HBAN, §1A diff (2018 → 2019)
Added paragraphs (9018 words)
Item 1A: Risk Factors Huntington has formalized a holistic risk governance framework in alignment with the size, complexity, and profile of the Company. We, like other financial companies, are subject to a number of risks that may adversely affect our financial condition or results of operations, many of which are outside of our direct control. Our framework is approved by the Risk Oversight Committee (ROC) of the Huntington’s Board of Directors (the Board). Key components include establishing our risk appetite, line of defense and risk pillars, governance and committee oversight and limit setting and escalation processes. Huntington classifies/aggregates risk into seven risk pillars. Huntington recognizes that risks can be interrelated or embedded within each other, and therefore managing across risk pillars is a key component of the Framework. The following defines the Company’s risk pillars. • Credit risk, which is the risk of loss due to loan and lease customers or other counterparties not being able to meet their financial obligations under agreed upon terms; • Market risk, which occurs when fluctuations in interest rates impact earnings and capital. Financial impacts are realized through changes in the interest rates of balance sheet assets and liabilities (net interest margin) or directly through valuation changes of capitalized MSR and/or trading assets (noninterest income); • Liquidity risk, which is the risk to current or anticipated earnings or capital arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from the failure to recognize or address changes in market conditions that affect our ability to liquidate assets quickly and with minimal loss in value; • Operational risk, which is the risk of loss arising from inadequate or failed internal processes or systems, including information security breaches or cyberattacks, human errors or misconduct, or adverse external events. Operational losses result from internal fraud, external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet professional obligations involving customers, products, and business practices, damage to physical assets, business disruption and systems failures, and failures in execution, delivery, and process management; • Compliance risk, which exposes us to money penalties, enforcement actions, or other sanctions as a result of non-conformance with laws, rules, and regulations that apply to the financial services industry; • Strategic risk, which is defined as risk to current or anticipated earnings, capital, or enterprise value arising from adverse business decisions, improper implementation of business decisions or lack of responsiveness to industry / market changes; and • Reputation risk, which is the risk that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions. In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially. Credit Risks: Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures which could adversely affect our net income and capital. Our business depends on the creditworthiness of our customers. Our ACL of $887 million at December 31, 2019, represented management’s estimate of probable losses inherent in our loan and lease portfolio (ALLL) as well as our unfunded loan commitments and letters of credit (AULC). We regularly review our ACL for appropriateness. In doing so, we consider economic conditions and trends, collateral values, and credit quality indicators, such as past charge-off experience, levels of past due loans, and NPAs. There is no certainty that our ACL will be appropriate over time to cover losses in the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations. 2019 Form 10-K 23 In addition, regulatory review of risk ratings and loan and lease losses may impact the level of the ACL and could have a material adverse effect on our financial condition and results of operations. Furthermore, in June 2016, the FASB issued a new CECL accounting rule, which requires banks to record, at the time of origination, credit losses expected throughout the life of the asset on loans and held-to-maturity securities, as opposed to the current practice of recording losses when it is probable that a loss event has occurred. We are required to adopt the CECL accounting rule in 2020 and will recognize a one-time cumulative effect adjustment to our ACL and retained earnings as of January 1, 2020. The CECL model could materially affect how we determine our ACL and report our financial condition and results of operations. For further discussion, see Note 2 “Accounting Standards Update” of the Notes to Consolidated Financial Statements. Weakness in economic conditions could adversely affect our business. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following: • A decrease in the demand for loans and other products and services offered by us; • A decrease in customer savings generally and in the demand for savings and investment products offered by us; and • An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us. An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale. The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors. Market Risks: Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital. Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. In addition, decisions by the Federal Reserve to increase or reduce the size of its balance sheet may also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, net interest income could be adversely impacted. Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates along with a flattening yield curve limits our ability to reprice deposits given the current historically low level of interest rates and could result in declining net interest margins if longer duration assets reprice faster than deposits. 24 Huntington Bancshares Incorporated Rising interest rates reduce the value of our fixed-rate securities. Any unrealized loss from these portfolios impacts OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized loss from these portfolios impacts regulatory capital ratios. In a rising interest rate environment, pension and other post-retirement obligations somewhat mitigate negative OCI impacts from securities and financial instruments. For more information, refer to “Market Risk” of the MD&A. Certain investment securities, notably mortgage-backed securities, are sensitive to rising and falling rates. Generally, when rates rise, prepayments of principal and interest will decrease and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities. MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise. In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within the benefit plans and other income from client-based transactions. Industry competition may have an adverse effect on our success. Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Technological advances have made it possible for our non-bank competitors to offer products and services that traditionally were banking products and for financial institutions and other companies to provide electronic and internet-based financial solutions, including mobile payments, online deposit accounts, electronic payment processing, and marketplace lending, without having a physical presence where their customers are located. Legislative or regulatory changes also could lead to increased competition in the financial services sector. For example, the Economic Growth Act and the Tailoring Rules reduce the regulatory burden of certain large BHCs and raise the asset thresholds at which more onerous requirements apply, which could cause certain large BHCs to become more competitive or to more aggressively pursue expansion. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, electronic platforms, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business. Uncertainty about the future of LIBOR may adversely affect our business. LIBOR and certain other interest rate “benchmarks” are the subject of recent national, international, and other regulatory guidance and proposals for reform. These reforms may cause such benchmarks to perform differently than in the past or have other consequences which cannot be predicted. On July 27, 2017, the United Kingdom’s Financial Conduct Authority, which regulates LIBOR, publicly announced that it intends to stop persuading or compelling banks to submit information to the administrator of LIBOR after 2021. The announcement indicates that the continuation of LIBOR on the current basis cannot be guaranteed after 2021. While there is no consensus on what rate or rates may become accepted alternatives to LIBOR, a group of market participants convened by the Federal Reserve, the Alternative Reference Rate Committee (ARRC), has selected SOFR as its recommended alternative to LIBOR. The Federal Reserve Bank of New York started to publish SOFR in April 2018. SOFR is a broad measure of the cost of overnight borrowings collateralized by Treasury securities that was selected by the Alternative Reference Rate Committee due to the depth and robustness of the U.S. Treasury repurchase market. At this time, it 2019 Form 10-K 25 is impossible to predict whether SOFR will become an accepted alternative to LIBOR. In January of 2020, Huntington was added as an ARRC member. The market transition away from LIBOR to an alternative reference rate, such as SOFR, is complex and could have a range of adverse effects on our business, financial condition and results of operations. In particular, any such transition could: • Adversely affect the interest rates paid or received on, the revenue and expenses associated with or the value of Huntington’s LIBOR-based assets and liabilities, which include certain variable rate loans, Huntington’s Series B preferred stock, certain of Huntington’s junior subordinated debentures, certain of the Bank’s senior notes and certain other securities or financial arrangements; • Adversely affect the interest rates paid or received on, the revenue and expenses associated with or the value of other securities or financial arrangements, given LIBOR’s role in determining market interest rates globally; • Prompt inquiries or other actions from regulators in respect of Huntington’s preparation and readiness for the replacement of LIBOR with an alternative reference rate; and • Result in disputes, litigation or other actions with counterparties regarding the interpretation and enforceability of certain fallback language in LIBOR-based contracts and securities. The transition away from LIBOR to an alternative reference rate will require the transition to or development of appropriate systems and analytics to effectively transition Huntington’s risk management and other processes from LIBOR-based products to those based on the applicable alternative reference rate, such as SOFR. Huntington has developed a LIBOR transition team and project plan that outlines timelines and priorities to prepare its processes, systems and people to support this transition. Timelines and priorities include assessing the impact on our customers, as well as assessing system requirements for operational processes. There can be no guarantee that these efforts will successfully mitigate the operational risks associated with the transition away from LIBOR to an alternative reference rate. The manner and impact of the transition from LIBOR to an alternative reference rate, as well as the effect of these developments on our funding costs, loan and investment and trading securities portfolios, asset-liability management, and business, is uncertain. Liquidity Risks: Changes in either Huntington’s financial condition or in the general banking industry could result in a loss of depositor confidence. Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers. Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general and us in particular. The availability of deposits can also be impacted by regulatory changes (e.g., changes in FDIC insurance, the LCR, etc.), changes in the financial condition of Huntington, other banks, or the banking industry in general, changes in the interest rates our competitors pay on their deposits, and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market related, geopolitical, or other events could impact the liquidity derived from deposits. We are a holding company and depend on dividends by our subsidiaries for most of our funds. Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations, and Huntington depends upon dividends from the Bank to service Huntington’s debt and to pay dividends to Huntington’s shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition including liquidity and capital adequacy of the Bank and other factors, that the OCC could limit the payment of dividends or other payments to Huntington by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the 26 Huntington Bancshares Incorporated Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Preferred and Common Stock. Additional information regarding dividend restrictions is provided in Item 1: Business - Regulatory Matters. If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities. Wholesale funding sources include securitization, federal funds purchased, securities sold under repurchase agreements, non-core deposits, and long-term debt. The Bank is also a member of the FHLB, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly-rated, marketable securities that is available as a source of liquidity. Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. The inability to access capital markets funding sources as needed could adversely impact our financial condition, results of operations, cash flows, and level of regulatory-qualifying capital. We may, from time-to-time, consider using our existing liquidity position to opportunistically retire outstanding securities in privately negotiated or open market transactions. A reduction in our credit rating could adversely affect our access to capital and could increase our cost of funds. The credit rating agencies regularly evaluate Huntington and the Bank, and credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability, and financial condition, including liquidity. Operational Risks: Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our results of operations, liquidity, and financial condition, as well as cause legal or reputational harm. The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. Our operational and security systems and infrastructure, including our computer systems, data management, and internal processes, as well as those of third parties, are integral to our performance. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance, failure, or breach of our or of third-party systems or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. Our financial, accounting, data processing, backup, or other operating or security systems and infrastructure may fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions or provide services. Such events may include: sudden increases in customer transaction volume; electrical, telecommunications, or other major physical infrastructure outages; disease pandemics; cyber-attacks; and events arising from local or larger scale political or social matters, including wars and terrorist attacks. Additional events beyond our control that could impact our business directly or indirectly include natural disasters such as earthquakes and weather events, including tornadoes, hurricanes and floods. Neither the occurrence nor the potential impact of these events can be predicted, and the frequency and severity of weather events may be impacted by climate changes. In addition, we may need to take our systems off-line if they become infected with malware or a computer virus or as a result of another form of cyber-attack. In the event that backup systems are utilized, they may not process data as quickly as our primary systems and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. In addition, our ability to implement backup 2019 Form 10-K 27 systems and other safeguards with respect to third-party systems is more limited than with respect to our own systems. We frequently update our systems to support our operations and growth and to remain compliant with applicable laws, rules, and regulations. This updating entails significant costs and creates risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems, security monitoring, and retaining and training personnel required to operate our systems also entail significant costs. Operational risk exposures could adversely impact our operations, liquidity, and financial condition, as well as cause reputational harm. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. We face security risks, including denial of service attacks, hacking, social engineering attacks targeting our colleagues and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure. Our computer systems and network infrastructure and those of third parties, on which we are highly dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, terrorist activities, or identity theft. Our business relies on the secure processing, transmission, storage, and retrieval of confidential, proprietary, and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products, and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks. We, our customers, regulators, and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks. These cyber-attacks include computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, improper access by employees or vendors, attacks on personal email of employees, ransom demands to not expose security vulnerabilities in our systems or the systems of third parties or other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss, or destruction of confidential, proprietary, and other information of ours, our employees, our customers, or of third parties, damage our systems or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies, and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement sufficient preventive measures against such security breaches, which may result in material losses or consequences for us. Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. In addition, cybersecurity risks have significantly increased in recent years in part due to the increased sophistication and activities of organized crime affiliates, terrorist organizations, hostile foreign governments, disgruntled employees or vendors, activists, and other external parties, including those involved in corporate espionage. Even the most advanced internal control environment may be vulnerable to compromise. Due to increasing geopolitical tensions, nation state cyber attacks and ransomware are both increasing in sophistication and prevalence. Targeted social engineering and email attacks (i.e. “spear phishing” attacks) are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce colleagues, customers, or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched, and may not be recognized until well after a breach has occurred. The speed at which new vulnerabilities are discovered and exploited often before security patches are published continues to rise. The risk of a security breach caused by a cyber-attack at a vendor or by unauthorized vendor access has also increased in recent years. Additionally, the existence of cyber-attacks or security breaches at third-party vendors with access to our data may 28 Huntington Bancshares Incorporated not be disclosed to us in a timely manner. We also face indirect technology, cybersecurity, and operational risks relating to the customers, clients, and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators, and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence, and complexity of financial entities and technology systems, a technology failure, cyber-attack, or other information or security breach that significantly degrades, deletes, or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity, and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack, or other information or security breach, termination, or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk, or expand our business. Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, costs associated with maintaining business relationships after an attack or breach; significant business disruption to our operations and business, misappropriation, exposure, or destruction of our confidential information, intellectual property, funds, and/or those of our customers; or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable privacy laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition. In addition, we may not have adequate insurance coverage to compensate for losses from a cybersecurity event. Cybersecurity and data privacy are areas of heightened legislative and regulatory focus. As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed regulations that would enhance cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us and the Bank, and would focus on cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience, and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. For more information regarding cybersecurity and data privacy, refer to Item 1: Business - “Regulatory Matters”. We receive, maintain, and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure, and protection of these types of information are governed by federal and state law. Both personally identifiable information and personal financial information are increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information and personal financial information that is collected and handled. For example, in June of 2018, the Governor of California signed into law the CCPA. The CCPA, which became effective on January 1, 2020, applies to for-profit businesses that conduct business in California and meet certain revenue or data collection thresholds. For more information regarding data privacy laws and regulations, refer to Item 1: Business - “Regulatory Matters”. We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy 2019 Form 10-K 29 policies. If cybersecurity, data privacy, data protection, data transfer, or data retention laws are implemented, interpreted, or applied in a manner inconsistent with our current practices, we may be subject to fines, litigation, or regulatory enforcement actions or ordered to change our business practices, policies, or systems in a manner that adversely impacts our operating results. We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets. We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets. Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including clients, products, and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action. Relative to acquisitions, we incur risks and challenges associated with the integration of employees, accounting systems, and technology platforms from acquired businesses and institutions in a timely and efficient manner, and we cannot guarantee that we will be successful in retaining existing customer relationships or achieving anticipated operating efficiencies expected from such acquisitions. Acquisitions may be subject to the receipt of approvals from certain governmental authorities, including the Federal Reserve, the OCC, and the United States Department of Justice, as well as the approval of our shareholders and the shareholders of companies that we seek to acquire. These approvals for acquisitions may not be received, may take longer than expected, or may impose conditions that are not presently anticipated or that could have an adverse effect on the combined company following the acquisitions. Subject to requisite regulatory approvals, future business acquisitions may result in the issuance and payment of additional shares of stock, which would dilute current shareholders’ ownership interests. Additionally, acquisitions may involve the payment of a premium over book and market values. Therefore, dilution of our tangible book value and net income per common share could occur in connection with any future transaction. Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price. Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price. We rely on quantitative models to measure risks and to estimate certain financial values. Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are 30 Huntington Bancshares Incorporated adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information are insufficient. We rely on third parties to provide key components of our business infrastructure. We rely on third-party service providers to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third-party but remain our responsibility. The Technology Committee of the board of directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships. Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third-party, and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses. Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations. The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. For further discussion, see Note 2 - “Accounting Standards Update” to the Consolidated Financial Statements. Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations. Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington, adversely impacting Huntington liquidity and ability to pay dividends or repay debt. The most significant assumptions affecting our goodwill impairment evaluation are variables including the market price of our Common Stock, projections of earnings, the discount rates used in the income approach to fair value, and the control premium above our current stock price that an acquirer would pay to obtain control of us. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our Common Stock, or our regulatory capital levels, but such an 2019 Form 10-K 31 impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank’s ability to make dividend payments to us without prior regulatory approval, because Federal Reserve policy states the bank holding company dividends should be paid from current earnings. At December 31, 2019, the book value of our goodwill was $2.0 billion, substantially all of which was recorded at the Bank. Any such write down of goodwill or other acquisition related intangibles will reduce Huntington’s earnings, as well. Compliance Risks: We operate in a highly regulated industry, and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us. The banking industry is highly regulated. We are subject to supervision, regulation, and examination by various federal and state regulators, including the Federal Reserve, OCC, SEC, CFPB, FDIC, FINRA, and various state regulatory agencies. The statutory and regulatory framework that governs us is generally intended to protect depositors and customers, the DIF, the U.S. banking and financial system, and financial markets as a whole - not to protect shareholders. These laws and regulations, among other matters, prescribe minimum capital requirements, impose limitations on our business activities (including foreclosure and collection practices), limit the dividend or distributions that we can pay, restrict the ability of institutions to guarantee our debt, and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital than accounting principles generally accepted in the United States. Compliance with laws and regulations can be difficult and costly, and changes to laws and regulations often impose additional compliance costs. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years in response to the financial crisis, as well as other factors such as technological and market changes. Such regulation and supervision may increase our costs and limit our ability to pursue business opportunities. Further, our failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines, and other penalties, any of which could adversely affect our results of operations, capital base, and the price of our securities. Further, any new laws, rules, and regulations could make compliance more difficult or expensive or otherwise adversely affect our business and financial condition. Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject increased in response to the financial crisis as well as other factors such as technological and market changes. Regulatory enforcement and fines have also increased across the banking and financial services sector. Compliance with these laws and regulations have resulted in and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations, especially those that apply to our consumer operations, which has been an area of heightened focus, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results. 32 Huntington Bancshares Incorporated The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period. For more information on litigation risks, see Note 21 - “Commitments and Contingent Liabilities” to the Consolidated Financial Statements. Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss. The Bank Secrecy Act and the Patriot Act contain anti-money laundering and financial transparency provisions intended to detect and prevent the use of the U.S. financial system for money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the Patriot Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of clients, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. FinCEN, a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the federal bank regulatory agencies, as well as the United States Department of Justice, Drug Enforcement Administration, and IRS. There is also increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures, and systems are deemed deficient or the policies, procedures, and systems of the financial institutions that we have already acquired or may acquire in the future are deficient, we would be subject to liability, including fines and regulatory actions such as restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain planned business activities, including acquisition plans, which would negatively impact our business, financial condition, and results of operations. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. For more information regarding the Bank Secrecy Act, Patriot Act, anti-money laundering requirements and OFAC-administered sanctions, refer to Item 1: Business - “Regulatory Matters”. Strategic Risk: We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services. We believe that our continued growth and future success will depend in large part on the skills of our management team and our ability to motivate and retain these individuals and other key personnel. The loss of service of one or more of our executive officers or key personnel could reduce our ability to successfully implement our long-term business strategy, our business could suffer, and the value of our stock could be materially adversely affected. Leadership changes will occur from time to time, and we cannot predict whether significant resignations will occur or whether we will be able to recruit additional qualified personnel. We believe our management team possesses valuable knowledge about the banking industry and that their knowledge and relationships would be very difficult to replicate. Our success also depends on the experience of our branch managers and lending officers and on their relationships with the customers and communities they serve. The loss of these key personnel could negatively impact our banking operations. The loss of key personnel, or the inability to recruit and retain qualified personnel in the future, could have an adverse effect on our business, financial condition, or operating results. 2019 Form 10-K 33 Bank regulations regarding capital and liquidity, including the annual CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities. The Federal Reserve administers CCAR, an annual forward-looking quantitative assessment of Huntington’s capital adequacy and planned capital distributions and a review of the strength of Huntington’s practices to assess capital needs. We generally may pay dividends and repurchase stock only in accordance with a capital plan that has been reviewed by the Federal Reserve and as to which the Federal Reserve has not objected. The Federal Reserve also makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio after making all capital actions included in Huntington’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. There can be no assurance that the Federal Reserve or OCC will respond favorably to our capital plans, planned capital actions or stress test results, and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases. We are also required to maintain minimum capital ratios and the Federal Reserve and OCC may determine that Huntington and/or the Bank, based on size, complexity, or risk profile, must maintain capital ratios above these minimums in order to operate in a safe and sound manner. In the event we are required to raise capital to maintain required minimum capital and leverage ratios or ratios above the required applicable minimums, we may be forced to do so when market conditions are undesirable or on terms that are less favorable to us than we would otherwise require. Furthermore, in order to prevent becoming subject to restrictions on our ability to distribute capital or make certain discretionary bonus payments to management, we must maintain a Capital Conservation Buffer (of 2.5% as of January 1, 2019), which is in addition to our required minimum capital ratios. For more information regarding CCAR, stress testing, and capital and liquidity requirements, including several proposed rules that would alter, reduce, or eliminate certain of these requirements as they apply to Huntington, refer to Item 1: Business - “Regulatory Matters”. If our regulators deem it appropriate, they can take regulatory actions that could result in a material adverse impact on our financial results, ability to compete for new business, or preclude mergers or acquisitions. In addition, regulatory actions could constrain our ability to fund our liquidity needs or pay dividends. Any of these actions could increase the cost of our services. We are subject to the supervision and regulation of various state and federal regulators, including the OCC, Federal Reserve, FDIC, SEC, CFPB, FINRA, and various state regulatory agencies. As such, we are subject to a wide variety of laws and regulations, many of which are discussed in Item 1: Business - “Regulatory Matters”. As part of their supervisory process, which includes periodic examinations and continuous monitoring, the regulators have the authority to impose restrictions or conditions on our activities and the manner in which we manage the organization. Such actions could negatively impact us in a variety of ways, including charging monetary fines, impacting our ability to pay dividends, precluding mergers or acquisitions, limiting our ability to offer certain products or services, or imposing additional capital requirements. Under the supervision of the CFPB, our Consumer and Business Banking products and services are subject to heightened regulatory oversight and scrutiny with respect to compliance under consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. Also, federal and state regulators have been increasingly focused on sales practices of branch personnel, including taking regulatory action against other financial institutions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, increase the cost of collection, cause harm to our reputation, or otherwise adversely affect our consumer businesses. In addition, we are allowed to conduct certain activities that are financial in nature by virtue of Huntington’s status as an FHC, as discussed in more detail in Item 1. Regulatory Matters. If Huntington or the Bank cease to meet 34 Huntington Bancshares Incorporated the requirements necessary for Huntington to continue to qualify as an FHC, the Federal Reserve may impose upon us corrective capital and managerial requirements, and may place limitations on our ability to conduct all of the business activities that we conduct as a FHC. If the failure to meet these standards persists, we could be required to divest our Bank, or cease all activities other than those activities that may be conducted by a BHC but not an FHC. Reputation Risk: Damage to our reputation could significantly harm our business, including our competitive position and business prospects. Our ability to attract and retain customers, clients, investors, and employees is affected by our reputation. Significant harm to our reputation can arise from various sources, including officer, director or employee misconduct, actual or perceived unethical behavior, conflicts of interest, security breaches, litigation or regulatory outcomes, compensation practices, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release of personal, proprietary or confidential information due to cyber-attacks or otherwise, perception of our environmental, social and governance practices and disclosures, and the activities of our clients, customers, and counterparties, including vendors. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation indirectly by association. In addition, adverse publicity or negative information posted on social media, whether or not factually correct, may affect our business prospects. All of these could adversely affect our growth, results of operation, and financial condition. Item 1B:
Removed paragraphs (8675 words)
Item 1A: Risk Factors We, like other financial companies, are subject to a number of risks that may adversely affect our financial condition or results of operations, many of which are outside of our direct control. Among these risks are: • Credit risk, which is the risk of loss due to loan and lease customers or other counterparties not being able to meet their financial obligations under agreed upon terms; • Market risk, which occurs when fluctuations in interest rates impact earnings and capital. Financial impacts are realized through changes in the interest rates of balance sheet assets and liabilities (net interest margin) or directly through valuation changes of capitalized MSR and/or trading assets (noninterest income); • Liquidity risk, which is the risk to current or anticipated earnings or capital arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from the failure to recognize or address changes in market conditions that affect our ability to liquidate assets quickly and with minimal loss in value; • Operational and Legal risk, which is the risk of loss arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. Operational losses result from internal fraud; external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet professional obligations involving customers, products, and business practices, damage to physical assets, business disruption and systems failures, and failures in execution, delivery, and process management. Legal risk includes, but is not limited to, exposure to orders, fines, penalties, or punitive damages resulting from litigation, as well as regulatory actions; • Compliance risk, which exposes us to money penalties, enforcement actions or other sanctions as a result of non-conformance with laws, rules, and regulations that apply to the financial services industry; • Strategic risk, which is defined as risk to current or anticipated earnings, capital, or enterprise value arising from adverse business decisions, improper implementation of business decisions or lack of responsiveness to industry / market changes; and • Reputation risk, which is the risk that negative publicity regarding an institution's business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions. In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially. Credit Risks: Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures which could adversely affect our net income and capital. Our business depends on the creditworthiness of our customers. Our ACL of $778 million at December 31, 2017, represented Management’s estimate of probable losses inherent in our loan and lease portfolio (ALLL) as well as our unfunded loan commitments and letters of credit (AULC). We regularly review our ACL for appropriateness. In doing so, we consider economic conditions and trends, collateral values, and credit quality indicators, such as past charge-off experience, levels of past due loans, and NPAs. There is no certainty that our ACL will be appropriate over time to cover losses in the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations. In addition, regulatory review of risk ratings and loan and lease losses may impact the level of the ACL and could have a material adverse effect on our financial condition and results of operations. Weakness in economic conditions could adversely affect our business. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following: • A decrease in the demand for loans and other products and services offered by us; • A decrease in customer savings generally and in the demand for savings and investment products offered by us; and • An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us. An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale. The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors. Market Risks: Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital. Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. In addition, the Federal Reserve has stated its intention to end its quantitative easing program and has begun to reduce the size of its balance sheet by selling securities, which might also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, net interest income could be adversely impacted. Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage and nonmortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates along with a flattening yield curve limits our ability to reprice deposits given the current historically low level of interest rates and could result in declining net interest margins if longer duration assets reprice faster than deposits. Rising interest rates reduce the value of our fixed-rate securities. Any unrealized loss from these portfolios impacts OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized loss from these portfolios impacts regulatory capital ratios. In a rising interest rate environment, pension and other post-retirement obligations somewhat mitigate negative OCI impacts from securities and financial instruments. For more information, refer to “Market Risk” of the MD&A. Certain investment securities, notably mortgage-backed securities, are very sensitive to rising and falling rates. Generally, when rates rise, prepayments of principal and interest will decrease and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities. MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise. In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within the benefit plans and other income from client based transactions. Industry competition may have an adverse effect on our success. Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Technological advances have made it possible for our non-bank competitors to offer products and services that traditionally were banking products and for financial institutions and other companies to provide electronic and internet-based financial solutions, including online deposit accounts, electronic payment processing and marketplace lending, without having a physical presence where their customers are located. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, electronic platforms, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business. Uncertainty about the future of LIBOR may adversely affect our business. On July 27, 2017, the Chief Executive of the United Kingdom Financial Conduct Authority, which regulates LIBOR, announced that it intends to stop persuading or compelling banks to submit rates for the calculation of LIBOR to the administrator of LIBOR after 2021. The announcement indicates that the continuation of LIBOR on the current basis cannot and will not be guaranteed after 2021. It is impossible to predict whether and to what extent banks will continue to provide LIBOR submissions to the administrator of LIBOR or whether any additional reforms to LIBOR may be enacted in the United Kingdom or elsewhere. At this time, no consensus exists as to what rate or rates may become accepted alternatives to LIBOR and it is impossible to predict the effect of any such alternatives on the value of LIBOR-based securities and variable rate loans, including Huntington’s Series B preferred stock, certain of Huntington’s junior subordinated debentures, certain of the Bank’s senior notes, or other securities or financial arrangements, given LIBOR’s role in determining market interest rates globally. Uncertainty as to the nature of alternative reference rates and as to potential changes or other reforms to LIBOR may adversely affect LIBOR rates and other interest rates. In the event that a published LIBOR rate is unavailable after 2021, the dividend rate on Huntington’s Series B preferred stock and the interest rate on Huntington’s and the Bank’s debentures and notes, which are currently based on the LIBOR rate, will be determined as set forth in the offering documents, and the value of such securities may be adversely affected. Currently, the manner and impact of this transition and related developments, as well as the effect of these developments on our funding costs, investment and trading securities portfolios and business, is uncertain. Liquidity Risks: Changes in either Huntington’s financial condition or in the general banking industry could result in a loss of depositor confidence. Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers. The board of directors establishes liquidity policies, including contingency funding plans, and limits and management establishes operating guidelines for liquidity. Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general and us in particular. The availability of deposits can also be impacted by regulatory changes (e.g. changes in FDIC insurance, the LCR, etc.), changes in the financial condition of Huntington, other banks or the banking industry in general, and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market related, geopolitical, or other events could impact the liquidity derived from deposits. We are a holding company and depend on dividends by our subsidiaries for most of our funds. Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations and Huntington depends upon dividends from the Bank to service Huntington's debt and to pay dividends to Huntington's shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition including liquidity and capital adequacy of the Bank and other factors, that the OCC could limit the payment of dividends or other payments to Huntington by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Common Stock. Additional information regarding dividend restrictions is provided in Item 1. Regulatory Matters. If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities. Wholesale funding sources include securitization, federal funds purchased, securities sold under repurchase agreements, non-core deposits, and long-term debt. The Bank is also a member of the Federal Home Loan Bank of Cincinnati, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly-rated, marketable securities that is available as a source of liquidity. Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. The inability to access capital markets funding sources as needed could adversely impact our financial condition, results of operations, cash flows, and level of regulatory-qualifying capital. We may, from time-to-time, consider using our existing liquidity position to opportunistically retire outstanding securities in privately negotiated or open market transactions. A reduction in our credit rating could adversely affect our ability to raise funds including capital, and/or the holders of our securities. The credit rating agencies regularly evaluate Huntington and the Bank, and credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability and financial condition, including liquidity. Operational and Legal Risks: Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our results of operations, liquidity and financial condition, as well as cause legal or reputational harm. The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. Our operational and security systems and infrastructure, including our computer systems, data management, and internal processes, as well as those of third parties, are integral to our performance. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance or failure, or breach of our or of third-party systems or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. In addition, our ability to implement backup systems and other safeguards with respect to third-party systems is more limited than with respect to our own systems. Our financial, accounting, data processing, backup or other operating or security systems and infrastructure may fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions or provide services. Such events may include sudden increases in customer transaction volume; electrical, telecommunications or other major physical infrastructure outages; natural disasters such as earthquakes, tornadoes, hurricanes and floods; disease pandemics; cyber-attacks; and events arising from local or larger scale political or social matters, including wars and terrorist acts. In addition, we may need to take our systems offline if they become infected with malware or a computer virus or as a result of another form of cyber-attack. In the event that backup systems are utilized, they may not process data as quickly as our primary systems and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. We frequently update our systems to support our operations and growth and to remain compliant with all applicable laws, rules and regulations. This updating entails significant costs and creates risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems, security monitoring and retaining and training personnel required to operate our systems also entail significant costs. Operational risk exposures could adversely impact our operations, liquidity and financial condition, as well as cause reputational harm. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. We face security risks, including denial of service attacks, hacking, social engineering attacks targeting our colleagues and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure. Our computer systems and network infrastructure and those of third parties, on which we are highly dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, terrorist activities or identity theft. Our business relies on the secure processing, transmission, storage and retrieval of confidential, proprietary and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks. We, our customers, regulators and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks. These cyber-attacks include computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, improper access by employees or vendors, attacks on personal email of employees, ransom demands to not expose security vulnerabilities in our systems or the systems of third parties or other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss or destruction of confidential, proprietary and other information of ours, our employees, our customers or of third parties, damage our systems or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement guaranteed preventive measures against such security breaches. Cyber threats are rapidly evolving and we may not be able to anticipate or prevent all such attacks and could be held liable for any security breach or loss. Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. In addition, cybersecurity risks have significantly increased in recent years in part due to the increased sophistication and activities of organized crime affiliates, terrorist organizations, hostile foreign governments, disgruntled employees or vendors, activists and other external parties, including those involved in corporate espionage. Even the most advanced internal control environment may be vulnerable to compromise. Targeted social engineering attacks and "spear phishing" attacks are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce colleagues, customers or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched and may not be recognized until well after a breach has occurred. The risk of a security breach caused by a cyber-attack at a vendor or by unauthorized vendor access has also increased in recent years. Additionally, the existence of cyber-attacks or security breaches at third-party vendors with access to our data may not be disclosed to us in a timely manner. We also face indirect technology, cybersecurity and operational risks relating to the customers, clients and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence and complexity of financial entities and technology systems, a technology failure, cyber-attack or other information or security breach that significantly degrades, deletes or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack or other information or security breach, termination or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk or expand our business. Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, costs associated with maintaining business relationships after an attack or breach; significant business disruption to our operations and business, misappropriation, exposure, or destruction of our confidential information, intellectual property, funds, and/or those of our customers; or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable privacy laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition. In addition, we may not have adequate insurance coverage to compensate for losses from a cybersecurity event. The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period. Note 21 of the Notes to Consolidated Financial Statements updates the status of certain litigation. We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets. We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets. Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including clients, products and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action. Relative to acquisitions, we incur risks and challenges associated with the integration of employees, accounting systems, and technology platforms from acquired businesses and institutions in a timely and efficient manner, and we cannot guarantee that we will be successful in retaining existing customer relationships or achieving anticipated operating efficiencies expected from such acquisitions. Acquisitions may be subject to the receipt of approvals from certain governmental authorities, including the Federal Reserve, the OCC, and the United States Department of Justice, as well as the approval of our shareholders and the shareholders of companies that we seek to acquire. These approvals for acquisitions may not be received, may take longer than expected, or may impose conditions that are not presently anticipated or that could have an adverse effect on the combined company following the acquisitions. Subject to requisite regulatory approvals, future business acquisitions may result in the issuance and payment of additional shares of stock, which would dilute current shareholders’ ownership interests. Additionally, acquisitions may involve the payment of a premium over book and market values. Therefore, dilution of our tangible book value and net income per common share could occur in connection with any future transaction. Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price. Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price. We rely on quantitative models to measure risks and to estimate certain financial values. Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information is insufficient. We rely on third parties to provide key components of our business infrastructure. We rely on third-party service providers to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third-party but remain our responsibility. The Technology Committee of the board of directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships. Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third-party, and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses. Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations. The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. In June 2016, the FASB issued a new current expected credit loss rule, which will require banks to record, at the time of origination, credit losses expected throughout the life of the asset portfolio on loans and held-to-maturity securities, as opposed to the current practice of recording losses when it is probable that a loss event has occurred. Changes in accounting policies, standards and interpretations can be difficult to predict and can materially affect how we record and report our financial condition and results of operations. For further discussion, see Note 2 of the Notes to Consolidated Financial Statements. Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations. Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington, adversely impacting Huntington liquidity and ability to pay dividends or repay debt. The most significant assumptions affecting our goodwill impairment evaluation are variables including the market price of our Common Stock, projections of earnings, the discount rates used in the income approach to fair value, and the control premium above our current stock price that an acquirer would pay to obtain control of us. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our Common Stock, or our regulatory capital levels, but such an impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank's ability to make dividend payments to us without prior regulatory approval, because Federal Reserve policy states the bank holding company dividends should be paid from current earnings. At December 31, 2017, the book value of our goodwill was $2.0 billion, substantially all of which was recorded at the Bank. Any such write down of goodwill or other acquisition related intangibles will reduce Huntington’s earnings, as well. Negative publicity could damage our reputation and could significantly harm our business. Our ability to attract and retain customers, clients, investors, and highly-skilled management and employees is affected by our reputation. Public perception of the financial services industry in general was damaged as a result of the credit crisis that started in 2008. We face increased public and regulatory scrutiny resulting from the credit crisis and economic downturn. Significant harm to our reputation can also arise from other sources, including employee misconduct, actual or perceived unethical behavior, conflicts of interest, litigation, GSE or regulatory actions, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release of confidential information due to cyber-attacks or otherwise, and the activities of our clients, customers and counterparties, including vendors. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation, indirectly by association. All of these could adversely affect our growth, results of operation and financial condition. We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services. We believe that our continued growth and future success will depend in large part on the skills of our management team and our ability to motivate and retain these individuals and other key personnel. The loss of service of one or more of our executive officers or key personnel could reduce our ability to successfully implement our long-term business strategy, our business could suffer and the value of our stock could be materially adversely affected. Leadership changes will occur from time to time and we cannot predict whether significant resignations will occur or whether we will be able to recruit additional qualified personnel. We believe our management team possesses valuable knowledge about the banking industry and that their knowledge and relationships would be very difficult to replicate. Our success also depends on the experience of our branch managers and lending officers and on their relationships with the customers and communities they serve. The loss of these key personnel could negatively impact our banking operations. The loss of key personnel, or the inability to recruit and retain qualified personnel in the future, could have an adverse effect on our business, financial condition or operating results. Compliance Risks: We operate in a highly regulated industry and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us. The banking industry is highly regulated. We are subject to supervision, regulation and examination by various federal and state regulators, including the Federal Reserve, OCC, SEC, CFPB, FDIC, FINRA, and various state regulatory agencies. The statutory and regulatory framework that governs us is generally intended to protect depositors and customers, the DIF, the U.S. banking and financial system, and financial markets as a whole-not to protect shareholders. These laws and regulations, among other matters, prescribe minimum capital requirements, impose limitations on our business activities (including foreclosure and collection practices), limit the dividend or distributions that we can pay, restrict the ability of institutions to guarantee our debt and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital than accounting principles generally accepted in the United States. Compliance with laws and regulations can be difficult and costly and changes to laws and regulations often impose additional compliance costs. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years in response to the financial crisis, as well as other factors such as technological and market changes. Such regulation and supervision may increase our costs and limit our ability to pursue business opportunities. Further, our failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines and other penalties, any of which could adversely affect our results of operations, capital base and the price of our securities. Further, any new laws, rules and regulations could make compliance more difficult or expensive or otherwise adversely affect our business and financial condition. Bank regulations regarding capital and liquidity, including the annual CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities. The Federal Reserve administers CCAR, an annual forward-looking quantitative assessment of Huntington’s capital adequacy and planned capital distributions and a review of the strength of Huntington’s practices to assess capital needs. We generally may pay dividends and repurchase stock only in accordance with a capital plan that has been reviewed by the Federal Reserve and as to which the Federal Reserve has not objected. The Federal Reserve also makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio after making all capital actions included in Huntington’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. The Bank also must submit a capital plan to the OCC. There can be no assurance that the Federal Reserve or OCC will respond favorably to our capital plans, planned capital actions or stress test results, and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases. We are also required to maintain minimum capital ratios and the Federal Reserve and OCC may determine that Huntington and/or the Bank, based on size, complexity or risk profile, must maintain capital ratios above these minimums in order to operate in a safe and sound manner. In the event we are required to raise capital to maintain required minimum capital and leverage ratios or ratios above the required applicable minimums, we may be forced to do so in when market conditions are undesirable or on terms that are less favorable to us than we would otherwise require. Furthermore, in order to prevent becoming subject to restrictions on our ability to distribute capital or make certain discretionary bonus payments to management, we must maintain a Capital Conservation Buffer (of 1.875% in 2018), which is in addition to our required minimum capital ratios. We are also subject to a modified LCR requirement that requires Huntington to maintain an adequate amount of unencumbered high-quality liquid assets, such as Treasury securities and other sovereign debt, to cover projected net cash outflows over a 30 calendar-day stress scenario window. Because the LCR assigns less severe outflow assumptions to certain types of customer deposits, banks’ demand for and the cost of these deposits may increase. Additionally, the LCR has increased the demand for direct U.S. government and U.S. government-guaranteed debt that, while high quality, generally carry lower yields than other securities BHCs hold in their investment portfolios. For more information regarding CCAR, stress testing and capital and liquidity requirements, refer to Item 1. Regulatory Matters. If our regulators deem it appropriate, they can take regulatory actions that could result in a material adverse impact on our financial results, ability to compete for new business, or preclude mergers or acquisitions. In addition, regulatory actions could constrain our ability to fund our liquidity needs or pay dividends. Any of these actions could increase the cost of our services. We are subject to the supervision and regulation of various state and federal regulators, including the OCC, Federal Reserve, FDIC, SEC, CFPB, FINRA, and various state regulatory agencies. As such, we are subject to a wide variety of laws and regulations, many of which are discussed in Item 1. Regulatory Matters. As part of their supervisory process, which includes periodic examinations and continuous monitoring, the regulators have the authority to impose restrictions or conditions on our activities and the manner in which we manage the organization. Such actions could negatively impact us in a variety of ways, including charging monetary fines, impacting our ability to pay dividends, precluding mergers or acquisitions, limiting our ability to offer certain products or services, or imposing additional capital requirements. Under the supervision of the CFPB, our Consumer and Business Banking products and services are subject to heightened regulatory oversight and scrutiny with respect to compliance under consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. Also, federal and state regulators have been increasingly focused on sales practices of branch personnel, including taking regulatory action against other financial institutions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, increase the cost of collection, cause harm to our reputation, or otherwise adversely affect our consumer businesses. In addition, we are allowed to conduct certain activities that are financial in nature by virtue of Huntington’s status as an FHC, as discussed in more detail in Item 1. Regulatory Matters. If Huntington or the Bank cease to meet the requirements necessary for Huntington to continue to qualify as an FHC, the Federal Reserve may impose upon us corrective capital and managerial requirements, and may place limitations on our ability to conduct all of the business activities that we conduct as a FHC. If the failure to meet these standards persists, we could be required to divest our Bank, or cease all activities other than those activities that may be conducted by a BHC but not an FHC. Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years, in response to the financial crisis as well as other factors such as technological and market changes. Regulatory enforcement and fines have also increased across the banking and financial services sector. Compliance with these laws and regulations have resulted in and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations, especially those that apply to our consumer operations, which has been an area of heightened focus, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results. We may become subject to more stringent regulatory requirements and activity restrictions if the Federal Reserve and FDIC determine that our resolution plan is not credible. Huntington is required to submit annually to the Federal Reserve and the FDIC a resolution plan for its orderly resolution under the U.S. Bankruptcy Code. If the Federal Reserve and the FDIC jointly determine that our resolution plan is not credible, we could become subjected to more stringent capital, leverage or liquidity requirements or restrictions, or restrictions on our growth, activities or operations. If we were to fail to address deficiencies in our resolution plan when required, we could eventually be required to divest certain assets or operations in ways that could negatively impact its operations and strategy. For more information regarding resolution planning requirements, refer to Item 1: Business - Regulatory Matters. Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss. The Bank Secrecy Act and the Patriot Act contain anti-money laundering and financial transparency provisions intended to detect, and prevent the use of the U.S. financial system for, money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the Patriot Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of clients, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. FinCEN, a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the federal bank regulatory agencies, as well as the United States Department of Justice, Drug Enforcement Administration and IRS. There is also increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures and systems are deemed deficient or the policies, procedures and systems of the financial institutions that we have already acquired or may acquire in the future are deficient, we would be subject to liability, including fines and regulatory actions such as restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain planned business activities, including acquisition plans, which would negatively impact our business, financial condition and results of operations. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. For more information regarding the Bank Secrecy Act, Patriot Act, anti-money laundering requirements and OFAC-administered sanctions, refer to Item 1: Business - Regulatory Matters. Cybersecurity and data privacy are areas of heightened legislative and regulatory focus. As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed enhanced cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us and the Bank, and would focus on cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. We receive, maintain and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure and protection of this information are governed by federal and state law. Both personally identifiable information and personal financial information is increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information that is collected and handled. We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy policies. If cybersecurity, data privacy, data protection, data transfer or data retention laws are implemented, interpreted or applied in a manner inconsistent with our current practices, we may be subject to fines, litigation or regulatory enforcement actions or ordered to change our business practices, policies or systems in a manner that adversely impacts our operating results. Item 1B:
Current §1A text (2019)
Show full section (9057 words)
Item 1A: Risk Factors Huntington has formalized a holistic risk governance framework in alignment with the size, complexity, and profile of the Company. We, like other financial companies, are subject to a number of risks that may adversely affect our financial condition or results of operations, many of which are outside of our direct control. Our framework is approved by the Risk Oversight Committee (ROC) of the Huntington’s Board of Directors (the Board). Key components include establishing our risk appetite, line of defense and risk pillars, governance and committee oversight and limit setting and escalation processes. Huntington classifies/aggregates risk into seven risk pillars. Huntington recognizes that risks can be interrelated or embedded within each other, and therefore managing across risk pillars is a key component of the Framework. The following defines the Company’s risk pillars. • Credit risk, which is the risk of loss due to loan and lease customers or other counterparties not being able to meet their financial obligations under agreed upon terms; • Market risk, which occurs when fluctuations in interest rates impact earnings and capital. Financial impacts are realized through changes in the interest rates of balance sheet assets and liabilities (net interest margin) or directly through valuation changes of capitalized MSR and/or trading assets (noninterest income); • Liquidity risk, which is the risk to current or anticipated earnings or capital arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from the failure to recognize or address changes in market conditions that affect our ability to liquidate assets quickly and with minimal loss in value; • Operational risk, which is the risk of loss arising from inadequate or failed internal processes or systems, including information security breaches or cyberattacks, human errors or misconduct, or adverse external events. Operational losses result from internal fraud, external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet professional obligations involving customers, products, and business practices, damage to physical assets, business disruption and systems failures, and failures in execution, delivery, and process management; • Compliance risk, which exposes us to money penalties, enforcement actions, or other sanctions as a result of non-conformance with laws, rules, and regulations that apply to the financial services industry; • Strategic risk, which is defined as risk to current or anticipated earnings, capital, or enterprise value arising from adverse business decisions, improper implementation of business decisions or lack of responsiveness to industry / market changes; and • Reputation risk, which is the risk that negative publicity regarding an institution’s business practices, whether true or not, will cause a decline in the customer base, costly litigation, or revenue reductions. In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially. Credit Risks: Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures which could adversely affect our net income and capital. Our business depends on the creditworthiness of our customers. Our ACL of $887 million at December 31, 2019, represented management’s estimate of probable losses inherent in our loan and lease portfolio (ALLL) as well as our unfunded loan commitments and letters of credit (AULC). We regularly review our ACL for appropriateness. In doing so, we consider economic conditions and trends, collateral values, and credit quality indicators, such as past charge-off experience, levels of past due loans, and NPAs. There is no certainty that our ACL will be appropriate over time to cover losses in the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations. 2019 Form 10-K 23 In addition, regulatory review of risk ratings and loan and lease losses may impact the level of the ACL and could have a material adverse effect on our financial condition and results of operations. Furthermore, in June 2016, the FASB issued a new CECL accounting rule, which requires banks to record, at the time of origination, credit losses expected throughout the life of the asset on loans and held-to-maturity securities, as opposed to the current practice of recording losses when it is probable that a loss event has occurred. We are required to adopt the CECL accounting rule in 2020 and will recognize a one-time cumulative effect adjustment to our ACL and retained earnings as of January 1, 2020. The CECL model could materially affect how we determine our ACL and report our financial condition and results of operations. For further discussion, see Note 2 “Accounting Standards Update” of the Notes to Consolidated Financial Statements. Weakness in economic conditions could adversely affect our business. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following: • A decrease in the demand for loans and other products and services offered by us; • A decrease in customer savings generally and in the demand for savings and investment products offered by us; and • An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us. An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale. The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors. Market Risks: Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital. Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. In addition, decisions by the Federal Reserve to increase or reduce the size of its balance sheet may also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, net interest income could be adversely impacted. Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates along with a flattening yield curve limits our ability to reprice deposits given the current historically low level of interest rates and could result in declining net interest margins if longer duration assets reprice faster than deposits. 24 Huntington Bancshares Incorporated Rising interest rates reduce the value of our fixed-rate securities. Any unrealized loss from these portfolios impacts OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized loss from these portfolios impacts regulatory capital ratios. In a rising interest rate environment, pension and other post-retirement obligations somewhat mitigate negative OCI impacts from securities and financial instruments. For more information, refer to “Market Risk” of the MD&A. Certain investment securities, notably mortgage-backed securities, are sensitive to rising and falling rates. Generally, when rates rise, prepayments of principal and interest will decrease and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities. MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise. In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within the benefit plans and other income from client-based transactions. Industry competition may have an adverse effect on our success. Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Technological advances have made it possible for our non-bank competitors to offer products and services that traditionally were banking products and for financial institutions and other companies to provide electronic and internet-based financial solutions, including mobile payments, online deposit accounts, electronic payment processing, and marketplace lending, without having a physical presence where their customers are located. Legislative or regulatory changes also could lead to increased competition in the financial services sector. For example, the Economic Growth Act and the Tailoring Rules reduce the regulatory burden of certain large BHCs and raise the asset thresholds at which more onerous requirements apply, which could cause certain large BHCs to become more competitive or to more aggressively pursue expansion. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, electronic platforms, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business. Uncertainty about the future of LIBOR may adversely affect our business. LIBOR and certain other interest rate “benchmarks” are the subject of recent national, international, and other regulatory guidance and proposals for reform. These reforms may cause such benchmarks to perform differently than in the past or have other consequences which cannot be predicted. On July 27, 2017, the United Kingdom’s Financial Conduct Authority, which regulates LIBOR, publicly announced that it intends to stop persuading or compelling banks to submit information to the administrator of LIBOR after 2021. The announcement indicates that the continuation of LIBOR on the current basis cannot be guaranteed after 2021. While there is no consensus on what rate or rates may become accepted alternatives to LIBOR, a group of market participants convened by the Federal Reserve, the Alternative Reference Rate Committee (ARRC), has selected SOFR as its recommended alternative to LIBOR. The Federal Reserve Bank of New York started to publish SOFR in April 2018. SOFR is a broad measure of the cost of overnight borrowings collateralized by Treasury securities that was selected by the Alternative Reference Rate Committee due to the depth and robustness of the U.S. Treasury repurchase market. At this time, it 2019 Form 10-K 25 is impossible to predict whether SOFR will become an accepted alternative to LIBOR. In January of 2020, Huntington was added as an ARRC member. The market transition away from LIBOR to an alternative reference rate, such as SOFR, is complex and could have a range of adverse effects on our business, financial condition and results of operations. In particular, any such transition could: • Adversely affect the interest rates paid or received on, the revenue and expenses associated with or the value of Huntington’s LIBOR-based assets and liabilities, which include certain variable rate loans, Huntington’s Series B preferred stock, certain of Huntington’s junior subordinated debentures, certain of the Bank’s senior notes and certain other securities or financial arrangements; • Adversely affect the interest rates paid or received on, the revenue and expenses associated with or the value of other securities or financial arrangements, given LIBOR’s role in determining market interest rates globally; • Prompt inquiries or other actions from regulators in respect of Huntington’s preparation and readiness for the replacement of LIBOR with an alternative reference rate; and • Result in disputes, litigation or other actions with counterparties regarding the interpretation and enforceability of certain fallback language in LIBOR-based contracts and securities. The transition away from LIBOR to an alternative reference rate will require the transition to or development of appropriate systems and analytics to effectively transition Huntington’s risk management and other processes from LIBOR-based products to those based on the applicable alternative reference rate, such as SOFR. Huntington has developed a LIBOR transition team and project plan that outlines timelines and priorities to prepare its processes, systems and people to support this transition. Timelines and priorities include assessing the impact on our customers, as well as assessing system requirements for operational processes. There can be no guarantee that these efforts will successfully mitigate the operational risks associated with the transition away from LIBOR to an alternative reference rate. The manner and impact of the transition from LIBOR to an alternative reference rate, as well as the effect of these developments on our funding costs, loan and investment and trading securities portfolios, asset-liability management, and business, is uncertain. Liquidity Risks: Changes in either Huntington’s financial condition or in the general banking industry could result in a loss of depositor confidence. Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers. Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general and us in particular. The availability of deposits can also be impacted by regulatory changes (e.g., changes in FDIC insurance, the LCR, etc.), changes in the financial condition of Huntington, other banks, or the banking industry in general, changes in the interest rates our competitors pay on their deposits, and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market related, geopolitical, or other events could impact the liquidity derived from deposits. We are a holding company and depend on dividends by our subsidiaries for most of our funds. Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations, and Huntington depends upon dividends from the Bank to service Huntington’s debt and to pay dividends to Huntington’s shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition including liquidity and capital adequacy of the Bank and other factors, that the OCC could limit the payment of dividends or other payments to Huntington by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the 26 Huntington Bancshares Incorporated Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Preferred and Common Stock. Additional information regarding dividend restrictions is provided in Item 1: Business - Regulatory Matters. If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities. Wholesale funding sources include securitization, federal funds purchased, securities sold under repurchase agreements, non-core deposits, and long-term debt. The Bank is also a member of the FHLB, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly-rated, marketable securities that is available as a source of liquidity. Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. The inability to access capital markets funding sources as needed could adversely impact our financial condition, results of operations, cash flows, and level of regulatory-qualifying capital. We may, from time-to-time, consider using our existing liquidity position to opportunistically retire outstanding securities in privately negotiated or open market transactions. A reduction in our credit rating could adversely affect our access to capital and could increase our cost of funds. The credit rating agencies regularly evaluate Huntington and the Bank, and credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability, and financial condition, including liquidity. Operational Risks: Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our results of operations, liquidity, and financial condition, as well as cause legal or reputational harm. The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. Our operational and security systems and infrastructure, including our computer systems, data management, and internal processes, as well as those of third parties, are integral to our performance. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance, failure, or breach of our or of third-party systems or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant disruptions to us or to third parties with whom we interact or upon whom we rely. Our financial, accounting, data processing, backup, or other operating or security systems and infrastructure may fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions or provide services. Such events may include: sudden increases in customer transaction volume; electrical, telecommunications, or other major physical infrastructure outages; disease pandemics; cyber-attacks; and events arising from local or larger scale political or social matters, including wars and terrorist attacks. Additional events beyond our control that could impact our business directly or indirectly include natural disasters such as earthquakes and weather events, including tornadoes, hurricanes and floods. Neither the occurrence nor the potential impact of these events can be predicted, and the frequency and severity of weather events may be impacted by climate changes. In addition, we may need to take our systems off-line if they become infected with malware or a computer virus or as a result of another form of cyber-attack. In the event that backup systems are utilized, they may not process data as quickly as our primary systems and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. In addition, our ability to implement backup 2019 Form 10-K 27 systems and other safeguards with respect to third-party systems is more limited than with respect to our own systems. We frequently update our systems to support our operations and growth and to remain compliant with applicable laws, rules, and regulations. This updating entails significant costs and creates risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems, security monitoring, and retaining and training personnel required to operate our systems also entail significant costs. Operational risk exposures could adversely impact our operations, liquidity, and financial condition, as well as cause reputational harm. In addition, we may not have adequate insurance coverage to compensate for losses from a major interruption. We face security risks, including denial of service attacks, hacking, social engineering attacks targeting our colleagues and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential information, adversely affect our business or reputation, and create significant legal and financial exposure. Our computer systems and network infrastructure and those of third parties, on which we are highly dependent, are subject to security risks and could be susceptible to cyber-attacks, such as denial of service attacks, hacking, terrorist activities, or identity theft. Our business relies on the secure processing, transmission, storage, and retrieval of confidential, proprietary, and other information in our computer and data management systems and networks, and in the computer and data management systems and networks of third parties. In addition, to access our network, products, and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks. We, our customers, regulators, and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks. These cyber-attacks include computer viruses, malicious or destructive code, phishing attacks, denial of service or information, ransomware, improper access by employees or vendors, attacks on personal email of employees, ransom demands to not expose security vulnerabilities in our systems or the systems of third parties or other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss, or destruction of confidential, proprietary, and other information of ours, our employees, our customers, or of third parties, damage our systems or otherwise materially disrupt our or our customers’ or other third parties’ network access or business operations. As cyber threats continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information security vulnerabilities or incidents. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies, and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement sufficient preventive measures against such security breaches, which may result in material losses or consequences for us. Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. In addition, cybersecurity risks have significantly increased in recent years in part due to the increased sophistication and activities of organized crime affiliates, terrorist organizations, hostile foreign governments, disgruntled employees or vendors, activists, and other external parties, including those involved in corporate espionage. Even the most advanced internal control environment may be vulnerable to compromise. Due to increasing geopolitical tensions, nation state cyber attacks and ransomware are both increasing in sophistication and prevalence. Targeted social engineering and email attacks (i.e. “spear phishing” attacks) are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce colleagues, customers, or other users of our systems to disclose sensitive information in order to gain access to its data or that of its clients. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber criminals change frequently, may not be recognized until launched, and may not be recognized until well after a breach has occurred. The speed at which new vulnerabilities are discovered and exploited often before security patches are published continues to rise. The risk of a security breach caused by a cyber-attack at a vendor or by unauthorized vendor access has also increased in recent years. Additionally, the existence of cyber-attacks or security breaches at third-party vendors with access to our data may 28 Huntington Bancshares Incorporated not be disclosed to us in a timely manner. We also face indirect technology, cybersecurity, and operational risks relating to the customers, clients, and other third parties with whom we do business or upon whom we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators, and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence, and complexity of financial entities and technology systems, a technology failure, cyber-attack, or other information or security breach that significantly degrades, deletes, or compromises the systems or data of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity, and complexity increases the risk of operational failure, on both individual and industry-wide bases, as disparate systems need to be integrated, often on an accelerated basis. Any third-party technology failure, cyber-attack, or other information or security breach, termination, or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk, or expand our business. Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack on our systems has been successful, whether or not this perception is correct, may damage our reputation with customers and third parties with whom we do business. Hacking of personal information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of system security could cause us serious negative consequences, including our loss of customers and business opportunities, costs associated with maintaining business relationships after an attack or breach; significant business disruption to our operations and business, misappropriation, exposure, or destruction of our confidential information, intellectual property, funds, and/or those of our customers; or damage to our or our customers’ and/or third parties’ computers or systems, and could result in a violation of applicable privacy laws and other laws, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our security measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity and financial condition. In addition, we may not have adequate insurance coverage to compensate for losses from a cybersecurity event. Cybersecurity and data privacy are areas of heightened legislative and regulatory focus. As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed regulations that would enhance cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us and the Bank, and would focus on cyber risk governance and management, management of internal and external dependencies, and incident response, cyber resilience, and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. For more information regarding cybersecurity and data privacy, refer to Item 1: Business - “Regulatory Matters”. We receive, maintain, and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure, and protection of these types of information are governed by federal and state law. Both personally identifiable information and personal financial information are increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information and personal financial information that is collected and handled. For example, in June of 2018, the Governor of California signed into law the CCPA. The CCPA, which became effective on January 1, 2020, applies to for-profit businesses that conduct business in California and meet certain revenue or data collection thresholds. For more information regarding data privacy laws and regulations, refer to Item 1: Business - “Regulatory Matters”. We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy 2019 Form 10-K 29 policies. If cybersecurity, data privacy, data protection, data transfer, or data retention laws are implemented, interpreted, or applied in a manner inconsistent with our current practices, we may be subject to fines, litigation, or regulatory enforcement actions or ordered to change our business practices, policies, or systems in a manner that adversely impacts our operating results. We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets. We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets. Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including clients, products, and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action. Relative to acquisitions, we incur risks and challenges associated with the integration of employees, accounting systems, and technology platforms from acquired businesses and institutions in a timely and efficient manner, and we cannot guarantee that we will be successful in retaining existing customer relationships or achieving anticipated operating efficiencies expected from such acquisitions. Acquisitions may be subject to the receipt of approvals from certain governmental authorities, including the Federal Reserve, the OCC, and the United States Department of Justice, as well as the approval of our shareholders and the shareholders of companies that we seek to acquire. These approvals for acquisitions may not be received, may take longer than expected, or may impose conditions that are not presently anticipated or that could have an adverse effect on the combined company following the acquisitions. Subject to requisite regulatory approvals, future business acquisitions may result in the issuance and payment of additional shares of stock, which would dilute current shareholders’ ownership interests. Additionally, acquisitions may involve the payment of a premium over book and market values. Therefore, dilution of our tangible book value and net income per common share could occur in connection with any future transaction. Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price. Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price. We rely on quantitative models to measure risks and to estimate certain financial values. Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating probable loan losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are 30 Huntington Bancshares Incorporated adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design. All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading. Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information are insufficient. We rely on third parties to provide key components of our business infrastructure. We rely on third-party service providers to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third-party but remain our responsibility. The Technology Committee of the board of directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships. Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third-party, and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses. Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations. The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. For further discussion, see Note 2 - “Accounting Standards Update” to the Consolidated Financial Statements. Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations. Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington, adversely impacting Huntington liquidity and ability to pay dividends or repay debt. The most significant assumptions affecting our goodwill impairment evaluation are variables including the market price of our Common Stock, projections of earnings, the discount rates used in the income approach to fair value, and the control premium above our current stock price that an acquirer would pay to obtain control of us. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our Common Stock, or our regulatory capital levels, but such an 2019 Form 10-K 31 impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank’s ability to make dividend payments to us without prior regulatory approval, because Federal Reserve policy states the bank holding company dividends should be paid from current earnings. At December 31, 2019, the book value of our goodwill was $2.0 billion, substantially all of which was recorded at the Bank. Any such write down of goodwill or other acquisition related intangibles will reduce Huntington’s earnings, as well. Compliance Risks: We operate in a highly regulated industry, and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us. The banking industry is highly regulated. We are subject to supervision, regulation, and examination by various federal and state regulators, including the Federal Reserve, OCC, SEC, CFPB, FDIC, FINRA, and various state regulatory agencies. The statutory and regulatory framework that governs us is generally intended to protect depositors and customers, the DIF, the U.S. banking and financial system, and financial markets as a whole - not to protect shareholders. These laws and regulations, among other matters, prescribe minimum capital requirements, impose limitations on our business activities (including foreclosure and collection practices), limit the dividend or distributions that we can pay, restrict the ability of institutions to guarantee our debt, and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital than accounting principles generally accepted in the United States. Compliance with laws and regulations can be difficult and costly, and changes to laws and regulations often impose additional compliance costs. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years in response to the financial crisis, as well as other factors such as technological and market changes. Such regulation and supervision may increase our costs and limit our ability to pursue business opportunities. Further, our failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines, and other penalties, any of which could adversely affect our results of operations, capital base, and the price of our securities. Further, any new laws, rules, and regulations could make compliance more difficult or expensive or otherwise adversely affect our business and financial condition. Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price. Both the scope of the laws and regulations and the intensity of the supervision to which we are subject increased in response to the financial crisis as well as other factors such as technological and market changes. Regulatory enforcement and fines have also increased across the banking and financial services sector. Compliance with these laws and regulations have resulted in and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations, especially those that apply to our consumer operations, which has been an area of heightened focus, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results. 32 Huntington Bancshares Incorporated The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period. We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period. For more information on litigation risks, see Note 21 - “Commitments and Contingent Liabilities” to the Consolidated Financial Statements. Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss. The Bank Secrecy Act and the Patriot Act contain anti-money laundering and financial transparency provisions intended to detect and prevent the use of the U.S. financial system for money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the Patriot Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of clients, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. FinCEN, a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the federal bank regulatory agencies, as well as the United States Department of Justice, Drug Enforcement Administration, and IRS. There is also increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures, and systems are deemed deficient or the policies, procedures, and systems of the financial institutions that we have already acquired or may acquire in the future are deficient, we would be subject to liability, including fines and regulatory actions such as restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain planned business activities, including acquisition plans, which would negatively impact our business, financial condition, and results of operations. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us. For more information regarding the Bank Secrecy Act, Patriot Act, anti-money laundering requirements and OFAC-administered sanctions, refer to Item 1: Business - “Regulatory Matters”. Strategic Risk: We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services. We believe that our continued growth and future success will depend in large part on the skills of our management team and our ability to motivate and retain these individuals and other key personnel. The loss of service of one or more of our executive officers or key personnel could reduce our ability to successfully implement our long-term business strategy, our business could suffer, and the value of our stock could be materially adversely affected. Leadership changes will occur from time to time, and we cannot predict whether significant resignations will occur or whether we will be able to recruit additional qualified personnel. We believe our management team possesses valuable knowledge about the banking industry and that their knowledge and relationships would be very difficult to replicate. Our success also depends on the experience of our branch managers and lending officers and on their relationships with the customers and communities they serve. The loss of these key personnel could negatively impact our banking operations. The loss of key personnel, or the inability to recruit and retain qualified personnel in the future, could have an adverse effect on our business, financial condition, or operating results. 2019 Form 10-K 33 Bank regulations regarding capital and liquidity, including the annual CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities. The Federal Reserve administers CCAR, an annual forward-looking quantitative assessment of Huntington’s capital adequacy and planned capital distributions and a review of the strength of Huntington’s practices to assess capital needs. We generally may pay dividends and repurchase stock only in accordance with a capital plan that has been reviewed by the Federal Reserve and as to which the Federal Reserve has not objected. The Federal Reserve also makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio after making all capital actions included in Huntington’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. There can be no assurance that the Federal Reserve or OCC will respond favorably to our capital plans, planned capital actions or stress test results, and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases. We are also required to maintain minimum capital ratios and the Federal Reserve and OCC may determine that Huntington and/or the Bank, based on size, complexity, or risk profile, must maintain capital ratios above these minimums in order to operate in a safe and sound manner. In the event we are required to raise capital to maintain required minimum capital and leverage ratios or ratios above the required applicable minimums, we may be forced to do so when market conditions are undesirable or on terms that are less favorable to us than we would otherwise require. Furthermore, in order to prevent becoming subject to restrictions on our ability to distribute capital or make certain discretionary bonus payments to management, we must maintain a Capital Conservation Buffer (of 2.5% as of January 1, 2019), which is in addition to our required minimum capital ratios. For more information regarding CCAR, stress testing, and capital and liquidity requirements, including several proposed rules that would alter, reduce, or eliminate certain of these requirements as they apply to Huntington, refer to Item 1: Business - “Regulatory Matters”. If our regulators deem it appropriate, they can take regulatory actions that could result in a material adverse impact on our financial results, ability to compete for new business, or preclude mergers or acquisitions. In addition, regulatory actions could constrain our ability to fund our liquidity needs or pay dividends. Any of these actions could increase the cost of our services. We are subject to the supervision and regulation of various state and federal regulators, including the OCC, Federal Reserve, FDIC, SEC, CFPB, FINRA, and various state regulatory agencies. As such, we are subject to a wide variety of laws and regulations, many of which are discussed in Item 1: Business - “Regulatory Matters”. As part of their supervisory process, which includes periodic examinations and continuous monitoring, the regulators have the authority to impose restrictions or conditions on our activities and the manner in which we manage the organization. Such actions could negatively impact us in a variety of ways, including charging monetary fines, impacting our ability to pay dividends, precluding mergers or acquisitions, limiting our ability to offer certain products or services, or imposing additional capital requirements. Under the supervision of the CFPB, our Consumer and Business Banking products and services are subject to heightened regulatory oversight and scrutiny with respect to compliance under consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. Also, federal and state regulators have been increasingly focused on sales practices of branch personnel, including taking regulatory action against other financial institutions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, increase the cost of collection, cause harm to our reputation, or otherwise adversely affect our consumer businesses. In addition, we are allowed to conduct certain activities that are financial in nature by virtue of Huntington’s status as an FHC, as discussed in more detail in Item 1. Regulatory Matters. If Huntington or the Bank cease to meet 34 Huntington Bancshares Incorporated the requirements necessary for Huntington to continue to qualify as an FHC, the Federal Reserve may impose upon us corrective capital and managerial requirements, and may place limitations on our ability to conduct all of the business activities that we conduct as a FHC. If the failure to meet these standards persists, we could be required to divest our Bank, or cease all activities other than those activities that may be conducted by a BHC but not an FHC. Reputation Risk: Damage to our reputation could significantly harm our business, including our competitive position and business prospects. Our ability to attract and retain customers, clients, investors, and employees is affected by our reputation. Significant harm to our reputation can arise from various sources, including officer, director or employee misconduct, actual or perceived unethical behavior, conflicts of interest, security breaches, litigation or regulatory outcomes, compensation practices, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release of personal, proprietary or confidential information due to cyber-attacks or otherwise, perception of our environmental, social and governance practices and disclosures, and the activities of our clients, customers, and counterparties, including vendors. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation indirectly by association. In addition, adverse publicity or negative information posted on social media, whether or not factually correct, may affect our business prospects. All of these could adversely affect our growth, results of operation, and financial condition. Item 1B: