← back to summary

HBAN, §1A diff (2016 → 2017)

Similarity0.99
Added+8675 words
Removed-7052 words

Added paragraphs (8675 words)

Item 1A: Risk Factors We, like other financial companies, are subject to a number of risks that may adversely affect our financial condition or results of operations, many of which are outside of our direct control. Among these risks are: • Credit risk, which is the risk of loss due to loan and lease customers or other counterparties not being able to meet their financial obligations under agreed upon terms; • Market risk, which occurs when fluctuations in interest rates impact earnings and capital. Financial impacts are realized through changes in the interest rates of balance sheet assets and liabilities (net interest margin) or directly through valuation changes of capitalized MSR and/or trading assets (noninterest income); • Liquidity risk, which is the risk to current or anticipated earnings or capital arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from the failure to recognize or address changes in market conditions that affect our ability to liquidate assets quickly and with minimal loss in value; • Operational and Legal risk, which is the risk of loss arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. Operational losses result from internal fraud; external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet professional obligations involving customers, products, and business practices, damage to physical assets, business disruption and systems failures, and failures in execution, delivery, and process management. Legal risk includes, but is not limited to, exposure to orders, fines, penalties, or punitive damages resulting from litigation, as well as regulatory actions; • Compliance risk, which exposes us to money penalties, enforcement actions or other sanctions as a result of non-conformance with laws, rules, and regulations that apply to the financial services industry; • Strategic risk, which is defined as risk to current or anticipated earnings, capital, or enterprise value arising from adverse business decisions, improper implementation of business decisions or lack of responsiveness to industry / market changes; and • Reputation risk, which is the risk that negative publicity regarding an institution's business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions. In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially. Credit Risks: Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures which could adversely affect our net income and capital. Our business depends on the creditworthiness of our customers. Our ACL of $778 million at December 31, 2017, represented Management’s estimate of probable losses inherent in our loan and lease portfolio (ALLL) as well as our unfunded loan commitments and letters of credit (AULC). We regularly review our ACL for appropriateness. In doing so, we consider economic conditions and trends, collateral values, and credit quality indicators, such as past charge-off experience, levels of past due loans, and NPAs. There is no certainty that our ACL will be appropriate over time to cover losses in the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations. In addition, regulatory review of risk ratings and loan and lease losses may impact the level of the ACL and could have a material adverse effect on our financial condition and results of operations. Weakness in economic conditions could adversely affect our business. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following: • A decrease in the demand for loans and other products and services offered by us; • A decrease in customer savings generally and in the demand for savings and investment products offered by us; and • An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us. An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale. The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors. Market Risks: Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital. Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. In addition, the Federal Reserve has stated its intention to end its quantitative easing program and has begun to reduce the size of its balance sheet by selling securities, which might also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, net interest income could be adversely impacted. Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage and nonmortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates along with a flattening yield curve limits our ability to reprice deposits given the current historically low level of interest rates and could result in declining net interest margins if longer duration assets reprice faster than deposits. Rising interest rates reduce the value of our fixed-rate securities. Any unrealized loss from these portfolios impacts OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized loss from these portfolios impacts regulatory capital ratios. In a rising interest rate environment, pension and other post-retirement obligations somewhat mitigate negative OCI impacts from securities and financial instruments. For more information, refer to “Market Risk” of the MD&A. Certain investment securities, notably mortgage-backed securities, are very sensitive to rising and falling rates. Generally, when rates rise, prepayments of principal and interest will decrease and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities. MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise. In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within the benefit plans and other income from client based transactions. Industry competition may have an adverse effect on our success. Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Technological advances have made it possible for our non-bank competitors to offer products and services that traditionally were banking products and for financial institutions and other companies to provide electronic and internet-based financial solutions, including online deposit accounts, electronic payment processing and marketplace lending, without having a physical presence where their customers are located. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, electronic platforms, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business. Uncertainty about the future of LIBOR may adversely affect our business. On July 27, 2017, the Chief Executive of the United Kingdom Financial Conduct Authority, which regulates LIBOR, announced that it intends to stop persuading or compelling banks to submit rates for the calculation of LIBOR to the administrator of LIBOR after 2021. The announcement indicates that the continuation of LIBOR on the current basis cannot and will not be guaranteed after 2021. It is impossible to predict whether and to what extent banks will continue to provide LIBOR submissions to the administrator of LIBOR or whether any additional reforms to LIBOR may be enacted in the United Kingdom or elsewhere. At this time, no consensus exists as to what rate or rates may become accepted alternatives to LIBOR and it is impossible to predict the effect of any such alternatives on the value of LIBOR-based securities and variable rate loans, including Huntington’s Series B preferred stock, certain of Huntington’s junior subordinated debentures, certain of the Bank’s senior notes, or other securities or financial arrangements, given LIBOR’s role in determining market interest rates globally. Uncertainty as to the nature of alternative reference rates and as to potential changes or other reforms to LIBOR may adversely affect LIBOR rates and other interest rates. In the event that a published LIBOR rate is unavailable after 2021, the dividend rate on Huntington’s Series B preferred stock and the interest rate on Huntington’s and the Bank’s debentures and notes, which are currently based on the LIBOR rate, will be determined as set forth in the offering documents, and the value of such securities may be adversely affected. Currently, the manner and impact of this transition and related developments, as well as the effect of these developments on our funding costs, investment and trading securities portfolios and business, is uncertain. Liquidity Risks: Changes in either Huntington’s financial condition or in the general banking industry could result in a loss of depositor confidence. Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers. The board of directors establishes liquidity policies, including contingency funding plans, and limits and management establishes operating guidelines for liquidity. Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general and us in particular. The availability of deposits can also be impacted by regulatory changes (e.g. changes in FDIC insurance, the LCR, etc.), changes in the financial condition of Huntington, other banks or the banking industry in general, and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market related, geopolitical, or other events could impact the liquidity derived from deposits. We are a holding company and depend on dividends by our subsidiaries for most of our funds. Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations and Huntington depends upon dividends from the Bank to service Huntington's debt and to pay dividends to Huntington's shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition including liquidity and capital adequacy of the Bank and other factors, that the OCC could limit the payment of dividends or other payments to Huntington by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Common Stock. Additional information regarding dividend restrictions is provided in Item 1. Regulatory Matters. If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities. Wholesale funding sources include securitization, federal funds purchased, securities sold under repurchase agreements, non-core deposits, and long-term debt. The Bank is also a member of the Federal Home Loan Bank of Cincinnati, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly-rated, marketable securities that is available as a source of liquidity. Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. The inability to access capital markets funding sources as needed could adversely impact our financial condition, results of operations, cash flows, and level of regulatory-qualifying capital. We may, from time-to-time, consider using our existing liquidity position to opportunistically retire outstanding securities in privately negotiated or open market transactions. A reduction in our credit rating could adversely affect our ability to raise funds including capital, and/or the holders of our securities. The credit rating agencies regularly evaluate Huntington and the Bank, and credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability and financial condition, including liquidity. Operational and Legal Risks: Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our results of operations, liquidity and financial condition, as well as cause legal or reputational harm. The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. Our operational and security systems and infrastructure, including our computer systems, data management, and internal processes, as well as those of third parties, are integral to our performance. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance or failure, or breach of our or of third-party systems or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. In addition, our ability to implement backup systems and other safeguards with respect to third-party systems is more limited than with respect to our own systems. Our financial, accounting, data processing, backup or other operating or security systems and infrastructure may fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions or provide services. Such events may include sudden increases in customer transaction volume; electrical, telecommunications or other major physical infrastructure outages; natural disasters such as earthquakes, tornadoes, hurricanes and floods; disease pandemics; cyber-attacks; and events arising from local or larger scale political or social matters, including wars and terrorist acts. In addition, we may need to take our systems offline if they become infected with malware or a computer virus or as a result of another form of cyber-attack. In the event that backup systems are utilized, they may not process data as quickly as our primary systems and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. We frequently update our systems to support our operations and growth and to remain compliant with all applicable laws, rules and regulations. This updating entails significant costs and creates risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems, security monitoring and retaining and training personnel required to operate our systems also entail significant costs. Operational risk exposures could adversely impact our operations, liquidity and financial condition, as well as cause reputational harm. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. We face security risks, including denial of service attacks, hacking, social engineering attacks targeting our colleagues and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure. Our computer systems and network infrastructure and those of third parties, on which we are highly dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, terrorist activities or identity theft. Our business relies on the secure processing, transmission, storage and retrieval of confidential, proprietary and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks. We, our customers, regulators and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks. These cyber-attacks include computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, improper access by employees or vendors, attacks on personal email of employees, ransom demands to not expose security vulnerabilities in our systems or the systems of third parties or other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information of ours, our employees, our customers or of third parties, damage our systems or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement guaranteed preventive measures against such security breaches. Cyber threats are rapidly evolving and we may not be able to anticipate or prevent all such attacks and could be held liable for any security breach or loss. Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. In addition, cybersecurity risks have significantly increased in recent years in part due to the increased sophistication and activities of organized crime affiliates, terrorist organizations, hostile foreign governments, disgruntled employees or vendors, activists and other external parties, including those involved in corporate espionage. Even the most advanced internal control environment may be vulnerable to compromise. Targeted social engineering attacks and "spear phishing" attacks are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce colleagues, customers or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched and may not be recognized until well after a breach has occurred. The risk of a security breach caused by a cyber-attack at a vendor or by unauthorized vendor access has also increased in recent years. Additionally, the existence of cyber-attacks or security breaches at third-party vendors with access to our data may not be disclosed to us in a timely manner. We also face indirect technology, cybersecurity and operational risks relating to the customers, clients and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence and complexity of financial entities and technology systems, a technology failure, cyber-attack or other information or security breach that significantly degrades, deletes or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack or other information or security breach, termination or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk or expand our business. Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, costs associated with maintaining business relationships after an attack or breach; significant business disruption to our operations and business, misappropriation, exposure, or destruction of our confidential information, intellectual property, funds, and/or those of our customers; or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable privacy laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition. In addition, we may not have adequate insurance coverage to compensate for losses from a cybersecurity event. The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period. Note 21 of the Notes to Consolidated Financial Statements updates the status of certain litigation. We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets. We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets. Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including clients, products and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action. Relative to acquisitions, we incur risks and challenges associated with the integration of employees, accounting systems, and technology platforms from acquired businesses and institutions in a timely and efficient manner, and we cannot guarantee that we will be successful in retaining existing customer relationships or achieving anticipated operating efficiencies expected from such acquisitions. Acquisitions may be subject to the receipt of approvals from certain governmental authorities, including the Federal Reserve, the OCC, and the United States Department of Justice, as well as the approval of our shareholders and the shareholders of companies that we seek to acquire. These approvals for acquisitions may not be received, may take longer than expected, or may impose conditions that are not presently anticipated or that could have an adverse effect on the combined company following the acquisitions. Subject to requisite regulatory approvals, future business acquisitions may result in the issuance and payment of additional shares of stock, which would dilute current shareholders’ ownership interests. Additionally, acquisitions may involve the payment of a premium over book and market values. Therefore, dilution of our tangible book value and net income per common share could occur in connection with any future transaction. Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price. Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price. We rely on quantitative models to measure risks and to estimate certain financial values. Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information is insufficient. We rely on third parties to provide key components of our business infrastructure. We rely on third-party service providers to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third-party but remain our responsibility. The Technology Committee of the board of directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships. Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third-party, and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses. Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations. The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. In June 2016, the FASB issued a new current expected credit loss rule, which will require banks to record, at the time of origination, credit losses expected throughout the life of the asset portfolio on loans and held-to-maturity securities, as opposed to the current practice of recording losses when it is probable that a loss event has occurred. Changes in accounting policies, standards and interpretations can be difficult to predict and can materially affect how we record and report our financial condition and results of operations. For further discussion, see Note 2 of the Notes to Consolidated Financial Statements. Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations. Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington, adversely impacting Huntington liquidity and ability to pay dividends or repay debt. The most significant assumptions affecting our goodwill impairment evaluation are variables including the market price of our Common Stock, projections of earnings, the discount rates used in the income approach to fair value, and the control premium above our current stock price that an acquirer would pay to obtain control of us. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our Common Stock, or our regulatory capital levels, but such an impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank's ability to make dividend payments to us without prior regulatory approval, because Federal Reserve policy states the bank holding company dividends should be paid from current earnings. At December 31, 2017, the book value of our goodwill was $2.0 billion, substantially all of which was recorded at the Bank. Any such write down of goodwill or other acquisition related intangibles will reduce Huntington’s earnings, as well. Negative publicity could damage our reputation and could significantly harm our business. Our ability to attract and retain customers, clients, investors, and highly-skilled management and employees is affected by our reputation. Public perception of the financial services industry in general was damaged as a result of the credit crisis that started in 2008. We face increased public and regulatory scrutiny resulting from the credit crisis and economic downturn. Significant harm to our reputation can also arise from other sources, including employee misconduct, actual or perceived unethical behavior, conflicts of interest, litigation, GSE or regulatory actions, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release of confidential information due to cyber-attacks or otherwise, and the activities of our clients, customers and counterparties, including vendors. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation, indirectly by association. All of these could adversely affect our growth, results of operation and financial condition. We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services. We believe that our continued growth and future success will depend in large part on the skills of our management team and our ability to motivate and retain these individuals and other key personnel. The loss of service of one or more of our executive officers or key personnel could reduce our ability to successfully implement our long-term business strategy, our business could suffer and the value of our stock could be materially adversely affected. Leadership changes will occur from time to time and we cannot predict whether significant resignations will occur or whether we will be able to recruit additional qualified personnel. We believe our management team possesses valuable knowledge about the banking industry and that their knowledge and relationships would be very difficult to replicate. Our success also depends on the experience of our branch managers and lending officers and on their relationships with the customers and communities they serve. The loss of these key personnel could negatively impact our banking operations. The loss of key personnel, or the inability to recruit and retain qualified personnel in the future, could have an adverse effect on our business, financial condition or operating results. Compliance Risks: We operate in a highly regulated industry and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us. The banking industry is highly regulated. We are subject to supervision, regulation and examination by various federal and state regulators, including the Federal Reserve, OCC, SEC, CFPB, FDIC, FINRA, and various state regulatory agencies. The statutory and regulatory framework that governs us is generally intended to protect depositors and customers, the DIF, the U.S. banking and financial system, and financial markets as a whole-not to protect shareholders. These laws and regulations, among other matters, prescribe minimum capital requirements, impose limitations on our business activities (including foreclosure and collection practices), limit the dividend or distributions that we can pay, restrict the ability of institutions to guarantee our debt and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital than accounting principles generally accepted in the United States. Compliance with laws and regulations can be difficult and costly and changes to laws and regulations often impose additional compliance costs. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years in response to the financial crisis, as well as other factors such as technological and market changes. Such regulation and supervision may increase our costs and limit our ability to pursue business opportunities. Further, our failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines and other penalties, any of which could adversely affect our results of operations, capital base and the price of our securities. Further, any new laws, rules and regulations could make compliance more difficult or expensive or otherwise adversely affect our business and financial condition. Bank regulations regarding capital and liquidity, including the annual CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities. The Federal Reserve administers CCAR, an annual forward-looking quantitative assessment of Huntington’s capital adequacy and planned capital distributions and a review of the strength of Huntington’s practices to assess capital needs. We generally may pay dividends and repurchase stock only in accordance with a capital plan that has been reviewed by the Federal Reserve and as to which the Federal Reserve has not objected. The Federal Reserve also makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio after making all capital actions included in Huntington’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. The Bank also must submit a capital plan to the OCC. There can be no assurance that the Federal Reserve or OCC will respond favorably to our capital plans, planned capital actions or stress test results, and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases. We are also required to maintain minimum capital ratios and the Federal Reserve and OCC may determine that Huntington and/or the Bank, based on size, complexity or risk profile, must maintain capital ratios above these minimums in order to operate in a safe and sound manner. In the event we are required to raise capital to maintain required minimum capital and leverage ratios or ratios above the required applicable minimums, we may be forced to do so in when market conditions are undesirable or on terms that are less favorable to us than we would otherwise require. Furthermore, in order to prevent becoming subject to restrictions on our ability to distribute capital or make certain discretionary bonus payments to management, we must maintain a Capital Conservation Buffer (of 1.875% in 2018), which is in addition to our required minimum capital ratios. We are also subject to a modified LCR requirement that requires Huntington to maintain an adequate amount of unencumbered high-quality liquid assets, such as Treasury securities and other sovereign debt, to cover projected net cash outflows over a 30 calendar-day stress scenario window. Because the LCR assigns less severe outflow assumptions to certain types of customer deposits, banks’ demand for and the cost of these deposits may increase. Additionally, the LCR has increased the demand for direct U.S. government and U.S. government-guaranteed debt that, while high quality, generally carry lower yields than other securities BHCs hold in their investment portfolios. For more information regarding CCAR, stress testing and capital and liquidity requirements, refer to Item 1. Regulatory Matters. If our regulators deem it appropriate, they can take regulatory actions that could result in a material adverse impact on our financial results, ability to compete for new business, or preclude mergers or acquisitions. In addition, regulatory actions could constrain our ability to fund our liquidity needs or pay dividends. Any of these actions could increase the cost of our services. We are subject to the supervision and regulation of various state and federal regulators, including the OCC, Federal Reserve, FDIC, SEC, CFPB, FINRA, and various state regulatory agencies. As such, we are subject to a wide variety of laws and regulations, many of which are discussed in Item 1. Regulatory Matters. As part of their supervisory process, which includes periodic examinations and continuous monitoring, the regulators have the authority to impose restrictions or conditions on our activities and the manner in which we manage the organization. Such actions could negatively impact us in a variety of ways, including charging monetary fines, impacting our ability to pay dividends, precluding mergers or acquisitions, limiting our ability to offer certain products or services, or imposing additional capital requirements. Under the supervision of the CFPB, our Consumer and Business Banking products and services are subject to heightened regulatory oversight and scrutiny with respect to compliance under consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. Also, federal and state regulators have been increasingly focused on sales practices of branch personnel, including taking regulatory action against other financial institutions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, increase the cost of collection, cause harm to our reputation, or otherwise adversely affect our consumer businesses. In addition, we are allowed to conduct certain activities that are financial in nature by virtue of Huntington’s status as an FHC, as discussed in more detail in Item 1. Regulatory Matters. If Huntington or the Bank cease to meet the requirements necessary for Huntington to continue to qualify as an FHC, the Federal Reserve may impose upon us corrective capital and managerial requirements, and may place limitations on our ability to conduct all of the business activities that we conduct as a FHC. If the failure to meet these standards persists, we could be required to divest our Bank, or cease all activities other than those activities that may be conducted by a BHC but not an FHC. Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years, in response to the financial crisis as well as other factors such as technological and market changes. Regulatory enforcement and fines have also increased across the banking and financial services sector. Compliance with these laws and regulations have resulted in and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations, especially those that apply to our consumer operations, which has been an area of heightened focus, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results. We may become subject to more stringent regulatory requirements and activity restrictions if the Federal Reserve and FDIC determine that our resolution plan is not credible. Huntington is required to submit annually to the Federal Reserve and the FDIC a resolution plan for its orderly resolution under the U.S. Bankruptcy Code. If the Federal Reserve and the FDIC jointly determine that our resolution plan is not credible, we could become subjected to more stringent capital, leverage or liquidity requirements or restrictions, or restrictions on our growth, activities or operations. If we were to fail to address deficiencies in our resolution plan when required, we could eventually be required to divest certain assets or operations in ways that could negatively impact its operations and strategy. For more information regarding resolution planning requirements, refer to Item 1: Business - Regulatory Matters. Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss. The Bank Secrecy Act and the Patriot Act contain anti-money laundering and financial transparency provisions intended to detect, and prevent the use of the U.S. financial system for, money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the Patriot Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of clients, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. FinCEN, a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the federal bank regulatory agencies, as well as the United States Department of Justice, Drug Enforcement Administration and IRS. There is also increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures and systems are deemed deficient or the policies, procedures and systems of the financial institutions that we have already acquired or may acquire in the future are deficient, we would be subject to liability, including fines and regulatory actions such as restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain planned business activities, including acquisition plans, which would negatively impact our business, financial condition and results of operations. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. For more information regarding the Bank Secrecy Act, Patriot Act, anti-money laundering requirements and OFAC-administered sanctions, refer to Item 1: Business - Regulatory Matters. Cybersecurity and data privacy are areas of heightened legislative and regulatory focus. As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed enhanced cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us and the Bank, and would focus on cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. We receive, maintain and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure and protection of this information are governed by federal and state law. Both personally identifiable information and personal financial information is increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information that is collected and handled. We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy policies. If cybersecurity, data privacy, data protection, data transfer or data retention laws are implemented, interpreted or applied in a manner inconsistent with our current practices, we may be subject to fines, litigation or regulatory enforcement actions or ordered to change our business practices, policies or systems in a manner that adversely impacts our operating results. Item 1B:

Removed paragraphs (7052 words)

Item 1A: Risk Factors Risk Governance We use a multi-faceted approach to risk governance. It begins with the board of directors defining our risk appetite as aggregate moderate-to-low. This does not preclude engagement in select higher risk activities. Rather, the definition is intended to represent an aggregate view of where we want our overall risk to be managed. Three board committees primarily oversee implementation of this desired risk appetite and monitoring of our risk profile: • The Audit Committee oversees the integrity of the consolidated financial statements, including policies, procedures, and practices regarding the preparation of financial statements, the financial reporting process, disclosures, and internal control over financial reporting. The Audit Committee also provides assistance to the board in overseeing the internal audit division and the independent registered public accounting firm’s qualifications and independence; compliance with our Financial Code of Ethics for the chief executive officer and senior financial officers; and compliance with corporate securities trading policies. • The Risk Oversight Committee assists the board of directors in overseeing management of material risks, the approval and monitoring of the Company’s capital position and plan supporting our overall aggregate moderate-to-low risk profile, the risk governance structure, compliance with applicable laws and regulations, and determining adherence to the board’s stated risk appetite. The committee has oversight responsibility with respect to the full range of inherent risks: market, credit, liquidity, legal, compliance/regulatory, operational, strategic, and reputational. This committee also oversees our capital management and planning process, ensures that the amount and quality of capital are adequate in relation to expected and unexpected risks, and that our capital levels exceed “well-capitalized” requirements. • The Technology Committee assists the board of directors in fulfilling its oversight responsibilities with respect to all technology, cyber security, and third-party risk management strategies and plans. The committee is charged with evaluating Huntington’s capability to properly perform all technology functions necessary for its business plan, including projected growth, technology capacity, planning, operational execution, product development, and management capacity. The committee provides oversight of technology investments and plans to drive efficiency as well as to meet defined standards for risk, security, and redundancy. The Committee oversees the allocation of technology costs and ensures that they are understood by the board of directors. The Technology Committee monitors and evaluates innovation and technology trends that may affect