastructure, including software and data engineering, and information security personnel, digital technologies, computer and email systems, software, networks and other web-based technologies. We also have arrangements in place with third parties through which we share and receive information about their customers who are or may become our customers. Technologies, systems, networks and devices of Capital One or our employees, service providers or other third parties with whom we interact may continue to be the subject of attempted unauthorized access, mishandling or misuse of information, denial-of-service attacks, computer viruses, website defacement, hacking, malware, ransomware, phishing or other forms of social engineering, and other forms of cyber-attacks designed to obtain confidential information, destroy data, disrupt or degrade service, sabotage systems or cause other damage, and other events. These threats, such as the Cybersecurity Incident, may derive from error, fraud or malice on the part of our employees, insiders or third parties or may result from accidental technological failure. Any of these parties may also attempt to fraudulently induce employees, customers or other third-party users of our systems to disclose sensitive information in order to gain access to our data or that of our customers or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment. Further, cyber and information security risks for large financial institutions like us continue to increase due to the proliferation of new technologies, the use of the internet to conduct financial transactions, and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists, activists, formal and informal instrumentalities of foreign governments and other external parties. In addition, our customers access our products and services using computers, smartphones, tablets and other mobile devices that are beyond our security control systems. The methods and techniques employed by perpetrators of fraud and others to attack, disable, degrade or sabotage platforms, systems and applications change frequently, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and persist for an extended period of time before being detected. For example, although we immediately fixed the configuration vulnerability that was exploited in the Cybersecurity Incident once we discovered the unauthorized access, a period of time elapsed between the occurrence of the unauthorized access and the time when we discovered it. In other circumstances, we and our third-party service providers and partners may be unable to anticipate or identify certain attack methods in order to implement effective preventative measures or mitigate or remediate the damages caused in a timely manner. We may also be unable to hire and develop talent capable of detecting, mitigating or remediating these risks. Although we seek to maintain a robust suite of authentication and layered information security controls, including our cyber threat analytics, data encryption and tokenization technologies, anti-malware defenses and vulnerability management program, any one or combination of these controls could fail to detect, mitigate or remediate these risks in a timely manner. We will likely face an increasing number of attempted cyber-attacks as we expand our mobile and other internet-based products and services, as well as our usage of mobile and cloud technologies and as we provide more of these services to a greater number of retail clients. A disruption or breach, including as a result of a cyber-attack such as the Cybersecurity Incident, or media reports of perceived security vulnerabilities at Capital One or at our third-party service providers, could result in significant legal and financial exposure, regulatory intervention, litigation and remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. We and other U.S. financial services providers continue to be targeted with evolving and adaptive cybersecurity threats from sophisticated third parties. We are continuing to assess the impact of the Cybersecurity Incident and there can be no assurance that additional unauthorized access or cyber incidents will not occur or that we will not suffer material losses in the future. Unauthorized access or cybersecurity incidents could occur more frequently and on a more significant scale. If future attacks like these are successful or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services. In addition, a breach or attack affecting one of our third-party service providers or partners could harm our business even if we do not control the service that is attacked. In addition, the increasing prevalence and the evolution of cyber-attacks and other efforts to breach or disrupt our systems or those of our partners, retailers or other market participants has led, and will likely continue to lead, to increased costs to us with respect to preventing, mitigating and remediating these risks, as well as any related attempted fraud. In order to address ongoing and future risks, including from the Cybersecurity Incident, we must expend significant resources to support protective security measures, investigate and remediate any vulnerabilities of our information systems and infrastructure and invest in new technology designed to mitigate security risks. The Cybersecurity Incident, or successful cyber-attacks at other large financial institutions or other market participants (whether or not we are impacted), could lead to a general loss of customer confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the financial system in general which could result in reduced use of our financial products. We have insurance against some cyber-risks and attacks, including insurance that is expected to cover certain costs associated with the Cybersecurity Incident; nonetheless, our insurance coverage may not be sufficient to offset the impact of a material loss event, and such insurance may increase in cost or cease to be available on commercial terms in the future. Potential data protection and privacy incidents, and our required compliance with regulations related to these areas, may increase our costs, reduce our revenue and limit our ability to pursue business opportunities. A breach, failure or other disruption of our information systems or infrastructure or data management processes, or those of our customers, partners, service providers or other market participants, could lead, depending on the nature of the incident, to the unauthorized or unintended access to and release, gathering, monitoring, misuse, loss or destruction of personal or confidential data about our customers, employees or other third parties in our possession. Any party that obtains this personal or confidential data through a breach or disruption may use this information for ransom, to be paid by us or a third-party, as part of a fraudulent activity that is part of a broader criminal activity, or for other illicit purposes. Further, such disruption or breach could also result in unauthorized access to our proprietary information, intellectual property, software, methodologies and business secrets and in unauthorized transactions in Capital One accounts or unauthorized access to personal or confidential information maintained by those entities. There has been a significant proliferation of consumer information available on the internet resulting from breaches of third-party entities, including personal information, log-in credentials and authentication data. While we were not directly involved in these third-party breach events, the stolen information can create a vulnerability for our customers if their Capital One log-in credentials are the same as or similar to the credentials that have been compromised on other sites. This vulnerability could include the risk of unauthorized account access, data loss and fraud. The use of artificial intelligence, “bots” or other automation software, can increase the velocity and efficacy of these types of attacks. We are continuing to assess the impact of the Cybersecurity Incident. The Cybersecurity Incident, other data security incidents we may experience in the future, or media reports of perceived security vulnerabilities at Capital One or at third-party service providers, could result in significant legal and financial exposure, regulatory intervention, remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. We are subject to a variety of continuously evolving and developing laws and regulations in the United States and abroad regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer and security of personal data. Significant uncertainty exists as privacy and data protection laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”). In addition, the General Data Protection Regulation (“GDPR”) applies EU data protection law to all companies processing data of EU residents, regardless of the company’s location. More recently, on January 1, 2020, the CCPA went into effect for companies doing business in California. These laws impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer and security of personal data, which may have adverse consequences, including severe monetary penalties. Our efforts to comply with PIPEDA, GDPR, CCPA and other privacy and data protection laws entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. The enactment of more restrictive laws, rules, regulations, or future enforcement actions or investigations could impact us through increased costs or restrictions on our business, and noncompliance could result in monetary or other penalties and significant legal liability. We face risks resulting from the extensive use of models and data. We rely on quantitative models, and our ability to manage data and aggregate data in an accurate and timely manner, assess and manage our various risk exposures, estimate certain financial values and manage compliance with required regulatory capital requirements. Models may be used in such processes as determining the pricing of various products, grading loans and extending credit, measuring interest rate and other market risks, predicting deposit levels or loan losses, assessing capital adequacy and calculating economic and regulatory capital levels, estimating the value of financial instruments and balance sheet items, and other operational functions. Our risk reporting and management, including business decisions based on information incorporating models, depend on the effectiveness of our models and our policies, programs, processes and practices governing how data is acquired, validated, stored, protected, processed and analyzed. Any issues with the quality or effectiveness of our data aggregation and validation procedures, as well as the quality and integrity of data inputs, formulas or algorithms, could result in inaccurate forecasts, ineffective risk management practices or inaccurate risk reporting. In addition, models based on historical data sets might not be accurate predictors of future outcomes and their ability to appropriately predict future outcomes may degrade over time. While we continuously update our policies, programs, processes and practices, many of our data management, aggregation and implementation processes are manual and subject to human error or system failure. Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risk, to produce accurate financial, regulatory and operational reporting as well as to manage changing business needs. If our risk management framework is ineffective, we could suffer unexpected losses which could materially adversely affect our results of operation or financial condition. Also, any information we provide to the public or to our regulators based on poorly designed or implemented models could be inaccurate or misleading. Some of the decisions that our regulators make, including those related to capital distribution to our stockholders, could be affected adversely due to the perception that the quality of the models used to generate the relevant information is insufficient. Legal and Regulatory Risk Compliance with new and existing laws, regulations and regulatory expectations is costly and complex. We are subject to extensive regulatory oversight by the federal banking regulators to ensure that we build systems and processes that are commensurate with the nature of our business and that meet the risk management and prudential standards issued by our regulators. A wide array of banking and consumer lending laws apply to almost every aspect of our business. Failure to comply with these laws and regulations could result in financial, structural and operational penalties, including significant fines and criminal sanctions, and/or damage to our reputation with regulators, our customers or the public. Hiring, training and retaining qualified compliance and legal personnel, and establishing and maintaining compliance-related systems, infrastructure and processes, is difficult and these efforts could limit our ability to invest in other business opportunities. Furthermore, applicable rules and regulations may affect us in an unforeseen manner, or may have a disproportionate impact on us as compared to our competitors. Over the last several years, state and federal regulators have focused on compliance with the Bank Secrecy Act and anti-money laundering (“AML”) laws, data integrity and security, use of service providers, fair lending and other consumer protection issues. For example, in July 2015, Capital One entered into a consent order with the OCC to address concerns about our AML program and in October 2018, Capital One paid a civil monetary penalty assessed by the OCC relating to our AML program. The OCC lifted the AML consent order in November 2019. In addition, in August 2020 we entered into consent orders with the Federal Reserve and the OCC resulting from regulatory reviews of the Cybersecurity Incident and relating to ongoing enhancements of our cybersecurity and operational risk management processes, and we paid a civil monetary penalty as part of the OCC agreement. In January 2021, we also paid a civil monetary penalty assessed by the Financial Crimes Enforcement Network (“FinCEN”) against CONA in connection with our AML program. Failure to maintain compliance with laws and regulations could result in significant additional governmental fines or penalties. We have a large number of customer accounts in our credit card and auto lending businesses and we have made the strategic choice to originate and service subprime credit card and auto loans, which typically have higher delinquencies and charge-offs than prime customers. As a result, we have significant involvement with credit bureau reporting and the collection and recovery of delinquent and charged-off debt, primarily through customer communications, the filing of litigation against customers in default, the periodic sale of charged-off debt and vehicle repossession. These activities are subject to enhanced legal and regulatory scrutiny from regulators, courts and legislators. Any future changes to our business practices in these areas, including our debt collection practices, whether mandated by regulators, courts, legislators or otherwise, or any legal liabilities resulting from our business practices, including our debt collection practices, could have a material adverse impact on our financial condition. The legislative and regulatory environment is beyond our control, may change rapidly and unpredictably and may negatively influence our revenue, costs, earnings, growth, liquidity and capital levels. In addition, some rules and regulations may be subject to litigation or other challenges that delay or modify their implementation and impact on us. Adoption of new technologies, such as distributed ledger technologies, artificial intelligence and machine learning technologies, can present unforeseen challenges in applying and relying on existing compliance systems. Certain laws and regulations, and any interpretations and applications with respect thereto, are generally intended to protect consumers, borrowers, depositors, the DIF, the U.S. banking and financial system, and financial markets as a whole, but not stockholders. Our success depends on our ability to maintain compliance with both existing and new laws and regulations. For a description of the material laws and regulations to which we are subject, see “Part I-Item 1. Business-Supervision and Regulation.” Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry. Given the inherent uncertainties involved in litigation, government investigations and regulatory enforcement decisions, and the very large or indeterminate damages sought in some matters asserted against us, there can be significant uncertainty as to the ultimate liability we may incur from these kinds of matters. The finding, or even the assertion, of substantial legal liability against us could have a material adverse effect on our business and financial condition and could cause significant reputational harm to us, which could seriously harm our business. The Cybersecurity Incident has resulted in litigation, government investigations and other regulatory enforcement inquiries. In addition, financial institutions, such as ourselves, face significant regulatory scrutiny, which can lead to public enforcement actions or non-public supervisory actions. We and our subsidiaries are subject to comprehensive regulation and periodic examination by, among other regulatory bodies, the Federal Reserve, the SEC, OCC, FDIC and CFPB. We have been subject to enforcement actions by many of these and other regulators and may continue to be involved in such actions, including governmental inquiries, investigations and enforcement proceedings, including by the OCC, Department of Justice, FinCEN and state Attorneys General. We expect that regulators and governmental enforcement bodies will continue taking formal enforcement actions against financial institutions in addition to addressing supervisory concerns through non-public supervisory actions or findings, which could involve restrictions on our activities, or our ability to make acquisitions or otherwise expand our business, among other limitations that could adversely affect our business. In addition, a violation of law or regulation by another financial institution is likely to give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Furthermore, a single event may give rise to numerous and overlapping investigations and proceedings. These and other initiatives from governmental authorities and officials may subject us to further judgments, settlements, fines or penalties, or cause us to restructure our operations and activities or to cease offering certain products or services, all of which could harm our reputation or lead to higher operational costs. Litigation, government investigations and other regulatory actions could involve restrictions on our activities, generally subject us to significant fines, increased expenses, restrictions on our activities and damage to our reputation and our brand, and could adversely affect our business, financial condition and results of operations. For additional information regarding legal and regulatory proceedings that we are subject to, see “Note 18-Commitments, Contingencies, Guarantees and Others.” Other Business Risks We face intense competition in all of our markets. We operate in a highly competitive environment, whether in making loans, attracting deposits or in the global payments industry, and we expect competitive conditions to continue to intensify with respect to most of our products. We compete on the basis of the rates we pay on deposits and the rates and other terms we charge on the loans we originate or purchase, as well as the quality and range of our customer service, products, innovation and experience. This increasingly competitive environment is primarily a result of changes in technology, product delivery systems and regulation, as well as the emergence of new or significantly larger financial services providers, all of which may affect our customers’ expectations and demands. In addition to offering competitive products and services, we invest in and conduct marketing campaigns to attract and inform customers. Some of our competitors, including new and emerging competitors in the digital and mobile payments space and other financial technology providers, are not subject to the same regulatory requirements or legislative scrutiny to which we are subject, which also could place us at a competitive disadvantage, in particular in the development of new technology platforms or the ability to rapidly innovate. We compete with many forms of payments offered by both bank and non-bank providers, including a variety of new and evolving alternative payment mechanisms, systems and products, such as aggregators and web-based and wireless payment platforms or technologies, digital or “crypto” currencies, prepaid systems and payment services targeting users of social networks, communications platforms and online gaming. If we are unable to continue to keep pace with innovation, do not effectively market our products and services or are prohibited from or unwilling to enter emerging areas of competition, our business and results of operations could be adversely affected. Some of our competitors are substantially larger than we are, which may give those competitors advantages, including a more diversified product and customer base, the ability to reach more customers and potential customers, operational efficiencies, broad-based local distribution capabilities, lower-cost funding and larger existing branch networks. Many of our competitors are also focusing on cross-selling their products and developing new products or technologies, which could affect our ability to maintain or grow existing customer relationships or require us to offer lower interest rates or fees on our lending products or higher interest rates on deposits. Competition for loans could result in origination of fewer loans, earning less on our loans or an increase in loans that perform below expectations. As of December 31, 2020, we operate as one of the largest online direct banks in the United States by deposits. While direct banking provides a significant opportunity to attract new customers that value greater and more flexible access to banking services at reduced costs, we face strong and increasing competition in the direct banking market. Aggressive pricing throughout the industry may adversely affect the retention of existing balances and the cost-efficient acquisition of new deposit funds and may affect our growth and profitability. Customers could also close their online accounts or reduce balances or deposits in favor of products and services offered by competitors for other reasons. These shifts, which could be rapid, could result from general dissatisfaction with our products or services, including concerns over pricing, online security or our reputation. The potential consequences of this competitive environment are exacerbated by the flexibility of direct banking and the financial and technological sophistication of our online customer base. In our credit card business, competition for rewards customers may result in higher rewards expenses, or we may fail to attract new customers or retain existing rewards customers due to increasing competition for these consumers. As of December 31, 2020, we have a number of large partnerships in our credit card loan portfolio. The market for key business partners, especially in the credit card business, is very competitive, and we may not be able to grow or maintain these partner relationships. We face the risk that we could lose partner relationships, even after we have invested significant resources into acquiring and developing the relationships. The loss of any of our key business partners could have a negative impact on our results of operations, including lower returns, excess operating expense and excess funding capacity. We depend on our partners to effectively promote our cobrand and private label products and integrate the use of our credit cards into their retail operations. The failure by our partners to effectively promote and support our products as well as changes they may make in their business models could adversely affect card usage and our ability to achieve the growth and profitability objectives of our partnerships. In addition, if our partners do not adhere to the terms of our program agreements and standards, or otherwise diminish the value of our brand, we may suffer reputational damage and customers may be less likely to use our products. Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have, may offer richer value propositions or a wider range of programs and services than we offer or may use more effective advertising, marketing or cross-selling strategies to acquire and retain more customers, capture a greater share of spending and borrowings, attain and develop more attractive cobrand card programs and maintain greater merchant acceptance than we have. We may not be able to compete effectively against these threats or respond or adapt to changes in consumer spending habits as effectively as our competitors. In such a competitive environment, we may lose entire accounts or may lose account balances to competing firms, or we may find it more costly to maintain our existing customer base. Customer attrition from any or all of our lending products, together with any lowering of interest rates or fees that we might implement to retain customers, could reduce our revenues and therefore our earnings. Similarly, unexpected customer attrition from our deposit products, in addition to an increase in rates or services that we may offer to retain deposits, may increase our expenses and therefore reduce our earnings. Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit card networks and by legislation and regulation impacting such fees. Credit card interchange fees are generally one of the largest components of the costs that merchants pay in connection with the acceptance of credit cards and are a meaningful source of revenue for our credit card businesses. Interchange fees are the subject of significant and intense global legal, legislative and regulatory focus, and the resulting decisions, legislation and regulation may have a material adverse impact on our overall business, financial condition and results of operations. Legislative and regulatory bodies in a number of countries are seeking to reduce credit card interchange fees through legislation, competition-related regulatory proceedings, central bank regulation and or litigation. Interchange reimbursement rates in the United States are set by credit card networks such as MasterCard and Visa. In some jurisdictions, such as Canada and certain countries in the EU, interchange fees and related practices are subject to regulatory activity that has limited the ability of certain networks to establish default rates, including in some cases imposing caps on permissible interchange fees. We have already experienced these impacts in our international card businesses. Legislators and regulators around the world are aware of each other’s approaches to the regulation of the payments industry. Consequently, a development in one country, state or region may influence regulatory approaches in another, such as our primary market, the United States. In addition to this regulatory activity, merchants are also seeking avenues to reduce interchange fees. During the past few years, merchants and their trade groups have filed numerous lawsuits against Visa, MasterCard, American Express and their card- issuing banks, claiming that their practices toward merchants, including interchange and similar fees, violate federal antitrust laws. In 2005, a number of entities filed antitrust lawsuits against MasterCard and Visa and several member banks, including our subsidiaries and us, alleging among other things, that the defendants conspired to fix the level of interchange fees. In December 2013, the U.S. District Court for the Eastern District of New York granted final approval of the proposed class settlement. The settlement provided, among other things, that merchants would be entitled to join together to negotiate lower interchange fees. The settlement was appealed to the Second Circuit Court of Appeals, which rejected the settlement in June 2016; a revised settlement was reached in the second half of 2018, and the trial court issued its final approval of the settlement in December 2019. See “Note 18-Commitments, Contingencies, Guarantees and Others” for further details. Some major retailers may have sufficient bargaining power to independently negotiate lower interchange fees with MasterCard and Visa, which could, in turn, result in lower interchange fees for us when our cardholders undertake purchase transactions with these retailers. In 2016, some of the largest merchants individually negotiated lower interchange rates with MasterCard and/or Visa. These and other merchants also continue to lobby aggressively for caps and restrictions on interchange fees and their efforts may be successful or they may in the future bring legal proceedings against us or other credit card and debit card issuers and networks. Beyond pursuing litigation, legislation and regulation, merchants may also promote forms of payment with lower fees, such as ACH-based payments, or seek to impose surcharges at the point of sale for use of credit or debit cards. New payment systems, particularly mobile-based payment technologies, could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit card accounts as a payment method. The heightened focus by merchants and legislative and regulatory bodies on the fees charged by credit and debit card networks, and the ability of certain merchants to successfully negotiate discounts to interchange fees with MasterCard and Visa or develop alternative payment systems, could result in a reduction of interchange fees. Any resulting loss in income to us could have a material adverse effect on our business, financial condition and results of operations. If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. Our industry is subject to rapid and significant technological changes and our ability to meet our customers’ needs and expectations is key to our ability to grow revenue and earnings. We expect digital technologies to have a significant impact on banking over time. Consumers expect robust digital experiences from their financial services providers. The ability for customers to access their accounts and conduct financial transactions using digital technology, including mobile applications, is an important aspect of the financial services industry and financial institutions are rapidly introducing new digital and other technology-driven products and services that aim to offer a better customer experience and to reduce costs. We continue to invest in digital technology designed to attract new customers, facilitate the ability of existing customers to conduct financial transactions and enhance the customer experience related to our products and services. Our continued success depends, in part, upon our ability to address the needs of our customers by using digital technology to provide products and services that meet their expectations. The development and launch of new digital products and services depends in large part on our capacity to invest in and build the technology platforms that can enable them, in a cost effective and timely manner. See “We face intense competition in all of our markets” and “We face risks related to our operational, technological and organizational infrastructure.” Some of our competitors are substantially larger than we are, which may allow those competitors to invest more money into their technology infrastructure and digital innovation than we do. In addition, we face intense competition from smaller companies which experience lower cost structures and different regulatory requirements and scrutiny than we do, and which may allow them to innovate more rapidly than we can. See “We face intense competition in all of our markets.” Further, our success depends on our ability to attract and retain strong digital and technology leaders, engineers and other specialized personnel. The competition is intense, and the compensation costs continue to increase for such talent. If we are unable to attract and retain digital and technology talent, our ability to offer digital products and services and build the necessary technology infrastructure could be negatively affected, which could negatively impact our business and financial results. A failure to maintain or enhance our competitive position with respect to digital products and services, whether because we fail to anticipate customer expectations or because our technological developments fail to perform as desired or are not implemented in a timely or successful manner, could negatively impact our business and financial results. We may fail to realize all of the anticipated benefits of our mergers, acquisitions and strategic partnerships. We have engaged in merger and acquisition activity and entered into strategic partnerships over the past several years. We continue to evaluate and anticipate engaging in, among other merger and acquisition activity, additional strategic partnerships and selected acquisitions of financial institutions and other acquisition targets, including credit card and other loan portfolios. We may not be able to identify and secure future acquisition targets on terms and conditions that are acceptable to us, or successfully complete within the anticipated time frame and achieve the anticipated benefits of proposed mergers, acquisitions and strategic partnerships, which could impair our growth. Any merger, acquisition or strategic partnership we undertake entails certain risks, which may materially and adversely affect our results of operations. If we experience greater than anticipated costs to integrate acquired businesses into our existing operations, or are not able to achieve the anticipated benefits of any merger, acquisition or strategic partnership, including cost savings and other synergies, our business could be negatively affected. In addition, it is possible that the ongoing integration processes could result in the loss of key employees, errors or delays in systems implementation, exposure to cybersecurity risks associated with acquired businesses, exposure to additional regulatory oversight, the disruption of our ongoing businesses or inconsistencies in standards, controls, procedures and policies that adversely affect our ability to maintain relationships with partners, clients, customers, depositors and employees or to achieve the anticipated benefits of any merger, acquisition or strategic partnership. Integration efforts also may divert management attention and resources. These integration matters may have an adverse effect on us during any transition period. In addition, we may face the following risks in connection with any merger, acquisition or strategic partnership: •New Businesses and Geographic or Other Markets: Our merger, acquisition or strategic partnership activity may involve our entry into new businesses and new geographic areas or other markets which present risks resulting from our relative inexperience in these new businesses or markets. These new businesses or markets may change the overall character of our consolidated portfolio of businesses and alter our exposure to economic and other external factors. We face the risk that we will not be successful in these new businesses or in these new markets. •Identification and Assessment of Merger and Acquisition Targets and Deployment of Acquired Assets: We may not be able to identify, acquire or partner with suitable targets. Further, our ability to achieve the anticipated benefits of any merger, acquisition or strategic partnership will depend on our ability to assess the asset quality and value of the particular assets or institutions we partner with, merge with or acquire. We may be unable to profitably deploy any assets we acquire. •Accuracy of Assumptions: In connection with any merger, acquisition or strategic partnership, we may make certain assumptions relating to the proposed merger, acquisition or strategic partnership that may be, or may prove to be, inaccurate, including as a result of the failure to realize the expected benefits of any merger, acquisition or strategic partnership. The inaccuracy of any assumptions we may make could result in unanticipated consequences that could have a material adverse effect on our results of operations or financial condition. •Target-specific Risk: Assets and companies that we acquire, or companies that we enter into strategic partnerships with, will have their own risks that are specific to a particular asset or company. These risks include, but are not limited to, particular or specific regulatory, accounting, operational, reputational and industry risks, any of which could have a material adverse effect on our results of operations or financial condition. For example, we may face challenges associated with integrating other companies due to differences in corporate culture, compliance systems or standards of conduct. Indemnification rights, if any, may be insufficient to compensate us for any losses or damages resulting from such risks. In addition to regulatory approvals discussed below, certain of our merger, acquisition or partnership activity may require third-party consents in order for us to fully realize the anticipated benefits of any such transaction. •Conditions to Regulatory Approval: Certain acquisitions may not be consummated without obtaining approvals from one or more of our regulators. We cannot be certain when or if, or on what terms and conditions, any required regulatory approvals will be granted. Consequently, we might be required to sell portions of acquired assets or our own assets as a condition to receiving regulatory approval or we may not obtain regulatory approval for a proposed acquisition on acceptable terms or at all, in which case we would not be able to complete the acquisition despite the time and expenses invested in pursuing it. Reputational risk and social factors may impact our results and damage our brand. Our ability to attract and retain customers is highly dependent upon the perceptions of consumer and commercial borrowers and deposit holders and other external perceptions of our products, services, trustworthiness, business practices, workplace culture, compliance practices or our financial health. In addition, our brand is very important to us. Maintaining and enhancing our brand depends largely on our ability to continue to provide high-quality products and services. Adverse perceptions regarding our reputation in the consumer, commercial and funding markets could lead to difficulties in generating and maintaining accounts as well as in financing them. In particular, negative public perceptions regarding our reputation, including negative perceptions regarding our ability to maintain the security of our technology systems and protect customer data, could lead to decreases in the levels of deposits that consumer and commercial customers and potential customers choose to maintain with us or significantly increase the costs of attracting and retaining customers. In addition, negative perceptions regarding certain industries, partners or clients could also prompt us to cease business activities associated with those entities. Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending practices, regulatory compliance, security breaches (including the use and protection of customer information, such as resulting from the Cybersecurity Incident), corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct. Such conduct could fall short of our customers’ and the public’s heightened expectations of companies of our size with rigorous data, privacy and compliance practices, and could further harm our reputation. In addition, our cobrand and private label partners or other third parties with whom we have important relationships may take actions over which we have limited control that could negatively impact perceptions about us or the financial services industry. The proliferation of social media may increase the likelihood that negative public opinion from any of the events discussed above will impact our reputation and business. In addition, a variety of social factors may cause changes in borrowing activity, including credit card use, payment patterns and the rate of defaults by account holders and borrowers domestically and internationally. These social factors include changes in consumer confidence levels, the public’s perception regarding the banking industry and consumer debt, including credit card use, and changing attitudes about the stigma of bankruptcy. If consumers develop or maintain negative attitudes about incurring debt, or if consumption trends decline or if we fail to maintain and enhance our brand, or we incur significant expenses to do so, our business and financial results could be materially and negatively affected. If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. We rely on a variety of measures to protect and enhance our intellectual property, including copyrights, trademarks, trade secrets, patents and certain restrictions on disclosure, solicitation and competition. We also undertake other measures to control access to and distribution of our other proprietary information. These measures may not prevent misappropriation of our proprietary information or infringement of our intellectual property rights and a resulting loss of competitive advantage. In addition, our competitors or other third parties may file patent applications for innovations that are used in our industry or allege that our systems, processes or technologies infringe on their intellectual property rights. If our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation against us, we could lose significant revenues, incur significant license, royalty or technology development expenses, or pay significant damages. Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. Management of market, credit, liquidity, operational and compliance risk requires, among other things, policies and procedures to properly record and verify a large number of transactions and events. See “MD&A-Risk Management” for further details. Even though we continue to devote significant resources to developing our risk management framework, our risk management strategies may not be fully effective in identifying and mitigating our risk exposure in all market environments or against all types of risk, including risks that are unidentified or unanticipated. Some of our methods of managing these risks are based upon our use of observed historical market behavior and management’s judgment. These methods may not accurately predict future exposures, which could be significantly greater than the historical measures indicate and market conditions, particularly during a period of financial market stress, can involve unprecedented dislocations. Credit risk is inherent in the financial services business and results from, among other things, extending credit to customers. Our ability to assess the creditworthiness of our customers may be impaired if the models and approaches we use to select, manage and underwrite our consumer and commercial customers become less predictive of future charge-offs due, for example, to rapid changes in the economy, including rapid changes in tariff rates and international trade relations. While we employ a broad and diversified set of risk monitoring and risk mitigation techniques, those techniques and the judgments that accompany their application cannot anticipate every economic and financial outcome or the timing of such outcomes. For example, our ability to implement our risk management strategies may be hindered by adverse changes in the volatility or liquidity conditions in certain markets and as a result, may limit our ability to distribute such risks (for instance, when we seek to syndicate exposure in bridge financing transactions we have underwritten). We may, therefore, incur losses in the course of our risk management or investing activities. Fluctuations in market interest rates or volatility in the capital markets could adversely affect our income and expense, the value of assets and obligations, our regulatory capital, cost of capital or liquidity. Like other financial institutions, our business is sensitive to market interest rate movements and the performance of the capital markets. Disruptions, uncertainty or volatility across the capital markets could negatively impact market liquidity and limit our access to the funding required to operate and grow our business. In addition, changes in interest rates or in valuations in the debt or equity markets could directly impact us. For example, we borrow money from other institutions and depositors, which we use to make loans to customers and invest in debt securities and other interest-earning assets. We earn interest on these loans and assets and pay interest on the money we borrow from institutions and depositors. The interest rates that we pay on the securities we have issued are also influenced by, among other things, applicable credit ratings from recognized rating agencies. A downgrade to any of these credit ratings could affect our ability to access the capital markets, increase our borrowing costs and have a negative impact on our results of operations. Increased charge-offs, rising LIBOR or other applicable reference rates and other events may cause our securitization transactions to amortize earlier than scheduled, which could accelerate our need for additional funding from other sources. Fluctuations in interest rates, including changes in the relationship between short-term rates and long-term rates and in the relationship between our funding basis rate and our lending basis rate, may have negative impacts on our net interest income and therefore our earnings. In addition, interest rate fluctuations and competitor responses to those changes may affect the rate of customer prepayments for auto and other term loans and may affect the balances customers carry on their credit cards. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional delinquencies or charge-offs and negatively impact our results of operations. These changes can reduce the overall yield on our interest-earning asset portfolio. Changes in interest rates and competitor responses to these changes may also impact customer decisions to maintain balances in the deposit accounts they have with us. An inability to attract or maintain deposits could materially affect our ability to fund our business and our liquidity position. Many other financial institutions have increased their reliance on deposit funding and, as such, we expect continued competition in the deposit markets. We cannot predict how this competition will affect our costs. If we are required to offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. We assess our interest rate risk by estimating the effect on our earnings, economic value and capital under various scenarios that differ based on assumptions about the direction and the magnitude of interest rate changes. We take risk mitigation actions based on those assessments. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. See “MD&A-Market Risk Profile” for additional information. Uncertainty regarding, and transition away from, LIBOR may adversely affect our business. The U.K. FCA, which regulates LIBOR, has announced that it will no longer compel banks to contribute data for the calculation of LIBOR after December 31, 2021. It is likely that banks will no longer continue to contribute submissions for the calculation of LIBOR after that date, which creates significant uncertainty around the publication of LIBOR beyond 2021 and whether LIBOR will continue to be viewed as a reliable market benchmark. In November 2020, the ICE Benchmark Administration (IBA), the administrator of LIBOR, announced that it will consult on its intention to cease publication of the 1-week and 2-month USD LIBOR settings immediately following the LIBOR publication on December 31, 2021, and the remaining USD LIBOR tenors (Overnight, 1, 3, 6, and 12 Months) immediately following the LIBOR publication on June 30, 2023. The consultation closed on January 25, 2021 and we will continue to engage with industry experts to better understand the proposed IBA's extension announcement and its impact on the markets and our transition plans. It remains unclear what rate or rates may develop as accepted alternatives to LIBOR, or what the effect of such changes will be on the markets for LIBOR-based financial instruments. The Secured Overnight Financing Rate (“SOFR”) has been recommended by the Alternative Reference Rates Committee as an alternative for USD LIBOR, but issues and uncertainty remain with respect to its implementation. Given LIBOR’s extensive use across financial markets, the transition away from LIBOR presents several risks and challenges to the financial markets and financial institutions, including Capital One. We have loans, derivative contracts, unsecured debt, securitizations, vendor agreements and other instruments with attributes that are either directly or indirectly dependent on LIBOR. Uncertainty as to the nature of potential changes, alternative reference rates such as SOFR, or other reforms may adversely affect market liquidity, the pricing of LIBOR-based instruments, and the availability and cost of associated hedging instruments and borrowings. If SOFR or another rate does not achieve wide acceptance as the alternative to LIBOR, there likely will be disruption to the markets relying on the availability of a broadly accepted reference rate. In addition, uncertainty regarding LIBOR could result in loss of market share in certain products, adverse tax or accounting impacts, compliance, legal or operational costs and risks associated with client disclosures, as well as systems disruption, model disruption and other business continuity issues for us. Even if SOFR or another reference rate becomes a widely acceptable replacement for LIBOR, risks will remain for us with respect to outstanding instruments which rely on LIBOR. Those risks arise in connection with transitioning such instruments to a new reference rate, the taking of discretionary actions or the negotiation of fallback provisions and final amendments to existing LIBOR based agreements. Payments under contracts referencing new reference rates may significantly differ from those referencing LIBOR. For some instruments, the method of transitioning to a new reference rate may be challenging, especially if parties to an instrument cannot agree as to how to effect that transition. If a contract is not transitioned to a new reference rate and LIBOR ceases to exist, the impact on our obligations is likely to vary by contract. In addition, prior to LIBOR cessation, instruments that continue to refer to LIBOR may be impacted if there is a change in the availability or calculation of LIBOR. The transition from LIBOR to an alternative reference rate may change our market risk profile and require changes to risk and pricing models, valuation tools, product design, information technology systems, reporting infrastructure, operational processes and controls, and hedging strategies. In many cases, we may be dependent on third parties to upgrade systems, software and other critical functions that could materially disrupt our readiness if they are not done on a timely basis or otherwise fail. Our assessment of the ultimate impact of, and our planning for, the transition from LIBOR remains ongoing. Failure to adequately manage the transition could have a material adverse effect on our reputation, business, financial condition and results of operations. See “MD&A-Market Risk Profile” for additional information. Our business could be negatively affected if we are unable to attract, retain and motivate skilled employees. Our success depends, in large part, on our ability to retain key senior leaders and to attract and retain skilled employees, particularly employees with advanced expertise in credit, risk, digital and technology skills. We depend on our senior leaders and skilled employees to oversee simultaneous, transformative initiatives across the enterprise and execute on our business plans in an efficient and effective manner. Competition for such senior leaders and employees, and the costs associated with attracting and retaining them, is high. Our ability to attract and retain qualified employees also is affected by perceptions of our culture and management, our profile in the regions where we have offices and the professional opportunities we offer. Regulation or regulatory guidance restricting executive compensation, as well as evolving investor expectations, may limit the types of compensation arrangements that we may enter into with our most senior leaders and could have a negative impact on our ability to attract, retain and motivate such leaders in support of our long-term strategy. These laws and regulations may not apply in the same manner to all financial institutions, and we therefore may face more restrictions than other institutions and companies with which we compete for talent. These laws and regulations may also hinder our ability to compete for talent with other industries. We rely upon our senior leaders not only for business success, but also to lead with integrity. To the extent our senior leaders behave in a manner that does not comport with our values, the consequences to our brand and reputation could be severe and could adversely affect our financial condition and results of operations. If we are unable to attract, develop and retain talented senior leadership and employees, or to implement appropriate succession plans for our senior leadership, our business could be negatively affected. We face risks from unpredictable catastrophic events. Despite the business contingency plans we have in place, such plans do not fully mitigate all potential business continuity risks to us. Natural disasters and other catastrophic events could harm our business and infrastructure, including our information technology systems and third-party platforms. Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia and New York metropolitan areas, as well as Richmond, Virginia and Plano, Texas. This may include a disruption involving damage or loss of access to a physical site, cyber incidents, terrorist activities, the occurrence or worsening of disease outbreaks or pandemics (including the COVID-19 pandemic), natural disasters, extreme weather events, electrical outage, environmental hazard, technological infrastructure, communications or other services we use, our employees or third parties with whom we conduct business. Our business, financial condition and results of operations may be impacted by any such disruption and our ability to implement corresponding response measures, including, for example, our ability to adapt to a remote work environment as a result of the ongoing COVID-19 pandemic and related response measures. In addition, if a natural disaster or other catastrophic event occurs in certain regions where our business and customers are concentrated, such as the mid-Atlantic, New York or Texas metropolitan areas, we could be disproportionately impacted as compared to our competitors. The impact of such events and other catastrophes on the overall economy may also adversely affect our financial condition and results of operations. We face risks from the use of or changes to assumptions or estimates in our financial statements. Pursuant to generally accepted accounting principles in the U.S. (“U.S. GAAP”), we are required to use certain assumptions and estimates in preparing our financial statements, including determining our allowance for credit losses, the fair value of certain assets and liabilities, and asset impairment, among other items. In addition, the FASB, the SEC and other regulatory bodies may change the financial accounting and reporting standards, including those related to assumptions and estimates we use to prepare our financial statements, in ways that we cannot predict and that could impact our financial statements. If actual results differ from the assumptions or estimates underlying our financial statements or if financial accounting and reporting standards are changed, we may experience unexpected material losses. For a discussion of our use of estimates in the preparation of our consolidated financial statements, see “MD&A-Critical Accounting Policies and Estimates” and “Note 1-Summary of Significant Accounting Policies.” Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock. We are a separate and distinct legal entity from our subsidiaries, including the Banks. Dividends to us from our direct and indirect subsidiaries, including the Banks, have represented a major source of funds for us to pay dividends on our common and preferred stock, repurchase common stock, make payments on corporate debt securities and meet other obligations. There are various federal law limitations on the extent to which the Banks can finance or otherwise supply funds to us through dividends and loans. These limitations include minimum regulatory capital requirements, federal banking law requirements concerning the payment of dividends out of net profits or surplus, Sections 23A and 23B of the Federal Reserve Act and Regulation W governing transactions between an insured depository institution and its affiliates, as well as general federal regulatory oversight to prevent unsafe or unsound practices. If our subsidiaries’ earnings are not sufficient to make dividend payments to us while maintaining adequate capital levels, our liquidity may be affected and we may not be able to make dividend payments to our common or preferred stockholders, repurchase our common stock, make payments on outstanding corporate debt securities or meet other obligations, each and any of which could have a material adverse impact on our results of operations, financial position or perception of financial health. See “Part I-Item 1.Business-Supervision and Regulation” for additional information regarding dividend limitations applicable to us and the Banks. The soundness of other financial institutions and other third parties could adversely affect us. Our ability to engage in routine funding and other transactions could be adversely affected by the stability and actions of other financial services institutions. Financial services institutions are interrelated as a result of trading, clearing, servicing, counterparty and other relationships. We have exposure to financial institutions, intermediaries and counterparties that are exposed to risks over which we have little or no control. In addition, we routinely execute transactions with counterparties in the financial services industry, including brokers and dealers, commercial banks, investment banks, mutual and hedge funds and other institutional clients, resulting in a significant credit concentration with respect to the financial services industry overall. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Likewise, adverse developments affecting the overall strength and soundness of our competitors, the financial services industry as a whole and the general economic climate or sovereign debt could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. In addition, adverse developments with respect to third parties with whom we have important relationships also could negatively impact perceptions about us. These perceptions about us could cause our business to be negatively affected and exacerbate the other risks that we face. Item 1B.

