Capitol Federal Financial Inc. Common Stock

Item 1A. Risk Factors

There are risks inherent in the Bank's and Company's business. The following is a summary of material risks and uncertainties relating to the operations of the Bank and the Company. Adverse experiences with these could have a material impact on the Company's financial condition and results of operations. Some of these risks and uncertainties are interrelated, and the occurrence of one or more of them may exacerbate the effect of others. These material risks and uncertainties are not necessarily presented in order of significance. In addition to the risks set forth below and the other risks described in this Annual Report, there may be risks and uncertainties that are not currently known to us or that we currently deem to be immaterial that could materially and adversely affect our business, financial condition or operating results.

Risks Related to Macroeconomic Conditions

Changes in interest rates could have an adverse impact on our results of operations and financial condition.

Our results of operations are primarily dependent on net interest income, which is the difference between the interest earned on loans, securities, cash at the Federal Reserve Bank and dividends received on FHLB stock, and the interest paid on deposits and borrowings. Changes in interest rates could have an adverse impact on our results of operations and financial condition because the majority of our interest-earning assets are long-term, fixed-rate loans, while the majority of our interest-bearing liabilities are shorter term, and therefore subject to a greater degree of interest rate fluctuations. This type of risk is known as interest rate risk and is affected by prevailing economic and competitive conditions that are beyond the

9

Company's control, including general economic conditions, inflationary trends and/or monetary policies of the FRB and fiscal policies of the United States federal government.

The impact of changes in interest rates is generally observed on the income statement. The magnitude of the impact will be determined by the difference between the amount of interest-earning assets and interest-bearing liabilities, both of which either reprice or mature within a given period of time, in addition to the yields earned on interest-earning assets and rates paid on interest-bearing liabilities. This difference provides an indication of the extent to which our net interest rate spread will be impacted by changes in interest rates. In addition, changes in interest rates will impact the expected level of repricing of the Bank's mortgage-related assets and callable debt securities. Generally, as interest rates decline, the amount of interest-earning assets expected to reprice will increase as borrowers have an economic incentive to reduce the cost of their mortgage or debt, which would negatively impact the Bank's interest income. Conversely, as interest rates rise, the amount of interest-earning assets expected to reprice will decline as the economic incentive to refinance the mortgage or debt is diminished. As this occurs, the amount of interest-earning assets repricing could diminish to the point where interest-bearing liabilities reprice to a higher interest rate at a faster pace than interest-earning assets, thus negatively impacting the Bank's net interest income. For additional information about the interest-rate risk we face, see "Part II, Item 7A. Quantitative and Qualitative Disclosures about Market Risk."

Changes in interest rates can also have an adverse effect on our financial condition, as available-for-sale ("AFS") securities are reported at estimated fair value. Stockholders' equity, specifically accumulated other comprehensive income (loss) ("AOCI"), is increased or decreased by the amount of change in the estimated fair value of our AFS securities, net of deferred income taxes. Increases in interest rates generally decrease the fair value of AFS securities, which adversely impacts stockholders' equity. For additional information, see "Part II, Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations - Strategic Securities Transaction," "Part II, Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations - Stockholders' Equity" and "Part II, Item 8. Financial Statements

9

and Supplementary Data Notes to Consolidated Financial Statements Note 15. Accumulated Other Comprehensive Income."

Changes in interest rates, as they relate to customers, can also have an adverse impact on our financial condition and results of operations. In times of rising interest rates, default risk may increase among borrowers with adjustable-rate loans as the rates on their loans adjust upward and their payments increase. Fluctuations in interest rates also affect customer demand for loan and deposit products. Competition from other financial institutions and/or brokerage firm others could affect our ability to attract and retain deposits and could result in us the Bank paying more for deposits.

In addition to general changes in interest rates, changes that affect the shape of the yield curve could negatively impact the Bank. The Bank's interest-bearing liabilities are generally priced based on short-term interest rates while the majority of the Bank's interest-earning assets are priced based on long-term interest rates. Income for the Bank is primarily driven by the spread between these rates. As a result, a steeper yield curve, meaning long-term interest rates are significantly higher than short-term interest rates, would provide the Bank with a better opportunity to increase net interest income. When the yield curve is flat, meaning long-term interest rates and short-term interest rates are essentially the same, or when the yield curve is inverted, meaning long-term interest rates are lower than short-term interest rates, the net yield between interest-earning assets and interest-bearing liabilities that reprice is compressed or diminished and would likely negatively impact the Bank's net interest income. See "Part II, Item 7A. Quantitative and Qualitative Disclosures About Market Risk" for additional information about the Bank's interest rate risk management.

An economic downturn, esincluding a decline in real estate values, especially one affecting our geographic market areas and certain regions of the country where we have corresmmercial real estate loans or correspondent loans secured by one- to four-family properties or commercial real estate participation loans, could have an adverse impact on our business and financial results.

Our primary lending emphasis is the origination of one- to four-family first mortgage loans secured by residential properties. We have also purchased one- to four-family first mortgage loans, secured by properties that are typically outside our local market areas, from correspondent lenders. As we have grown our commercial real estate lending portfolio, we have continued to maintain relationships not only in our local markets but in geographically diverse markets. As a result, we are particularly exposed to downturns in regional housing and commercial real estate markets and, to a lesser extent, the U.S. hhousing and commercial real estate markets nationwide, along with changes in the levels of unemployment or underemployment. We monitor the current status and trends of local and national employment levels and trends and current conditions in the real estate and housing markets, as well as commercial real estate markets, in our local market areas and certain areas where we have correspondent loans and commercial real estate participationloans and correspondent loans. Decreases in local real estate values could adversely affect the value of the property used as collateral for our loans, which could cause us to realize a loss in the event of a foreclosure. Advdditionally, if insurance obtained by our

10

borrowerse conditios is insufficient to cover any losses sustained to the collateral, the decreases in the value of collateral securing our loans in our locas a result of natural disasters or other related events could adversely impact our financial economies anddition and results of operations. If in certain areas where we have csurance coverage is unavailable to our borrowers due to the reluctance of insurance companies to renew policies covering the collateral or due to other factors, the resulting increase in cost of home ownership could affect the ability of borrespondent loans andowers to repay loans. In addition, a decline in commercial real estate values would likewise adversely affect the value of collateral securing commercial real estate participation loans. Adverse conditions in our local economies and in certain areas where we have commercial real estate loans and correspondent loans, such as inflation, unemployment, supply chain disruptions, recession, natural disasters or pandemics, or other factors beyond our control, could adversely impact the ability of our borrowers to repay their loans. Any one or a combination of these events may have anDeclines in collateral values and adverse impact on borrowers' ability to repay their loans, which ceconomic conditions could result in increased delinquencies, non-performing assets, loan losses, and future loan loss provisions.

Risks Related to Lending Activities

The increase in commercial loans in our loan portfolio exposes us to increased lending and credit risks, which could adversely impact our financial condition and results of operations.

A growing portion of our loan portfolio consists of commercial loans. These loan types tend to be larger than and in different geographic regions from most of our existing loan portfolio and are generally considered to have different and greater risks than one- to four-family residential real estate loans and may involve multiple loans to groups of related borrowers. A growing commercial loan portfolio also subjects us to greater regulatory scrutiny. Furthermore, these loan types can expose us to a greater risk of delinquencies, non-performing assets, loan losses, and future loan loss provisions than one- to four-family residential real estate loans because repayment of such loans often depends on the successful operation of a business or of the underlying property. Repayment of such loans may be affected by factors outside the borrower's control, such as adverse conditions in the real estate market, the economy, environmental factors, natural disasters or pandemics, and/or changes in government regulation. Also, there are risks inherent in commercial real estate construction lending as the value of the project is uncertain prior to the completion of construction and subsequent lease-up. A sudden downturn in the economy, labor and/or supply chain issues, or other unforeseen events could result in stalled projects or collateral shortfalls, thus exposing us to increased credit risk.

10

Commercial and industrial loans are primarily made based on the identified cash flow of the borrower and secondarily on the collateral underlying the loans. The borrowers' cash flow may prove to be unpredictable, and collateral securing these loans may fluctuate in value. Most often, this collateral consists of accounts receivable, inventory and equipment. Significant adverse changes in a borrower's industries and businesses could cause rapid declines in values of, and collectability associated with, those business assets, which could result in inadequate collateral coverage for our commercial and industrial loans and expose us to future losses. In the case of loans secured by accounts receivable, the availability of funds for the repayment of these loans may be substantially dependent on the ability of the borrower to collect amounts due from its clients. Inventory and equipment may depreciate over time, may be difficult to appraise, may be illiquid and may fluctuate in value based on the success of the business. If the cash flow from business operations is reduced, the borrower's ability to repay the loan may be impaired. An increase in valuation allowances and charge-offs related to our commercial and industrial loan portfolio could have an adverse effect on our business, financial condition, results of operations and future prospects.

Risks Related to Cybersecurity, Third Parties, and Technology.

The occurrence of any information system failure or interruption, breach of security or cyberattack, at the Company, at its third-party service providers or counterparties may have an adverse effect on our business, reputation, financial condition and results of operations.

Information systems are essential to the conduct of our business, as we use such systems to manage our customer relationships, our general ledger, our deposits and our loans. In the normal course of our business, we collect, process, retain and transmit (by email and other electronic means) sensitive and confidential information regarding our customers, employees and others. We also outsource certain aspects of our data processing, data processing operations, remote network monitoring, engineering and managed security services to third-party service providers. In addition to confidential information regarding our customers, employees and others, we, and in some cases a third party, compile, process, transmit and store proprietary, non-public information concerning our business, operations, plans and strategies.

11

Information security risks for financial institutions continue to increase in part because of evolving technologies, the use of the internet and telecommunications technologies (including mobile devices) to conduct financial and other business transactions and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists and others. Cyber criminals use a variety of tactics, such as ransomware, denial of service, and theft of sensitive business and customer information to extort payment or other concessions from victims. In some cases, these attacks have caused significant impacts on other businesses' access to data and ability to provide services. We are not able to anticipate or implement effective preventive measures against all incidents of these types, especially because the techniques used change frequently and because attacks can originate from a wide variety of sources, including attacks on third-party vendors and their applications and products used by the Bank.

We use a variety of physical, procedural and technological safeguards to prevent or limit the impact of system failures, interruptions and security breaches and to protect confidential information from mishandling, misuse or loss, including detection and response mechanisms designed to contain and mitigate security incidents. However, there can be no assurance that such events will not occur or that they will be promptly detected and adequately addressed if they do, and early detection of security breaches may be thwarted by sophisticated attacks and malware designed to avoid detection. If there is a failure in or breach of our information systems, or those of a third-party service provider, the confidential and other information processed and stored in, and transmitted through, such information systems could be jeopardized, or could otherwise cause interruptions or malfunctions in our operations or the operations of our customers, employees, or others.

Our business and operations depend on the secure processing, storage and transmission of confidential and other information in our information systems and those of our third-party service providers. Although we devote significant resources and management focus to ensuring the integrity of our information systems through information security measures, risk management practices, relationships with threat intelligence providers and business continuity planning, our facilities, computer systems, software and networks, and those of our third-party service providers, may be vulnerable to external or internal security breaches, acts of vandalism, unauthorized access, misuse, computer viruses or other malicious code and cyberattacks that could have a security impact. In addition, breaches of security may occur through intentional or unintentional acts by those having authorized or unauthorized access to our confidential or other information or the confidential or other information of our customers, employees or others. While we regularly conduct security and risk

11

assessments on our systems and those of our third-party service providers, there can be no assurance that their information security protocols are sufficient to withstand a cyberattack or other security breach. Across our industry, the cost of minimizing these risks and investigating incidents has continued to increase with the frequency and sophistication of these threats.

During June 2023, a third-party service provider (the "Service Provider") to the Bank advised the Bank that files with personally identifiable information related to Bank customers had been compromised during a security incident experienced by the Service Provider (the "Incident"). The Bank used the Service Provider to process transactions. The Incident resulted from a zero-day vulnerability in a managed file sharing software called MOVEit. MOVEit is used by thousands of organizations around the world for securely transferring sensitive and confidential information and ooccurrence of any of ther data. The vulnerability was exploited in a large-scale, cyber campaign that impacted government agencies, universities, and corporations around the world. As a result of the Incident, an unauthorized party was able to obtain access to certain Bank customers' data in the Service Provider's possession that contained social security numbers, account numbers, and other personally identifiable information. The Bank confirmed the Service Provider has fixed the vulnerability noted above and the Bank has implemented additional security procedures when sharing files with the Service Provider. When the Bank received notice of the Incident from the Service Provider, the Bank promptly enacted response protocols. The Service Provider has provided appropriate notifications to potentially affected customers. The Bank worked with the Service Provider to identify any others potentially impacted by the Incident. The Bank is not aware of any other third-party incidents related to the MOVEit vulnerability that has affected personally identifiable information associated with Bank customers.

The occurrence of any of the foregoing foregoing could subject us to litigation or regulatory scrutiny, cause us significant reputational damage or erode confidence in the security of our information systems, products and services, cause us to lose customers or have greater difficulty in attracting new customers, have an adverse effect on the value of our common stock or subject us to financial losses that may not be covered by insurance, any of which could have an adverse effect on our business, financial condition and results of operations. As information security risks and cyber threats continue to evolve, we may be required to expend significant additional resources to further enhance or modify our information security measures and/or to investigate and remediate any information security vulnerabilities or other exposures arising from operational and security risks.

Furthermore, there continues to be heightened legislative and regulatory focus on privacy, data protection and information security. New or revised laws and regulations may significantly impact our current and planned privacy, data protection and information security-related practices, the collection, use, sharing, retention and safeguarding of consumer and employee information, and current or planned business activities. Compliance with current or future privacy, data protection and information security laws could result in higher compliance and technology costs and could restrict our ability to provide certain products and services, which could have an adverse effect on our business, financial condition and results of operations.

Our customers are also targets of cyberattacks and identity theft. There continues to be instances involving financial services and consumer-based companies reporting the unauthorized disclosure of client or customer information or the destruction or theft of corporate data. Large scale identity theft could result in customers' accounts being compromised and fraudulent activities being performed in their names. We have implemented certain safeguards against these types of activities, but they may not fully protect us from financial losses. The occurrence of a security breach involving our customers' information, regardless of its origin, could damage our reputation and result in a loss of customers and business, subject us to additional

12

regulatory scrutiny, and expose us to litigation and possible financial liability. Any of these events could have an adverse effect on our business, financial condition and results of operations. See "Part I, Item 1C. Cybersecurity" for additional discussion related to cybersecurity.

Third-party vendors subject the Company to potential business, reputation and financial risks.

Third-party vendors are sources of operational and information security risk to the Company, including risks associated with operations errors, information system interruptions or breaches, and unauthorized disclosures of sensitive or confidential customer information. The Company requires third-party vendors to maintain certain levels of information security; however, vendors may remain vulnerable to breaches, unauthorized access, misuse, computer viruses, and/or other malicious attacks that could ultimately compromise sensitive information. We have developed procedures and processes for selecting and monitoring third-party vendors, but ultimately are dependent on these third-party vendors to secure their information. If these vendors encounter any of these types of issues, or if we have difficulty communicating with them, we could be exposed to disruption of operations, loss of service or connectivity to customers, reputational damage, and litigation risk that could have an adverse effect on our business, financial condition and results of operations.

12

The failure of an external vendor to perform in accordance with the contracted arrangements under service level agreements, because of changes in the vendor's organizational structure, financial condition, support for existing products and services or strategic focus or for any other reason, could be disruptive to our operations, which could have an adverse effect on our business and, in turn, our financial condition and results of operations. Additionally, replacing certain third-party vendors could also entail significant delay and expense.

We are heavily reliant on technology, and a failure to effectively implement technology initiatives or anticipate future technology needs or demands could adversely affect our business or performance.

Like most financial institutions, the Bank significantly depends on technology to deliver its products and services and to otherwise conduct business. To remain technologically competitive and operationally efficient, the Bank invests in system upgrades, new technological solutions, and other technology initiatives. Many of these solutions and initiatives have a significant duration, are tied to critical information systems, and require substantial resources. Although the Bank takes steps to mitigate the risks and uncertainties associated with these solutions and initiatives, there is no guarantee that they will be implemented on time, within budget, or without negative operational or customer impact. The Bank also may not succeed in anticipating its future technology needs, the technology demands of its customers, or the competitive landscape for technology. If the Bank were to falter in any of these areas, it could have an adverse effect on our business, financial condition and results of operations.

In August 2023, the Company implemented a new core processing system ("digital transformation"). While the digital transformation was completed successfully, the Company may face operational risks, such as disruptions in technology systems, which may impact customers. The Company will work to remediate any such disruptions, if they occur, but no assurance can be given that a potential adverse development will be quickly or completely remediated. If an adverse development arising from the digital transformation is not sufficiently remediated or is not remediated in a timely fashion, the Company's reputation could be significantly impacted, which could result in loss of customer business, subject the Company to regulatory scrutiny, or expose the Company to litigation, any of which could have a material impact on the Company's financial condition and results of operations.

Risks Related to Competition

Strong competition may limit our growth and profitability.

While we are one of the largest mortgage loan originators in the state of Kansas, we compete in the same market areas as local, regional, and national banks, savings institutions, credit unions, mortgage brokerage firms, investment banking firms, investmentand brokerage firms, mortgage bankers, and savings institutiononline competitors. We also compete with online investment and mortgage brokerages and online banks that are not confined to any specific market area. Many of these competitors operate on a national or regional level, are a conglomerate of various financial services providers housed under one corporation, or otherwise have substantially greater financial or technological resources than the Bank. We compete primarily on the basis of the interest rates offered to depositors, the terms of loans offered to borrowers, and the benefits afforded to customers as a local institution and portfolio lender. Should we face competitive pressure to increase deposit rates or decrease loan rates, our net interest income could be adversely affected. Additionally, our competitors may offer products and services that we do not or cannot provide, as certain deposit and loan products fall outside of our accepted level of risk. Our profitability depends upon our ability to compete in our local market areas.

Risks Related to Regulation

We operate in a highly regulated environment, which limits the manner and scope of our business activities, and we may be adversely affected by new and/or changes in laws and regulations or interpretation of existing laws and regulations.

We are subject to extensive regulation, supervision, and examination by the OCC, the FRB, and the FDIC. These regulatory authorities exercise broad discretion in connection with their supervisory and enforcement activities, including the ability to

13

impose restrictions on a bank's operations, reclassify assets, determine the adequacy of a bank's ACL, and determine the level of deposit insurance premiums assessed. The CFPB has broad powers to supervise and enforce consumer protection laws, including a wide range of consumer protection laws that apply to all banks and savings institutions, like the authority to prohibit unfair, deceptive or abusive acts and practices. The CFPB also has examination and enforcement authority over all banks with regulatory assets exceeding $10 billion at four consecutive quarter-ends. The Bank exceeded $10 billion in

13

regulatory assets at March 31, 2023, June 30, 2023 and September 30, 2023. The Bank intends to be below $10 billion in regulatory assets at December 31, 2023 so it will not exceed $10 billion in regulatory assets at four consecutive quarter-ends. There are increased d are increased direct costs, additional regulatory burdens with indirect costs, and lost revenue, mainly related to interchange fees, associated with the Bank being over $10 billion in regulatory assets at certain points in time and for four consecutive quarter-ends. As long as the Bank does not exceed $10 billion in regulatory assets for four consecutive quarter ends, it will continue to be examined for compliance with consumer protection laws and the regulations of the CFPB by the Bank's primary bank regulator, the OCC. The Dodd-Frank Act also weakens the federal preemption rules that have been applicable for national banks and federal savings associations and gives state attorneys general the ability to enforce federal consumer protection laws.

Any change in such regulation and oversight, whether in the form of regulatory policy, regulations, legislation, interpretation or application, could have an adverse impact on our operations. Moreover, bank regulatory agencies have been active in responding to concerns and trends identified in examinations and have issued formal enforcement orders requiring capital ratios in excess of regulatory requirements and/or assessing monetary penalties. Bank regulatory agencies, such as the OCC, the FRB and the FDIC, govern the activities in which we may engage, primarily for the protection of depositors' funds, the DIF and the safety and soundness of the banking system as a whole, and not for the protection or benefit of investors. The CFPB enforces consumer protection laws and regulations for the benefit of the consumers and not the protection or benefit of investors. In addition, new laws and regulations, including those related to environmental, social, and governance initiatives, may continue to increase our costs of regulatory compliance and of doing business, and otherwise affect our operations. New laws and regulations may significantly affect the markets in which we do business, the markets for and value of our loans and securities, the products we offer, the fees we can charge and our ongoing operations, costs, and profitability.

The Company is also directly subject to the requirements of entities that set and interpret accounting standards such as the Financial Accounting Standards Board, and indirectly subject to the actions and interpretations of the Public Company Accounting Oversight Board, which establishes auditing and related professional practice standards for registered public accounting firms and inspects registered firms to assess their compliance with certain laws, rules, and professional standards in public company audits. These regulations, along with existing tax, accounting, securities, and monetary laws, regulations, rules, standards, policies and interpretations, control the methods by which financial institutions and their holding companies conduct business, engage in strategic and tax planning, implement strategic initiatives, and govern financial reporting.

The Company's failure to comply with laws, regulations or policies could result in civil or criminal sanctions and money penalties by state and federal agencies, and/or reputational damage, which could have an adverse effect on the Company's business, financial condition and results of operations. See "Part I, Item 1. Business - Regulation and Supervision" for more information about the regulations to which the Company is subject.

Other Risks

The Company's ability to pay dividends and repurchase shares is subject to the ability of the Bank to make capital distributions to the Company.

The long-term ability of the Company to pay dividends to its stockholders and repurchase shares is based primarily upon the ability of the Bank to generate esufficient earnings and to, therefore, to make capital distributions to the Company, and on the availability of cash at the holding company level in the event eathe Bank's earnings are not sufficient to paymake capital dividendsstributions to the Company. Under certain circumstances, capital distributions from the Bank to the Company may be subject to regulatory approvals. See "Item 1. Business Regulation and Supervision" for additional information.

Our risk management and compThe Bank's bad debt recapture amount may impact the amount and timing of capital distributions to the Company.

The Bank will report a net loss for tax purposes for fiscal year 2024 due to the sale of securities in October 2023 associated with the securities strategy and will therefore have negative current and accumulated earnings and profits for fiscal year 2024. As a result of the negative current and accumulated earnings and profits, capital distributions from the Bank to the holding company during fiscal year 2024 were deemed to be drawn out of the Bank's pre-1988 bad debt reserves and resulted in the recognition of income tax expense based on the amount of the capital distribution multiplied by the then-current Bank income tax rate. This additional tax expense reduced the amount of earnings available to be distributed to the holding company

14

during fiscaliance programs and functions may n year 2024. The Bank had $75.9 million in pre-1988 bad debt reserves at September 30, 2024, which equates to an unrecorded deferred tax liability of $15.9 million.

Given the amount of cash at the holding company level ($50.1 million as of September 30, 2024), and in an effort to minimize the tax associated with the bad debt recapture, it is currently the intention of management and the Board of Directors to not distribute earnings from the Bank to the Company during fiscal year 2025. It is anticipated that the Bank will have sufficient taxable income during fiscal year 2025 to replenish tax accumulated earnings and profits to a positive level, allowing the Bank to make capital distributions to the Company during fiscal year 2026 and not be effectitaxed on those distributions.

See additional discussion regarding the Bank's pre-1988 bad debt recapture in "Part II. Item 7. Management's Discussion and Analysis of Financial Condition and Results of Operations - Comparison of Operating Results for the Years Ended September 30, 2024 and 2023" and "Part II, Item 8. Financial Statements and Supplementary Data - Notes to Consolidated Financial Statements - Note 9. Income Taxes".

Our risk management and compliance programs and functions may not be effective in mitigating risk and loss.

We maintain an enterprise risk management program that is designed to identify, quantify, monitor, report, and control the risks that we face. These risks include: interest-rate, credit, liquidity, operations, reputation, compliance and litigation. We also maintain a compliance program to identify, measure, assess, and report on our adherence to applicable laws, policies and procedures. While we assess and improve these programs on an ongoing basis, there can be no assurance that our risk management or compliance programs, along with other related controls, will effectively mitigate all risk and limit losses in our business. If conditions or circumstances arise that expose flaws or gaps in our risk management or compliance programs, or if our controls do not function as designed, the performance and value of our business could be adversely affected.

14

The Company may not be able to attract and retain skilled employees.

The Company's success depends, in large part, on its ability to attract and retain key people. Competition for the best people can be intense, and the Company spends considerable time and resources attracting and hiring qualified people for its operations. The unexpected loss of the services of one or more of the Company's key personnel could have an adverse impact on the Company's business because of their skills, knowledge of the Company's market, and years of industry experience, as well as the difficulty of promptly finding qualified replacement personnel.

The Company may be adversely affected by an increasing prevalence of fraud and other financial crimes.

Reported instances of fraud and related financial crimes are rising nationwide. Like all financial institutions, the Company is vulnerable to increasing fraud losses as fraud schemes perpetrated against the Company and its customers continue to evolve and become more sophisticated. While the Company has procedures and systems in place to detect, prevent, and mitigate fraud losses, fraud losses may still occur and could be material to the Company's results of operations.