the Company’s strategic plans, including monitoring of overall industry trends. The Technology Committee reviews and provides oversight of the company’s continuity and disaster recovery planning and preparedness. The Audit and Risk Oversight Committees routinely hold executive sessions with our key officers engaged in accounting and risk management. On a periodic basis, the two committees meet in joint session to cover matters relevant to both, such as the construct and appropriateness of the ACL, which is reviewed quarterly. All directors have access to information provided to each committee and all scheduled meetings are open to all directors. Further, through its Compensation Committee, the board of directors seeks to ensure its system of rewards is risk-sensitive and aligns the interests of management, creditors, and shareholders. We utilize a variety of compensation-related tools to induce appropriate behavior, including common stock ownership thresholds for the chief executive officer and certain members of senior management, a requirement to hold until retirement or exit from the Company, a portion of net shares received upon exercise of stock options or release of restricted stock awards (50% for executive officers and 25% for other award recipients), equity deferrals, recoupment provisions, and the right to terminate compensation plans at any time. Management has implemented an Enterprise Risk Management and Risk Appetite Framework. Critically important is our self-assessment process, in which each business segment produces an analysis of its risks and the strength of its risk controls. The segment analyses are combined with assessments by our risk management organization of major risk sectors (e.g., credit, market, liquidity, operational, legal, compliance, reputational, and strategic) to produce an overall enterprise risk assessment. Outcomes of the process include a determination of the quality of the overall control process, the direction of risk, and our position compared to the defined risk appetite. Management also utilizes a wide series of metrics (key risk indicators) to monitor risk positions throughout the Company. In general, a range for each metric is established, which allows the Company, in aggregate, to operate within an aggregate moderate-to-low risk profile. Deviations from the range will indicate if the risk being measured exceeds desired tolerance, which may then necessitate corrective action. We also have four executive level committees to manage risk: ALCO, Credit Policy and Strategy, Risk Management, and Capital Management. Each committee focuses on specific categories of risk and is supported by a series of subcommittees that are tactical in nature. We believe this structure helps ensure appropriate escalation of issues and overall communication of strategies. Huntington utilizes three lines of defense with regard to risk management: (1) business segments, (2) corporate risk management, and (3) internal audit and credit review. To induce greater ownership of risk within its business segments, segment risk officers have been embedded in the business to identify and monitor risk, elevate and remediate issues, establish controls, perform self-testing, and oversee the self-assessment process. Corporate Risk Management establishes policies, sets operating limits, reviews new or modified products/processes, ensures consistency and quality assurance within the segments, and produces the enterprise risk assessment. The Chief Risk Officer has significant input into the design and outcome of incentive compensation plans as they apply to risk. Internal Audit and Credit Review provide additional assurance that risk-related functions are operating as intended. Risk Overview We, like other financial companies, are subject to a number of risks that may adversely affect our financial condition or results of operations, many of which are outside of our direct control, though efforts are made to manage those risks while optimizing returns. Among the risks assumed are: •Credit risk, which is the risk of loss due to loan and lease customers or other counterparties not being able to meet their financial obligations under agreed upon terms; •Market risk, which occurs when fluctuations in interest rates impact earnings and capital. Financial impacts are realized through changes in the interest rates of balance sheet assets and liabilities (net interest margin) or directly through valuation changes of capitalized MSR and/or trading assets (noninterest income); •Liquidity risk, which is the risk to current or anticipated earnings or capital arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from the failure to recognize or address changes in market conditions that affect the Bank’s ability to liquidate assets quickly and with minimal loss in value; •Operational and legal risk, which is the risk of loss arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. Operational losses result from internal fraud; external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet professional obligations involving customers, products, and business practices, damage to physical assets, business disruption and systems failures, and failures in execution, delivery, and process management. Legal risk includes, but is not limited to, exposure to orders, fines, penalties, or punitive damages resulting from litigation, as well as regulatory actions; •Compliance risk, which exposes us to money penalties, enforcement actions or other sanctions as a result of non-conformance with laws, rules, and regulations that apply to the financial services industry; and •Strategic risk, which is defined as risk to current or anticipated earnings, capital, or enterprise value arising from adverse business decisions, improper implementation of business decisions or lack of responsiveness to industry / market changes. We also expend considerable effort to protect our reputation. Reputation risk does not easily lend itself to traditional methods of measurement. Rather, we closely monitor it through processes such as new product / initiative reviews, colleague and client surveys, monitoring media tone, periodic discussions between management and our board, and other such efforts. In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially. Credit Risks: 1. Our ACL level may prove to be inappropriate or be negatively affected by credit risk exposures which could adversely affect our net income and capital. Our business depends on the creditworthiness of our customers. Our ACL of $736 million at December 31, 2016, represented Management’s estimate of probable losses inherent in our loan and lease portfolio as well as our unfunded loan commitments and letters of credit. We regularly review our ACL for appropriateness. In doing so, we consider economic conditions and trends, collateral values, and credit quality indicators, such as past charge-off experience, levels of past due loans, and NPAs. There is no certainty that our ACL will be appropriate over time to cover losses in the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations. In addition, regulatory review of risk ratings and loan and lease losses may impact the level of the ACL and could have a material adverse effect on our financial condition and results of operations. 2. Weakness in economic conditions could adversely affect our business. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following: • A decrease in the demand for loans and other products and services offered by us; • A decrease in customer savings generally and in the demand for savings and investment products offered by us; and • An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us. An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale. The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors. Market Risks: 1. Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital. Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, net interest income could be adversely impacted. Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage and nonmortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates along with a flattening yield curve limits our ability to reprice deposits given the current historically low level of interest rates and could result in declining net interest margins if longer duration assets reprice faster than deposits. Rising interest rates reduce the value of our fixed-rate securities and cash flow hedging derivatives portfolio. Any unrealized loss from these portfolios impacts OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized loss from these portfolios impacts regulatory capital ratios. In a rising interest rate environment, pension and other post-retirement obligations somewhat mitigate negative OCI impacts from securities and financial instruments. For more information, refer to “Market Risk” of the MD&A. Certain investment securities, notably mortgage-backed securities, are very sensitive to rising and falling rates. Generally, when rates rise, prepayments of principal and interest will decrease and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities. MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise. In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within the benefit plans and other income from client based transactions. 2. Industry competition may have an adverse effect on our success. Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business. Liquidity Risks: 1. Changes in either Huntington’s financial condition or in the general banking industry could result in a loss of depositor confidence. Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers. The board of directors establishes liquidity policies, including contingency funding plans, and limits and management establishes operating guidelines for liquidity. Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general and us in particular. The availability of deposits can also be impacted by regulatory changes (e.g. changes in FDIC insurance, the Liquidity Coverage Ratio, etc.), and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market related, geopolitical, or other events could impact the liquidity derived from deposits. 2. We are a holding company and depend on dividends by our subsidiaries for most of our funds. Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations and Huntington depends upon dividends from the Bank to service Huntington's debt and to pay dividends to Huntington's shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition including liquidity and capital adequacy of the Bank and other factors, that the OCC could limit the payment of dividends or other payments by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Common Stock. Additional information regarding dividend restrictions is provided in Item 1. Regulatory Matters. 3. If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities. Wholesale funding sources include securitization, federal funds purchased, securities sold under repurchase agreements, non-core deposits, and long-term debt. The Bank is also a member of the Federal Home Loan Bank of Cincinnati, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly-rated, marketable securities that is available as a source of liquidity. Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. The inability to access capital markets funding sources as needed could adversely impact our financial condition, results of operations, cash flows, and level of regulatory-qualifying capital. We may, from time-to-time, consider using our existing liquidity position to opportunistically retire outstanding securities in privately negotiated or open market transactions. 