Removed paragraphs (12746 words)

Item 1A. Risk Factors This section highlights significant factors, events, and uncertainties that make an investment in our securities risky. The events and consequences discussed in these risk factors could, in circumstances we may not be able to accurately predict, recognize, or control, have a material adverse effect on our business, growth, reputation, prospects, financial condition, operating results, cash flows, liquidity, and stock price. These risk factors do not identify all risks that we face; our operations could also be affected by factors, events, or uncertainties that are not presently known to us or that we currently do not consider to present significant risks to our operations. In addition, the global economic and political climate amplifies many of these risks. General Economic and Market Risks Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business. We offer a broad array of financial products and services to consumers, small businesses and commercial clients. A prolonged period of economic volatility, slow growth, or a significant deterioration in economic conditions, in the United States, Canada or the United Kingdom, could have a material adverse effect on our financial condition and results of operations as customers default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the risks we face in connection with adverse changes and instability in the macroeconomic environment, including changes in consumer confidence levels and behavior, include the following: • Changes in payment patterns, increases in delinquencies and default rates, decreased consumer spending, lower demand for credit and shifts in consumer payment behavior towards avoiding late fees, finance charges and other fees; • Increases in our charge-off rate caused by bankruptcies and reduced ability to recover debt that we have previously charged-off; • Decreased reliability of the process and models we use to estimate our allowance for loan and lease losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models and data.” In the United Kingdom, changes in consumer behavior or an economic slowdown arising from the U.K.’s exit from the European Union (“Brexit”) could adversely affect our U.K. operations. The impact of Brexit and its full effects on us are uncertain and will depend on the post-Brexit relationships that the U.K. implements with the European Union (“EU”) and countries that are not a part of the EU. While Capital One does not have operations in any other EU jurisdictions, increased market volatility and global economic deterioration resulting from an uncontrolled Brexit could have a negative impact on credit conditions in the U.K. and negatively affect our business and financial condition. Financial market instability and volatility could adversely affect our business. Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions in the capital markets or other events, including actions by rating agencies and deteriorating investor expectations, which could limit our access to funding. In addition, fluctuations in interest rates, credit spreads and other market factors could negatively impact our results of operations. Both shorter-term and longer-term interest rates remain below long-term historical averages and the yield curve has been relatively flat compared to past periods. A flat yield curve combined with low interest rates generally leads to lower revenue and reduced margins because it tends to limit our ability to increase the spread between asset yields and funding costs. Sustained periods of time with a flat yield curve coupled with low interest rates, or an inversion of the yield curve, could have a material adverse effect on our net interest margin and earnings. Regulatory Risk Compliance with new and existing laws, regulations and regulatory expectations is costly and complex. We are subject to extensive regulatory oversight by the federal banking regulators to ensure that we build systems and processes that are commensurate with the nature of our business and that meet the risk management and prudential standards issued by our regulators. A wide array of banking and consumer lending laws apply to almost every aspect of our business. Failure to comply with these laws and regulations could result in financial, structural and operational penalties, including significant fines and criminal sanctions, and/or damage to our reputation with regulators, our customers or the public. Hiring, training and retaining qualified compliance and legal personnel, and establishing and maintaining compliance-related systems, infrastructure and processes, is difficult and these efforts could limit our ability to invest in other business opportunities. Furthermore, applicable rules and regulations may affect us in an unforeseen manner, or may have a disproportionate impact on us as compared to our competitors. For example, over the last several years, state and federal regulators have focused on compliance with the Bank Secrecy Act and anti-money laundering laws, data integrity and security, use of service providers, fair lending and other consumer protection issues. In July 2015, Capital One entered into a consent order with the OCC to address concerns about our anti-money laundering (“AML”) program and in October 2018, Capital One paid a civil monetary penalty assessed by the OCC relating to our AML program. The OCC lifted the AML consent order in November 2019. Failure to maintain compliance with AML laws and regulations could result in significant additional governmental fines or penalties. We have a large number of customer accounts in our credit card and auto lending businesses and we have made the strategic choice to originate and service subprime credit card and auto loans, which typically have higher delinquencies and charge-offs than prime customers. As a result, we have significant involvement with credit bureau reporting and the collection and recovery of delinquent and charged-off debt, primarily through customer communications, the filing of litigation against customers in default, the periodic sale of charged-off debt and vehicle repossession. These activities are subject to enhanced legal and regulatory scrutiny from regulators, courts and legislators. Any future changes to our business practices in these areas, including our debt collection practices, whether mandated by regulators, courts, legislators or otherwise, or any legal liabilities resulting from our business practices, including our debt collection practices, could have a material adverse impact on our financial condition. The legislative and regulatory environment is beyond our control, may change rapidly and unpredictably and may negatively influence our revenue, costs, earnings, growth, liquidity and capital levels. In addition, some rules and regulations may be subject to litigation or other challenges that delay or modify their implementation and impact on us. Adoption of new technologies, such as distributed ledger technologies, artificial intelligence and machine learning technologies, can present unforeseen challenges in applying and relying on existing compliance systems. Certain laws and regulations, and any interpretations and applications with respect thereto, may benefit consumers, borrowers and depositors, but not stockholders. Our success depends on our ability to maintain compliance with both existing and new laws and regulations. For a description of the material laws and regulations to which we are subject, see “Part I-Item 1. Business-Supervision and Regulation.” Credit Risk We may experience increased delinquencies, credit losses, inaccurate estimates and inadequate reserves. Like other lenders, we face the risk that our customers will not repay their loans. A customer’s ability and willingness to repay us can be adversely affected by increases in their payment obligations to other lenders, whether as a result of higher debt levels or rising interest rates, by restricted availability of credit generally, or by the revenue and income of the borrower. We may fail to quickly identify and reduce our exposure to customers that are likely to default on their payment obligations, whether by closing credit lines or restricting authorizations. Our ability to manage credit risk also is affected by legal or regulatory changes (such as restrictions on collections, bankruptcy laws, minimum payment regulations and re-age guidance), competitors’ actions and consumer behavior, and depends on the effectiveness of our collections staff, techniques and models. Rising losses or leading indicators of rising losses (such as higher delinquencies, higher rates of nonperforming loans, higher bankruptcy rates, lower collateral values, elevated unemployment rates or changing market terms) may require us to increase our allowance for loan and lease losses, which may degrade our profitability if we are unable to raise revenue or reduce costs to compensate for higher losses. In particular, we face the following risks in this area: • Missed Payments: Our customers may miss payments. Loan charge-offs (including from bankruptcies) are generally preceded by missed payments or other indications of worsening financial condition for our customers. Historically, customers are more likely to miss payments during an economic downturn or prolonged periods of slow economic growth. In addition, we face the risk that consumer and commercial customer behavior may change (for example, an increase in the unwillingness or inability of customers to repay debt, which may be heightened by increasing interest rates or levels of consumer debt), causing a long-term rise in delinquencies and charge-offs. • Incorrect Estimates of Inherent Losses: The credit quality of our portfolio can have a significant impact on our earnings. We allow for and reserve against credit risks based on our assessment of credit losses inherent in our loan portfolios. This process, which is critical to our financial condition and results of operations, requires complex judgments, including forecasts of economic conditions. We may underestimate our inherent losses and fail to hold an allowance for loan and lease losses sufficient to account for these losses. Incorrect assumptions could lead to material underestimations of inherent losses and inadequate allowance for loan and lease losses. In cases where we modify a loan, if the modifications do not perform as anticipated we may be required to build additional allowance on these loans. The build or release of allowances impacts our financial results. • Inaccurate Underwriting: Our ability to accurately assess the creditworthiness of our customers may diminish, which could result in an increase in our credit losses and a deterioration of our returns. See “Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk.” • Business Mix: We engage in a diverse mix of businesses with a broad range of potential credit exposure. Because we originate a relatively greater proportion of consumer loans in our loan portfolio compared to other large bank peers and originate both prime and subprime credit card accounts and auto loans, we may experience higher delinquencies and a greater number of accounts charging off compared to other large bank peers, which could result in increased credit losses, operating costs and regulatory scrutiny. Additionally, a change in this business mix over time to include proportionally more consumer loans or subprime credit card accounts or auto loans could adversely affect the credit quality of our portfolio. • Increasing Charge-off Recognition / Allowance for Loan and Lease Losses: We account for the allowance for loan and lease losses according to accounting and regulatory guidelines and rules, including Financial Accounting Standards Board (“FASB”) standards and the Federal Financial Institutions Examination Council (“FFIEC”) Account Management Guidance. Effective as of January 1, 2020, we are required to use the CECL model based on expected rather than incurred losses. Adoption of the CECL model will result in an increase to our reserves for credit losses on financial instruments with a resulting negative adjustment to retained earnings. The impact of CECL on our future results will depend on the characteristics of our financial instruments, economic conditions, and our economic and loss forecasts. The application of the CECL model may require us to increase reserves faster and to a higher level in an economic downturn, resulting in greater impact to our results and our capital ratios than we would have experienced in similar circumstances prior to the adoption of CECL. In addition, because credit cards represent a significant portion of our product mix, we could be disproportionately affected by use of the CECL model, as compared to other large bank peers with a different product mix. See “MD&A-Accounting Changes and Developments” for additional information. • Insufficient Asset Values: The collateral we have on secured loans could be insufficient to compensate us for loan losses. When customers default on their secured loans, we attempt to recover collateral where permissible and appropriate. However, the value of the collateral may not be sufficient to compensate us for the amount of the unpaid loan, and we may be unsuccessful in recovering the remaining balance from our customers. Decreases in real estate and other asset values adversely affect the collateral value for our commercial lending activities, while the auto business is similarly exposed to collateral risks arising from the auction markets that determine used car prices. Borrowers may be less likely to continue making payments on loans if the value of the property used as collateral for the loan is less than what the borrower owes, even if the borrower is still financially able to make the payments. In that circumstance, the recovery of such property could be insufficient to compensate us for the value of these loans upon a default. In our auto business, business and economic conditions that negatively affect household incomes, housing prices and consumer behavior, as well as technological advances that make older cars obsolete faster, could decrease (i) the demand for new and used vehicles and (ii) the value of the collateral underlying our portfolio of auto loans, which could cause the number of consumers who become delinquent or default on their loans to increase. • Geographic and Industry Concentration: Although our consumer lending is geographically diversified, approximately 27% of our commercial loan portfolio is concentrated in the tri-state area of New York, New Jersey and Connecticut. The regional economic conditions in the tri-state area affect the demand for our commercial products and services as well as the ability of our customers to repay their commercial loans and the value of the collateral securing these loans. An economic downturn or prolonged period of slow economic growth in, or a catastrophic event that disproportionately affects, the tri-state area could have a material adverse effect on the performance of our commercial loan portfolio and our results of operations. In addition, our Commercial Banking strategy includes an industry-specific focus. If any of the industries that we focus on experience changes, we may experience increased credit losses and our results of operations could be adversely impacted. For example, as of December 31, 2019, healthcare and healthcare-related real estate loans represented approximately 18% of our total commercial loan portfolio. If healthcare-related industries or any of the other industries that we focus on experience adverse changes, we may experience increased credit losses and our results of operations could be adversely impacted. Capital and Liquidity Risk We may not be able to maintain adequate capital or liquidity levels, which could have a negative impact on our financial results and our ability to return capital to our stockholders. Financial institutions are subject to extensive and complex capital and liquidity requirements. These requirements affect our ability to lend, grow deposit balances, make acquisitions and make most capital distributions. Failure to maintain adequate capital or liquidity levels, whether due to adverse developments in our business or the economy or to changes in the applicable requirements, could subject us to a variety of enforcement remedies available to our regulators. These include limitations on the ability to pay dividends and repurchase shares and the issuance of a capital directive to increase capital. Such limitations could have a material adverse effect on our business and results of operations. We consider various factors in the management of capital, including the impact of stress on our capital levels, as determined by both our internal modeling and the Federal Reserve’s modeling of our capital position in supervisory stress tests and CCAR. There can be significant differences between our modeling and the Federal Reserve’s estimates for a given scenario and between the capital needs suggested by our internal bank holding company scenarios relative to the supervisory scenarios. Therefore, although our estimated capital levels under stress disclosed as part of the CCAR or DFAST processes may suggest that we have substantial capacity to return capital to stockholders and remain well capitalized under stress, the Federal Reserve’s modeling, our internal modeling of another scenario or other factors related to our capital management process may result in a materially lower capacity to return capital to stockholders than that indicated by the projections released in the CCAR or DFAST processes. This in turn could lead to restrictions on our ability to pay dividends and engage in share repurchase transactions. See “Part I-Item 1. Business-Supervision and Regulation” for additional information. In addition, the current capital and liquidity requirements are subject to change. The Federal Banking Agencies finalized the Tailoring Rule in the fourth quarter of 2019. Under the Tailoring Rule, we are a Category III institution, and are no longer subject to the Basel III Advanced Approaches and associated capital requirements, but we continue to be subject to the countercyclical capital buffer and supplementary leverage ratio. In addition, the Federal Reserve is currently considering a proposed rule (the “Stress Capital Buffer Proposed Rule”) that would modify our current Basel III capital requirements and implement firm-specific stress capital requirements. If the Stress Capital Buffer Proposed Rule is not adopted substantially as proposed, or there are other changes to applicable capital and liquidity requirements, we could face unexpected or new limitations on our ability to pay dividends and engage in share repurchases. Operational Risk We face risks related to our operational, technological and organizational infrastructure. Our ability to retain and attract customers depends on our ability to develop, operate, and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions. Digital technology, data and software development are deeply embedded into our business model and how we work. Similar to other large corporations, we are exposed to operational risk that can manifest itself in many ways, such as errors in execution, inadequate processes, inaccurate models, faulty or disabled technological infrastructure, and fraud by employees or persons outside of our company. In addition, we are heavily dependent on the security, capability and continuous availability of the technology systems that we use to manage our internal financial and other systems, monitor risk and compliance with regulatory requirements, provide services to our customers, develop and offer new products and communicate with stakeholders. If we do not maintain the necessary operational, technological and organizational infrastructure to operate our business, including to maintain the security of that infrastructure, our business and reputation could be materially adversely affected. We also are subject to disruptions to our operating systems arising from events that are wholly or partially beyond our control, which may include computer viruses, electrical or telecommunications outages, design flaws in foundational components or platforms, availability and quality of vulnerability patches from key vendors, cyber-attacks (including Distributed Denial of Service (“DDOS”) and other attacks on our infrastructure as discussed below), natural disasters, other damage to property or physical assets, or events arising from local or larger scale politics, including terrorist acts. Any failure to maintain our infrastructure or disruption of our operating systems and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or result in potential liability to customers, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect. We also rely on the business infrastructure and systems of third parties with which we do business and to whom we outsource the operation, maintenance and development of our information technology and communications systems. We have migrated substantially all, and intend to migrate all, of our core information technology systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS. If we do not complete the transition or fail to administer these new environments in a well-managed, secure and effective manner, or if AWS platforms become unavailable or do not meet their service level agreements for any reason, we may experience unplanned service disruption or unforeseen costs which could result in material harm to our business and results of operations. We must successfully develop and maintain information, financial reporting, disclosure, data-protection and other controls adapted to our reliance on outside platforms and providers. In addition, AWS, or other service providers, could experience system breakdowns or failures, outages, downtime, cyber-attacks, adverse changes to financial condition, bankruptcy, or other adverse conditions, which could have a material adverse effect on our business and reputation. Thus, the substantial amount of our infrastructure that we outsource to AWS or to other third parties may increase our risk exposure. Any disruptions, failures or inaccuracies of our operational and technology systems and models, including those associated with improvements or modifications to such systems and models, could cause us to be unable to market and manage our products and services, manage our risk, meet our regulatory obligations or report our financial results in a timely and accurate manner, all of which could have a negative impact on our results of operations. In addition, our ongoing investments in infrastructure, which are necessary to maintain a competitive business, integrate acquisitions and establish scalable operations, may increase our expenses. As our business develops, changes or expands, additional expenses can arise as a result of a reevaluation of business strategies, management of outsourced services, asset purchases or other acquisitions, structural reorganization, compliance with new laws or regulations, or the integration of newly acquired businesses, or the occurrence of incidents such as the Cybersecurity Incident. If we are unable to successfully manage our expenses, our financial results will be negatively affected. Increased costs, reductions in revenue, reputational damage and business disruptions can result from the theft, loss or misuse of information, including as a result of a cyber-attack. Our products and services involve the gathering, authenticating, managing, processing, and the storage and transmission of sensitive and confidential information regarding our customers and their accounts, our employees and third parties with which we do business. Our ability to provide such products and services, many of which are web-based, depends upon the management and safeguarding of information, software, methodologies and business secrets. To provide these products and services to, as well as communicate with, our customers, we rely on information systems and infrastructure, including software and data engineering, and information security personnel, digital technologies, computer and email systems, software, networks and other web-based technologies. We also have arrangements in place with third parties through which we share and receive information about their customers who are or may become our customers. Technologies, systems, networks and devices of Capital One or our customers, employees, service providers or other third parties with whom we interact continue to be the subject of attempted unauthorized access, mishandling or misuse of information, denial-of-service attacks, computer viruses, website defacement, hacking, malware, ransomware, phishing or other forms of social engineering, and other forms of cyber-attacks designed to obtain confidential information, destroy data, disrupt or degrade service, sabotage systems or cause other damage, and other events. These threats, such as the Cybersecurity Incident, may derive from error, fraud or malice on the part of our employees, insiders or third parties or may result from accidental technological failure. Any of these parties may also attempt to fraudulently induce employees, customers, or other third-party users of our systems to disclose sensitive information in order to gain access to our data or that of our customers or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment. Further, cyber and information security risks for large financial institutions like us continue to increase due to the proliferation of new technologies, the use of the internet to conduct financial transactions, and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists, activists, formal and informal instrumentalities of foreign governments and other external parties. In addition, our customers access our products and services using computers, smartphones, tablets, and other mobile devices that are beyond our security control systems. The methods and techniques employed by perpetrators of fraud and others to attack, disable, degrade or sabotage platforms, systems and applications change frequently, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and persist for an extended period of time before being detected. For example, although we immediately fixed the configuration vulnerability that was exploited in the Cybersecurity Incident once we discovered the unauthorized access, a period of time elapsed between the occurrence of the unauthorized access and the time when we discovered it. In other circumstances, we and our third-party service providers and partners may be unable to anticipate or identify certain attack methods in order to implement effective preventative measures or mitigate or remediate the damages caused in a timely manner. We may also be unable to hire and develop talent capable of detecting, mitigating or remediating these risks. Although we seek to maintain a robust suite of authentication and layered information security controls, including our cyber threat analytics, data encryption and tokenization technologies, anti-malware defenses and vulnerability management program, any one or combination of these controls could fail to detect, mitigate or remediate these risks in a timely manner. We will likely face an increasing number of attempted cyber-attacks as we expand our mobile- and other internet-based products and services, as well as our usage of mobile and cloud technologies and as we provide more of these services to a greater number of retail clients. A disruption or breach, including as a result of a cyber-attack such as the Cybersecurity Incident, or media reports of perceived security vulnerabilities at Capital One or at third-party service providers, could result in significant legal and financial exposure, regulatory intervention, litigation and remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. We and other U.S. financial services providers continue to be targeted with evolving and adaptive cybersecurity threats from sophisticated third parties. We are continuing to assess the impact of the Cybersecurity Incident and there can be no assurance that additional unauthorized access or cyber incidents will not occur or that we will not suffer material losses in the future. Unauthorized access or cybersecurity incidents could occur more frequently and on a more significant scale. If future attacks like these are successful or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services. In addition, a breach or attack affecting one of our third-party service providers or partners could harm our business even if we do not control the service that is attacked. In addition, the increasing prevalence and the evolution of cyber-attacks and other efforts to breach or disrupt our systems or those of our partners, retailers or other market participants has led, and will likely continue to lead, to increased costs to us with respect to preventing, mitigating and remediating these risks, as well as any related attempted fraud. In order to address ongoing and future risks, including from the Cybersecurity Incident, we must expend significant resources to support protective security measures, investigate and remediate any vulnerabilities of our information systems and infrastructure and invest in new technology designed to mitigate security risks. The Cybersecurity Incident, or successful cyber-attacks at other large financial institutions or other market participants (whether or not we are impacted), could lead to a general loss of customer confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the financial system in general which could result in reduced use of our financial products. We have insurance against some cyber-risks and attacks, including insurance that is expected to cover certain costs associated with the Cybersecurity Incident; nonetheless, our insurance coverage may not be sufficient to offset the impact of a material loss event, and such insurance may increase in cost or cease to be available on commercial terms in the future. Potential data protection and privacy incidents, and our required compliance with regulations related to these areas, may increase our costs, reduce our revenue and limit our ability to pursue business opportunities. A breach, failure or other disruption of our information systems or infrastructure or data management processes, or those of our customers, partners, service providers or other market participants, could lead, depending on the nature of the incident, to the unauthorized or unintended access to and release, gathering, monitoring, misuse, loss or destruction of personal or confidential data about our customers, employees or other third parties in our possession. Any party that obtains this personal or confidential data through a breach or disruption may use this information for ransom, to be paid by us or a third-party, as part of a fraudulent activity that is part of a broader criminal activity, or for other illicit purposes. Further, such disruption or breach could also result in unauthorized access to our proprietary information, intellectual property, software, methodologies and business secrets and in unauthorized transactions in Capital One accounts or unauthorized access to personal or confidential information maintained by those entities. There has been a significant proliferation of consumer information available on the internet resulting from breaches of third-party entities, including personal information, log-in credentials and authentication data. While we were not directly involved in these third-party breach events, the stolen information can create a vulnerability for our customers if their Capital One log-in credentials are the same as or similar to the credentials that have been compromised on other sites. This vulnerability could include the risk of unauthorized account access, data loss and fraud. The use of artificial intelligence, “bots” or other automation software, can increase the velocity and efficacy of these types of attacks. We are continuing to assess the impact of the Cybersecurity Incident. The Cybersecurity Incident, other data security incidents we may experience in the future, or media reports of perceived security vulnerabilities at Capital One or at third-party service providers, could result in significant legal and financial exposure, regulatory intervention, remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. We are subject to a variety of continuously evolving and developing laws and regulations in the United States and abroad regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer and security of personal data. Significant uncertainty exists as privacy and data protection laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”). In addition, the General Data Protection Regulation (“GDPR”) applies EU data protection law to all companies processing data of EU residents, regardless of the company’s location. More recently, on January 1, 2020, the CCPA went into effect for companies doing business in California. These laws impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer and security of personal data, which may have adverse consequences, including severe monetary penalties. Our efforts to comply with PIPEDA, GDPR, CCPA and other privacy and data protection laws entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. The enactment of more restrictive laws, rules, regulations, or future enforcement actions or investigations could impact us through increased costs or restrictions on our business, and noncompliance could result in monetary or other penalties and significant legal liability. We face risks resulting from the extensive use of models and data. We rely on quantitative models, and our ability to manage data and aggregate data in an accurate and timely manner, assess and manage our various risk exposures, estimate certain financial values and manage compliance with required regulatory capital requirements. Models may be used in such processes as determining the pricing of various products, grading loans and extending credit, measuring interest rate and other market risks, predicting deposit levels or loan losses, assessing capital adequacy and calculating economic and regulatory capital levels, estimate the value of financial instruments and balance sheet items, and other operational functions. Our risk reporting and management, including business decisions based on information incorporating models, depend on the effectiveness of our models and our policies, programs, processes and practices governing how data is acquired, validated, stored, protected, processed and analyzed. Any issues with the quality or effectiveness of our data aggregation and validation procedures, as well as the quality and integrity of data inputs, formulas or algorithms, could result in inaccurate forecasts, ineffective risk management practices or inaccurate risk reporting. In addition, models based on historical data sets might not be accurate predictors of future outcomes and their ability to appropriately predict future outcomes may degrade over time. While we continuously update our policies, programs, processes and practices, many of our data management, aggregation, and implementation processes are manual and subject to human error or system failure. Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risk, to produce accurate financial, regulatory and operational reporting as well as to manage changing business needs. If our risk management framework is ineffective, we could suffer unexpected losses which could materially adversely affect our results of operation or financial condition. Also, any information we provide to the public or to our regulators based on poorly designed or implemented models could be inaccurate or misleading. Some of the decisions that our regulators make, including those related to capital distribution to our stockholders, could be affected adversely due to the perception that the quality of the models used to generate the relevant information is insufficient. Legal Risk Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry. Given the inherent uncertainties involved in litigation, government investigations and regulatory enforcement decisions, and the very large or indeterminate damages sought in some matters asserted against us, there can be significant uncertainty as to the ultimate liability we may incur from these kinds of matters. The finding, or even the assertion, of substantial legal liability against us could have a material adverse effect on our business and financial condition and could cause significant reputational harm to us, which could seriously harm our business. The Cybersecurity Incident has resulted in litigation, government investigations and other regulatory enforcement inquiries. In addition, financial institutions, such as ourselves, face significant regulatory scrutiny, which can lead to public enforcement actions. We and our subsidiaries are subject to comprehensive regulation and periodic examination by the Federal Reserve, the SEC, OCC, FDIC and CFPB. We have been subject to enforcement actions by many of these and other regulators and may continue to be involved in such actions, including governmental inquiries, investigations and enforcement proceedings, including by the OCC, Department of Justice, Financial Crimes Enforcement Network (“FinCEN”) and state Attorneys General. We expect that regulators and governmental enforcement bodies will continue taking formal enforcement actions against financial institutions in addition to addressing supervisory concerns through non-public supervisory actions or findings, which could involve restrictions on our activities, among other limitations that could adversely affect our business. In addition, a violation of law or regulation by another financial institution is likely to give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Furthermore, a single event may give rise to numerous and overlapping investigations and proceedings. These and other initiatives from governmental authorities and officials may subject us to further judgments, settlements, fines or penalties, or cause us to restructure our operations and activities or to cease offering certain products or services, all of which could harm our reputation or lead to higher operational costs. Litigation, government investigations and other regulatory actions could involve restrictions on our activities, generally subject us to significant fines, increased expenses, restrictions on our activities and damage to our reputation and our brand, and could adversely affect our business, financial condition and results of operations. For additional information regarding legal and regulatory proceedings that we are subject to, see “Note 18-Commitments, Contingencies, Guarantees and Others.” Other Business Risks We face intense competition in all of our markets. We operate in a highly competitive environment, whether in making loans, attracting deposits or in the global payments industry, and we expect competitive conditions to continue to intensify with respect to most of our products. We compete on the basis of the rates we pay on deposits and the rates and other terms we charge on the loans we originate or purchase, as well as the quality and range of our customer service, products, innovation and experience. This increasingly competitive environment is primarily a result of changes in technology, product delivery systems and regulation, as well as the emergence of new or significantly larger financial services providers, all of which may affect our customers’ expectations and demands. In addition to offering competitive products and services, we invest in and conduct marketing campaigns to attract and inform customers. Some of our competitors, including new and emerging competitors in the digital and mobile payments space and other financial technology providers, are not subject to the same regulatory requirements or legislative scrutiny to which we are subject, which also could place us at a competitive disadvantage, in particular in the development of new technology platforms or the ability to rapidly innovate. We compete with many forms of payments offered by both bank and non-bank providers, including a variety of new and evolving alternative payment mechanisms, systems and products, such as aggregators and web-based and wireless payment platforms or technologies, digital or “crypto” currencies, prepaid systems and payment services targeting users of social networks, communications platforms and online gaming. If we are unable to continue to keep pace with innovation, do not effectively market our products and services or are prohibited from or unwilling to enter emerging areas of competition, our business and results of operations could be adversely affected. Some of our competitors are substantially larger than we are, which may give those competitors advantages, including a more diversified product and customer base, the ability to reach more customers and potential customers, operational efficiencies, broad-based local distribution capabilities, lower-cost funding and larger existing branch networks. Many of our competitors are also focusing on cross-selling their products and developing new products or technologies, which could affect our ability to maintain or grow existing customer relationships or require us to offer lower interest rates or fees on our lending products or higher interest rates on deposits. Competition for loans could result in origination of fewer loans, earning less on our loans or an increase in loans that perform below expectations. As of December 31, 2019, we operate as one of the largest online direct banks in the United States by deposits. While direct banking provides a significant opportunity to attract new customers that value greater and more flexible access to banking services at reduced costs, we face strong and increasing competition in the direct banking market. Aggressive pricing throughout the industry may adversely affect the retention of existing balances and the cost-efficient acquisition of new deposit funds and may affect our growth and profitability. Customers could also close their online accounts or reduce balances or deposits in favor of products and services offered by competitors for other reasons. These shifts, which could be rapid, could result from general dissatisfaction with our products or services, including concerns over pricing, online security or our reputation. The potential consequences of this competitive environment are exacerbated by the flexibility of direct banking and the financial and technological sophistication of our online customer base. In our credit card business, competition for rewards customers may result in higher rewards expenses, or we may fail to attract new customers or retain existing rewards customers due to increasing competition for these consumers. We have expanded the loan portfolio in our partnership business with the additions of a number of large partnerships. The market for key business partners, especially in the credit card business, is very competitive, and we may not be able to grow or maintain these partner relationships. We face the risk that we could lose partner relationships, even after we have invested significant resources, time and expense into acquiring and developing the relationships. The loss of any of our key business partners could have a negative impact on our results of operations, including lower returns, excess operating expense and excess funding capacity. We depend on our partners to effectively promote our cobrand and private label products and integrate the use of our credit cards into their retail operations. The failure by our partners to effectively promote and support our products as well as changes they may make in their business models could adversely affect card usage and our ability to achieve the growth and profitability objectives of our partnerships. In addition, if our partners do not adhere to the terms of our program agreements and standards, or otherwise diminish the value of our brand, we may suffer reputational damage and customers may be less likely to use our products. Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have, may offer richer value propositions or a wider range of programs and services than we offer or may use more effective advertising, marketing or cross-selling strategies to acquire and retain more customers, capture a greater share of spending and borrowings, attain and develop more attractive cobrand card programs and maintain greater merchant acceptance than we have. We may not be able to compete effectively against these threats or respond or adapt to changes in consumer spending habits as effectively as our competitors. In such a competitive environment, we may lose entire accounts or may lose account balances to competing firms, or we may find it more costly to maintain our existing customer base. Customer attrition from any or all of our lending products, together with any lowering of interest rates or fees that we might implement to retain customers, could reduce our revenues and therefore our earnings. Similarly, unexpected customer attrition from our deposit products, in addition to an increase in rates or services that we may offer to retain deposits, may increase our expenses and therefore reduce our earnings. Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit card networks and by regulation and legislation impacting such fees. Credit card interchange fees are generally one of the largest components of the costs that merchants pay in connection with the acceptance of credit cards and are a meaningful source of revenue for our credit card businesses. Interchange fees are the subject of significant and intense global legal, regulatory and legislative focus, and the resulting decisions, regulations and legislation may have a material adverse impact on our overall business, financial condition and results of operations. Regulators and legislative bodies in a number of countries are seeking to reduce credit card interchange fees through legislation, competition-related regulatory proceedings, central bank regulation and or litigation. Interchange reimbursement rates in the United States are set by credit card networks such as MasterCard and Visa. In some jurisdictions, such as Canada and certain countries in the EU, interchange fees and related practices are subject to regulatory activity that has limited the ability of certain networks to establish default rates, including in some cases imposing caps on permissible interchange fees. We have already experienced these impacts in our international card businesses. Legislators and regulators around the world are aware of each other’s approaches to the regulation of the payments industry. Consequently, a development in one country, state or region may influence regulatory approaches in another, such as our primary market, the United States. In addition to this regulatory activity, merchants are also seeking avenues to reduce interchange fees. During the past few years, merchants and their trade groups have filed numerous lawsuits against Visa, MasterCard, American Express and their card-issuing banks, claiming that their practices toward merchants, including interchange and similar fees, violate federal antitrust laws. In 2005, a number of entities filed antitrust lawsuits against MasterCard and Visa and several member banks, including our subsidiaries and us, alleging among other things, that the defendants conspired to fix the level of interchange fees. In December 2013, the U.S. District Court for the Eastern District of New York granted final approval of the proposed class settlement. The settlement provided, among other things, that merchants would be entitled to join together to negotiate lower interchange fees. The settlement was appealed to the Second Circuit Court of Appeals, which rejected the settlement in June 2016; a revised settlement was reached in the second half of 2018, and the trial court issued its final approval of the settlement in December 2019. See “Note 18-Commitments, Contingencies, Guarantees and Others” for further details. Some major retailers may have sufficient bargaining power to independently negotiate lower interchange fees with MasterCard and Visa, which could, in turn, result in lower interchange fees for us when our cardholders undertake purchase transactions with these retailers. In 2016, some of the largest merchants individually negotiated lower interchange rates with MasterCard and/or Visa. These and other merchants also continue to lobby aggressively for caps and restrictions on interchange fees and their efforts may be successful or they may in the future bring legal proceedings against us or other credit card and debit card issuers and networks. Beyond pursuing litigation, legislation and regulation, merchants may also promote forms of payment with lower fees, such as ACH-based payments, or seek to impose surcharges at the point of sale for use of credit or debit cards. New payment systems, particularly mobile-based payment technologies, could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit card accounts as a payment method. The heightened focus by merchants and regulatory and legislative bodies on the fees charged by credit and debit card networks, and the ability of certain merchants to successfully negotiate discounts to interchange fees with MasterCard and Visa or develop alternative payment systems, could result in a reduction of interchange fees. Any resulting loss in income to us could have a material adverse effect on our business, financial condition and results of operations. If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. Our industry is subject to rapid and significant technological changes and our ability to meet our customers’ needs and expectations is key to our ability to grow revenue and earnings. We expect digital technologies to have a significant impact on banking over time. Consumers expect robust digital experiences from their financial services providers. The ability for customers to access their accounts and conduct financial transactions using digital technology, including mobile applications, is an important aspect of the financial services industry and financial institutions are rapidly introducing new digital and other technology-driven products and services that aim to offer a better customer experience and to reduce costs. We continue to invest in digital technology designed to attract new customers, facilitate the ability of existing customers to conduct financial transactions and enhance the customer experience related to our products and services. Our continued success depends, in part, upon our ability to address the needs of our customers by using digital technology to provide products and services that meet their expectations. The development and launch of new digital products and services depends in large part on our capacity to invest in and build the technology platforms that can enable them, in a cost effective and timely manner. See “We face intense competition in all of our markets” and “We face risks related to our operational, technological and organizational infrastructure.” Some of our competitors are substantially larger than we are, which may allow those competitors to invest more money into their technology infrastructure and digital innovation than we do. In addition, we face intense competition from smaller companies which experience lower cost structures and different regulatory requirements and scrutiny than we do, and which may allow them to innovate more rapidly than we can. See “We face intense competition in all of our markets.” Further, our success depends on our ability to attract and retain strong digital and technology leaders, engineers and other specialized personnel. The competition is intense, and the compensation costs continue to increase for such talent. If we are unable to attract and retain digital and technology talent, our ability to offer digital products and services and build the necessary technology infrastructure could be negatively affected, which could negatively impact our business and financial results. A failure to maintain or enhance our competitive position with respect to digital products and services, whether because we fail to anticipate customer expectations or because our technological developments fail to perform as desired or are not implemented in a timely or successful manner, could negatively impact our business and financial results. We may fail to realize all of the anticipated benefits of our mergers, acquisitions and strategic partnerships. We have engaged in merger and acquisition activity and entered into strategic partnerships over the past several years. We continue to evaluate and anticipate engaging in, among other merger and acquisition activity, additional strategic partnerships and selected acquisitions of financial institutions and other acquisition targets, including credit card and other loan portfolios. We may not be able to identify and secure future acquisition targets on terms and conditions that are acceptable to us, or successfully complete within the anticipated time frame and achieving the anticipated benefits of proposed mergers, acquisitions and strategic partnerships, which could impair our growth. Any merger, acquisition or strategic partnership we undertake entails certain risks, which may materially and adversely affect our results of operations. If we experience greater than anticipated costs to integrate acquired businesses into our existing operations, or are not able to achieve the anticipated benefits of any merger, acquisition or strategic partnership, including cost savings and other synergies, our business could be negatively affected. In addition, it is possible that the ongoing integration processes could result in the loss of key employees, errors or delays in systems implementation, exposure to cybersecurity risks associated with acquired businesses, exposure to additional regulatory oversight, the disruption of our ongoing businesses or inconsistencies in standards, controls, procedures and policies that adversely affect our ability to maintain relationships with partners, clients, customers, depositors and employees or to achieve the anticipated benefits of any merger, acquisition or strategic partnership. Integration efforts also may divert management attention and resources. These integration matters may have an adverse effect on us during any transition period. In addition, we may face the following risks in connection with any merger, acquisition or strategic partnership: • New Businesses and Geographic or Other Markets: Our merger, acquisition or strategic partnership activity may involve our entry into new businesses and new geographic areas or other markets which present risks resulting from our relative inexperience in these new businesses or markets. These new businesses or markets may change the overall character of our consolidated portfolio of businesses and alter our exposure to economic and other external factors. We face the risk that we will not be successful in these new businesses or in these new markets. • Identification and Assessment of Merger and Acquisition Targets and Deployment of Acquired Assets: We may not be able to identify, acquire or partner with suitable targets. Further, our ability to achieve the anticipated benefits of any merger, acquisition or strategic partnership will depend on our ability to assess the asset quality and value of the particular assets or institutions we partner with, merge with or acquire. We may be unable to profitably deploy any assets we acquire. • Accuracy of Assumptions: In connection with any merger, acquisition or strategic partnership, we may make certain assumptions relating to the proposed merger, acquisition or strategic partnership that may be, or may prove to be, inaccurate, including as a result of the failure to realize the expected benefits of any merger, acquisition or strategic partnership. The inaccuracy of any assumptions we may make could result in unanticipated consequences that could have a material adverse effect on our results of operations or financial condition. • Target-specific Risk: Assets and companies that we acquire, or companies that we enter into strategic partnerships with, will have their own risks that are specific to a particular asset or company. These risks include, but are not limited to, particular or specific regulatory, accounting, operational, reputational and industry risks, any of which could have a material adverse effect on our results of operations or financial condition. For example, we may face challenges associated with integrating other companies due to differences in corporate culture, compliance systems or standards of conduct. Indemnification rights, if any, may be insufficient to compensate us for any losses or damages resulting from such risks. In addition to regulatory approvals discussed below, certain of our merger, acquisition or partnership activity may require third-party consents in order for us to fully realize the anticipated benefits of any such transaction. • Conditions to Regulatory Approval: Certain acquisitions may not be consummated without obtaining approvals from one or more of our regulators. We cannot be certain when or if, or on what terms and conditions, any required regulatory approvals will be granted. Consequently, we might be required to sell portions of acquired assets or our own assets as a condition to receiving regulatory approval or we may not obtain regulatory approval for a proposed acquisition on acceptable terms or at all, in which case we would not be able to complete the acquisition despite the time and expenses invested in pursuing it. Reputational risk and social factors may impact our results and damage our brand. Our ability to attract and retain customers is highly dependent upon the perceptions of consumer and commercial borrowers and deposit holders and other external perceptions of our products, services, trustworthiness, business practices, workplace culture, compliance practices or our financial health. In addition, our brand is very important to us. Maintaining and enhancing our brand depends largely on our ability to continue to provide high-quality products and services. Adverse perceptions regarding our reputation in the consumer, commercial and funding markets could lead to difficulties in generating and maintaining accounts as well as in financing them. In particular, negative public perceptions regarding our reputation, including negative perceptions regarding our ability to maintain the security of our technology systems and protect customer data, could lead to decreases in the levels of deposits that consumer and commercial customers and potential customers choose to maintain with us or significantly increase the costs of attracting and retaining customers. In addition, negative perceptions regarding certain industries, partners or clients could also prompt us to cease business activities associated with those entities. Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending practices, regulatory compliance, security breaches (including the use and protection of customer information, such as a result of the Cybersecurity Incident), corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct. Such conduct could fall short of our customers’ and the public’s heightened expectations of companies of our size with rigorous data, privacy and compliance practices, and could further harm our reputation. In addition, our cobrand and private label partners or other third parties with whom we have important relationships may take actions over which we have limited control that could negatively impact perceptions about us or the financial services industry. The proliferation of social media may increase the likelihood that negative public opinion from any of the events discussed above will impact our reputation and business. In addition, a variety of social factors may cause changes in borrowing activity, including credit card use, payment patterns and the rate of defaults by account holders and borrowers domestically and internationally. These social factors include changes in consumer confidence levels, the public’s perception regarding the banking industry and consumer debt, including credit card use, and changing attitudes about the stigma of bankruptcy. If consumers develop or maintain negative attitudes about incurring debt, or if consumption trends decline or if we fail to maintain and enhance our brand, or we incur significant expenses to do so, our business and financial results could be materially and negatively affected. If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. We rely on a variety of measures to protect and enhance our intellectual property, including copyrights, trademarks, trade secrets, patents and certain restrictions on disclosure, solicitation and competition. We also undertake other measures to control access to and distribution of our other proprietary information. These measures may not prevent misappropriation of our proprietary information or infringement of our intellectual property rights and a resulting loss of competitive advantage. In addition, our competitors or other third parties may file patent applications for innovations that are used in our industry or allege that our systems, processes or technologies infringe on their intellectual property rights. If our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation against us, we could lose significant revenues, incur significant license, royalty or technology development expenses, or pay significant damages. Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. Management of market, credit, liquidity, operational and compliance risk requires, among other things, policies and procedures to properly record and verify a large number of transactions and events. See “MD&A-Risk Management” for further details. Even though we continue to devote significant resources to developing our risk management framework, our risk management strategies may not be fully effective in identifying and mitigating our risk exposure in all market environments or against all types of risk, including risks that are unidentified or unanticipated. Some of our methods of managing these risks are based upon our use of observed historical market behavior and management’s judgment. These methods may not accurately predict future exposures, which could be significantly greater than the historical measures indicate and market conditions, particularly during a period of financial market stress can involve unprecedented dislocations. Credit risk is inherent in the financial services business and results from, among other things, extending credit to customers. Our ability to assess the creditworthiness of our customers may be impaired if the models and approaches we use to select, manage and underwrite our consumer and commercial customers become less predictive of future charge-offs due, for example, to rapid changes in the economy, including tariff rates and international trade relations. While we employ a broad and diversified set of risk monitoring and risk mitigation techniques, those techniques and the judgments that accompany their application cannot anticipate every economic and financial outcome or the timing of such outcomes. For example, our ability to implement our risk management strategies may be hindered by adverse changes in the volatility or liquidity conditions in certain markets and as a result, may limit our ability to distribute such risks (for instance, when we seek to syndicate exposure in bridge financing transactions we have underwritten). We may, therefore, incur losses in the course of our risk management or investing activities. Changes in consumer behavior and adoption of digital technology may change retail distribution strategies and adversely impact our investments in our bank premises and equipment and other retail distribution assets, leading to increased costs and exposure to additional risks. We have significant investments in bank premises and equipment for our branch network and other branch banking assets including our banking centers and our retail work force. Advances in technology such as digital and mobile banking, in-branch self-service technologies, proximity or remote payment technologies, as well as changing customer preferences for these other methods of banking, could decrease the value of our branch network or other retail distribution assets. As a result, we will continue to adapt our retail distribution strategy. For example, we may close, sell and/or renovate additional branches or parcels of land held for development and restructure or reduce our remaining branches and work force. These actions could lead to losses on these assets or could adversely impact the carrying value of other long-lived assets, reduce our revenues, increase our expenditures, dilute our brand and/or reduce customer demand for our products and services. Further, to the extent that we change our retail distribution strategy and as a result expand into new business areas, we may face more competitors with more experience in the new business areas and more established relationships with relevant customers, regulators and industry participants, which could adversely affect our ability to compete. Our competitors may also be subject to less burdensome regulations. See “We face intense competition in all of our markets.” Fluctuations in market interest rates or volatility in the capital markets could adversely affect our income and expense, the value of assets and obligations, our regulatory capital, cost of capital or liquidity. Like other financial institutions, our business is sensitive to market interest rate movements and the performance of the capital markets. Disruptions, uncertainty or volatility across the capital markets could negatively impact market liquidity and limit our access to the funding required to operate and grow our business. In addition, changes in interest rates or in valuations in the debt or equity markets could directly impact us. For example, we borrow money from other institutions and depositors, which we use to make loans to customers and invest in debt securities and other earning assets. We earn interest on these loans and assets and pay interest on the money we borrow from institutions and depositors. The interest rates that we pay on the securities we have issued are also influenced by, among other things, applicable credit ratings from recognized rating agencies. A downgrade to any of these credit ratings could affect our ability to access the capital markets, increase our borrowing costs and have a negative impact on our results of operations. Increased charge-offs, rising London Interbank Offering Rate (“LIBOR”) or other applicable reference rates and other events may cause our securitization transactions to amortize earlier than scheduled, which could accelerate our need for additional funding from other sources. Fluctuations in interest rates, including changes in the relationship between short-term rates and long-term rates and in the relationship between our funding basis rate and our lending basis rate, may have negative impacts on our net interest income and therefore our earnings. In addition, interest rate fluctuations and competitor responses to those changes may affect the rate of customer prepayments for auto and other term loans and may affect the balances customers carry on their credit cards. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional delinquencies or charge-offs and negatively impact our results of operations. These changes can reduce the overall yield on our earning asset portfolio. Changes in interest rates and competitor responses to these changes may also impact customer decisions to maintain balances in the deposit accounts they have with us. An inability to attract or maintain deposits could materially affect our ability to fund our business and our liquidity position. Many other financial institutions have increased their reliance on deposit funding and, as such, we expect continued competition in the deposit markets. We cannot predict how this competition will affect our costs. If we are required to offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. We assess our interest rate risk by estimating the effect on our earnings, economic value and capital under various scenarios that differ based on assumptions about the direction and the magnitude of interest rate changes. We take risk mitigation actions based on those assessments. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. See “MD&A-Market Risk Profile” for additional information. Uncertainty regarding, and transition away from, LIBOR may adversely affect our business. The U.K. Financial Conduct Authority, which regulates LIBOR, has announced that it will no longer compel banks to contribute data for the calculation of LIBOR after December 31, 2021. It is likely that banks will no longer continue to contribute submissions for the calculation of LIBOR after that date, which creates significant uncertainty around the publication of LIBOR beyond 2021 and whether LIBOR will continue to be viewed as a reliable market benchmark. It remains unclear what rate or rates may develop as accepted alternatives to LIBOR, or what the effect of such changes will be on the markets for LIBOR-based financial instruments. The Secured Overnight Financing Rate (“SOFR”) has been recommended by the Alternative Reference Rates Committee as an alternative for USD LIBOR, but issues and uncertainty remain with respect to its implementation. Given LIBOR’s extensive use across financial markets, the transition away from LIBOR presents several risks and challenges to the financial markets and financial institutions, including Capital One. We have loans, derivative contracts, unsecured debt, securitizations, vendor agreements and other instruments with attributes that are either directly or indirectly dependent on LIBOR. Uncertainty as to the nature of potential changes, alternative reference rates such as SOFR, or other reforms may adversely affect market liquidity, the pricing of LIBOR-based instruments, and the availability and cost of associated hedging instruments and borrowings. If SOFR or another rate does not achieve wide acceptance as the alternative to LIBOR, there likely will be disruption to the markets relying on the availability of a broadly accepted reference rate. In addition, uncertainty regarding LIBOR could result in loss of market share in certain products, adverse tax or accounting impacts, compliance, legal or operational costs and risks associated with client disclosures, as well as systems disruption, model disruption and other business continuity issues for us. Even if SOFR or another reference rate becomes a widely acceptable replacement for LIBOR, risks will remain for us with respect to outstanding instruments which rely on LIBOR. Those risks arise in connection with transitioning such instruments to a new reference rate, the taking of discretionary actions or the negotiation of fallback provisions and final amendments to existing LIBOR based agreements. Payments under contracts referencing new reference rates may significantly differ from those referencing LIBOR. For some instruments, the method of transitioning to a new reference rate may be challenging, especially if parties to an instrument cannot agree as to how to effect that transition. If a contract is not transitioned to a new reference rate and LIBOR ceases to exist, the impact on our obligations is likely to vary by contract. In addition, prior to LIBOR cessation, instruments that continue to refer to LIBOR may be impacted if there is a change in the availability or calculation of LIBOR. The transition from LIBOR to an alternative reference rate may change our market risk profile and require changes to risk and pricing models, valuation tools, product design, information technology systems, reporting infrastructure, operational processes and controls, and hedging strategies. In many cases, we may be dependent on third parties to upgrade systems, software and other critical functions that could materially disrupt our readiness if they are not done on a timely basis or otherwise fail. Our assessment of the ultimate impact of, and our planning for, the transition from LIBOR remains ongoing. Failure to adequately manage the transition could have a material adverse effect on our reputation, business, financial condition and results of operations. See “MD&A-Market Risk Profile” for additional information. Our business could be negatively affected if we are unable to attract, retain and motivate skilled employees. Our success depends, in large part, on our ability to retain key senior leaders and to attract and retain skilled employees, particularly employees with advanced expertise in credit, risk and digital and technology skills. We depend on our senior leaders and skilled employees to oversee simultaneous, transformative initiatives across the enterprise and execute on our business plans in an efficient and effective manner. Competition for such senior leaders and employees, and the costs associated with attracting and retaining them, is high. Our ability to attract and retain qualified employees also is affected by perceptions of our culture and management, our profile in the regions where we have offices and the professional opportunities we offer. Regulation or regulatory guidance restricting executive compensation, as well as evolving investor expectations, may limit the types of compensation arrangements that we may enter into with our most senior leaders and could have a negative impact on our ability to attract, retain and motivate such leaders in support of our long-term strategy. These laws and regulations may not apply in the same manner to all financial institutions, and we therefore may face more restrictions than other institutions and companies with which we compete for talent. These laws and regulations may also hinder our ability to compete for talent with other industries. We rely upon our senior leaders not only for business success, but also to lead with integrity. To the extent our senior leaders behave in a manner that does not comport with our values, the consequences to our brand and reputation could be severe and could adversely affect our financial condition and results of operations. If we are unable to attract, develop and retain talented senior leadership and employees, or to implement appropriate succession plans for our senior leadership, our business could be negatively affected. We face risks from unpredictable catastrophic events. Despite the business contingency plans we have in place, such plans do not fully mitigate all potential business continuity risks to us. Natural disasters and other catastrophic events could harm our business and infrastructure, including our information technology systems and third-party platforms. Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia and New York metropolitan areas, as well as Richmond, Virginia and Plano, Texas. This may include a disruption involving damage or loss of access to a physical site, cyber incidents, terrorist activities, disease pandemics, natural disasters, extreme weather events, electrical outage, environmental hazard, technological infrastructure, communications or other services we use, our employees or third parties with whom we conduct business. In addition, if a natural disaster or other catastrophic event occurs in certain regions where our business and customers are concentrated, such as the mid-Atlantic, New York or Texas metropolitan areas, we could be disproportionately impacted as compared to our competitors. The impact of such events and other catastrophes on the overall economy may also adversely affect our financial condition and results of operations. We face risks from the use of or changes to assumptions or estimates in our financial statements. Pursuant to generally accepted accounting principles in the U.S. (“U.S. GAAP”), we are required to use certain assumptions and estimates in preparing our financial statements, including determining our allowance for loan and lease losses, the fair value of certain assets and liabilities, and asset impairment, among other items. In addition, the FASB, the SEC and other regulatory bodies may change the financial accounting and reporting standards, including those related to assumptions and estimates we use to prepare our financial statements, in ways that we cannot predict and that could impact our financial statements. For example, as of January 1, 2020, we are required to apply the CECL model based on expected lifetime losses rather than incurred losses, which will increase the impact of estimates on our reported results. If actual results differ from the assumptions or estimates underlying our financial statements or if financial accounting and reporting standards are changed, we may experience unexpected material losses. For a discussion of our use of estimates in the preparation of our consolidated financial statements, see “MD&A-Critical Accounting Policies and Estimates” and “Note 1-Summary of Significant Accounting Policies.” Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock. We are a separate and distinct legal entity from our subsidiaries, including the Banks. Dividends to us from our direct and indirect subsidiaries, including the Banks, have represented a major source of funds for us to pay dividends on our common and preferred stock, repurchase common stock, make payments on corporate debt securities and meet other obligations. There are various federal law limitations on the extent to which the Banks can finance or otherwise supply funds to us through dividends and loans. These limitations include minimum regulatory capital requirements, federal banking law requirements concerning the payment of dividends out of net profits or surplus, Sections 23A and 23B of the Federal Reserve Act and Regulation W governing transactions between an insured depository institution and its affiliates, as well as general federal regulatory oversight to prevent unsafe or unsound practices. If our subsidiaries’ earnings are not sufficient to make dividend payments to us while maintaining adequate capital levels, our liquidity may be affected and we may not be able to make dividend payments to our common or preferred stockholders, repurchase our common stock, make payments on outstanding corporate debt securities or meet other obligations, each and any of which could have a material adverse impact on our results of operations, financial position or perception of financial health. The soundness of other financial institutions and other third parties could adversely affect us. Our ability to engage in routine funding and other transactions could be adversely affected by the stability and actions of other financial services institutions. Financial services institutions are interrelated as a result of trading, clearing, servicing, counterparty and other relationships. We have exposure to financial institutions, intermediaries and counterparties that are exposed to risks over which we have little or no control. In addition, we routinely execute transactions with counterparties in the financial services industry, including brokers and dealers, commercial banks, investment banks, mutual and hedge funds and other institutional clients, resulting in a significant credit concentration with respect to the financial services industry overall. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Likewise, adverse developments affecting the overall strength and soundness of our competitors, the financial services industry as a whole and the general economic climate or sovereign debt could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. In addition, adverse developments with respect to third parties with whom we have important relationships also could negatively impact perceptions about us. These perceptions about us could cause our business to be negatively affected and exacerbate the other risks that we face. Item 1B.

Current §1A text (2020)

Show full section (14557 words)

Item 1A. Risk Factors This section highlights significant factors, events, and uncertainties that make an investment in our securities risky. The events and consequences discussed in these risk factors could, in circumstances we may not be able to accurately predict, recognize, or control, have a material adverse effect on our business, growth, reputation, prospects, financial condition, operating results, cash flows, liquidity, and stock price. These risk factors do not identify all risks that we face; our operations could also be affected by factors, events, or uncertainties that are not presently known to us or that we currently do not consider to present significant risks to our operations. In addition, the global economic and political climate may amplify many of these risks. Summary of Risk Factors Below is a summary of the principal factors that make an investment in our securities risky. This summary does not address all of the risks that we face. Additional discussion of the risks summarized in this risk factor summary, and other risks that we face, can be found below and should be carefully considered, together with other information in this Form 10-K and our other filings with the SEC, before making an investment decision regarding our common stock. •The COVID-19 pandemic has adversely impacted our business and financial results, and the extent to which the pandemic and measures taken in response to the pandemic could materially and adversely impact our business, financial condition, liquidity, capital and results of operations will depend on future developments, which are highly uncertain and are difficult to predict. •Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business. •Financial market instability and volatility could adversely affect our business. •We may experience increased delinquencies, credit losses, inaccurate estimates and inadequate reserves. •We may not be able to maintain adequate capital or liquidity levels, which could have a negative impact on our financial results and our ability to return capital to our stockholders. •We face risks related to our operational, technological and organizational infrastructure. •Theft, loss or misuse of information as a result of a cyber-attack may result in increased costs, reductions in revenue, reputational damage and business disruptions. •Potential data protection and privacy incidents, and our required compliance with regulations related to these areas, may increase our costs, reduce our revenue and limit our ability to pursue business opportunities. •Compliance with new and existing laws, regulations and regulatory expectations is costly and complex. •Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. •We face intense competition in all of our markets. •Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit card networks and by legislation and regulation impacting such fees. •If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. •We may fail to realize all of the anticipated benefits of our mergers, acquisitions and strategic partnerships. •Reputational risk and social factors may impact our results and damage our brand. •If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. •Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. •Fluctuations in market interest rates or volatility in the capital markets could adversely affect our income and expense, the value of assets and obligations, our regulatory capital, cost of capital or liquidity. •Uncertainty regarding, and transition away from, LIBOR may adversely affect our business. •Our business could be negatively affected if we are unable to attract, retain and motivate skilled employees. •We face risks from unpredictable catastrophic events. •We face risks from the use of or changes to assumptions or estimates in our financial statements. •Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock. •The soundness of other financial institutions and other third parties could adversely affect us. General Economic and Market Risks The COVID-19 pandemic has adversely impacted our business and financial results, and the extent to which the pandemic and measures taken in response to the pandemic could materially and adversely impact our business, financial condition, liquidity, capital and results of operations will depend on future developments, which are highly uncertain and are difficult to predict. Global health concerns relating to the COVID-19 pandemic and related government actions taken to reduce the spread of the virus have impacted the macroeconomic environment, significantly increased economic uncertainty and reduced economic activity. The pandemic has also caused governmental authorities to implement numerous measures to try to contain the virus, including travel bans and restrictions, quarantines, shelter-in-place orders, and business limitations and shutdowns. These measures have negatively impacted and may further negatively impact consumer and business payment and spending patterns. The COVID-19 pandemic has adversely impacted, and may continue to adversely impact, our business, operations, financial condition, capital and results of operations. The extent of these impacts depends on future developments, which are highly uncertain and difficult to predict, including, but not limited to, the duration and magnitude of the pandemic, the actions taken to contain the virus or treat its impact, the effectiveness of economic stimulus measures in the United States, and how quickly and to what extent economic and operating conditions and consumer and business spending can return to their pre-pandemic levels. As of December 31, 2020, several vaccines have been authorized for limited distribution. The plan for larger community-based distribution is being developed and may begin during the second quarter of 2021. However, the timing and extent of any such widespread distribution of vaccines remains uncertain. As a result of this uncertainty, our purchase volume, loan growth and the overall demand for our products and services may be significantly impacted, which could adversely affect our revenue and other results of operations. In addition, we could experience higher credit losses in our loan portfolios and increases in our allowance for credit losses beyond current levels. For example, as a result of the significant uncertainty due to the COVID-19 pandemic, we realized a substantial build in our allowance for credit losses for the first two quarters of 2020. We could also experience impairments of other financial assets and other negative impacts on our financial position, including possible constraints on liquidity and capital, as well as higher costs of capital. Even after the COVID-19 pandemic has subsided, we may continue to experience adverse impacts to our business and results of operations, which could be material, as a result of the macroeconomic impact and any recession that has occurred or may occur in the future. The spread of COVID-19 has caused us to modify our business practices and operations, including providing a range of forbearance options to our customers in certain circumstances, which could impact our credit metrics, financial condition, capital and results of operations. We may need to further modify our practices and operations as this event unfolds. We have also implemented work-from-home policies for a vast majority of our employees, and social distancing plans for our employees who are working from Capital One facilities. Nearly all of our Cafés and bank branches across our network are open with increased safety precautions. We will continue to monitor local conditions to ensure the safety of our associates and customers while providing critical banking services. These measures could impair our ability to perform critical functions and may adversely impact our results of operations. In addition, these measures and other changes in consumer behavior as a result of the COVID-19 pandemic may require changes to retail distribution strategies and adversely impact our investments in our bank premises and equipment and other retail distribution assets, leading to increased costs and exposure to additional risks. We may take further actions as required by government authorities or that we otherwise determine are in the best interests of our customers, employees and business partners. Federal, state, local and foreign governmental authorities have enacted, and may enact in the future, legislation, regulations and protocols in response to the COVID-19 pandemic, including governmental programs intended to provide economic relief to businesses and individuals. We have participated in certain of these programs, including participating as an eligible lender in the Small Business Administration’s Paycheck Protection Program. Our participation in and execution of any such programs may cause operational, compliance, reputational and credit risks, which could result in litigation, governmental action or other forms of loss. The extent of these impacts, which may be substantial, will depend on the degree of our participation in these programs. There remains significant uncertainty regarding the measures that authorities will enact in the future and the ultimate impact of the legislation, regulations and protocols that have been and will be enacted. Moreover, we expect that the effects of the COVID-19 pandemic will heighten many of the other known risks described herein. See Part I-Item 1.-Business-Overview-Coronavirus Disease 2019 (COVID-19) Pandemic. Changes and instability in the macroeconomic environment, consumer confidence and customer behavior may adversely affect our business. We offer a broad array of financial products and services to consumers, small businesses and commercial clients. A prolonged period of economic volatility, slow growth, or a significant deterioration in economic conditions, in the U.S., Canada or the U.K., could have a material adverse effect on our financial condition and results of operations as customers default on their loans, maintain lower deposit levels or, in the case of credit card accounts, carry lower balances and reduce credit card purchase activity. Some of the risks we face in connection with adverse changes and instability in the macroeconomic environment, including changes in consumer confidence levels and behavior, include the following: •Changes in payment patterns, increases in delinquencies and default rates, decreased consumer spending, lower demand for credit and shifts in consumer payment behavior towards avoiding late fees, finance charges and other fees; •Increases in our charge-off rate caused by bankruptcies and reduced ability to recover debt that we have previously charged-off; •Decreased reliability of the process and models we use to estimate our allowance for loan and lease losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our models and our estimates become increasingly subject to management’s judgment. See “We face risks resulting from the extensive use of models and data.” The U.K. and the European Union agreed to a free trade deal at the end of 2020 relating to the U.K.’s exit from the European Union (“Brexit”). While this deal provides greater near-term stability, the on-going impact of Brexit and its full effects on the U.K. economy and our business related thereto remain uncertain. We continue to consider and monitor the potential impacts, and other factors, including the COVID-19 pandemic, that could also impact U.K. economic performance. Financial market instability and volatility could adversely affect our business. Our ability to borrow from other financial institutions or to engage in funding transactions on favorable terms or at all could be adversely affected by disruptions in the capital markets or other events, including actions by rating agencies and deteriorating investor expectations, which could limit our access to funding. In addition, fluctuations in interest rates, credit spreads and other market factors could negatively impact our results of operations. Both shorter-term and longer-term interest rates remain below long-term historical averages and the yield curve has been relatively flat compared to past periods. A flat yield curve combined with low interest rates generally leads to lower revenue and reduced margins because it tends to limit our ability to increase the spread between asset yields and funding costs. Sustained periods of time with a flat yield curve coupled with low interest rates, or an inversion of the yield curve, could have a material adverse effect on our net interest margin and earnings. In response to the economic consequences of the COVID-19 pandemic, the Federal Reserve lowered its target for the federal funds rate to a range of 0% to 0.25%. Such low rates increase the risk in the U.S. of a negative interest rate environment in which interest rates drop below zero, either broadly or for some types of instruments. For example, yields on one-month and three-month Treasuries briefly dropped below zero in March 2020. Such an occurrence would likely further reduce the interest we earn on loans and other interest-earning assets, while also likely requiring us to pay to maintain our deposits with the Federal Reserve. Our systems may not be able to handle adequately a negative interest rate environment and not all variable rate instruments are designed for such a circumstance. We cannot predict the nature or timing of future changes in monetary policies in response to the COVID-19 pandemic or the precise effects that they may have on our activities and financial results. Credit Risk We may experience increased delinquencies, credit losses, inaccurate estimates and inadequate reserves. Like other lenders, we face the risk that our customers will not repay their loans. A customer’s ability and willingness to repay us can be adversely affected by increases in their payment obligations to other lenders, whether as a result of higher debt levels or rising interest rates, by restricted availability of credit generally, or by the revenue and income of the borrower. We may fail to quickly identify and reduce our exposure to customers that are likely to default on their payment obligations, whether by closing credit lines or restricting authorizations. Our ability to manage credit risk also is affected by legal or regulatory changes (such as restrictions on collections, bankruptcy laws, minimum payment regulations and re-age guidance), competitors’ actions and consumer behavior, and depends on the effectiveness of our collections staff, techniques and models. Rising losses or leading indicators of rising losses (such as higher delinquencies, higher rates of nonperforming loans, higher bankruptcy rates, lower collateral values, elevated unemployment rates or changing market terms) may require us to increase our allowance for credit losses, which may degrade our profitability if we are unable to raise revenue or reduce costs to compensate for higher losses. In particular, we face the following risks in this area: •Missed Payments: Our customers may miss payments. Loan charge-offs (including from bankruptcies) are generally preceded by missed payments or other indications of worsening financial condition for our customers. Historically, customers are more likely to miss payments during an economic downturn or prolonged periods of slow economic growth. In addition, we face the risk that consumer and commercial customer behavior may change (for example, an increase in the unwillingness or inability of customers to repay debt, which may be heightened by increasing interest rates or levels of consumer debt), causing a long-term rise in delinquencies and charge-offs. •Incorrect Estimates of Expected Losses: The credit quality of our portfolio can have a significant impact on our earnings. We allow for and reserve against credit risks based on our assessment of expected credit losses in our loan portfolios. This process, which is critical to our financial condition and results of operations, requires complex judgments, including forecasts of economic conditions. We may underestimate our expected losses and fail to hold an allowance for credit losses sufficient to account for these losses. Incorrect assumptions could lead to material underestimations of expected credit losses and an inadequate allowance for credit losses. •Inaccurate Underwriting: Our ability to accurately assess the creditworthiness of our customers may diminish, which could result in an increase in our credit losses and a deterioration of our returns. See “Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk.” •Business Mix: We engage in a diverse mix of businesses with a broad range of potential credit exposure. Because we originate a relatively greater proportion of consumer loans in our loan portfolio compared to other large bank peers and originate both prime and subprime credit card accounts and auto loans, we may experience higher delinquencies and a greater number of accounts charging off compared to other large bank peers, which could result in increased credit losses, operating costs and regulatory scrutiny. Additionally, a change in this business mix over time to include proportionally more consumer loans or subprime credit card accounts or auto loans could adversely affect the credit quality of our portfolio. •Increasing Charge-off Recognition/Allowance for Credit Losses: We account for the allowance for credit losses according to accounting and regulatory guidelines and rules, including Financial Accounting Standards Board (“FASB”) standards and the Federal Financial Institutions Examination Council (“FFIEC”) Account Management Guidance. Effective as of January 1, 2020, we adopted the CECL standard which is based on expected lifetime losses rather than incurred losses. Adoption of the CECL standard has resulted and may continue to result in an increase to our reserves for credit losses on financial instruments with a resulting adverse impact on our financial condition. The continued impact of CECL on our future results will depend on the characteristics of our financial instruments, economic conditions, and our economic and loss forecasts. The application of the CECL standard requires us to increase reserves faster and to a higher level in an economic downturn, resulting in greater impact to our results and our capital ratios than we would have experienced in similar circumstances prior to the adoption of CECL. In addition, because credit cards represent a significant portion of our product mix, we could be disproportionately affected by use of the CECL standard, as compared to our large bank peers with a different product mix. See “MD&A-Accounting Changes and Developments” for additional information. •Insufficient Asset Values: The collateral we have on secured loans could be insufficient to compensate us for credit losses. When customers default on their secured loans, we attempt to recover collateral where permissible and appropriate. However, the value of the collateral may not be sufficient to compensate us for the amount of the unpaid loan, and we may be unsuccessful in recovering the remaining balance from our customers. Decreases in real estate and other asset values adversely affect the collateral value for our commercial lending activities, while the auto business is similarly exposed to collateral risks arising from the auction markets that determine used car prices. Borrowers may be less likely to continue making payments on loans if the value of the property used as collateral for the loan is less than what the borrower owes, even if the borrower is still financially able to make the payments. In that circumstance, the recovery of such property could be insufficient to compensate us for the value of these loans upon a default. In our auto business, business and economic conditions that negatively affect household incomes, housing prices and consumer behavior, as well as technological advances that make older cars obsolete faster, could decrease (i) the demand for new and used vehicles and (ii) the value of the collateral underlying our portfolio of auto loans, which could cause the number of consumers who become delinquent or default on their loans to increase. •Geographic and Industry Concentration: Although our consumer lending is geographically diversified, approximately 27% of our commercial loan portfolio is concentrated in the tri-state area of New York, New Jersey and Connecticut. The regional economic conditions in the tri-state area affect the demand for our commercial products and services as well as the ability of our customers to repay their commercial loans and the value of the collateral securing these loans. An economic downturn or prolonged period of slow economic growth in, or a catastrophic event that disproportionately affects, the tri-state area could have a material adverse effect on the performance of our commercial loan portfolio and our results of operations. In addition, our Commercial Banking strategy includes an industry-specific focus. If any of the industries that we focus on experience changes, we may experience increased credit losses and our results of operations could be adversely impacted. For example, as of December 31, 2020, healthcare and healthcare-related real estate loans represented approximately 19% of our total commercial loan portfolio. If healthcare-related industries or any of the other industries that we focus on experience adverse changes, we may experience increased credit losses and our results of operations could be adversely impacted. Capital and Liquidity Risk We may not be able to maintain adequate capital or liquidity levels, which could have a negative impact on our financial results and our ability to return capital to our stockholders. Financial institutions are subject to extensive and complex capital and liquidity requirements. These requirements affect our ability to lend, grow deposit balances, make acquisitions and make most capital distributions. Failure to maintain adequate capital or liquidity levels, whether due to adverse developments in our business or the economy or to changes in the applicable requirements, could subject us to a variety of remedies available to our regulators. These include limitations on the ability to pay dividends, repurchase shares and the issuance of a capital directive to increase capital. Such limitations could have a material adverse effect on our business and results of operations. We consider various factors in the management of capital, including the impact of stress on our capital levels, as determined by both our internal modeling and the Federal Reserve’s modeling of our capital position in supervisory stress tests and CCAR. There can be significant differences between our modeling and the Federal Reserve’s estimates for a given scenario and between the capital needs suggested by our internal bank holding company scenarios relative to the supervisory scenarios. Therefore, although our estimated capital levels under stress disclosed as part of the CCAR or DFAST processes may suggest that we have substantial capacity to return capital to stockholders and remain well capitalized under stress, the Federal Reserve’s modeling, our internal modeling of another scenario or other factors related to our capital management process may result in a materially lower capacity to return capital to stockholders than that indicated by the projections released in the CCAR or DFAST processes. This in turn, could lead to restrictions on our ability to pay dividends and engage in share repurchase transactions. See “Part I-Item 1. Business-Supervision and Regulation” for additional information. In addition, the current capital and liquidity requirements are subject to change. The Federal Banking Agencies finalized the Tailoring Rule in the fourth quarter of 2019. Under the Tailoring Rule, we are a Category III institution, and are no longer subject to the Basel III Advanced Approaches and associated capital requirements, but we continue to be subject to the countercyclical capital buffer and supplementary leverage ratio. In March 2020, the Federal Reserve issued a final rule to implement the stress capital buffer requirement. This final rule became effective in May 2020. Pursuant to the Stress Capital Buffer Rule, the Federal Reserve will use the results of its supervisory stress test to determine the size of a large banking institution’s stress capital buffer requirement, which replaces the previous 2.5% capital conservation buffer under the Basel III Standardized Approach. Our stress capital buffer requirement is 5.6% for the period from October 1, 2020 through September 30, 2021, at which point a revised stress capital buffer requirement will be applicable to us based on our 2021 stress testing results. In addition, on June 25, 2020 the Federal Reserve introduced measures to ensure that large BHCs maintained a high level of capital resilience. Specifically, the Federal Reserve required certain large BHCs, including us, to suspend share repurchases and cap common dividends during the third and fourth quarters of 2020. Consistent with the Federal Reserve’s capital distribution restrictions, we reduced our quarterly dividend on our common stock from $0.40 per share to $0.10 per share for the third quarter of 2020, which we maintained into the fourth quarter of 2020. The Federal Banking Agencies also finalized rules to implement the NSFR in October 2020. The NSFR is designed to ensure that banking organizations maintain a stable, long-term funding profile in relation to their asset composition and off-balance sheet activities and its requirements will become effective as of July 1, 2021. On December 18, 2020, the Federal Reserve extended the capital distribution restrictions for all participating BHCs to the first quarter of 2021, with certain modifications. In particular, for the first quarter of 2021, participating BHCs may resume share repurchases however the aggregate amount of dividend payments and share repurchases will be limited to an amount based on net income earned in the preceding four calendar quarters. See “Part I-Item 1. Business-Supervision and Regulation” for additional information. Further changes to applicable capital and liquidity requirements could result in unexpected or new limitations on our ability to pay dividends and engage in share repurchases. Operational Risk We face risks related to our operational, technological and organizational infrastructure. Our ability to retain and attract customers depends on our ability to develop, operate, and adapt our technology and organizational infrastructure in a rapidly changing environment. In addition, we must accurately process, record and monitor an increasingly large number of complex transactions. Digital technology, data and software development are deeply embedded into our business model and how we work. Similar to other large corporations, we are exposed to operational risk that can manifest itself in many ways, such as errors in execution, inadequate processes, inaccurate models, faulty or disabled technological infrastructure, and fraud by employees or persons outside of our company. In addition, we are heavily dependent on the security, capability and continuous availability of the technology systems that we use to manage our internal financial and other systems, monitor risk and compliance with regulatory requirements, provide services to our customers, develop and offer new products and communicate with stakeholders. We also face risk of adverse customer impacts and business disruption arising from the execution of strategic initiatives we may pursue across our operations. If we do not maintain the necessary operational, technological and organizational infrastructure to operate our business, including to maintain the security of that infrastructure, our business and reputation could be materially adversely affected. We also are subject to disruptions to our operating systems arising from events that are wholly or partially beyond our control, which may include computer viruses, electrical or telecommunications outages, design flaws in foundational components or platforms, availability and quality of vulnerability patches from key vendors, cyber-attacks (including Distributed Denial of Service (“DDOS”) and other attacks on our infrastructure as discussed below), natural disasters, other damage to property or physical assets, or events arising from local or larger scale politics, including terrorist acts. Any failure to maintain our infrastructure or disruption of our operating systems and applications could diminish our ability to operate our businesses, service customer accounts and protect customers’ information, or result in potential liability to customers, reputational damage, regulatory intervention and customers’ loss of confidence in our businesses, any of which could result in a material adverse effect. We also rely on the business infrastructure and systems of third parties with which we do business and to whom we outsource the operation, maintenance and development of our information technology and communications systems. We have migrated substantially all, and intend to migrate all, of our core information technology systems and customer-facing applications to third-party cloud infrastructure platforms, principally AWS. If we do not complete the transition or fail to administer these new environments in a well-managed, secure and effective manner, or if AWS platforms become unavailable or do not meet their service level agreements for any reason, we may experience unplanned service disruption or unforeseen costs which could result in material harm to our business and results of operations. We must successfully develop and maintain information, financial reporting, disclosure, data-protection and other controls adapted to our reliance on outside platforms and providers. In addition, AWS, or other service providers, could experience system breakdowns or failures, outages, downtime, cyber-attacks, adverse changes to financial condition, bankruptcy, or other adverse conditions, which could have a material adverse effect on our business and reputation. Thus, the substantial amount of our infrastructure that we outsource to AWS or to other third parties may increase our risk exposure. Any disruptions, failures or inaccuracies of our operational and technology systems and models, including those associated with improvements or modifications to such systems and models, could cause us to be unable to market and manage our products and services, manage our risk, meet our regulatory obligations or report our financial results in a timely and accurate manner, all of which could have a negative impact on our results of operations. In addition, our ongoing investments in infrastructure, which are necessary to maintain a competitive business, integrate acquisitions and establish scalable operations, may increase our expenses. As our business develops, changes or expands, additional expenses can arise as a result of a reevaluation of business strategies, management of outsourced services, asset purchases or other acquisitions, structural reorganization, compliance with new laws or regulations, or the integration of newly acquired businesses, or the prevention or occurrence of data security incidents. If we are unable to successfully manage our expenses, our financial results will be negatively affected. Changes to our business, including as a result of our strategic objectives, also requires robust governance to ensure that our objectives are executed as intended without adversely impacting our customers, associates, operations or financial performance. Ineffective change management oversight and governance over the execution of our strategic objectives could expose us to operational, strategic and reputational risk and could negatively impact customers or our financial performance. Theft, loss or misuse of information as a result of a cyber-attack may result in increased costs, reductions in revenue, reputational damage and business disruptions. Our products and services involve the gathering, authenticating, managing, processing, and the storing and transmission of sensitive and confidential information regarding our customers and their accounts, our employees and third parties with which we do business. Our ability to provide such products and services, many of which are web-based, depends upon the management and safeguarding of information, software, methodologies and business secrets. To provide these products and services to, as well as communicate with, our customers, we rely on information systems and infrastructure, including software and data engineering, and information security personnel, digital technologies, computer and email systems, software, networks and other web-based technologies. We also have arrangements in place with third parties through which we share and receive information about their customers who are or may become our customers. Technologies, systems, networks and devices of Capital One or our employees, service providers or other third parties with whom we interact may continue to be the subject of attempted unauthorized access, mishandling or misuse of information, denial-of-service attacks, computer viruses, website defacement, hacking, malware, ransomware, phishing or other forms of social engineering, and other forms of cyber-attacks designed to obtain confidential information, destroy data, disrupt or degrade service, sabotage systems or cause other damage, and other events. These threats, such as the Cybersecurity Incident, may derive from error, fraud or malice on the part of our employees, insiders or third parties or may result from accidental technological failure. Any of these parties may also attempt to fraudulently induce employees, customers or other third-party users of our systems to disclose sensitive information in order to gain access to our data or that of our customers or third parties with whom we interact, or to unlawfully obtain monetary benefit through misdirected or otherwise improper payment. Further, cyber and information security risks for large financial institutions like us continue to increase due to the proliferation of new technologies, the use of the internet to conduct financial transactions, and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists, activists, formal and informal instrumentalities of foreign governments and other external parties. In addition, our customers access our products and services using computers, smartphones, tablets and other mobile devices that are beyond our security control systems. The methods and techniques employed by perpetrators of fraud and others to attack, disable, degrade or sabotage platforms, systems and applications change frequently, are increasingly sophisticated and often are not fully recognized or understood until after they have occurred, and some techniques could occur and persist for an extended period of time before being detected. For example, although we immediately fixed the configuration vulnerability that was exploited in the Cybersecurity Incident once we discovered the unauthorized access, a period of time elapsed between the occurrence of the unauthorized access and the time when we discovered it. In other circumstances, we and our third-party service providers and partners may be unable to anticipate or identify certain attack methods in order to implement effective preventative measures or mitigate or remediate the damages caused in a timely manner. We may also be unable to hire and develop talent capable of detecting, mitigating or remediating these risks. Although we seek to maintain a robust suite of authentication and layered information security controls, including our cyber threat analytics, data encryption and tokenization technologies, anti-malware defenses and vulnerability management program, any one or combination of these controls could fail to detect, mitigate or remediate these risks in a timely manner. We will likely face an increasing number of attempted cyber-attacks as we expand our mobile and other internet-based products and services, as well as our usage of mobile and cloud technologies and as we provide more of these services to a greater number of retail clients. A disruption or breach, including as a result of a cyber-attack such as the Cybersecurity Incident, or media reports of perceived security vulnerabilities at Capital One or at our third-party service providers, could result in significant legal and financial exposure, regulatory intervention, litigation and remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. We and other U.S. financial services providers continue to be targeted with evolving and adaptive cybersecurity threats from sophisticated third parties. We are continuing to assess the impact of the Cybersecurity Incident and there can be no assurance that additional unauthorized access or cyber incidents will not occur or that we will not suffer material losses in the future. Unauthorized access or cybersecurity incidents could occur more frequently and on a more significant scale. If future attacks like these are successful or if customers are unable to access their accounts online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers or otherwise operate any of our businesses or services. In addition, a breach or attack affecting one of our third-party service providers or partners could harm our business even if we do not control the service that is attacked. In addition, the increasing prevalence and the evolution of cyber-attacks and other efforts to breach or disrupt our systems or those of our partners, retailers or other market participants has led, and will likely continue to lead, to increased costs to us with respect to preventing, mitigating and remediating these risks, as well as any related attempted fraud. In order to address ongoing and future risks, including from the Cybersecurity Incident, we must expend significant resources to support protective security measures, investigate and remediate any vulnerabilities of our information systems and infrastructure and invest in new technology designed to mitigate security risks. The Cybersecurity Incident, or successful cyber-attacks at other large financial institutions or other market participants (whether or not we are impacted), could lead to a general loss of customer confidence in financial institutions that could negatively affect us, including harming the market perception of the effectiveness of our security measures or the financial system in general which could result in reduced use of our financial products. We have insurance against some cyber-risks and attacks, including insurance that is expected to cover certain costs associated with the Cybersecurity Incident; nonetheless, our insurance coverage may not be sufficient to offset the impact of a material loss event, and such insurance may increase in cost or cease to be available on commercial terms in the future. Potential data protection and privacy incidents, and our required compliance with regulations related to these areas, may increase our costs, reduce our revenue and limit our ability to pursue business opportunities. A breach, failure or other disruption of our information systems or infrastructure or data management processes, or those of our customers, partners, service providers or other market participants, could lead, depending on the nature of the incident, to the unauthorized or unintended access to and release, gathering, monitoring, misuse, loss or destruction of personal or confidential data about our customers, employees or other third parties in our possession. Any party that obtains this personal or confidential data through a breach or disruption may use this information for ransom, to be paid by us or a third-party, as part of a fraudulent activity that is part of a broader criminal activity, or for other illicit purposes. Further, such disruption or breach could also result in unauthorized access to our proprietary information, intellectual property, software, methodologies and business secrets and in unauthorized transactions in Capital One accounts or unauthorized access to personal or confidential information maintained by those entities. There has been a significant proliferation of consumer information available on the internet resulting from breaches of third-party entities, including personal information, log-in credentials and authentication data. While we were not directly involved in these third-party breach events, the stolen information can create a vulnerability for our customers if their Capital One log-in credentials are the same as or similar to the credentials that have been compromised on other sites. This vulnerability could include the risk of unauthorized account access, data loss and fraud. The use of artificial intelligence, “bots” or other automation software, can increase the velocity and efficacy of these types of attacks. We are continuing to assess the impact of the Cybersecurity Incident. The Cybersecurity Incident, other data security incidents we may experience in the future, or media reports of perceived security vulnerabilities at Capital One or at third-party service providers, could result in significant legal and financial exposure, regulatory intervention, remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our systems, products and services that could adversely affect our business. We are subject to a variety of continuously evolving and developing laws and regulations in the United States and abroad regarding privacy, data protection and data security, including those related to the collection, storage, handling, use, disclosure, transfer and security of personal data. Significant uncertainty exists as privacy and data protection laws may be interpreted and applied differently from country to country and may create inconsistent or conflicting requirements. For example, in Canada we are subject to the Personal Information Protection and Electronic Documents Act (“PIPEDA”). In addition, the General Data Protection Regulation (“GDPR”) applies EU data protection law to all companies processing data of EU residents, regardless of the company’s location. More recently, on January 1, 2020, the CCPA went into effect for companies doing business in California. These laws impose strict requirements regarding the collection, storage, handling, use, disclosure, transfer and security of personal data, which may have adverse consequences, including severe monetary penalties. Our efforts to comply with PIPEDA, GDPR, CCPA and other privacy and data protection laws entail substantial expenses, may divert resources from other initiatives and projects, and could limit the services we are able to offer. Furthermore, enforcement actions and investigations by regulatory authorities related to data security incidents and privacy violations continue to increase. The enactment of more restrictive laws, rules, regulations, or future enforcement actions or investigations could impact us through increased costs or restrictions on our business, and noncompliance could result in monetary or other penalties and significant legal liability. We face risks resulting from the extensive use of models and data. We rely on quantitative models, and our ability to manage data and aggregate data in an accurate and timely manner, assess and manage our various risk exposures, estimate certain financial values and manage compliance with required regulatory capital requirements. Models may be used in such processes as determining the pricing of various products, grading loans and extending credit, measuring interest rate and other market risks, predicting deposit levels or loan losses, assessing capital adequacy and calculating economic and regulatory capital levels, estimating the value of financial instruments and balance sheet items, and other operational functions. Our risk reporting and management, including business decisions based on information incorporating models, depend on the effectiveness of our models and our policies, programs, processes and practices governing how data is acquired, validated, stored, protected, processed and analyzed. Any issues with the quality or effectiveness of our data aggregation and validation procedures, as well as the quality and integrity of data inputs, formulas or algorithms, could result in inaccurate forecasts, ineffective risk management practices or inaccurate risk reporting. In addition, models based on historical data sets might not be accurate predictors of future outcomes and their ability to appropriately predict future outcomes may degrade over time. While we continuously update our policies, programs, processes and practices, many of our data management, aggregation and implementation processes are manual and subject to human error or system failure. Failure to manage data effectively and to aggregate data in an accurate and timely manner may limit our ability to manage current and emerging risk, to produce accurate financial, regulatory and operational reporting as well as to manage changing business needs. If our risk management framework is ineffective, we could suffer unexpected losses which could materially adversely affect our results of operation or financial condition. Also, any information we provide to the public or to our regulators based on poorly designed or implemented models could be inaccurate or misleading. Some of the decisions that our regulators make, including those related to capital distribution to our stockholders, could be affected adversely due to the perception that the quality of the models used to generate the relevant information is insufficient. Legal and Regulatory Risk Compliance with new and existing laws, regulations and regulatory expectations is costly and complex. We are subject to extensive regulatory oversight by the federal banking regulators to ensure that we build systems and processes that are commensurate with the nature of our business and that meet the risk management and prudential standards issued by our regulators. A wide array of banking and consumer lending laws apply to almost every aspect of our business. Failure to comply with these laws and regulations could result in financial, structural and operational penalties, including significant fines and criminal sanctions, and/or damage to our reputation with regulators, our customers or the public. Hiring, training and retaining qualified compliance and legal personnel, and establishing and maintaining compliance-related systems, infrastructure and processes, is difficult and these efforts could limit our ability to invest in other business opportunities. Furthermore, applicable rules and regulations may affect us in an unforeseen manner, or may have a disproportionate impact on us as compared to our competitors. Over the last several years, state and federal regulators have focused on compliance with the Bank Secrecy Act and anti-money laundering (“AML”) laws, data integrity and security, use of service providers, fair lending and other consumer protection issues. For example, in July 2015, Capital One entered into a consent order with the OCC to address concerns about our AML program and in October 2018, Capital One paid a civil monetary penalty assessed by the OCC relating to our AML program. The OCC lifted the AML consent order in November 2019. In addition, in August 2020 we entered into consent orders with the Federal Reserve and the OCC resulting from regulatory reviews of the Cybersecurity Incident and relating to ongoing enhancements of our cybersecurity and operational risk management processes, and we paid a civil monetary penalty as part of the OCC agreement. In January 2021, we also paid a civil monetary penalty assessed by the Financial Crimes Enforcement Network (“FinCEN”) against CONA in connection with our AML program. Failure to maintain compliance with laws and regulations could result in significant additional governmental fines or penalties. We have a large number of customer accounts in our credit card and auto lending businesses and we have made the strategic choice to originate and service subprime credit card and auto loans, which typically have higher delinquencies and charge-offs than prime customers. As a result, we have significant involvement with credit bureau reporting and the collection and recovery of delinquent and charged-off debt, primarily through customer communications, the filing of litigation against customers in default, the periodic sale of charged-off debt and vehicle repossession. These activities are subject to enhanced legal and regulatory scrutiny from regulators, courts and legislators. Any future changes to our business practices in these areas, including our debt collection practices, whether mandated by regulators, courts, legislators or otherwise, or any legal liabilities resulting from our business practices, including our debt collection practices, could have a material adverse impact on our financial condition. The legislative and regulatory environment is beyond our control, may change rapidly and unpredictably and may negatively influence our revenue, costs, earnings, growth, liquidity and capital levels. In addition, some rules and regulations may be subject to litigation or other challenges that delay or modify their implementation and impact on us. Adoption of new technologies, such as distributed ledger technologies, artificial intelligence and machine learning technologies, can present unforeseen challenges in applying and relying on existing compliance systems. Certain laws and regulations, and any interpretations and applications with respect thereto, are generally intended to protect consumers, borrowers, depositors, the DIF, the U.S. banking and financial system, and financial markets as a whole, but not stockholders. Our success depends on our ability to maintain compliance with both existing and new laws and regulations. For a description of the material laws and regulations to which we are subject, see “Part I-Item 1. Business-Supervision and Regulation.” Our businesses are subject to the risk of increased litigation, government investigations and regulatory enforcement. Our businesses are subject to increased litigation, government investigations and other regulatory enforcement risks as a result of a number of factors and from various sources, including the highly regulated nature of the financial services industry, the focus of state and federal prosecutors on banks and the financial services industry and the structure of the credit card industry. Given the inherent uncertainties involved in litigation, government investigations and regulatory enforcement decisions, and the very large or indeterminate damages sought in some matters asserted against us, there can be significant uncertainty as to the ultimate liability we may incur from these kinds of matters. The finding, or even the assertion, of substantial legal liability against us could have a material adverse effect on our business and financial condition and could cause significant reputational harm to us, which could seriously harm our business. The Cybersecurity Incident has resulted in litigation, government investigations and other regulatory enforcement inquiries. In addition, financial institutions, such as ourselves, face significant regulatory scrutiny, which can lead to public enforcement actions or non-public supervisory actions. We and our subsidiaries are subject to comprehensive regulation and periodic examination by, among other regulatory bodies, the Federal Reserve, the SEC, OCC, FDIC and CFPB. We have been subject to enforcement actions by many of these and other regulators and may continue to be involved in such actions, including governmental inquiries, investigations and enforcement proceedings, including by the OCC, Department of Justice, FinCEN and state Attorneys General. We expect that regulators and governmental enforcement bodies will continue taking formal enforcement actions against financial institutions in addition to addressing supervisory concerns through non-public supervisory actions or findings, which could involve restrictions on our activities, or our ability to make acquisitions or otherwise expand our business, among other limitations that could adversely affect our business. In addition, a violation of law or regulation by another financial institution is likely to give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Furthermore, a single event may give rise to numerous and overlapping investigations and proceedings. These and other initiatives from governmental authorities and officials may subject us to further judgments, settlements, fines or penalties, or cause us to restructure our operations and activities or to cease offering certain products or services, all of which could harm our reputation or lead to higher operational costs. Litigation, government investigations and other regulatory actions could involve restrictions on our activities, generally subject us to significant fines, increased expenses, restrictions on our activities and damage to our reputation and our brand, and could adversely affect our business, financial condition and results of operations. For additional information regarding legal and regulatory proceedings that we are subject to, see “Note 18-Commitments, Contingencies, Guarantees and Others.” Other Business Risks We face intense competition in all of our markets. We operate in a highly competitive environment, whether in making loans, attracting deposits or in the global payments industry, and we expect competitive conditions to continue to intensify with respect to most of our products. We compete on the basis of the rates we pay on deposits and the rates and other terms we charge on the loans we originate or purchase, as well as the quality and range of our customer service, products, innovation and experience. This increasingly competitive environment is primarily a result of changes in technology, product delivery systems and regulation, as well as the emergence of new or significantly larger financial services providers, all of which may affect our customers’ expectations and demands. In addition to offering competitive products and services, we invest in and conduct marketing campaigns to attract and inform customers. Some of our competitors, including new and emerging competitors in the digital and mobile payments space and other financial technology providers, are not subject to the same regulatory requirements or legislative scrutiny to which we are subject, which also could place us at a competitive disadvantage, in particular in the development of new technology platforms or the ability to rapidly innovate. We compete with many forms of payments offered by both bank and non-bank providers, including a variety of new and evolving alternative payment mechanisms, systems and products, such as aggregators and web-based and wireless payment platforms or technologies, digital or “crypto” currencies, prepaid systems and payment services targeting users of social networks, communications platforms and online gaming. If we are unable to continue to keep pace with innovation, do not effectively market our products and services or are prohibited from or unwilling to enter emerging areas of competition, our business and results of operations could be adversely affected. Some of our competitors are substantially larger than we are, which may give those competitors advantages, including a more diversified product and customer base, the ability to reach more customers and potential customers, operational efficiencies, broad-based local distribution capabilities, lower-cost funding and larger existing branch networks. Many of our competitors are also focusing on cross-selling their products and developing new products or technologies, which could affect our ability to maintain or grow existing customer relationships or require us to offer lower interest rates or fees on our lending products or higher interest rates on deposits. Competition for loans could result in origination of fewer loans, earning less on our loans or an increase in loans that perform below expectations. As of December 31, 2020, we operate as one of the largest online direct banks in the United States by deposits. While direct banking provides a significant opportunity to attract new customers that value greater and more flexible access to banking services at reduced costs, we face strong and increasing competition in the direct banking market. Aggressive pricing throughout the industry may adversely affect the retention of existing balances and the cost-efficient acquisition of new deposit funds and may affect our growth and profitability. Customers could also close their online accounts or reduce balances or deposits in favor of products and services offered by competitors for other reasons. These shifts, which could be rapid, could result from general dissatisfaction with our products or services, including concerns over pricing, online security or our reputation. The potential consequences of this competitive environment are exacerbated by the flexibility of direct banking and the financial and technological sophistication of our online customer base. In our credit card business, competition for rewards customers may result in higher rewards expenses, or we may fail to attract new customers or retain existing rewards customers due to increasing competition for these consumers. As of December 31, 2020, we have a number of large partnerships in our credit card loan portfolio. The market for key business partners, especially in the credit card business, is very competitive, and we may not be able to grow or maintain these partner relationships. We face the risk that we could lose partner relationships, even after we have invested significant resources into acquiring and developing the relationships. The loss of any of our key business partners could have a negative impact on our results of operations, including lower returns, excess operating expense and excess funding capacity. We depend on our partners to effectively promote our cobrand and private label products and integrate the use of our credit cards into their retail operations. The failure by our partners to effectively promote and support our products as well as changes they may make in their business models could adversely affect card usage and our ability to achieve the growth and profitability objectives of our partnerships. In addition, if our partners do not adhere to the terms of our program agreements and standards, or otherwise diminish the value of our brand, we may suffer reputational damage and customers may be less likely to use our products. Some of our competitors have developed, or may develop, substantially greater financial and other resources than we have, may offer richer value propositions or a wider range of programs and services than we offer or may use more effective advertising, marketing or cross-selling strategies to acquire and retain more customers, capture a greater share of spending and borrowings, attain and develop more attractive cobrand card programs and maintain greater merchant acceptance than we have. We may not be able to compete effectively against these threats or respond or adapt to changes in consumer spending habits as effectively as our competitors. In such a competitive environment, we may lose entire accounts or may lose account balances to competing firms, or we may find it more costly to maintain our existing customer base. Customer attrition from any or all of our lending products, together with any lowering of interest rates or fees that we might implement to retain customers, could reduce our revenues and therefore our earnings. Similarly, unexpected customer attrition from our deposit products, in addition to an increase in rates or services that we may offer to retain deposits, may increase our expenses and therefore reduce our earnings. Our business, financial condition and results of operations may be adversely affected by merchants’ increasing focus on the fees charged by credit card networks and by legislation and regulation impacting such fees. Credit card interchange fees are generally one of the largest components of the costs that merchants pay in connection with the acceptance of credit cards and are a meaningful source of revenue for our credit card businesses. Interchange fees are the subject of significant and intense global legal, legislative and regulatory focus, and the resulting decisions, legislation and regulation may have a material adverse impact on our overall business, financial condition and results of operations. Legislative and regulatory bodies in a number of countries are seeking to reduce credit card interchange fees through legislation, competition-related regulatory proceedings, central bank regulation and or litigation. Interchange reimbursement rates in the United States are set by credit card networks such as MasterCard and Visa. In some jurisdictions, such as Canada and certain countries in the EU, interchange fees and related practices are subject to regulatory activity that has limited the ability of certain networks to establish default rates, including in some cases imposing caps on permissible interchange fees. We have already experienced these impacts in our international card businesses. Legislators and regulators around the world are aware of each other’s approaches to the regulation of the payments industry. Consequently, a development in one country, state or region may influence regulatory approaches in another, such as our primary market, the United States. In addition to this regulatory activity, merchants are also seeking avenues to reduce interchange fees. During the past few years, merchants and their trade groups have filed numerous lawsuits against Visa, MasterCard, American Express and their card- issuing banks, claiming that their practices toward merchants, including interchange and similar fees, violate federal antitrust laws. In 2005, a number of entities filed antitrust lawsuits against MasterCard and Visa and several member banks, including our subsidiaries and us, alleging among other things, that the defendants conspired to fix the level of interchange fees. In December 2013, the U.S. District Court for the Eastern District of New York granted final approval of the proposed class settlement. The settlement provided, among other things, that merchants would be entitled to join together to negotiate lower interchange fees. The settlement was appealed to the Second Circuit Court of Appeals, which rejected the settlement in June 2016; a revised settlement was reached in the second half of 2018, and the trial court issued its final approval of the settlement in December 2019. See “Note 18-Commitments, Contingencies, Guarantees and Others” for further details. Some major retailers may have sufficient bargaining power to independently negotiate lower interchange fees with MasterCard and Visa, which could, in turn, result in lower interchange fees for us when our cardholders undertake purchase transactions with these retailers. In 2016, some of the largest merchants individually negotiated lower interchange rates with MasterCard and/or Visa. These and other merchants also continue to lobby aggressively for caps and restrictions on interchange fees and their efforts may be successful or they may in the future bring legal proceedings against us or other credit card and debit card issuers and networks. Beyond pursuing litigation, legislation and regulation, merchants may also promote forms of payment with lower fees, such as ACH-based payments, or seek to impose surcharges at the point of sale for use of credit or debit cards. New payment systems, particularly mobile-based payment technologies, could also gain widespread adoption and lead to issuer transaction fees or the displacement of credit card accounts as a payment method. The heightened focus by merchants and legislative and regulatory bodies on the fees charged by credit and debit card networks, and the ability of certain merchants to successfully negotiate discounts to interchange fees with MasterCard and Visa or develop alternative payment systems, could result in a reduction of interchange fees. Any resulting loss in income to us could have a material adverse effect on our business, financial condition and results of operations. If we are not able to invest successfully in and introduce digital and other technological developments across all our businesses, our financial performance may suffer. Our industry is subject to rapid and significant technological changes and our ability to meet our customers’ needs and expectations is key to our ability to grow revenue and earnings. We expect digital technologies to have a significant impact on banking over time. Consumers expect robust digital experiences from their financial services providers. The ability for customers to access their accounts and conduct financial transactions using digital technology, including mobile applications, is an important aspect of the financial services industry and financial institutions are rapidly introducing new digital and other technology-driven products and services that aim to offer a better customer experience and to reduce costs. We continue to invest in digital technology designed to attract new customers, facilitate the ability of existing customers to conduct financial transactions and enhance the customer experience related to our products and services. Our continued success depends, in part, upon our ability to address the needs of our customers by using digital technology to provide products and services that meet their expectations. The development and launch of new digital products and services depends in large part on our capacity to invest in and build the technology platforms that can enable them, in a cost effective and timely manner. See “We face intense competition in all of our markets” and “We face risks related to our operational, technological and organizational infrastructure.” Some of our competitors are substantially larger than we are, which may allow those competitors to invest more money into their technology infrastructure and digital innovation than we do. In addition, we face intense competition from smaller companies which experience lower cost structures and different regulatory requirements and scrutiny than we do, and which may allow them to innovate more rapidly than we can. See “We face intense competition in all of our markets.” Further, our success depends on our ability to attract and retain strong digital and technology leaders, engineers and other specialized personnel. The competition is intense, and the compensation costs continue to increase for such talent. If we are unable to attract and retain digital and technology talent, our ability to offer digital products and services and build the necessary technology infrastructure could be negatively affected, which could negatively impact our business and financial results. A failure to maintain or enhance our competitive position with respect to digital products and services, whether because we fail to anticipate customer expectations or because our technological developments fail to perform as desired or are not implemented in a timely or successful manner, could negatively impact our business and financial results. We may fail to realize all of the anticipated benefits of our mergers, acquisitions and strategic partnerships. We have engaged in merger and acquisition activity and entered into strategic partnerships over the past several years. We continue to evaluate and anticipate engaging in, among other merger and acquisition activity, additional strategic partnerships and selected acquisitions of financial institutions and other acquisition targets, including credit card and other loan portfolios. We may not be able to identify and secure future acquisition targets on terms and conditions that are acceptable to us, or successfully complete within the anticipated time frame and achieve the anticipated benefits of proposed mergers, acquisitions and strategic partnerships, which could impair our growth. Any merger, acquisition or strategic partnership we undertake entails certain risks, which may materially and adversely affect our results of operations. If we experience greater than anticipated costs to integrate acquired businesses into our existing operations, or are not able to achieve the anticipated benefits of any merger, acquisition or strategic partnership, including cost savings and other synergies, our business could be negatively affected. In addition, it is possible that the ongoing integration processes could result in the loss of key employees, errors or delays in systems implementation, exposure to cybersecurity risks associated with acquired businesses, exposure to additional regulatory oversight, the disruption of our ongoing businesses or inconsistencies in standards, controls, procedures and policies that adversely affect our ability to maintain relationships with partners, clients, customers, depositors and employees or to achieve the anticipated benefits of any merger, acquisition or strategic partnership. Integration efforts also may divert management attention and resources. These integration matters may have an adverse effect on us during any transition period. In addition, we may face the following risks in connection with any merger, acquisition or strategic partnership: •New Businesses and Geographic or Other Markets: Our merger, acquisition or strategic partnership activity may involve our entry into new businesses and new geographic areas or other markets which present risks resulting from our relative inexperience in these new businesses or markets. These new businesses or markets may change the overall character of our consolidated portfolio of businesses and alter our exposure to economic and other external factors. We face the risk that we will not be successful in these new businesses or in these new markets. •Identification and Assessment of Merger and Acquisition Targets and Deployment of Acquired Assets: We may not be able to identify, acquire or partner with suitable targets. Further, our ability to achieve the anticipated benefits of any merger, acquisition or strategic partnership will depend on our ability to assess the asset quality and value of the particular assets or institutions we partner with, merge with or acquire. We may be unable to profitably deploy any assets we acquire. •Accuracy of Assumptions: In connection with any merger, acquisition or strategic partnership, we may make certain assumptions relating to the proposed merger, acquisition or strategic partnership that may be, or may prove to be, inaccurate, including as a result of the failure to realize the expected benefits of any merger, acquisition or strategic partnership. The inaccuracy of any assumptions we may make could result in unanticipated consequences that could have a material adverse effect on our results of operations or financial condition. •Target-specific Risk: Assets and companies that we acquire, or companies that we enter into strategic partnerships with, will have their own risks that are specific to a particular asset or company. These risks include, but are not limited to, particular or specific regulatory, accounting, operational, reputational and industry risks, any of which could have a material adverse effect on our results of operations or financial condition. For example, we may face challenges associated with integrating other companies due to differences in corporate culture, compliance systems or standards of conduct. Indemnification rights, if any, may be insufficient to compensate us for any losses or damages resulting from such risks. In addition to regulatory approvals discussed below, certain of our merger, acquisition or partnership activity may require third-party consents in order for us to fully realize the anticipated benefits of any such transaction. •Conditions to Regulatory Approval: Certain acquisitions may not be consummated without obtaining approvals from one or more of our regulators. We cannot be certain when or if, or on what terms and conditions, any required regulatory approvals will be granted. Consequently, we might be required to sell portions of acquired assets or our own assets as a condition to receiving regulatory approval or we may not obtain regulatory approval for a proposed acquisition on acceptable terms or at all, in which case we would not be able to complete the acquisition despite the time and expenses invested in pursuing it. Reputational risk and social factors may impact our results and damage our brand. Our ability to attract and retain customers is highly dependent upon the perceptions of consumer and commercial borrowers and deposit holders and other external perceptions of our products, services, trustworthiness, business practices, workplace culture, compliance practices or our financial health. In addition, our brand is very important to us. Maintaining and enhancing our brand depends largely on our ability to continue to provide high-quality products and services. Adverse perceptions regarding our reputation in the consumer, commercial and funding markets could lead to difficulties in generating and maintaining accounts as well as in financing them. In particular, negative public perceptions regarding our reputation, including negative perceptions regarding our ability to maintain the security of our technology systems and protect customer data, could lead to decreases in the levels of deposits that consumer and commercial customers and potential customers choose to maintain with us or significantly increase the costs of attracting and retaining customers. In addition, negative perceptions regarding certain industries, partners or clients could also prompt us to cease business activities associated with those entities. Negative public opinion or damage to our brand could also result from actual or alleged conduct in any number of activities or circumstances, including lending practices, regulatory compliance, security breaches (including the use and protection of customer information, such as resulting from the Cybersecurity Incident), corporate governance and sales and marketing, and from actions taken by regulators or other persons in response to such conduct. Such conduct could fall short of our customers’ and the public’s heightened expectations of companies of our size with rigorous data, privacy and compliance practices, and could further harm our reputation. In addition, our cobrand and private label partners or other third parties with whom we have important relationships may take actions over which we have limited control that could negatively impact perceptions about us or the financial services industry. The proliferation of social media may increase the likelihood that negative public opinion from any of the events discussed above will impact our reputation and business. In addition, a variety of social factors may cause changes in borrowing activity, including credit card use, payment patterns and the rate of defaults by account holders and borrowers domestically and internationally. These social factors include changes in consumer confidence levels, the public’s perception regarding the banking industry and consumer debt, including credit card use, and changing attitudes about the stigma of bankruptcy. If consumers develop or maintain negative attitudes about incurring debt, or if consumption trends decline or if we fail to maintain and enhance our brand, or we incur significant expenses to do so, our business and financial results could be materially and negatively affected. If we are not able to protect our intellectual property, our revenue and profitability could be negatively affected. We rely on a variety of measures to protect and enhance our intellectual property, including copyrights, trademarks, trade secrets, patents and certain restrictions on disclosure, solicitation and competition. We also undertake other measures to control access to and distribution of our other proprietary information. These measures may not prevent misappropriation of our proprietary information or infringement of our intellectual property rights and a resulting loss of competitive advantage. In addition, our competitors or other third parties may file patent applications for innovations that are used in our industry or allege that our systems, processes or technologies infringe on their intellectual property rights. If our competitors or other third parties are successful in obtaining such patents or prevail in intellectual property-related litigation against us, we could lose significant revenues, incur significant license, royalty or technology development expenses, or pay significant damages. Our risk management strategies may not be fully effective in mitigating our risk exposures in all market environments or against all types of risk. Management of market, credit, liquidity, operational and compliance risk requires, among other things, policies and procedures to properly record and verify a large number of transactions and events. See “MD&A-Risk Management” for further details. Even though we continue to devote significant resources to developing our risk management framework, our risk management strategies may not be fully effective in identifying and mitigating our risk exposure in all market environments or against all types of risk, including risks that are unidentified or unanticipated. Some of our methods of managing these risks are based upon our use of observed historical market behavior and management’s judgment. These methods may not accurately predict future exposures, which could be significantly greater than the historical measures indicate and market conditions, particularly during a period of financial market stress, can involve unprecedented dislocations. Credit risk is inherent in the financial services business and results from, among other things, extending credit to customers. Our ability to assess the creditworthiness of our customers may be impaired if the models and approaches we use to select, manage and underwrite our consumer and commercial customers become less predictive of future charge-offs due, for example, to rapid changes in the economy, including rapid changes in tariff rates and international trade relations. While we employ a broad and diversified set of risk monitoring and risk mitigation techniques, those techniques and the judgments that accompany their application cannot anticipate every economic and financial outcome or the timing of such outcomes. For example, our ability to implement our risk management strategies may be hindered by adverse changes in the volatility or liquidity conditions in certain markets and as a result, may limit our ability to distribute such risks (for instance, when we seek to syndicate exposure in bridge financing transactions we have underwritten). We may, therefore, incur losses in the course of our risk management or investing activities. Fluctuations in market interest rates or volatility in the capital markets could adversely affect our income and expense, the value of assets and obligations, our regulatory capital, cost of capital or liquidity. Like other financial institutions, our business is sensitive to market interest rate movements and the performance of the capital markets. Disruptions, uncertainty or volatility across the capital markets could negatively impact market liquidity and limit our access to the funding required to operate and grow our business. In addition, changes in interest rates or in valuations in the debt or equity markets could directly impact us. For example, we borrow money from other institutions and depositors, which we use to make loans to customers and invest in debt securities and other interest-earning assets. We earn interest on these loans and assets and pay interest on the money we borrow from institutions and depositors. The interest rates that we pay on the securities we have issued are also influenced by, among other things, applicable credit ratings from recognized rating agencies. A downgrade to any of these credit ratings could affect our ability to access the capital markets, increase our borrowing costs and have a negative impact on our results of operations. Increased charge-offs, rising LIBOR or other applicable reference rates and other events may cause our securitization transactions to amortize earlier than scheduled, which could accelerate our need for additional funding from other sources. Fluctuations in interest rates, including changes in the relationship between short-term rates and long-term rates and in the relationship between our funding basis rate and our lending basis rate, may have negative impacts on our net interest income and therefore our earnings. In addition, interest rate fluctuations and competitor responses to those changes may affect the rate of customer prepayments for auto and other term loans and may affect the balances customers carry on their credit cards. For example, increases in interest rates increase debt service requirements for some of our borrowers, which may adversely affect those borrowers’ ability to pay as contractually obligated. This could result in additional delinquencies or charge-offs and negatively impact our results of operations. These changes can reduce the overall yield on our interest-earning asset portfolio. Changes in interest rates and competitor responses to these changes may also impact customer decisions to maintain balances in the deposit accounts they have with us. An inability to attract or maintain deposits could materially affect our ability to fund our business and our liquidity position. Many other financial institutions have increased their reliance on deposit funding and, as such, we expect continued competition in the deposit markets. We cannot predict how this competition will affect our costs. If we are required to offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Changes in valuations in the debt and equity markets could have a negative impact on the assets we hold in our investment portfolio. Such market changes could also have a negative impact on the valuation of assets for which we provide servicing. We assess our interest rate risk by estimating the effect on our earnings, economic value and capital under various scenarios that differ based on assumptions about the direction and the magnitude of interest rate changes. We take risk mitigation actions based on those assessments. We face the risk that changes in interest rates could materially reduce our net interest income and our earnings, especially if actual conditions turn out to be materially different than those we assumed. See “MD&A-Market Risk Profile” for additional information. Uncertainty regarding, and transition away from, LIBOR may adversely affect our business. The U.K. FCA, which regulates LIBOR, has announced that it will no longer compel banks to contribute data for the calculation of LIBOR after December 31, 2021. It is likely that banks will no longer continue to contribute submissions for the calculation of LIBOR after that date, which creates significant uncertainty around the publication of LIBOR beyond 2021 and whether LIBOR will continue to be viewed as a reliable market benchmark. In November 2020, the ICE Benchmark Administration (IBA), the administrator of LIBOR, announced that it will consult on its intention to cease publication of the 1-week and 2-month USD LIBOR settings immediately following the LIBOR publication on December 31, 2021, and the remaining USD LIBOR tenors (Overnight, 1, 3, 6, and 12 Months) immediately following the LIBOR publication on June 30, 2023. The consultation closed on January 25, 2021 and we will continue to engage with industry experts to better understand the proposed IBA's extension announcement and its impact on the markets and our transition plans. It remains unclear what rate or rates may develop as accepted alternatives to LIBOR, or what the effect of such changes will be on the markets for LIBOR-based financial instruments. The Secured Overnight Financing Rate (“SOFR”) has been recommended by the Alternative Reference Rates Committee as an alternative for USD LIBOR, but issues and uncertainty remain with respect to its implementation. Given LIBOR’s extensive use across financial markets, the transition away from LIBOR presents several risks and challenges to the financial markets and financial institutions, including Capital One. We have loans, derivative contracts, unsecured debt, securitizations, vendor agreements and other instruments with attributes that are either directly or indirectly dependent on LIBOR. Uncertainty as to the nature of potential changes, alternative reference rates such as SOFR, or other reforms may adversely affect market liquidity, the pricing of LIBOR-based instruments, and the availability and cost of associated hedging instruments and borrowings. If SOFR or another rate does not achieve wide acceptance as the alternative to LIBOR, there likely will be disruption to the markets relying on the availability of a broadly accepted reference rate. In addition, uncertainty regarding LIBOR could result in loss of market share in certain products, adverse tax or accounting impacts, compliance, legal or operational costs and risks associated with client disclosures, as well as systems disruption, model disruption and other business continuity issues for us. Even if SOFR or another reference rate becomes a widely acceptable replacement for LIBOR, risks will remain for us with respect to outstanding instruments which rely on LIBOR. Those risks arise in connection with transitioning such instruments to a new reference rate, the taking of discretionary actions or the negotiation of fallback provisions and final amendments to existing LIBOR based agreements. Payments under contracts referencing new reference rates may significantly differ from those referencing LIBOR. For some instruments, the method of transitioning to a new reference rate may be challenging, especially if parties to an instrument cannot agree as to how to effect that transition. If a contract is not transitioned to a new reference rate and LIBOR ceases to exist, the impact on our obligations is likely to vary by contract. In addition, prior to LIBOR cessation, instruments that continue to refer to LIBOR may be impacted if there is a change in the availability or calculation of LIBOR. The transition from LIBOR to an alternative reference rate may change our market risk profile and require changes to risk and pricing models, valuation tools, product design, information technology systems, reporting infrastructure, operational processes and controls, and hedging strategies. In many cases, we may be dependent on third parties to upgrade systems, software and other critical functions that could materially disrupt our readiness if they are not done on a timely basis or otherwise fail. Our assessment of the ultimate impact of, and our planning for, the transition from LIBOR remains ongoing. Failure to adequately manage the transition could have a material adverse effect on our reputation, business, financial condition and results of operations. See “MD&A-Market Risk Profile” for additional information. Our business could be negatively affected if we are unable to attract, retain and motivate skilled employees. Our success depends, in large part, on our ability to retain key senior leaders and to attract and retain skilled employees, particularly employees with advanced expertise in credit, risk, digital and technology skills. We depend on our senior leaders and skilled employees to oversee simultaneous, transformative initiatives across the enterprise and execute on our business plans in an efficient and effective manner. Competition for such senior leaders and employees, and the costs associated with attracting and retaining them, is high. Our ability to attract and retain qualified employees also is affected by perceptions of our culture and management, our profile in the regions where we have offices and the professional opportunities we offer. Regulation or regulatory guidance restricting executive compensation, as well as evolving investor expectations, may limit the types of compensation arrangements that we may enter into with our most senior leaders and could have a negative impact on our ability to attract, retain and motivate such leaders in support of our long-term strategy. These laws and regulations may not apply in the same manner to all financial institutions, and we therefore may face more restrictions than other institutions and companies with which we compete for talent. These laws and regulations may also hinder our ability to compete for talent with other industries. We rely upon our senior leaders not only for business success, but also to lead with integrity. To the extent our senior leaders behave in a manner that does not comport with our values, the consequences to our brand and reputation could be severe and could adversely affect our financial condition and results of operations. If we are unable to attract, develop and retain talented senior leadership and employees, or to implement appropriate succession plans for our senior leadership, our business could be negatively affected. We face risks from unpredictable catastrophic events. Despite the business contingency plans we have in place, such plans do not fully mitigate all potential business continuity risks to us. Natural disasters and other catastrophic events could harm our business and infrastructure, including our information technology systems and third-party platforms. Our ability to conduct business may be adversely affected by a disruption in the infrastructure that supports our business and the communities where we are located, which are concentrated in the Northern Virginia and New York metropolitan areas, as well as Richmond, Virginia and Plano, Texas. This may include a disruption involving damage or loss of access to a physical site, cyber incidents, terrorist activities, the occurrence or worsening of disease outbreaks or pandemics (including the COVID-19 pandemic), natural disasters, extreme weather events, electrical outage, environmental hazard, technological infrastructure, communications or other services we use, our employees or third parties with whom we conduct business. Our business, financial condition and results of operations may be impacted by any such disruption and our ability to implement corresponding response measures, including, for example, our ability to adapt to a remote work environment as a result of the ongoing COVID-19 pandemic and related response measures. In addition, if a natural disaster or other catastrophic event occurs in certain regions where our business and customers are concentrated, such as the mid-Atlantic, New York or Texas metropolitan areas, we could be disproportionately impacted as compared to our competitors. The impact of such events and other catastrophes on the overall economy may also adversely affect our financial condition and results of operations. We face risks from the use of or changes to assumptions or estimates in our financial statements. Pursuant to generally accepted accounting principles in the U.S. (“U.S. GAAP”), we are required to use certain assumptions and estimates in preparing our financial statements, including determining our allowance for credit losses, the fair value of certain assets and liabilities, and asset impairment, among other items. In addition, the FASB, the SEC and other regulatory bodies may change the financial accounting and reporting standards, including those related to assumptions and estimates we use to prepare our financial statements, in ways that we cannot predict and that could impact our financial statements. If actual results differ from the assumptions or estimates underlying our financial statements or if financial accounting and reporting standards are changed, we may experience unexpected material losses. For a discussion of our use of estimates in the preparation of our consolidated financial statements, see “MD&A-Critical Accounting Policies and Estimates” and “Note 1-Summary of Significant Accounting Policies.” Limitations on our ability to receive dividends from our subsidiaries could affect our liquidity and ability to pay dividends and repurchase common stock. We are a separate and distinct legal entity from our subsidiaries, including the Banks. Dividends to us from our direct and indirect subsidiaries, including the Banks, have represented a major source of funds for us to pay dividends on our common and preferred stock, repurchase common stock, make payments on corporate debt securities and meet other obligations. There are various federal law limitations on the extent to which the Banks can finance or otherwise supply funds to us through dividends and loans. These limitations include minimum regulatory capital requirements, federal banking law requirements concerning the payment of dividends out of net profits or surplus, Sections 23A and 23B of the Federal Reserve Act and Regulation W governing transactions between an insured depository institution and its affiliates, as well as general federal regulatory oversight to prevent unsafe or unsound practices. If our subsidiaries’ earnings are not sufficient to make dividend payments to us while maintaining adequate capital levels, our liquidity may be affected and we may not be able to make dividend payments to our common or preferred stockholders, repurchase our common stock, make payments on outstanding corporate debt securities or meet other obligations, each and any of which could have a material adverse impact on our results of operations, financial position or perception of financial health. See “Part I-Item 1.Business-Supervision and Regulation” for additional information regarding dividend limitations applicable to us and the Banks. The soundness of other financial institutions and other third parties could adversely affect us. Our ability to engage in routine funding and other transactions could be adversely affected by the stability and actions of other financial services institutions. Financial services institutions are interrelated as a result of trading, clearing, servicing, counterparty and other relationships. We have exposure to financial institutions, intermediaries and counterparties that are exposed to risks over which we have little or no control. In addition, we routinely execute transactions with counterparties in the financial services industry, including brokers and dealers, commercial banks, investment banks, mutual and hedge funds and other institutional clients, resulting in a significant credit concentration with respect to the financial services industry overall. As a result, defaults by, or even rumors or questions about, one or more financial services institutions, or the financial services industry generally, have led to market-wide liquidity problems and could lead to losses or defaults by us or by other institutions. Likewise, adverse developments affecting the overall strength and soundness of our competitors, the financial services industry as a whole and the general economic climate or sovereign debt could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. In addition, adverse developments with respect to third parties with whom we have important relationships also could negatively impact perceptions about us. These perceptions about us could cause our business to be negatively affected and exacerbate the other risks that we face. Item 1B.