4. A reduction in our credit rating could adversely affect our ability to raise funds including capital, and/or the holders of our securities. The credit rating agencies regularly evaluate Huntington and the Bank, and credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability and financial condition, including liquidity. Operational and Legal Risks: 1. We face security risks, including denial of service attacks, hacking, social engineering attacks targeting our colleagues and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure. Our computer systems and network infrastructure are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, terrorist activities or identity theft. Financial services institutions and companies engaged in data processing have reported breaches in the security of their websites or other systems, some of which have involved sophisticated and targeted attacks intended to obtain unauthorized access to confidential information, destroy data, disable or degrade service, or sabotage systems, often through the introduction of computer viruses or malware, cyber-attacks and other means. Denial of service attacks have been launched against a number of large financial services institutions, including us. None of these events against us resulted in a breach of our client data or account information; however, the performance of our website, www.huntington.com, was adversely affected, and in some instances customers were prevented from accessing our website. We expect to be subject to similar attacks in the future. While events to date primarily resulted in inconvenience, future cyber-attacks could be more disruptive and damaging. Hacking and identity theft risks, in particular, could cause serious reputational harm. Cyber threats are rapidly evolving and we may not be able to anticipate or prevent all such attacks and could be held liable for any security breach or loss. Despite efforts to ensure the integrity of our systems, we may not be able to anticipate all security breaches of these types, nor may we be able to implement guaranteed preventive measures against such security breaches. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched and can originate from a wide variety of sources, including outside groups such as external service providers, organized crime affiliates, terrorist organizations or hostile foreign governments. These risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. Even the most advanced internal control environment may be vulnerable to compromise. Targeted social engineering attacks and "spear phishing" attacks are becoming more sophisticated and are extremely difficult to prevent. The successful social engineer will attempt to fraudulently induce colleagues, customers or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. A successful penetration or circumvention of system security could cause us serious negative consequences, including significant disruption of operations, misappropriation of confidential information, or damage to our computers or systems or those of our customers and counterparties. A successful security breach could result in violations of applicable privacy and other laws, financial loss to us or to our customers, loss of confidence in our security measures, significant litigation exposure, and harm to our reputation, all of which could have a material adverse effect on the Company. 2. The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period. Note 21 of the Notes to Consolidated Financial Statements updates the status of certain material litigation including litigation related to the bankruptcy of Cyberco Holdings, Inc. 3. We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets. We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets. Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including clients, products and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action. Relative to acquisitions, we incur risks and challenges associated with the integration of employees, accounting systems, and technology platforms from acquired businesses and institutions in a timely and efficient manner, and we cannot guarantee that we will be successful in retaining existing customer relationships or achieving anticipated operating efficiencies expected from such acquisitions. Acquisitions may be subject to the receipt of approvals from certain governmental authorities, including the Federal Reserve, the OCC, and the United States Department of Justice, as well as the approval of our shareholders and the shareholders of companies that we seek to acquire. These approvals for acquisitions may not be received, may take longer than expected, or may impose conditions that are not presently anticipated or that could have an adverse effect on the combined company following the acquisitions. Subject to requisite regulatory approvals, future business acquisitions may result in the issuance and payment of additional shares of stock, which would dilute current shareholders’ ownership interests. Additionally, acquisitions may involve the payment of a premium over book and market values. Therefore, dilution of our tangible book value and net income per common share could occur in connection with any future transaction. 4. Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price. Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price. 5. We rely on quantitative models to measure risks and to estimate certain financial values. Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information is insufficient. 6. We rely on third parties to provide key components of our business infrastructure. We rely on third-party service providers to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third-party but remain our responsibility. The Technology Committee of the board of directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships. Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third-party, and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses. 7. Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations. The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. These changes can be difficult to predict and can materially affect how we record and report our financial condition and results of operations. For further discussion, see Note 2 of the Notes to Consolidated Financial Statements. 8. Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations. Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington Bancshares Incorporated, adversely impacting Huntington Bancshares Incorporated's liquidity and ability to pay dividends or repay debt. The most significant assumptions affecting our goodwill impairment evaluation are variables including the market price of our Common Stock, projections of earnings, and the control premium above our current stock price that an acquirer would pay to obtain control of us. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our Common Stock, or our regulatory capital levels, but such an impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank's ability to make dividend payments to us without prior regulatory approval, because Federal Reserve policy states the bank holding company dividends should be paid from current earnings. At December 31, 2016, the book value of our goodwill was $2.0 billion, all of which was recorded at the Bank. Any such write down of goodwill or other acquisition related intangibles will reduce Huntington’s earnings, as well. 9. Negative publicity could damage our reputation and could significantly harm our business. Our ability to attract and retain customers, clients, investors, and highly-skilled management and employees is affected by our reputation. Public perception of the financial services industry in general was damaged as a result of the credit crisis that started in 2008. We face increased public and regulatory scrutiny resulting from the credit crisis and economic downturn. Significant harm to our reputation can also arise from other sources, including employee misconduct, actual or perceived unethical behavior, conflicts of interest, litigation, GSE or regulatory actions, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release of confidential information due to cyber-attacks or otherwise, and the activities of our clients, customers and counterparties, including vendors. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation, indirectly by association. All of these could adversely affect our growth, results of operation and financial condition. Compliance Risks: 1. Bank regulations regarding capital and liquidity, including the annual CCAR assessment process and the Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities. The Federal Reserve administers the annual CCAR, an assessment of the capital adequacy of bank holding companies with consolidated assets of $50 billion or more and of the practices used by covered banks to assess capital needs. Under CCAR, the Federal Reserve makes a qualitative assessment of capital adequacy on a forward-looking basis and reviews the strength of a bank holding company’s capital adequacy process. The Federal Reserve also makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio and above a CET1 ratio of 4.5%, after making all capital actions included in a bank holding company’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. Capital plans for 2017 are required to be submitted by April 5, 2017, and the Federal Reserve will either object to the capital plan and/or planned capital actions, or provide a notice of non-objection, no later than June 30, 2017. We intend to submit our capital plan to the Federal Reserve on or before April 5, 2017. The Bank also must submit a capital plan to the OCC on or before April 5, 2017. There can be no assurance that the Federal Reserve will respond favorably to our capital plan, capital actions or stress test and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases. In 2013, the Federal Reserve and the OCC adopted final rules to implement the Basel III capital rules for U.S. Banking organizations. The final rules establish an integrated regulatory capital framework and will implement in the United States the Basel III regulatory capital reforms from the Basel Committee on Banking Supervision and certain changes required by the Dodd-Frank Act. Under the final rule, minimum requirements will increase for both the quantity and quality of capital held by banking organizations. As a Standardized Approach institution, the Basel III minimum capital requirements became effective for us on January 1, 2015, and will be fully phased-in on January 1, 2019. On September 3, 2014, the U.S. banking regulators approved a final rule to implement a minimum LCR requirement for banking organizations with total consolidated assets of $250 billion or more, and a less stringent modified LCR requirement to depository institution holding companies below the threshold but with total consolidated assets of $50 billion or more. The LCR requires covered banking organizations to maintain HQLA equal to projected stressed cash outflows over a 30 calendar-day stress scenario. We are covered by the modified LCR requirement and therefore subject to the phase-in of the rule which, as of January 2017, is at 100%. We will also be required to calculate the LCR monthly. The LCR assigns less severe outflow assumptions to certain types of customer deposits, which should increase the demand, and perhaps the cost, among banks for these deposits. Additionally, the HQLA requirements will increase the demand for direct US government and US government- guaranteed debt that, while high quality, generally carry lower yields than other securities that banks hold in their investment portfolios. 2. If our regulators deem it appropriate, they can take regulatory actions that could result in a material adverse impact on our financial results, ability to compete for new business, or preclude mergers or acquisitions. In addition, regulatory actions could constrain our ability to fund our liquidity needs or pay dividends. Any of these actions could increase the cost of our services. We are subject to the supervision and regulation of various state and federal regulators, including the OCC, Federal Reserve, FDIC, SEC, CFPB, Financial Industry Regulatory Authority, and various state regulatory agencies. As such, we are subject to a wide variety of laws and regulations, many of which are discussed in Item 1. Regulatory Matters. As part of their supervisory process, which includes periodic examinations and continuous monitoring, the regulators have the authority to impose restrictions or conditions on our activities and the manner in which we manage the organization. Such actions could negatively impact us in a variety of ways, including charging monetary fines, impacting our ability to pay dividends, precluding mergers or acquisitions, limiting our ability to offer certain products or services, or imposing additional capital requirements. Under the supervision of the CFPB, our consumer products and services are subject to increasing regulatory oversight and scrutiny with respect to compliance under consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, cause harm to our reputation, or otherwise adversely affect our consumer businesses. 3. Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price. The Dodd-Frank Act was a comprehensive overhaul of the financial services industry within the United States, established the CFPB, and required the CFPB and other federal agencies to implement many new and significant rules and regulations. Compliance with these new laws and regulations have and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations that apply to our consumer operations, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results. 4. We may become subject to more stringent regulatory requirements and activity restrictions if the Federal Reserve and FDIC determine that our resolution plan is not credible. The Dodd-Frank Act and implementing regulations jointly issued by Federal Reserve and the FDIC require bank holding companies with more than $50 billion in assets to annually submit a resolution plan to the Federal Reserve and the FDIC that, in the event of material financial distress or failure, establish the rapid, orderly resolution of the Company under the U.S. Bankruptcy Code. If the Federal Reserve and the FDIC jointly determine that our 2015 resolution plan is not “credible,” we could become subjected to more stringent capital, leverage or liquidity requirements or restrictions, or restrictions on our growth, activities or operations, and could eventually be required to divest certain assets or operations in ways that could negatively impact its operations and strategy. 5. Our business, financial condition, and results of operations could be adversely affected if we lose our financial holding company status. In order for us to maintain our status as a financial holding company, we and the Bank must remain “well capitalized,” and “well managed.” If we or our Bank cease to meet the requirements necessary for us to continue to qualify as a financial holding company, the Federal Reserve may impose upon us corrective capital and managerial requirements, and may place limitations on our ability to conduct all of the business activities that we conduct as a financial holding company. If the failure to meet these standards persists, we could be required to divest our Bank, or cease all activities other than those activities that may be conducted by bank holding companies that are not financial holding companies. In addition, our ability to commence or engage in certain activities as a financial holding company will be restricted if the Bank fails to maintain at least a “Satisfactory” rating on its most recent Community Reinvestment Act examination. Item 1B:

Current §1A text (2017)

Show full section (8683 words)

Item 1A: Risk Factors We, like other financial companies, are subject to a number of risks that may adversely affect our financial condition or results of operations, many of which are outside of our direct control. Among these risks are: • Credit risk, which is the risk of loss due to loan and lease customers or other counterparties not being able to meet their financial obligations under agreed upon terms; • Market risk, which occurs when fluctuations in interest rates impact earnings and capital. Financial impacts are realized through changes in the interest rates of balance sheet assets and liabilities (net interest margin) or directly through valuation changes of capitalized MSR and/or trading assets (noninterest income); • Liquidity risk, which is the risk to current or anticipated earnings or capital arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from the failure to recognize or address changes in market conditions that affect our ability to liquidate assets quickly and with minimal loss in value; • Operational and Legal risk, which is the risk of loss arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. Operational losses result from internal fraud; external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet professional obligations involving customers, products, and business practices, damage to physical assets, business disruption and systems failures, and failures in execution, delivery, and process management. Legal risk includes, but is not limited to, exposure to orders, fines, penalties, or punitive damages resulting from litigation, as well as regulatory actions; • Compliance risk, which exposes us to money penalties, enforcement actions or other sanctions as a result of non-conformance with laws, rules, and regulations that apply to the financial services industry; • Strategic risk, which is defined as risk to current or anticipated earnings, capital, or enterprise value arising from adverse business decisions, improper implementation of business decisions or lack of responsiveness to industry / market changes; and • Reputation risk, which is the risk that negative publicity regarding an institution's business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions. In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially. Credit Risks: Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures which could adversely affect our net income and capital. Our business depends on the creditworthiness of our customers. Our ACL of $778 million at December 31, 2017, represented Management’s estimate of probable losses inherent in our loan and lease portfolio (ALLL) as well as our unfunded loan commitments and letters of credit (AULC). We regularly review our ACL for appropriateness. In doing so, we consider economic conditions and trends, collateral values, and credit quality indicators, such as past charge-off experience, levels of past due loans, and NPAs. There is no certainty that our ACL will be appropriate over time to cover losses in the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations. In addition, regulatory review of risk ratings and loan and lease losses may impact the level of the ACL and could have a material adverse effect on our financial condition and results of operations. Weakness in economic conditions could adversely affect our business. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following: • A decrease in the demand for loans and other products and services offered by us; • A decrease in customer savings generally and in the demand for savings and investment products offered by us; and • An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us. An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale. The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors. Market Risks: Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital. Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. In addition, the Federal Reserve has stated its intention to end its quantitative easing program and has begun to reduce the size of its balance sheet by selling securities, which might also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, net interest income could be adversely impacted. Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage and nonmortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates along with a flattening yield curve limits our ability to reprice deposits given the current historically low level of interest rates and could result in declining net interest margins if longer duration assets reprice faster than deposits. Rising interest rates reduce the value of our fixed-rate securities. Any unrealized loss from these portfolios impacts OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized loss from these portfolios impacts regulatory capital ratios. In a rising interest rate environment, pension and other post-retirement obligations somewhat mitigate negative OCI impacts from securities and financial instruments. For more information, refer to “Market Risk” of the MD&A. Certain investment securities, notably mortgage-backed securities, are very sensitive to rising and falling rates. Generally, when rates rise, prepayments of principal and interest will decrease and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities. MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise. In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within the benefit plans and other income from client based transactions. Industry competition may have an adverse effect on our success. Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Technological advances have made it possible for our non-bank competitors to offer products and services that traditionally were banking products and for financial institutions and other companies to provide electronic and internet-based financial solutions, including online deposit accounts, electronic payment processing and marketplace lending, without having a physical presence where their customers are located. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, electronic platforms, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business. Uncertainty about the future of LIBOR may adversely affect our business. On July 27, 2017, the Chief Executive of the United Kingdom Financial Conduct Authority, which regulates LIBOR, announced that it intends to stop persuading or compelling banks to submit rates for the calculation of LIBOR to the administrator of LIBOR after 2021. The announcement indicates that the continuation of LIBOR on the current basis cannot and will not be guaranteed after 2021. It is impossible to predict whether and to what extent banks will continue to provide LIBOR submissions to the administrator of LIBOR or whether any additional reforms to LIBOR may be enacted in the United Kingdom or elsewhere. At this time, no consensus exists as to what rate or rates may become accepted alternatives to LIBOR and it is impossible to predict the effect of any such alternatives on the value of LIBOR-based securities and variable rate loans, including Huntington’s Series B preferred stock, certain of Huntington’s junior subordinated debentures, certain of the Bank’s senior notes, or other securities or financial arrangements, given LIBOR’s role in determining market interest rates globally. Uncertainty as to the nature of alternative reference rates and as to potential changes or other reforms to LIBOR may adversely affect LIBOR rates and other interest rates. In the event that a published LIBOR rate is unavailable after 2021, the dividend rate on Huntington’s Series B preferred stock and the interest rate on Huntington’s and the Bank’s debentures and notes, which are currently based on the LIBOR rate, will be determined as set forth in the offering documents, and the value of such securities may be adversely affected. Currently, the manner and impact of this transition and related developments, as well as the effect of these developments on our funding costs, investment and trading securities portfolios and business, is uncertain. Liquidity Risks: Changes in either Huntington’s financial condition or in the general banking industry could result in a loss of depositor confidence. Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers. The board of directors establishes liquidity policies, including contingency funding plans, and limits and management establishes operating guidelines for liquidity. Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general and us in particular. The availability of deposits can also be impacted by regulatory changes (e.g. changes in FDIC insurance, the LCR, etc.), changes in the financial condition of Huntington, other banks or the banking industry in general, and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market related, geopolitical, or other events could impact the liquidity derived from deposits. We are a holding company and depend on dividends by our subsidiaries for most of our funds. Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations and Huntington depends upon dividends from the Bank to service Huntington's debt and to pay dividends to Huntington's shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition including liquidity and capital adequacy of the Bank and other factors, that the OCC could limit the payment of dividends or other payments to Huntington by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Common Stock. Additional information regarding dividend restrictions is provided in Item 1. Regulatory Matters. If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities. Wholesale funding sources include securitization, federal funds purchased, securities sold under repurchase agreements, non-core deposits, and long-term debt. The Bank is also a member of the Federal Home Loan Bank of Cincinnati, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly-rated, marketable securities that is available as a source of liquidity. Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. The inability to access capital markets funding sources as needed could adversely impact our financial condition, results of operations, cash flows, and level of regulatory-qualifying capital. We may, from time-to-time, consider using our existing liquidity position to opportunistically retire outstanding securities in privately negotiated or open market transactions. A reduction in our credit rating could adversely affect our ability to raise funds including capital, and/or the holders of our securities. The credit rating agencies regularly evaluate Huntington and the Bank, and credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability and financial condition, including liquidity. Operational and Legal Risks: Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our results of operations, liquidity and financial condition, as well as cause legal or reputational harm. The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. Our operational and security systems and infrastructure, including our computer systems, data management, and internal processes, as well as those of third parties, are integral to our performance. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance or failure, or breach of our or of third-party systems or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. In addition, our ability to implement backup systems and other safeguards with respect to third-party systems is more limited than with respect to our own systems. Our financial, accounting, data processing, backup or other operating or security systems and infrastructure may fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions or provide services. Such events may include sudden increases in customer transaction volume; electrical, telecommunications or other major physical infrastructure outages; natural disasters such as earthquakes, tornadoes, hurricanes and floods; disease pandemics; cyber-attacks; and events arising from local or larger scale political or social matters, including wars and terrorist acts. In addition, we may need to take our systems offline if they become infected with malware or a computer virus or as a result of another form of cyber-attack. In the event that backup systems are utilized, they may not process data as quickly as our primary systems and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. We frequently update our systems to support our operations and growth and to remain compliant with all applicable laws, rules and regulations. This updating entails significant costs and creates risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems, security monitoring and retaining and training personnel required to operate our systems also entail significant costs. Operational risk exposures could adversely impact our operations, liquidity and financial condition, as well as cause reputational harm. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. We face security risks, including denial of service attacks, hacking, social engineering attacks targeting our colleagues and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure. Our computer systems and network infrastructure and those of third parties, on which we are highly dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, terrorist activities or identity theft. Our business relies on the secure processing, transmission, storage and retrieval of confidential, proprietary and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks. We, our customers, regulators and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks. These cyber-attacks include computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, improper access by employees or vendors, attacks on personal email of employees, ransom demands to not expose security vulnerabilities in our systems or the systems of third parties or other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information of ours, our employees, our customers or of third parties, damage our systems or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement guaranteed preventive measures against such security breaches. Cyber threats are rapidly evolving and we may not be able to anticipate or prevent all such attacks and could be held liable for any security breach or loss. Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. In addition, cybersecurity risks have significantly increased in recent years in part due to the increased sophistication and activities of organized crime affiliates, terrorist organizations, hostile foreign governments, disgruntled employees or vendors, activists and other external parties, including those involved in corporate espionage. Even the most advanced internal control environment may be vulnerable to compromise. Targeted social engineering attacks and "spear phishing" attacks are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce colleagues, customers or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched and may not be recognized until well after a breach has occurred. The risk of a security breach caused by a cyber-attack at a vendor or by unauthorized vendor access has also increased in recent years. Additionally, the existence of cyber-attacks or security breaches at third-party vendors with access to our data may not be disclosed to us in a timely manner. We also face indirect technology, cybersecurity and operational risks relating to the customers, clients and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence and complexity of financial entities and technology systems, a technology failure, cyber-attack or other information or security breach that significantly degrades, deletes or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack or other information or security breach, termination or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk or expand our business. Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, costs associated with maintaining business relationships after an attack or breach; significant business disruption to our operations and business, misappropriation, exposure, or destruction of our confidential information, intellectual property, funds, and/or those of our customers; or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable privacy laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition. In addition, we may not have adequate insurance coverage to compensate for losses from a cybersecurity event. The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period. Note 21 of the Notes to Consolidated Financial Statements updates the status of certain litigation. We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets. We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets. Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including clients, products and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action. Relative to acquisitions, we incur risks and challenges associated with the integration of employees, accounting systems, and technology platforms from acquired businesses and institutions in a timely and efficient manner, and we cannot guarantee that we will be successful in retaining existing customer relationships or achieving anticipated operating efficiencies expected from such acquisitions. Acquisitions may be subject to the receipt of approvals from certain governmental authorities, including the Federal Reserve, the OCC, and the United States Department of Justice, as well as the approval of our shareholders and the shareholders of companies that we seek to acquire. These approvals for acquisitions may not be received, may take longer than expected, or may impose conditions that are not presently anticipated or that could have an adverse effect on the combined company following the acquisitions. Subject to requisite regulatory approvals, future business acquisitions may result in the issuance and payment of additional shares of stock, which would dilute current shareholders’ ownership interests. Additionally, acquisitions may involve the payment of a premium over book and market values. Therefore, dilution of our tangible book value and net income per common share could occur in connection with any future transaction. Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price. Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price. We rely on quantitative models to measure risks and to estimate certain financial values. Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information is insufficient. We rely on third parties to provide key components of our business infrastructure. We rely on third-party service providers to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third-party but remain our responsibility. The Technology Committee of the board of directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships. Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third-party, and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses. Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations. The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. In June 2016, the FASB issued a new current expected credit loss rule, which will require banks to record, at the time of origination, credit losses expected throughout the life of the asset portfolio on loans and held-to-maturity securities, as opposed to the current practice of recording losses when it is probable that a loss event has occurred. Changes in accounting policies, standards and interpretations can be difficult to predict and can materially affect how we record and report our financial condition and results of operations. For further discussion, see Note 2 of the Notes to Consolidated Financial Statements. Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations. Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington, adversely impacting Huntington liquidity and ability to pay dividends or repay debt. The most significant assumptions affecting our goodwill impairment evaluation are variables including the market price of our Common Stock, projections of earnings, the discount rates used in the income approach to fair value, and the control premium above our current stock price that an acquirer would pay to obtain control of us. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our Common Stock, or our regulatory capital levels, but such an impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank's ability to make dividend payments to us without prior regulatory approval, because Federal Reserve policy states the bank holding company dividends should be paid from current earnings. At December 31, 2017, the book value of our goodwill was $2.0 billion, substantially all of which was recorded at the Bank. Any such write down of goodwill or other acquisition related intangibles will reduce Huntington’s earnings, as well. Negative publicity could damage our reputation and could significantly harm our business. Our ability to attract and retain customers, clients, investors, and highly-skilled management and employees is affected by our reputation. Public perception of the financial services industry in general was damaged as a result of the credit crisis that started in 2008. We face increased public and regulatory scrutiny resulting from the credit crisis and economic downturn. Significant harm to our reputation can also arise from other sources, including employee misconduct, actual or perceived unethical behavior, conflicts of interest, litigation, GSE or regulatory actions, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release of confidential information due to cyber-attacks or otherwise, and the activities of our clients, customers and counterparties, including vendors. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation, indirectly by association. All of these could adversely affect our growth, results of operation and financial condition. We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services. We believe that our continued growth and future success will depend in large part on the skills of our management team and our ability to motivate and retain these individuals and other key personnel. The loss of service of one or more of our executive officers or key personnel could reduce our ability to successfully implement our long-term business strategy, our business could suffer and the value of our stock could be materially adversely affected. Leadership changes will occur from time to time and we cannot predict whether significant resignations will occur or whether we will be able to recruit additional qualified personnel. We believe our management team possesses valuable knowledge about the banking industry and that their knowledge and relationships would be very difficult to replicate. Our success also depends on the experience of our branch managers and lending officers and on their relationships with the customers and communities they serve. The loss of these key personnel could negatively impact our banking operations. The loss of key personnel, or the inability to recruit and retain qualified personnel in the future, could have an adverse effect on our business, financial condition or operating results. Compliance Risks: We operate in a highly regulated industry and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us. The banking industry is highly regulated. We are subject to supervision, regulation and examination by various federal and state regulators, including the Federal Reserve, OCC, SEC, CFPB, FDIC, FINRA, and various state regulatory agencies. The statutory and regulatory framework that governs us is generally intended to protect depositors and customers, the DIF, the U.S. banking and financial system, and financial markets as a whole-not to protect shareholders. These laws and regulations, among other matters, prescribe minimum capital requirements, impose limitations on our business activities (including foreclosure and collection practices), limit the dividend or distributions that we can pay, restrict the ability of institutions to guarantee our debt and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital than accounting principles generally accepted in the United States. Compliance with laws and regulations can be difficult and costly and changes to laws and regulations often impose additional compliance costs. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years in response to the financial crisis, as well as other factors such as technological and market changes. Such regulation and supervision may increase our costs and limit our ability to pursue business opportunities. Further, our failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines and other penalties, any of which could adversely affect our results of operations, capital base and the price of our securities. Further, any new laws, rules and regulations could make compliance more difficult or expensive or otherwise adversely affect our business and financial condition. Bank regulations regarding capital and liquidity, including the annual CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities. The Federal Reserve administers CCAR, an annual forward-looking quantitative assessment of Huntington’s capital adequacy and planned capital distributions and a review of the strength of Huntington’s practices to assess capital needs. We generally may pay dividends and repurchase stock only in accordance with a capital plan that has been reviewed by the Federal Reserve and as to which the Federal Reserve has not objected. The Federal Reserve also makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio after making all capital actions included in Huntington’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. The Bank also must submit a capital plan to the OCC. There can be no assurance that the Federal Reserve or OCC will respond favorably to our capital plans, planned capital actions or stress test results, and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases. We are also required to maintain minimum capital ratios and the Federal Reserve and OCC may determine that Huntington and/or the Bank, based on size, complexity or risk profile, must maintain capital ratios above these minimums in order to operate in a safe and sound manner. In the event we are required to raise capital to maintain required minimum capital and leverage ratios or ratios above the required applicable minimums, we may be forced to do so in when market conditions are undesirable or on terms that are less favorable to us than we would otherwise require. Furthermore, in order to prevent becoming subject to restrictions on our ability to distribute capital or make certain discretionary bonus payments to management, we must maintain a Capital Conservation Buffer (of 1.875% in 2018), which is in addition to our required minimum capital ratios. We are also subject to a modified LCR requirement that requires Huntington to maintain an adequate amount of unencumbered high-quality liquid assets, such as Treasury securities and other sovereign debt, to cover projected net cash outflows over a 30 calendar-day stress scenario window. Because the LCR assigns less severe outflow assumptions to certain types of customer deposits, banks’ demand for and the cost of these deposits may increase. Additionally, the LCR has increased the demand for direct U.S. government and U.S. government-guaranteed debt that, while high quality, generally carry lower yields than other securities BHCs hold in their investment portfolios. For more information regarding CCAR, stress testing and capital and liquidity requirements, refer to Item 1. Regulatory Matters. If our regulators deem it appropriate, they can take regulatory actions that could result in a material adverse impact on our financial results, ability to compete for new business, or preclude mergers or acquisitions. In addition, regulatory actions could constrain our ability to fund our liquidity needs or pay dividends. Any of these actions could increase the cost of our services. We are subject to the supervision and regulation of various state and federal regulators, including the OCC, Federal Reserve, FDIC, SEC, CFPB, FINRA, and various state regulatory agencies. As such, we are subject to a wide variety of laws and regulations, many of which are discussed in Item 1. Regulatory Matters. As part of their supervisory process, which includes periodic examinations and continuous monitoring, the regulators have the authority to impose restrictions or conditions on our activities and the manner in which we manage the organization. Such actions could negatively impact us in a variety of ways, including charging monetary fines, impacting our ability to pay dividends, precluding mergers or acquisitions, limiting our ability to offer certain products or services, or imposing additional capital requirements. Under the supervision of the CFPB, our Consumer and Business Banking products and services are subject to heightened regulatory oversight and scrutiny with respect to compliance under consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. Also, federal and state regulators have been increasingly focused on sales practices of branch personnel, including taking regulatory action against other financial institutions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, increase the cost of collection, cause harm to our reputation, or otherwise adversely affect our consumer businesses. In addition, we are allowed to conduct certain activities that are financial in nature by virtue of Huntington’s status as an FHC, as discussed in more detail in Item 1. Regulatory Matters. If Huntington or the Bank cease to meet the requirements necessary for Huntington to continue to qualify as an FHC, the Federal Reserve may impose upon us corrective capital and managerial requirements, and may place limitations on our ability to conduct all of the business activities that we conduct as a FHC. If the failure to meet these standards persists, we could be required to divest our Bank, or cease all activities other than those activities that may be conducted by a BHC but not an FHC. Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years, in response to the financial crisis as well as other factors such as technological and market changes. Regulatory enforcement and fines have also increased across the banking and financial services sector. Compliance with these laws and regulations have resulted in and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations, especially those that apply to our consumer operations, which has been an area of heightened focus, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results. We may become subject to more stringent regulatory requirements and activity restrictions if the Federal Reserve and FDIC determine that our resolution plan is not credible. Huntington is required to submit annually to the Federal Reserve and the FDIC a resolution plan for its orderly resolution under the U.S. Bankruptcy Code. If the Federal Reserve and the FDIC jointly determine that our resolution plan is not credible, we could become subjected to more stringent capital, leverage or liquidity requirements or restrictions, or restrictions on our growth, activities or operations. If we were to fail to address deficiencies in our resolution plan when required, we could eventually be required to divest certain assets or operations in ways that could negatively impact its operations and strategy. For more information regarding resolution planning requirements, refer to Item 1: Business - Regulatory Matters. Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss. The Bank Secrecy Act and the Patriot Act contain anti-money laundering and financial transparency provisions intended to detect, and prevent the use of the U.S. financial system for, money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the Patriot Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of clients, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. FinCEN, a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the federal bank regulatory agencies, as well as the United States Department of Justice, Drug Enforcement Administration and IRS. There is also increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures and systems are deemed deficient or the policies, procedures and systems of the financial institutions that we have already acquired or may acquire in the future are deficient, we would be subject to liability, including fines and regulatory actions such as restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain planned business activities, including acquisition plans, which would negatively impact our business, financial condition and results of operations. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. For more information regarding the Bank Secrecy Act, Patriot Act, anti-money laundering requirements and OFAC-administered sanctions, refer to Item 1: Business - Regulatory Matters. Cybersecurity and data privacy are areas of heightened legislative and regulatory focus. As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed enhanced cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us and the Bank, and would focus on cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. We receive, maintain and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure and protection of this information are governed by federal and state law. Both personally identifiable information and personal financial information is increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information that is collected and handled. We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy policies. If cybersecurity, data privacy, data protection, data transfer or data retention laws are implemented, interpreted or applied in a manner inconsistent with our current practices, we may be subject to fines, litigation or regulatory enforcement actions or ordered to change our business practices, policies or systems in a manner that adversely impacts our operating results. Item 1B: