TriCo Bancshares : 2025 Annual Report to Shareholders
TCBK
Published on 04/20/2026 at 02:35 pm EDT
2025 Annual Report
Dear Fellow Shareholders:
In 1974 a group of local farmers, business owners, and community leaders came together with a simple but powerful belief: that a local bank, grounded in relationships, sound judgment, and service to community, could create lasting value. That belief has guided Tri Counties Bank for more than five decades, and it continues to guide us today.
As we reflect on fiscal year 2025, I am proud of how TriCo Bancshares navigated an environment shaped by geopolitical uncertainty, economic transition, and rapid technological change. While these forces are largely beyond the control of any single institution, they reinforce the importance of balance sheet resilience, thoughtful decision-making, and disciplined investment. We continue to manage the Company for success across a wide range of economic scenarios, prioritizing longterm stability over short-term outcomes.
Throughout 2025, global and domestic conditions remained complex. International conflicts, shifting trade dynamics, and political transitions influenced economic markets, inflation expectations, and business confidence. Following an extended period of elevated interest rates, monetary policy in the United States began to adjust, creating both opportunities and challenges for banks and their customers. We approached these conditions with the same steady discipline that has served this Company well through multiple economic cycles.
Despite these challenges, TriCo Bancshares delivered solid financial performance in 2025. The Company reported net income of $121.6 million, or $3.70 per diluted share, representing a 5.8% increase in earnings and a 6.9% increase in diluted earnings per share compared to the prior year.
Net interest income on a fully tax-equivalent basis (FTE) increased to $351.9 million, reflecting improved funding costs and disciplined balance sheet management. Net interest margin expanded to 3.89%, benefiting from a steepening yield curve and our continued focus on deposit mix and funding efficiency.
2025
Chg.
2024
Chg.
2023
5.77%
(0.02%)
5.79%
0.35%
5.44%
1.97%
(0.12%)
2.09%
0.99%
1.10%
3.89%
0.18%
3.71%
(0.25%)
3.96%
$351.9
5.83%
$332.5
(7.17%)
$358.2
Yield on Loans
Cost of Total Interest-Bearing Deposits
Net Interest Margin
Net Interest Income (FTE, $ millions)
As anticipated, 2025 marked an important inflection point in the interest-rate environment. Interest expense declined as deposit pricing normalized and higher-cost borrowings were reduced. These
results reflect the benefits of our long-standing emphasis on core deposit relationships and conservative funding strategies-an approach designed to support stable earnings and protect shareholder value across interest-rate cycles.
Credit performance during the year remained consistent with our expectations as economic conditions continued to normalize. While the provision for credit losses increased modestly, overall credit metrics reflect sound underwriting, portfolio diversification, and resilient borrower performance. Strong earnings and ongoing capital generation further reinforced our capacity to support customers, communities, and growth opportunities across a wide range of economic conditions.
Total assets ended the year at approximately $9.8 billion, supported by deposits of approximately
$8.3 billion. These results are the outcome of disciplined decision-making, conservative credit underwriting, and a continued focus earnings growth and capital strength. Our relationship-based approach-grounded in local knowledge, prudent risk assessment, and long-term partnerships-remains central to how we create sustainable value for shareholders.
As California's Local Bank, our success is inseparable from the strength of the communities we serve. In 2025, we continued to make meaningful investments across the state-investments grounded in long-standing relationships, local decision-making, and a commitment to expanding opportunity. That approach was reaffirmed during the year through our most recent Community Reinvestment Act examination, which resulted in an Outstanding rating, the FDIC's highest designation. This recognition reflects years of consistent performance and a disciplined focus on meeting community needs in a safe and fiscally responsible way.
During the year, Tri Counties Bank provided more than $1.6 million in donations and sponsorships, supporting over 500 nonprofit organizations across California. These partnerships-combined with more than 10,000 employee volunteer hours-support financial education, fraud prevention, tax preparation assistance, workforce development, and essential services in urban, suburban, and rural communities alike. The programs and partnerships we support also play a meaningful role in advancing homeownership and economic mobility for minority and low- and moderate-income households throughout the state.
Affordable homeownership remains a core priority for all of us. In 2025, we partnered with the Federal Home Loan Bank of San Francisco through its Empowering Homeownership program, helping secure $180,000 in grants for HUD-approved housing counseling agencies that prepare individuals and families for successful, sustainable homeownership. We complemented these efforts with direct investment, committing $26.7 million to the creation, rehabilitation, and preservation of 760 affordable housing units across our footprint-projects that support long-term community stability and economic inclusion.
Being a community bank also means being present. While larger institutions continue to consolidate and retreat from smaller markets, we remain committed to serving businesses and households throughout California with local bankers and local decision-making. In 2025, we originated more than $307 million in small business loans, including significant lending in majority-minority and low- and moderate-income communities. We take pride in our roots and in the responsibility that comes with them-helping create jobs, strengthen communities, and ensure that California's local economies continue to grow and thrive.
Technology and innovation continue to play an important role in our strategy as customer expectations and risk management requirements evolve. During 2025, we invested further in our digital banking platforms, data infrastructure, cybersecurity capabilities, and process automation. These investments are intended to enhance customer experience, improve operating efficiency, and strengthen our ability to manage risk-while preserving the personal service and local decision-making that defines Tri Counties Bank.
We are selectively incorporating advanced analytics and artificial intelligence into areas such as fraud detection, operational monitoring, and customer engagement. We recognize both the opportunities and the risks associated with emerging technologies, and our approach remains deliberate and grounded in strong governance, transparency, and alignment with regulatory expectations. When deployed responsibly, these tools can enhance service quality while reinforcing safety and soundness.
We also continued to invest in how we serve California businesses by expanding specialized coverage and industry expertise. During the year, we restructured our business and commercial banking leadership to provide streamlined access to specialized lending capabilities across business banking, commercial banking, and middle-market and specialty banking. Our physical presence remains an important complement to our digital capabilities, reflected in the opening of our new West Portal branch in San Francisco-designed around relationship-based service and local engagement.
Our employees are the foundation of our success. Throughout 2025, our teams adapted to change, embraced innovation, and upheld our culture of integrity, accountability, and service. I remain deeply grateful to our 1,200 employees who bring our values to life every day and serve our customers and communities with professionalism and care.
As we look ahead, we do so with confidence and humility. The banking industry will continue to evolve, shaped by economic cycles, regulatory developments, technological advancement, and global events. Our strategy remains grounded in disciplined growth, strong capital, responsible innovation, and an enduring commitment to community banking.
On behalf of our Board of Directors and our entire Tri Counties Bank family, thank you for your continued trust and support. We are proud to have you as partners in TriCo Bancshares and remain committed to earning that trust every day.
Sincerely,
Richard P. Smith
Chairman, President, and Chief Executive Officer
Page
Number
PART I
Item 1
Business
2
Item 1A
Risk Factors
11
Item 1B
Unresolved Staff Comments
25
Item 1C
Cybersecurity
25
Item 2
Properties
27
Item 3
Legal Proceedings
27
Item 4
Mine Safety Disclosures
28
PART II
Item 5
Market for Registrant's Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities
29
Item 6
[Reserved]
30
Item 7
Management's Discussion and Analysis of Financial Condition and Results of Operations
30
Item 7A
Quantitative and Qualitative Disclosures About Market Risk
53
Item 8
Financial Statements and Supplementary Data
54
Item 9
Changes in and Disagreements with Accountants on Accounting and Financial Disclosure
109
Item 9A
Controls and Procedures
109
Item 9B
Other Information
109
Item 9C
Disclosure Regarding Foreign Jurisdictions that Prevent Inspections
109
PART III
Item 10
Directors, Executive Officers and Corporate Governance
110
Item 11
Executive Compensation
110
Item 12
Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters
110
Item 13
Certain Relationships and Related Transactions, and Director Independence
110
Item 14
Principal Accountant Fees and Services
110
PART IV
Item 15
Exhibits and Financial Statement Schedules
111
Item 16
Form 10-K Summary
113
Signatures
114
The following listing provides a comprehensive reference of common acronyms and terms used throughout the document:
ACL
Allowance for Credit Losses
AFS
Available-for-Sale
AOCI
Accumulated Other Comprehensive Income
ASC
Accounting Standards Codification
CARES
Coronavirus Aid, Relief and Economic Security Act
CDs
Certificates of Deposit
CDI
Core Deposit Intangible
CECL
Current Expected Credit Loss
CODM
Chief Operating Decision Maker
COVID-19
Coronavirus Disease
CRE
Commercial Real Estate
CMO
Collateralized mortgage obligation
DFPI
State Department of Financial Protection and Innovation
FASB
Financial Accounting Standards Board
FDIC
Federal Deposit Insurance Corporation
FDIA
Federal Deposit Insurance Act
FHLB
Federal Home Loan Bank
FRB
Federal Reserve Board
FTE
Fully taxable equivalent
GAAP
Generally Accepted Accounting Principles (United States of America)
HELOC
Home equity line of credit
HTM
Held-to-Maturity
LIBOR
London Interbank Offered Rate
NIM
Net interest margin
NPA
Nonperforming assets
OCI
Other comprehensive income
PCD
Purchase Credit Deteriorated
PPP
Paycheck Protection Program
ROUA
Right-of-Use Asset
RSU
Restricted Stock Unit
SBA
Small Business Administration
SERP
Supplemental Executive Retirement Plan
SFR
Single Family Residence
SOFR
Secured Overnight Financing Rate
TDR
Troubled Debt Restructuring
VRB
Valley Republic Bancorp
XBRL
eXtensible Business Reporting Language
In addition to historical information, this Annual Report on Form 10-K contains forward-looking statements about TriCo Bancshares (the "Company," "TriCo" or "we") and its subsidiaries for which it claims the protection of the safe harbor provisions contained in the Private Securities Litigation Reform Act of 1995. These forward-looking statements are based on the current knowledge and belief of the Company's management ("Management") and include information concerning the Company's possible or assumed future financial condition and results of operations. When you see any of the words "believes", "expects", "anticipates", "estimates", or similar expressions, these generally indicate that we are making forward-looking statements. A number of factors, some of which are beyond the Company's ability to predict or control, could cause future results to differ materially from those contemplated.
Forward-looking statements involve inherent risks and uncertainties, many of which are difficult to predict and are generally beyond our control. There can be no assurance that future developments affecting us will be the same as those anticipated by management. We caution readers that a number of important factors could cause actual results to differ materially from those expressed in, or implied or projected by, such forward-looking statements. These risks and uncertainties include, but are not limited to, the following: the conditions of the United States economy in general and the strength of the local economies in which we conduct operations; the impact of any future federal government shutdown and uncertainty regarding the federal government's debt limit or changes in, trade, monetary and fiscal policies and laws, including interest rate policies of the Board of Governors of the Federal Reserve System; the impacts of inflation, interest rate, market and monetary fluctuations on the Company's business condition and financial operating results; the impact of changes in financial services industry policies, laws and regulations; regulatory restrictions affecting our ability to successfully market and price our products to consumers; the risks related to the development, implementation, use and management of emerging technologies, including artificial intelligence and machine learning; extreme weather, natural disasters and other catastrophic events that may or may not be caused by climate change and their effects on the Company's customers and the economic and business environments in which the Company operates; the impact of a slowing U.S. economy and decreases in housing and commercial real estate prices, potentially increased unemployment on the performance of our loan portfolio, the market value of our investment securities and possible other-than-temporary impairment of securities held by us due to changes in credit quality or rates; the availability of, and cost of, sources of funding and the demand for our products; adverse developments with respect to U.S. or global economic conditions and other uncertainties, including the impact of supply chain disruptions, commodities prices, inflationary pressures and labor shortages on the economic recovery and our business; the impacts of international hostilities, wars, terrorism or geopolitical events; adverse developments in the financial services industry generally such as the recent bank failures and any related impact on depositor behavior or investor sentiment; risks related to the sufficiency of liquidity; the possibility that our recorded goodwill could become impaired, which may have an adverse impact on our earnings and capital; the costs or effects of mergers, acquisitions or dispositions we may make, as well as whether we are able to obtain any required governmental approvals in connection with any such activities, or identify and complete favorable transactions in the future, and/or realize the anticipated financial and business benefits; the regulatory and financial impacts associated with exceeding $10 billion in total assets; the negative impact on our reputation and profitability in the event customers experience economic harm or in the event that regulatory violations are identified; the ability to execute our business plan in new markets; the future operating or financial performance of the Company, including our outlook for future growth and changes in the level and direction of our nonperforming assets and charge-offs; the appropriateness of the allowance for credit losses, including the assumptions made under our current expected credit losses model; any deterioration in values of California real estate, both residential and commercial; the effectiveness of the Company's asset management activities managing the mix of earning assets and in improving, resolving or liquidating lower-quality assets; the effect of changes in the financial performance and/or condition of our borrowers; changes in accounting standards and practices; changes in consumer spending, borrowing and savings habits; our ability to attract and maintain deposits and other sources of liquidity; the effects of changes in the level or cost of checking or savings account deposits on our funding costs and net interest margin; increasing noninterest expense and its impact on our financial performance; competition and innovation with respect to financial products and services by banks, financial institutions and
non-traditional competitors including retail businesses and technology companies; the challenges of attracting, integrating and retaining key
employees; the vulnerability of the Company's operational or security systems or infrastructure, the systems of third-party vendors or other service providers with whom the Company contracts, and the Company's customers to unauthorized access, computer viruses, phishing schemes, spam attacks, human error, natural disasters, power loss and data/security breaches and the cost to defend against and respond to such incidents; the impact of the recent cyber security ransomware incident on our operations and reputation; increased data security risks due to work from home arrangements and email vulnerability; failure to safeguard personal information, and any resulting litigation; the effect of a fall in stock market prices on our brokerage and wealth management businesses; the transition from the LIBOR to new interest rate benchmarks; the emergence or continuation of widespread health emergencies or pandemics; the costs and effects of litigation and of unexpected or adverse outcomes in such litigation; and our ability to manage the risks involved in the foregoing. See also factors listed at Item 1A Risk Factors, in this report. You should carefully consider the factors discussed below, and in our Risk Factors or other disclosures, in evaluating these forward-looking statements.
Annualized, pro forma, projections and estimates are not forecasts and may not reflect actual results. All forward-looking statements speak only as of the date they are made and are based on information available at that time. Forward-looking statements speak only as of the date they are made, and the Company does not undertake to update forward-looking statements to reflect circumstances or events that occur after the date the forward-looking statements are made, whether as a result of new information, future developments or otherwise, except as required by federal securities laws. As forward-looking statements involve significant risks and uncertainties, caution should be exercised against placing undue reliance on such statements.
TriCo Bancshares is a registered bank holding company under the Bank Holding Company Act of 1956, as amended (the "BHC Act"). TriCo's principal business is to serve as the holding company for our wholly-owned subsidiary, Tri Counties Bank, a California-chartered commercial bank (the "Bank"). TriCo is a California corporation and was incorporated in 1981. Our common stock is traded on the Nasdaq Global Select Market under the trading symbol "TCBK". The Company and the Bank are headquartered in Chico, California.
As a bank holding company, TriCo is subject to the supervision of the Board of Governors of the Federal Reserve System (the "FRB") under the BHC Act. The Bank is subject to the supervision of the California Department of Financial Protection & Innovation (the "DFPI") and the Federal Deposit Insurance Corporation (the "FDIC"). See "Regulation and Supervision."
The Company maintains two capital subsidiary business trusts (collectively, the Trusts), both organized by the Company. For financial reporting purposes, the Company's remaining investments in the Trusts of $1.2 million are accounted for under the equity method and, accordingly, are not consolidated and are included in other assets on the consolidated balance sheet. For more information regarding the trust preferred securities please refer to "Note 14 - Junior Subordinated Debt" to the consolidated financial statements within Part II, Item 8 of this report.
Our executive offices are located at 63 Constitution Drive, Chico, California 95973, and our telephone number is (530) 898-0300. Additional information concerning the Company can be found on our website at www.tcbk.com. Copies of our annual reports on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K and amendments to these reports are available free of charge through the investor relations page of our website, www.tcbk.com/about/investor-relations, as soon as reasonably practicable after the Company files these reports with the U.S. Securities and Exchange Commission ("SEC"). The information on our website is not part of this annual report.
The Bank was organized in 1975 and had total assets of approximately $9.8 billion at December 31, 2025. Based in Chico, California, the Bank offers an extensive and competitive breadth of consumer, small business and commercial banking services through its network of stand-alone and in-store branches in communities throughout California. In addition to its California community bank network, the Bank provides advanced online and mobile banking, a shared nationwide network of over 40,000 surcharge-free ATMs, and bankers available by phone 7 days per week.
The Bank provides a breadth of personal, small business and commercial financial services including accepting demand, savings and time deposits and making small business, commercial, real estate, and consumer loans, as well as a range of treasury management services and other customary banking services including safe deposit boxes at some branches. Brokerage and wealth management services are provided at the Bank's offices by Tri Counties Advisors through the Bank's arrangement with Raymond James Financial Services, Inc., an independent financial services provider and broker-dealer.
The Bank offers a variety of banking and financial services to both personal, small business and commercial customers. In many instances the owners or stakeholders of the business and commercial customers are also personal customers. The industries that we serve are diverse in both number and type and include, but are not limited to, manufacturing, real estate development, retail, wholesale, transportation, agriculture, commerce, oil & gas, and professional services. The majority of the Bank's loans are direct loans made to individuals and businesses in California where its branches or business lending centers are located. At December 31, 2025, the Bank's consumer loans net of deferred fees outstanding were $1.3 billion (18.5%), commercial and industrial loans outstanding were $464.4 million (6.5%), real estate construction loans of $301.0 million (4.2%), and commercial real estate loans were $4.9 billion (68.3%) of total loans. The Bank takes real estate, listed and unlisted securities, savings and time deposits, automobiles, machinery, equipment, inventory, accounts receivable and notes receivable secured by property as collateral for loans.
Most of the Bank's deposits are from individuals and business-related sources. No single person or group of persons provides a material portion of the Bank's deposits, the loss of any one or more of which would have a materially adverse effect on the business of the Bank, nor is a material portion of the Bank's loans concentrated within a single industry or group of related industries.
At December 31, 2025, we employed 1,148 persons. Full-time equivalent employees numbered 1,135. Additionally, we at times will utilize temporary personnel to supplement our workforce. None of our employees are presently represented by a union or covered under a collective bargaining agreement. Management believes that its employee relations are good.
Our employees are critical to our success and competition for qualified banking personnel has historically been intense; therefore, our corporate culture is an important element of our board of directors' oversight of risk. Senior management is responsible for embodying, maintaining, and communicating our culture to employees. In that regard, our culture is designed to promote our commitment to improving
the livelihood of our employees and guides us in making decisions throughout the Company. Our culture adheres to TriCo's values of trust, respect, integrity, communication and opportunity. We expect our people to treat each other and our customers with the highest level of honesty and respect and to do the right thing. We strive to be a force for good in everyday life. We dedicate resources to provide a safe and inclusive workplace; promoting diversity of thought and perspective, attracting and retaining diverse talent, and promoting our values by recognizing employees for both the results they deliver and how they achieve them. We offer professional growth opportunities through various training and development programs. We aim to engage our workforce through proactive listening, career conversations, performance discussions, and employee surveys.
We attract and retain employees by offering competitive compensation and benefit programs, considering the position's location and responsibilities. Our benefits include employer subsidized health insurance, wellness initiatives, employee assistance programs, tuition reimbursement, a 401(k) retirement plan and an employee stock ownership plan. In addition, we offer a portfolio of additional services and tools to support our employees' health and well-being.
We encourage our team members to share their talents in their communities through volunteer activities in education, economic development, human and health services, and community reinvestment. During 2025, our team members logged more than 10,100 volunteer hours, supporting more than 350 organizations, and approximately 4,500 of those hours were for the benefit of community development efforts to support programs and services to low- or moderate-income communities.
We strive to have a workforce that reflects the communities we serve and continue to promote diversity in leadership roles. We are dedicated to providing an inclusive, supportive, and discrimination-free workplace. We recognize employees based on their individual and departmental results, as well as overall Company results.
The banking business in California generally is highly competitive with respect to both loans and deposits. It is dominated by a relatively small number of national and regional banks with many offices operating over a wide geographic area, with the more metropolitan areas that we serve having a larger number of national and regional banks than the rest of our footprint. Among the advantages such major banks have over the Bank are their greater ability to finance investments in technology and marketing campaigns and to allocate their investment assets to regions of high yield and demand. By virtue of their greater total capitalization, such institutions also have substantially higher lending limits than the Bank.
In addition to competing with other banks, the Bank competes with savings institutions, credit unions, brokerage firms and the financial markets for funds. Yields on corporate and government debt securities and other commercial paper may be higher than on deposits, and therefore affect the ability of commercial banks to attract and hold deposits. We also compete for available funds with money market instruments and mutual funds. During periods of high or rising interest rates, money market funds have provided substantial competition to banks for deposits and they may continue to do so in the future. Mutual funds are also a major source of competition for savings dollars.
As the financial services industry becomes increasingly oriented toward technology-driven delivery systems, we face competition from banks and non-bank institutions without offices in our primary service area. We also increasingly compete with financial technology or "fintech" companies for loans and other financial services customers.
To compete effectively, the Bank relies substantially on local promotional activity, personal contacts by its officers, directors, employees and shareholders, extended hours, personalized service and its reputation in the communities it service.
General
The Company and the Bank are subject to extensive regulation under both federal and state law affecting most aspects of our operations. This regulation is intended primarily for the protection of customers, depositors, the FDIC deposit insurance fund and the banking system as a whole, and not for the protection of our shareholders. Set forth below is a summary description of the significant laws and regulations applicable to the Company and the Bank. The description is qualified in its entirety by reference to the applicable laws and regulations.
Regulatory Agencies
The Company is a legal entity separate and distinct from the Bank and its other subsidiaries. As a bank holding company, the Company is regulated under the BHC Act, and is subject to supervision, regulation and examination by the FRB. The Company is also under the jurisdiction of the SEC and is subject to the disclosure and regulatory requirements of the Securities Act of 1933 and the Securities Exchange Act of 1934, each administered by the SEC. The Company's common stock is listed on the Nasdaq Global Select Market ("Nasdaq") under the trading symbol "TCBK" and the Company is, therefore, subject to the rules of Nasdaq for listed companies.
The Bank is subject to regulation, supervision and periodic examination by the FDIC, which is the Bank's primary federal regulator and the DFPI.
The Dodd-Frank Wall Street Reform and Consumer Protection Act (the "Dodd-Frank Act") created the Consumer Financial Protection Bureau (the "CFPB") as an independent entity with broad rulemaking, supervisory and enforcement authority over consumer financial products and services. In addition, the CFPB is authorized to investigate consumer complaints and enforce rules related to consumer financial products and services. CFPB regulations and guidance apply to all financial institutions, including the Bank. Banks with $10 billion
or more in assets are subject to examination by the CFPB, while banks with less than $10 billion in assets, including the Bank, continue to be examined for compliance with federal consumer laws by their primary federal banking agency. At December 31, 2025, the Company had
$9.8 billion in total assets. See the Risk Factors section for a discussion of some of the risks the Bank will encounter when it exceeds $10 billion in assets as of a December 31 annual measurement date.
The Bank Holding Company Act
The Company is registered as a bank holding company under the BHC Act. In general, the BHC Act limits the business of bank holding companies to banking, managing or controlling banks and other activities that the FRB has determined to be so closely related to banking as to be a proper incident thereto. Qualified bank holding companies that elect to be financial holding companies may engage in any activity, or acquire and retain the shares of a company engaged in additional activities that are either (i) financial in nature or incidental to such financial activity or (ii) complementary to a financial activity, and do not pose a substantial risk to the safety and soundness of depository institutions or the financial system generally, as determined by the FRB. Activities that are financial in nature include securities underwriting and dealing, insurance underwriting and agency, and making merchant banking investments. The Company has not elected to become a financial holding company.
As a bank holding company, TriCo is required to file reports with the FRB and the FRB periodically examines the Company. A bank holding company is required by law to serve as a source of financial and managerial strength to its subsidiary bank and, under appropriate circumstances, to commit resources to support the subsidiary bank.
Bank Acquisitions
We are required to obtain prior FRB approval before acquiring more than 5% of the voting shares, or substantially all of the assets, of a bank holding company, bank or savings association. In addition, the prior approval of the FDIC and DFPI is required for a California chartered bank to merge with another bank or purchase the assets or assume the deposits of another bank. In determining whether to approve a proposed bank acquisition, bank regulators will consider, among other factors, the effect of the acquisition on competition, the public benefits expected to be received from the acquisition, capital adequacy and the acquiring institution's effectiveness in combating money laundering and its record of addressing the credit needs of the communities it serves, including the needs of low- and moderate-income neighborhoods under the Community Reinvestment Act of 1997, as amended ("CRA").
The standards by which mergers and acquisitions involving depository institutions or bank holding companies are evaluated by regulators continue to evolve. For example, the DOJ announced in September 2024 its withdrawal from the 1995 Bank Merger Guidelines to assess the competitive effects of bank merger transactions.
Safety and Soundness Standards
Under the Federal Deposit Insurance Corporation Improvement Act of 1991 ("FDICIA"), the federal bank regulatory agencies have established safety and soundness standards for insured depository institutions covering internal controls, information systems and internal audit systems; loan documentation; credit underwriting; interest rate exposure; asset growth; compensation (including executive compensation) fees and benefits; and asset quality, earnings and stock valuation.
If a federal bank regulatory agency determines that a depository institution fails to meet any standard established by the guidelines, the agency may require the institution to submit to the agency an acceptable plan to achieve compliance with the standard. The agencies may elect to initiate enforcement actions in certain cases rather than relying on a plan, particularly where an institution has failed to comply with an acceptable plan or where a failure to meet one or more of the standards could threaten the safe and sound operation of the institution.
In October 2025, the FDIC and Office of the Comptroller of the Currency ("OCC") issued a proposed rule that would define the term "unsafe or unsound practice" for purposes of their enforcement powers under the Federal Deposit Insurance Act. The proposed definition would focus on whether the practice is likely to materially harm, or already has materially harmed, the financial condition of an institution. The FRB has not issued a similar proposal.
Dividends, Distributions and Stock Repurchases
A California corporation such as TriCo may make a distribution to its shareholders to the extent that either the corporation's retained earnings meet or exceed the amount of the proposed distribution or the value of the corporation's assets exceed the amount of its liabilities plus the amount of shareholders preferences, if any, and certain other conditions are met. It is the FRB's policy that bank holding companies should generally pay dividends on common stock only out of income available over the past year, and only if prospective earnings retention is consistent with the organization's expected future needs and financial condition. In addition, a bank holding company's ability to pay dividends on its common stock may be limited if it fails to maintain an adequate capital conservation buffer under these capital rules. See "Regulatory Capital Requirements."
In certain circumstances, the Company's repurchases of its common stock may be subject to a prior approval or notice requirement under other regulations, policies or supervisory expectations of the FRB.
In August 2022, the Inflation Reduction Act of 2022 (the "IRA") was enacted. Among other things, the IRA imposes a new 1% excise tax on the fair market value of stock repurchased after December 31, 2022 by publicly traded U.S. corporations. With certain exceptions, the value of stock repurchased is determined net of stock issued in the year, including shares issued pursuant to compensatory arrangements.
The primary source of funds for payment of dividends by TriCo to its shareholders has been and will be the receipt of dividends. TriCo's ability to receive dividends from the Bank is limited by applicable state and federal law. Under the California Financial Code, funds available for cash dividend payments by a bank are restricted to the lesser of: (i) retained earnings or (ii) the bank's net income for its last three fiscal years (less any distributions to shareholders made during such period). However, with the prior approval of the Commissioner of the DFPI, a bank may pay cash dividends in an amount not to exceed the greatest of the: (1) retained earnings of the bank; (2) net income of the bank for its last fiscal year; or (3) net income of the bank for its current fiscal year. However, if the DFPI finds that the shareholders' equity of the bank is not adequate or that the payment of a dividend would be unsafe or unsound, the Commissioner may order the bank not to pay a dividend to shareholders.
In addition, the Bank's ability to pay dividends may be limited if the Bank fails to maintain an adequate capital conservation buffer. See "Regulatory Capital Requirements."
The FRB, FDIC and the DFPI have authority to prohibit a bank holding company or a bank from engaging in practices which are considered to be unsafe and unsound. Depending on the financial condition of TriCo and the Bank and other factors, our regulators could determine that payment of dividends or other payments or stock repurchases by TriCo or the Bank might constitute an unsafe or unsound practice.
The Community Reinvestment Act
The CRA requires the federal banking regulatory agencies to periodically assess a bank's record of helping meet the credit needs of its entire community, including low- and moderate-income neighborhoods. The CRA also requires the agencies to consider a financial institution's record of meeting its community credit when evaluating applications for, among other things, domestic branches and mergers or acquisitions. The federal banking agencies rate depository institutions' compliance with the CRA. The ratings range from a high of "outstanding" to a low of "substantial noncompliance." A less than "satisfactory" rating could result in the suspension of any growth of the Bank through acquisitions or opening de novo branches until the rating is improved.
In October 2023, the FRB, the FDIC, and the OCC issued a final rule amending the agencies' CRA regulations. In July 2025, the federal banking agencies issued a joint Notice of Proposed Rulemaking, which, if finalized, would rescind the 2023 final rule and reinstate the CRA framework that existed prior to the issuance of that rule. Implementation of the October 2023 final rule, which was subject to an injunction and has not taken effect, would have materially changed the CRA framework, including imposing additional costs and changing how CRA performance would be assessed.
Consumer Protection Laws and Supervision
The Bank is subject to many federal consumer protection statutes and regulations, some of which are discussed below.
The Equal Credit Opportunity Act generally prohibits discrimination in any credit transaction, whether for consumer or business purposes, on the basis of race, color, religion, national origin, sex, marital status, age (except in limited circumstances), receipt of income from public assistance programs, or good faith exercise of any rights under the Consumer Credit Protection Act.
The Truth-in-Lending Act is designed to ensure that credit terms are disclosed in a meaningful way so that consumers may compare credit terms more readily and knowledgeably.
The Fair Housing Act regulates many practices, including making it unlawful for any lender to discriminate in its housing-related lending activities against any person because of race, color, religion, national origin, sex, handicap or familial status.
The Home Mortgage Disclosure Act, which includes a "fair lending" aspect, requires the collection and disclosure of data about applicant and borrower characteristics as a way of identifying possible discriminatory lending patterns and enforcing anti-discrimination statutes.
The Real Estate Settlement Procedures Act requires lenders to provide borrowers with disclosures regarding the nature and cost of real estate settlements and prohibits certain abusive practices, such as kickbacks, and places limitations on the amount of escrow accounts.
The CFPB has broad rule making authority for a wide range of consumer financial laws that apply to all banks, including, among other things, laws relating to fair lending and the authority to prohibit "unfair, deceptive or abusive" acts and practices. The CFPB has promulgated many mortgage-related rules, including rules related to requirements for "qualified mortgages," standards by which lenders must satisfy themselves of a borrower's ability to repay a mortgage loan, mortgage servicing standards, disclosure requirements, loan originator compensation standards, high-cost mortgage requirements, HMDA requirements, and appraisal and escrow standards for higher priced mortgages. The mortgage-related rules issued by the CFPB have materially restructured the origination, servicing, and securitization of residential mortgages in the United States. The CFPB has also taken positions on fair lending, including applying the disparate impact theory in auto financing, which could make it harder for lenders, such as the Bank, to charge different rates or apply different terms to loans to different customers. The CFPB's rules and policies have impacted, and will continue to impact, the business practices of mortgage lenders, including the Bank.
On October 22, 2024, the CFPB finalized a new rule that requires a provider of payment accounts or products, such as a bank, to make data available to consumers upon request regarding the products or services they obtain from the provider. Any such data provider also has to make such data available to third parties, with the consumer's express authorization and through an interface that satisfies formatting, performance and security standards, for the purpose of such third parties providing the consumer with financial products or services requested by the consumer. Data required to be made available under the rule includes transaction information, account balance, account
and routing numbers, terms and conditions, upcoming bill information, and certain account verification data. The rule is intended to give consumers control over their financial data, including with whom it is shared, and encourage competition in the provision of consumer financial products or services. For banks with at least $10 billion and less than $250 billion in total assets, compliance with the rule's requirements is required beginning on April 1, 2027. However, the rule is the subject of litigation, which is currently stayed while the CFPB considers revisions to the rule and it is possible the rule will be substantially re-written or rescinded.
During 2025, the CFPB significantly reduced its staff. The reduction in force is the subject of litigation, and the staffing cuts are currently stayed pending the federal circuit court's rehearing of the case. The impact of these developments on banking organizations subject to CFPB regulation and supervision, including the Company in the event we exceed $10 billion in total assets, is uncertain. In addition, there is continued uncertainty about the CFPB's priorities under the current U.S. administration. For example, in February 2025, the Acting Director of the CFPB instructed agency staff to pause most activity, including supervision and enforcement. While it is presently unclear when and to what extent the CFPB will resume its activities, other governmental authorities, including state attorneys general or banking regulators, may seek to increase their regulation, supervision, and enforcement of providers of consumer financial products and services in response to changes at the CFPB. Moreover, changes at the CFPB may lead to federal legislative efforts to alter the framework for consumer financial services regulation.
We are also subject to certain state consumer protection laws and state attorneys general and other state officials are empowered to enforce certain federal consumer protection laws and regulations. State authorities have increased their focus on and enforcement of consumer protection rules. These federal and state consumer protection laws apply to a broad range of our activities and to various aspects of our business and include laws relating to interest rates, fair lending, disclosures of credit terms and estimated transaction costs to consumer borrowers, debt collection practices, the use of and the provision of information to consumer reporting agencies, and the prohibition of unfair, deceptive, or abusive acts or practices in connection with the offer, sale, or provision of consumer financial products and services.
Penalties for violations of the above laws may include fines, reimbursements, injunctive relief and other penalties. Failure to comply with consumer protection requirements may also result in our failure to obtain any required bank regulatory approval for merger or acquisition transactions we may wish to pursue or our prohibition from engaging in such transactions even if approval is not required.
Privacy and Data Protection
We are subject to a number of U.S. federal, state, local and foreign laws and regulations relating to consumer privacy and data protection. Under privacy protection provisions of the Gramm-Leach-Bliley Act of 1999 ("GLBA") and its implementing regulations and guidance, we are limited in our ability to disclose certain non-public information about consumers to non-affiliated third parties. Financial institutions, such as the Bank, are required by statute and regulation to notify consumers of their privacy policies and practices and, in some circumstances, allow consumers to prevent disclosure of certain personal information to a non-affiliated third party. In addition, such financial institutions must appropriately safeguard their customers' nonpublic, personal information.
Like other lenders, the Bank uses credit bureau data in their underwriting activities. Use of such data is regulated under the Fair Credit Reporting Act ("FCRA"), and the FCRA also regulates reporting information to credit bureaus, prescreening individuals for credit offers, sharing of information between affiliates, and using affiliate data for marketing purposes. Similar state laws may impose additional requirements on the Company and the Bank.
Data privacy and data protection are areas of increasing state legislative focus. For example, the California Consumer Privacy Act ("CCPA"), which became effective on January 1, 2020, applies to for-profit businesses that conduct business in California and meet certain revenue or data collection thresholds. The CCPA gives consumers the right to request disclosure of information collected about them, and whether that information has been sold or shared with others, the right to request deletion of personal information (subject to certain exceptions), the right to opt out of the sale of the consumer's personal information, and the right not to be discriminated against for exercising these rights. In addition, the California Privacy Rights Act ("CPRA"), which took effect on January 1, 2023, significantly modified the CCPA, including imposing additional obligations on covered companies and expanding California consumers' rights with respect to certain sensitive personal information. The CCPA and CPRA do not provide a blanket exemption for financial institutions, but instead contain a partial exemption for information collected by financial institutions where the information is itself subject to the GLBA (e.g., information about individuals who have obtained personal financial products from the institution). Such information is exempt from the privacy requirements of the CCPA, but, is not exempt from the private right of action conferred if a business fails to implement and maintain reasonable security to protect certain categories of information. In California, the CCPA, the CPRA, and their implementing regulations may be interpreted or applied in a manner inconsistent with our understanding.
State regulators have been increasingly active in implementing privacy and cybersecurity standards and regulations. Recently, several states have adopted regulations requiring certain financial institutions to implement cybersecurity programs and many states, including California, have recently implemented or modified their data breach notification, information security and data privacy requirements. We expect this trend of state-level activity in those areas to continue and are continually monitoring developments in the states in which our customers are located.
Cybersecurity
The federal banking regulators regularly issue new guidance and standards, and update existing guidance and standards, regarding cybersecurity intended to enhance cyber risk management among financial institutions. Financial institutions are expected to comply with
such guidance and standards and to accordingly develop appropriate security controls and risk management processes. If we fail to observe such regulatory guidance or standards, we could be subject to various regulatory sanctions, including financial penalties. In 2023, the SEC issued a final rule that requires disclosure of material cybersecurity incidents, as well as cybersecurity risk management, strategy and governance. Under this rule, SEC registrants must generally disclose information about a material cybersecurity incident within four business days of determining it is material with periodic updates as to the status of the incident in subsequent filings, as necessary.
Banking organizations are required to notify their primary banking regulator within 36 hours of determining that a "computer-security incident" has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, the banking organization's ability to carry out banking operations or deliver banking products and services to a material portion of its customer base, its businesses and operations that would result in material loss, or its operations that would impact the stability of the United States. Banks' service providers are required to notify any affected bank to or on behalf of which the service provider provides services "as soon as possible" after determining that it has experienced an incident that materially disrupts or degrades, or is reasonably likely to materially disrupt or degrade, covered services provided to such bank for as much as four hours.
Recent cyberattacks against banks and other financial institutions that resulted in unauthorized access to confidential customer information have prompted the federal banking regulators to issue guidance on cybersecurity. Among other things, financial institutions are expected to design multiple layers of security controls to establish lines of defense and ensure that their risk management processes address the risks posed by compromised customer credentials, including security measures to authenticate customers accessing internet-based services. A financial institution also should have a robust business continuity program to recover from a cyberattack and procedures for monitoring the security of third-party service providers that may have access to nonpublic data at the institution. Further, our service providers have obligations to safeguard their systems and sensitive information and we may be bound contractually and/or by regulation to comply with the same requirements. If the Company or its service providers fail to comply with applicable regulations and contractual requirements, we could be exposed to lawsuits, governmental proceedings or the imposition of fines, among other consequences.
Risks and exposures related to cybersecurity attacks, including litigation and enforcement risks, are expected to be elevated for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by us and our customers.
See "Item 1A. Risk Factors" for a further discussion of risks related to cybersecurity, including the Bank's cybersecurity incident in 2023, and "Item 1C. Cybersecurity" for a further discussion of risk management strategies and governance processes related to cybersecurity.
Regulatory Capital Requirements
The Company and the Bank are subject to the minimum capital requirements of the FRB and FDIC, respectively. Capital requirements may have an effect on the Company's and the Bank's profitability and ability to pay dividends. If the Company or the Bank lacks adequate capital to increase its assets without violating the minimum capital requirements or if it is forced to reduce the level of its assets in order to satisfy regulatory capital requirements, its ability to generate earnings would be reduced.
We are subject to the capital framework for U.S. banking organizations known as Basel III. Basel III defines several measures of capital and establishes capital ratios based on a banking organization's levels of capital relative to risk-weighted assets. The risk-weighting of the asset depends on the nature of the asset but generally ranges from 0% for U.S. government and agency securities, to 1,250% for certain trading securitization exposures, resulting in higher risk weights for a variety of asset classes than previous regulations.
Under Basel III, the Company (on a consolidated basis) and the Bank are each subject to the following minimum capital ratios: (1) common equity Tier 1 capital or "CET1" to risk-weighted assets of 4.5%; (2) Tier 1 capital (that is, CET1 plus Additional Tier 1 capital) to risk-weighted assets of 6.0%; (3) Total capital (that is, Tier 1 capital plus Tier 2 capital) to risk-weighted assets of 8%; and (4) a leverage ratio (Tier 1 capital to average consolidated assets as reported on regulatory financial statements) of 4.0%. The Basel III capital framework includes a "capital conservation buffer" of 2.5%, composed entirely of CET1, on top of the minimum risk-weighted asset ratios. Banking institutions that fail to maintain a full capital conservation buffer face constraints on dividends, equity repurchases and discretionary executive compensation based on the amount of the shortfall and the institution's "eligible retained income" (that is, trailing net income for four quarters, net of distributions and tax effects not reflected in net income). The 2.5% capital conservation buffer effectively results in minimum ratios of (i) CET1 to risk-weighted assets of at least 7%, (ii) Tier 1 capital to risk-weighted assets of at least 8.5%, and (iii) total capital to risk-weighted assets of at least 10.5%.
We believe that we were in compliance with the requirements of the Basel III capital rules applicable to us as of December 31, 2025. For a discussion of the regulatory capital requirements, see "Note 26 - Regulatory Matters" to the consolidated financial statements at Part II, Item 8 of this report.
Prompt Corrective Action
Prompt Corrective Action regulations of the federal bank regulatory agencies establish five capital categories in descending order based on an institution's regulatory capital ratios: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. Under the Prompt Corrective Action framework, insured depository institutions are required to meet the following minimum capital level requirements in order to qualify as "well capitalized:" (i) a common equity Tier 1 capital ratio of 6.5%; (ii) a Tier 1 capital ratio of 8%; (iii) a total capital ratio of 10%; and (iv) a Tier 1 leverage ratio of 5%. An institution may be downgraded to, or deemed to be in, a capital category that is lower than indicated by its capital ratios if it is determined to be in an unsafe or unsound condition or if it receives an unsatisfactory examination rating with respect to certain matters. Institutions classified in one of the three undercapitalized categories are
subject to certain mandatory and discretionary supervisory actions, which include increased monitoring and review, implementation of capital restoration plans, asset growth restrictions, limitations upon expansion and new business activities, requirements to augment capital, restrictions upon deposit gathering and interest rates, replacement of senior executive officers and directors, and requiring divestiture or sale of the institution. The Bank's capital levels have exceeded the minimums necessary to be considered well capitalized under the current regulatory framework for prompt corrective action since adoption.
Deposit Insurance
Deposit accounts in the Bank are insured by the FDIC, generally up to a maximum of $250,000 per separately insured depositor. The Bank pays deposit insurance assessments as determined by the FDIC. The assessment rate for an institution with less than $10.0 billion in assets, such as the Bank, is based on its risk category, with certain adjustments for any unsecured debt or brokered deposits held by the bank. The assessment base against which the assessment rate is applied to determine the total assessment due for a given period is the depository institution's average total consolidated assets during the assessment period less average tangible equity during that assessment period. Institutions assigned to higher risk categories (that is, institutions that pose a higher risk of loss to the FDIC's deposit insurance fund (the "DIF")) pay assessments at higher rates than institutions that pose a lower risk. An institution's risk classification is assigned based on a combination of its financial ratios and supervisory ratings, reflecting, among other things, its capital levels and the level of supervisory concern that the institution poses to the regulators. Deposit insurance assessments are also affected by the minimum reserve ratio with respect to the DIF. The Dodd-Frank Act increased the DIF's minimum reserve ratio to 1.35% of the estimated amount of total insured deposits. In addition, the FDIC can impose special assessments in certain instances.
In November 2023, the FDIC issued a final rule to implement a special assessment to recover losses to the DIF incurred as a result of bank failures earlier that year and the FDIC's use of the systemic risk exception to cover certain deposits that were otherwise uninsured. The special assessment was based on estimated uninsured deposits as of December 31, 2022 (excluding the first $5.0 billion of deposits at an institution) and was assessed at a quarterly rate of 3.36 basis points over eight quarterly assessment periods, beginning in the first quarter of 2024. In December 2025, the FDIC reduced the rate at which the assessment is collected for the eighth quarter of the collection period, with an invoice payment date of March 30, 2026, from 3.36 basis points to 2.97 basis points. The Bank's uninsured deposits were below the threshold and therefore is not required to pay the special assessment. This updated assessment was made under the FDIC's final rule whereby the estimated loss pursuant to the systemic risk determination can be periodically adjusted. The FDIC has also retained the ability to cease collection early, extend the special assessment collection period and impose a final shortfall special assessment. The special assessments are tax deductible. The extent to which any such additional future assessments will impact our future deposit insurance expense is currently uncertain.
The Bank is generally unable to control the amount of premiums that it is required to pay for FDIC insurance or the amount of credit, if any, that it may be allowed to offset such assessments. If there are additional bank or financial institution failures or if the FDIC otherwise determines, the Bank may be required to pay even higher FDIC premiums than the recently increased levels. Increases in FDIC insurance premiums may have a material and adverse effect on the Company's earnings and could have a material adverse effect on the value of, or market for, the Company's common stock.
The FDIC may terminate a depository institution's deposit insurance upon a finding that the institution's financial condition is unsafe or unsound or that the institution has engaged in unsafe or unsound practices that pose a risk to the DIF or that may prejudice the interest of the bank's depositors. The termination of deposit insurance for the Bank would also result in the revocation of the Bank's charter by the DFPI.
Depositor Preference
The FDIA provides that, in the event of the "liquidation or other resolution" of an insured depository institution, the claims of depositors of the institution, including the claims of the FDIC as subrogee of insured depositors and certain claims for administrative expenses of the FDIC as a receiver, will have priority over other general unsecured claims against the institution. If an insured depository institution fails, insured and uninsured depositors, along with the FDIC, will have priority in payment ahead of unsecured, non-deposit creditors, including depositors whose deposits are payable only outside of the United States and the parent bank holding company, with respect to any extensions of credit they have made to such insured depository institution.
Commercial Real Estate Concentrations
Under guidance issued by the federal banking regulators, a financial institution is considered to have a significant commercial real estate ("CRE") concentration risk, and will be subject to enhanced supervisory expectations to manage that risk, if (i) total reported loans for construction, land development and other land ("C&D") represent 100% or more of the institution's total capital or (ii) total CRE loans represent 300% or more of the institution's total capital and the outstanding balance of the institution's CRE loan portfolio has increased by 50% or more during the prior 36 months.
As of December 31, 2025, our C&D concentration as a percentage of capital totaled 21.5% and our CRE concentration, net of owner-occupied loans, as a percentage of capital totaled 188.6%
Bank Secrecy Act / Anti-Money Laundering
The Bank Secrecy Act of 1970 and the USA Patriot Act of 2001 require financial institutions to develop policies, procedures, and practices to prevent and deter money laundering ("BSA/AML"), and mandate that every bank have a written, board-approved program that is reasonably
designed to assure and monitor compliance with the BSA/AML laws. The program must, at a minimum: (1) provide for a system of internal controls to assure ongoing compliance; (2) provide for independent testing for compliance; (3) designate an individual responsible for coordinating and monitoring day-to-day compliance; and (4) provide training for appropriate personnel. In addition, banks are required to adopt a customer identification program, performing ongoing customer due diligence to understand the nature and purpose of customer relationships for the purpose of developing customer risk profiles and filing reports regarding known or suspected violations of federal law or suspicious transactions.
On December 3, 2019, three federal banking agencies and the Financial Crimes Enforcement Network ("FinCEN") issued a joint statement clarifying the compliance procedures and reporting requirements that banks must file for customers engaged in the growth or cultivation of hemp, including a clear statement that banks need not file a SAR on customers engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations. This statement does not apply to cannabis-related business; thus, the statement only pertains to customers who are lawfully growing or cultivating hemp and are not otherwise engaged in unlawful or suspicious activity. On September 24, 2024, the California Governor announced emergency regulations to protect children and teens from the adverse effects of dangerous intoxicating hemp products are now in effect. Retailers must cease selling any industrial hemp food, beverage or dietary product intended for human consumption if there is any detectable THC or other intoxicating cannabinoids per serving. We are evaluating the impact of these regulations on our compliance operations.
Failure to comply with these requirements could have serious financial, legal and reputational consequences, including causing applicable bank regulatory authorities not to approve merger or acquisition transactions when regulatory approval is required or to prohibit such transactions even if approval is not required.
Office of Foreign Assets Control Regulation
The U.S. Treasury Department's Office of Foreign Assets Control, or OFAC, administers and enforces economic and trade sanctions against targeted foreign countries and regimes, under authority of various laws, including designated foreign countries, nationals and others. OFAC publishes lists of specially designated targets and countries. We are responsible for, among other things, blocking accounts of, and transactions with, such targets and countries, prohibiting unlicensed trade and financial transactions with them and reporting blocked transactions after their occurrence.
Transactions with Affiliates
Banks are also subject to certain restrictions imposed by the Federal Reserve Act on extensions of credit to executive officers, directors, principal shareholders (including the Company) or any related interest of such persons. Regulation O requires that such extensions of credit must be made on substantially the same terms, including interest rates and collateral as, and follow credit underwriting procedures that are not less stringent than, those prevailing at the time for comparable transactions with persons not affiliated with the bank, and must not involve more than the normal risk of repayment or present other unfavorable features. Banks are also subject to certain lending limits and restrictions on overdrafts to such persons. Regulation W requires that certain transactions between the Bank and its affiliates, including its holding company, be on terms substantially the same, or at least as favorable to the Bank, as those prevailing at the time for comparable transactions with or involving non-affiliated companies or, in the absence of comparable transactions, on terms and under circumstances, including credit standards, that in good faith would be offered to or would apply to non-affiliated companies.
Source of Strength Doctrine
Federal Reserve Board policy and federal law require bank holding companies to act as a source of financial and managerial strength to their subsidiary banks. Under this requirement, the Company is expected to commit resources to support the Bank, including at times when the Company may not be in a financial position to provide such resources. Any capital loans by a bank holding company to any of its subsidiary banks are subordinate in right of payment to depositors and to certain other indebtedness of such subsidiary banks. In the event of a bank holding company's bankruptcy, any commitment by the bank holding company to a federal bank regulatory agency to maintain the capital of a subsidiary bank will be assumed by the bankruptcy trustee and entitled to priority of payment.
Interchange Fees
Under the Durbin Amendment, adopted as part of the Dodd-Frank Act, the FRB adopted rules establishing standards for assessing whether the interchange fees that may be charged with respect to certain electronic debit transactions are "reasonable and proportional" to the costs incurred by issuers for processing such transactions.
Interchange fees, or "swipe" fees, are charges that merchants pay to us and other card-issuing banks for processing electronic payment transactions. FRB rules applicable to financial institutions that have assets of $10 billion or more provide that the maximum permissible interchange fee for an electronic debit transaction is the sum of 21 cents per transaction and 5 basis points multiplied by the value of the transaction. An upward adjustment of no more than 1 cent to an issuer's debit card interchange fee is allowed if the card issuer develops and implements policies and procedures reasonably designed to achieve certain fraud-prevention standards. In October 2023, the Federal Reserve issued a proposed rule under which the maximum permissible interchange fee for an electronic debit transaction would be the sum of 14.4 cents per transaction and 4 basis points multiplied by the value of the transaction. Furthermore, the fraud-prevention adjustment would increase from a maximum of 1 cent to 1.3 cents per debit card transaction. The proposal would adopt an approach for future adjustments to the interchange fee cap, which would occur every other year based on issuer cost data gathered by the FRB from large debit card issuers. The Bank is currently not subject to these restrictions or those proposed, however if our assets exceed $10 billion or more at December 31, 2026, these rules, if adopted, would be applicable to the Bank in July 2027. The extent to which any such proposed changes in permissible interchange fees will impact our future revenues is currently uncertain.
Effective July 1, 2023, debit card issuers are required to enable all debit card transactions, including card-not-present transactions such as online payments, to be processed on at least two unaffiliated payment card networks.
Incentive Compensation Policies and Restrictions
In July 2010, the federal banking agencies issued guidance on sound incentive compensation policies that applies to all banking organizations supervised by the agencies (thereby including both the Company and the Bank). Pursuant to the guidance, to be consistent with safety and soundness principles, a banking organization's incentive compensation arrangements should: (1) provide employees with incentives that appropriately balance risk and reward; (2) be compatible with effective controls and risk management; and (3) be supported by strong corporate governance including active and effective oversight by the banking organization's board of directors. Monitoring methods and processes used by a banking organization should be commensurate with the size and complexity of the organization and its use of incentive compensation.
The Dodd-Frank Act requires the federal banking agencies and the SEC to establish joint regulations or guidelines for specified regulated entities having at least $1 billion in total assets, such as us, to prohibit incentive-based payment arrangements that encourage inappropriate risk taking by providing an executive officer, employee, director or principal shareholder with excessive compensation, fees, or benefits or that could lead to material financial loss to the entity. In addition, these regulators must establish regulations or guidelines requiring enhanced disclosure to regulators of incentive-based compensation arrangements. The agencies have not yet finalized these rules and the current administration has indicated its intention to abandon any reproposal.
Pursuant to the Dodd-Frank Act, in 2023, effective October 2, 2023, the Nasdaq Stock Market adopted a rule requiring listed companies to adopt policies to recover or "clawback" excess incentive-based compensation earned by a current or former executive officer during the three fiscal years preceding the date the listed company is required to prepare an accounting restatement, including to correct an error that would result in a material misstatement if the error were corrected in the current period or left uncorrected in the current period. We adopted a compensation clawback policy pursuant to the listing standards that is included as Exhibit 97.1 to this report.
The scope and content of the U.S. banking regulators' policies on executive compensation may continue to evolve in the near future. It cannot be determined at this time whether compliance with such policies will adversely affect the Company's ability to hire, retain and motivate its key employees.
Climate-Related and Other ESG Developments
In recent years, federal, state and international lawmakers and regulators have increased their focus on financial institutions' and other companies' risk oversight, disclosures and practices in connection with climate change and other environmental, social and governance ("ESG") matters. In addition, several states, including California, have enacted or proposed statutes or regulations addressing climate change and other ESG issues, while other states have enacted or proposed "anti-ESG" statutes or regulations. Conversely, President Trump has issued a number of executive orders in 2025 that specifically target federal climate and ESG initiatives and the federal executive branch's retreat from ESG regulatory expectations. It is uncertain how these conflicting positions will impact our business.
On March 6, 2024, the SEC adopted rules creating a detailed and extensive special disclosure regime about climate risks for issuing and reporting companies. Various states and private parties have challenged the rules.The litigation was consolidated in the U.S. Eighth Circuit Court of Appeals, and the SEC previously stayed effectiveness of the rules pending completion of that litigation. Furthermore, the SEC notified the court that the SEC would cease its involvement in the defense of the rule, leaving it uncertain as to whether it will become effective.
In California, the Climate Corporate Data and Accountability Act ("CCDAA") requires both public and private U.S. businesses with revenues greater than $1 billion doing business in California to report their greenhouse gas emissions including scopes 1, 2, and 3 beginning in 2026 (for 2025 data) and also requires reporting companies to get third-party assurance of their reports. The Climate-Related Financial Risk Act (SB 261) mandates U.S. businesses with annual revenues over $500 million doing business in California to bi-annually disclose climate-related financial risks and their mitigation strategies beginning January 1, 2026. However, on November 18, 2025, the United States Court of Appeals for the Ninth Circuit granted an injunction halting enforcement of SB 261, pending resolution of a constitutional challenge. On January 9, 2026, a three-judge panel for the Ninth Circuit heard oral arguments relating to the challenges of SB 253 and SB 261. As of the date of this document, the panel did not issue a decision during the hearing. If the injunction is lifted, the Company could be subject to compliance with SB 261.
Disclosure requirements imposed by different regulators may not always be uniform, which may result in increased complexity, and cost, for compliance. Additionally, many of our suppliers and business partners may be subject to similar requirements, which may augment or create additional risks, including risks that may not be known to us.
As the Company continues to grow and expand the scope of our operations, our regulators generally will expect us to enhance our internal control programs and processes, including with respect to risk management and stress testing under a variety of adverse scenarios and related capital planning. In the event the federal banking agencies were to expand the scope of coverage of the new climate risk guidelines to institutions of our size or promulgate new regulations or supervisory guidance applicable to the Company, we would expect to experience increased compliance costs and other compliance-related risks.
Impact of Monetary Policies
Banking is a business that depends on interest rate differentials. In general, the difference between the interest paid by a bank on its deposits and other borrowings, and the interest rate earned by banks on loans, securities and other interest-earning assets, comprises the major source of banks' earnings. Thus, the earnings and growth of banks are subject to the influence of economic conditions generally, both domestic and foreign, and also to the monetary and fiscal policies of the United States and its agencies, particularly the FRB. The FRB implements national monetary policy, such as seeking to curb inflation and combat recession, by its open-market dealings in United States government securities, by adjusting the required level of reserves for financial institutions subject to reserve requirements and through adjustments to the discount rate applicable to borrowings by banks which are members of the FRB. The actions of the FRB in these areas influence the growth of bank loans, investments and deposits, and also affect interest rates. The nature and timing of any future changes in such policies and their impact on the Company cannot be predicted. In addition, adverse economic conditions could make a higher provision for loan losses a prudent course and could cause higher loan loss charge-offs, thus adversely affecting the Company's net earnings.
Future Legislation and Regulation
Congress may enact legislation from time to time that affects the regulation of the financial services industry, and state legislatures may enact legislation from time to time affecting the regulation of financial institutions chartered by or operating in those states. Federal and state regulatory agencies also periodically propose and adopt changes to their regulations or change the way existing regulations are applied.
The substance or impact of pending or future legislation or regulation, or the application thereof, cannot be predicted, although any change could impact the regulatory structure under which we or our competitors operate and may significantly increase costs, impede the efficiency of internal business processes, require an increase in regulatory capital, require modifications to our business strategy, and limit our ability to pursue business opportunities in an efficient manner. It could also affect our competitors differently than us, including in a manner that would make them more competitive. A change in statutes, regulations or regulatory policies applicable to us could have a material, adverse effect on our business, financial condition and results of operations.
President Trump has issued many executive orders that could impact our operations. For example, in August 2025, President Trump signed Executive Order 14331, "Guaranteeing Fair Banking Access for All Americans," which states that it is the policy of the United States that no American should be denied access to financial services because of their constitutionally or statutorily protected beliefs, affiliations, or political views. The Executive Order directs the Treasury Secretary and federal banking regulators to address politicized or unlawful debanking activities. We are evaluating this order and others to determine if any would have material impact on our financial condition or results of operations.
An investment in our securities is subject to certain risks. In addition to the other information in this report, investors should carefully consider the following discussion of significant risks and uncertainties before making investment decisions about our securities. The events and consequences discussed in these risk factors could, in circumstances we may or may not be able to accurately predict, recognize, or control, have a material adverse effect on our business, growth, reputation, prospects, financial condition, operating results (including components of our financial results) liquidity, and stock price. Any of these risk factors could cause our actual results to differ materially from our historical results or the results contemplated by the forward-looking statements contained in this report. These risk factors do not identify all risks that we face; our operations could also be affected by factors, events, or uncertainties that are not presently known to us or that we currently do not consider to present significant risks to our operations.
The majority of our assets are loans, which are subject to credit risks.
As a lender, we face a significant risk that we will sustain losses because borrowers, guarantors or related parties may fail to perform in accordance with the terms of the loans we make or acquire. Our earnings are significantly affected by our ability to properly originate, underwrite and service loans. Certain of our credit exposures are concentrated in industries that may be more susceptible to the long-term risks of climate change, natural disasters or global pandemics. To the extent that these risks may have a negative impact on the financial condition of borrowers, it could also have a material adverse effect on our business, financial condition and results of operations. We have underwriting and credit monitoring procedures and credit policies, including the establishment and review of the allowance for credit losses, that we believe appropriately address this risk by assessing the likelihood of nonperformance, tracking loan performance and diversifying our respective loan portfolios. Such policies and procedures, however, may not prevent unexpected losses that could adversely affect our results of operations. We could sustain losses if we incorrectly assess the creditworthiness of our borrowers or fail to detect or respond to deterioration in asset quality in a timely manner or as a result of deteriorating economic conditions, for example.
Our allowance for credit losses may not be adequate to cover actual losses.
Like other financial institutions, we maintain an allowance for credit losses to provide for loan defaults and non-performance. Our allowance for credit losses may not be adequate to cover actual loan losses, and future provisions for loan losses would reduce our earnings and could materially and adversely affect our business, financial condition and results of operations. Our allowance for credit losses is based on prior experience, as well as an evaluation of the known risks in the current portfolio, composition and growth of the loan portfolio and actual and forecast economic factors. Determining an appropriate level of allowance is an inherently difficult process and is based on numerous
assumptions. The actual amount of future losses is susceptible to changes in economic, operating and other conditions, including changes in interest rates, unemployment and a number of other economic conditions that may be beyond our control and these losses may exceed current estimates. Effective January 1, 2020, we implemented a new accounting standard, "Measurement of Credit Losses on Financial Instruments," commonly referred to as the "Current Expected Credit Losses" standard, or "CECL." CECL changed the allowance for credit losses methodology from an incurred loss concept to an expected loss concept, which is more dependent on future economic forecasts, assumptions and models than previous methodology, which could result in increases and add volatility to our allowance for credit losses and future provisions for loan losses. These forecasts, assumptions and models are inherently uncertain and are based upon our management's reasonable judgment in light of information currently available.
In addition to periodic reviews completed by management and independent third parties retained by us, Federal and state bank regulatory agencies, as an integral part of their examination process, review our loans and allowance for credit losses. While we believe that our allowance for credit losses is adequate to cover estimated future losses, we cannot assure you that we will not increase the allowance for credit losses further or that the allowance will be adequate to absorb credit losses we actually incur. Credit losses in excess of our allowance or addition provisions to our allowance would reduce our net income and capital, potentially materially.
Our business may be adversely affected by business conditions in California.
We conduct most of our business in California. As a result of this geographic concentration, our financial results may be impacted by economic conditions in California. Deterioration in the economic conditions in California could result in the following consequences, any of which could have a material adverse effect on our business, financial condition, results of operations and cash flows:
problem assets and foreclosures may increase,
demand for our products and services may decline,
low cost or non-interest-bearing deposits may continue to decrease, and
collateral for loans made by us, especially real estate, may experience a decline in value and/or cash flows, in turn reducing customers' borrowing or repayment ability, and reducing the value of assets and collateral associated with our existing loans.
In view of the concentration of our operations and the collateral securing our loan portfolio in California, we may be particularly susceptible to the adverse effects of any of these consequences, any of which could have a material adverse effect on our business, financial condition, results of operations and cash flows.
Severe weather, natural disasters and other external events could adversely affect our business.
Our operations and our customer base are primarily located in California where natural and other disasters may occur. California is vulnerable to natural disasters and other risks, such as earthquakes, fires, droughts and floods, the nature and severity of which may be impacted by climate change. These types of natural catastrophic events have at times disrupted the local economies, our business and customers in these regions. Such events could also affect the stability of our deposit base, impact real estate values, impair the ability of borrowers to obtain adequate insurance or repay outstanding loans, impair the value of collateral securing loans and cause significant property damage, result in losses of revenue and/or cause us to incur additional expenses. In addition, catastrophic events occurring in other regions of the world may have an impact on our customers and in turn, on us. Our business continuity and disaster recovery plans may not be successful upon the occurrence of one of these scenarios, and a significant catastrophic event anywhere in the world could materially adversely affect our operating results.
A significant majority of the loans in our portfolio are secured by California real estate and a decline in real estate values could hurt our business.
A downturn in real estate values in the markets which we conduct our business in California could hurt our business because most of our loans are secured by real estate. Real estate values and real estate markets are generally affected by changes in national, regional or local economic conditions, fluctuations in interest rates and the availability of loans to potential purchasers, changes in tax laws and other governmental statutes, regulations and policies. As real estate prices decline, the value of real estate collateral securing our loans is reduced. As a result, our ability to recover on defaulted loans by foreclosing and selling the real estate collateral could then be diminished and we would be more likely to suffer losses on defaulted loans. As of December 31, 2025, approximately 92.8% of the book value of our loan portfolio consisted of loans collateralized by various types of real estate. Substantially all of our real estate collateral is located in California; therefore, if there is a significant adverse decline in real estate values in California, the collateral for our loans will provide less security. Any such decline could have a material adverse effect on our business, financial condition and results of operations.
We have significant exposure to risks associated with commercial real estate lending.
A substantial portion of our loan portfolio consists of commercial real estate loans. As of December 31, 2025, we had approximately $4.6 billion of commercial real estate loans outstanding, which represented approximately 67.6% of our total loan portfolio. Consequently, commercial real estate-related credit risks are a significant concern for us. Commercial real estate loans are generally viewed as having more risk of default than some other types of loans because repayment of the loans often depends on the successful operation of the property and the income stream of the borrowers. In addition, these loans often involve larger loan balances to single borrowers or groups of related borrowers compared with other types of loans. In recent years, commercial real estate markets have been particularly impacted by the economic disruption resulting from the COVID-19 pandemic, which has been a catalyst for the evolution of various remote work options which could impact the vacancy rates and the long-term vacancy performance of some types of office properties within our commercial real estate portfolio. Accordingly, the federal banking regulatory agencies have expressed concerns about weaknesses in the current commercial
real estate market. The adverse consequences from real estate-related credit risks tend to be cyclical and are often driven by national economic developments that are not controllable or entirely foreseeable by us or our borrowers.
We are exposed to the risk of environmental liabilities with respect to properties to which we take title.
In the course of our business, we foreclose and take title to real estate. As a result, we could be subject to environmental liabilities with respect to these properties. We may be held liable to a governmental entity or to third parties for property damage, personal injury, investigation and clean-up costs incurred by these parties in connection with environmental contamination, or may be required to investigate or clean-up hazardous or toxic substances, or chemical releases at a property. The costs associated with investigation or remediation activities could be substantial. In addition, if we are the owner or former owner of a contaminated site, we may be subject to common law or contractual claims by third parties (including purchasers of a property) based on damages and costs resulting from environmental contamination emanating from the property. When applicable, we establish contingent liability reserves for this purpose based on future reasonable and estimable costs developed by qualified soil and chemical engineering consultants. If we become subject to significant environmental liabilities or if our contingency reserve estimates are incorrect, our business, financial condition and results of operations could be materially adversely affected.
We face strong competition from financial services companies and other companies that offer similar services, which could materially and adversely affect our business.
Competition in the banking and financial services industry is intense. Our profitability depends upon our continued ability to successfully compete. We primarily compete in California for loans, deposits and customers with commercial banks, savings and loan associations, credit unions, finance companies, mutual funds, insurance companies, brokerage firms and Internet-based marketplace lending platforms. Our competitors include major financial companies whose greater resources may afford them a marketplace advantage by enabling them to maintain numerous locations and mount extensive promotional and advertising campaigns. Additionally, banks and other financial institutions with larger capitalization and financial intermediaries that are not subject to bank regulatory restrictions may have larger lending limits which would allow them to serve the credit needs of larger customers. Areas of competition include interest rates for loans and deposits, efforts to obtain loan and deposit customers and a range in quality of products and services provided, including new technology-driven products and services. Technological innovation continues to contribute to greater competition in domestic and international financial services markets as technological advances enable more companies, such as Internet-based marketplace lenders, financial technology (or "fintech") companies that rely on technology to provide financial services, often without many of the regulatory and capital restrictions that we face. We also face competition from out-of-state financial intermediaries that have opened loan production offices or that solicit deposits in our market areas. If we are unable to attract and retain banking customers, we may be unable to continue our loan growth and level of deposits and our business, financial condition and results of operations be adversely affected.
Additionally, consumers can maintain funds that would have historically been held as bank deposits in brokerage accounts or mutual funds. Consumers can also complete transactions such as paying bills and/or transferring funds directly without the assistance of banks. The growing experimentation with and adoption of advanced technologies-such as AI, quantum computing, distributed ledgers, tokenized deposits, blockchain, stablecoins, and other digital currencies, including the potential issuance, acceptance, and integration of central bank digital currencies-has the potential to fundamentally reshape the financial services landscape. Regulatory developments related to these emerging technologies, including the recent enactment of the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 ("GENIUS Act") and the potential passage of the Digital Asset Market Clarity Act of 2025 ("CLARITY Act"), further underscore this shift. This the emergence, adoption and evolution of new technologies that do not require intermediation, as well as advances in robotic process automation, could significantly affect the competition for financial services. The process of eliminating banks as intermediaries, known as "disintermediation," could result in the loss of fee income, as well as the loss of customer deposits and the related income generated from those deposits. Failure to keep pace with technological advancements could adversely affect our competitive position, diminish customer satisfaction, and reduce the accessibility and relevance of our products and services.
Our ability to compete successfully depends on a number of factors, including, among other things, (i) the ability to develop, maintain and build long-term customer relationships based on top quality service, high ethical standards and safe, sound assets; (ii) the ability to expand within our marketplace and with our market position; (iii) the scope, relevance and pricing of products and services offered to meet customer needs and demands; (iv) the rate at which we introduce new products and services relative to our competitors; (v) customer satisfaction with our level of service; and (vi) industry and general economic trends. Failure to perform in any of these areas could significantly weaken our competitive position, which could adversely affect our growth and profitability, which, in turn, could have a material adverse effect on our business, financial condition and results of operations.
Challenges experienced by other financial institutions could negatively impact the broader financial markets and, in turn, indirectly have an adverse effect on our operations.
The soundness and stability of many financial institutions are often closely interconnected through various credit, trading, clearing, or other operational relationships. As a result, concerns regarding-or an actual or threatened default by-any single institution could lead to widespread liquidity and credit problems, losses, or defaults across the broader financial system. This phenomenon, commonly referred to as "systemic risk," may adversely affect financial intermediaries such as clearing agencies, clearing houses, banks, securities firms, and exchanges with which we regularly engage, and may therefore negatively impact our operations.
Events in the financial services industry during 2023 illustrated this dynamic. A number of regional and community banks experienced deposit outflows and heightened liquidity pressures, which in turn contributed to broad market concerns about the financial condition and creditworthiness of other institutions. Although we were not directly affected by these bank failures, the resulting speed and ease in which
news or rumors, including social media commentary, led depositors to withdraw or attempt to withdraw their funds from these and other financial institutions caused the stock prices of many financial institutions to become volatile, in particular regional, as well as community banks like us. Notably, the Company's share price decreased by 17% during the month of March 2023, consistent with other community banking organizations. These developments resulted in-and similar occurrences may again result in-significant and cascading disruptions across financial markets and the deposit environment, increased operating costs, reduced fee income, and increased volatility and downward pressure on the market value of our common stock.
We may need to raise additional capital, but it may not be available on acceptable terms or at all.
We are required by federal and state regulators to maintain adequate levels of capital. We may need to raise additional capital in the future to meet regulatory or other internal requirements. Our ability to raise additional capital, if needed, will depend on, among other things, conditions in the capital markets at that time, which are outside of our control, and our financial performance.
We cannot provide any assurance that access to such capital will be available to us on acceptable terms or at all. An event that may limit our access to the capital markets, such as a decline in the confidence of investors or counter-parties participating in the capital markets, may materially and adversely affect our capital costs and our ability to raise capital and, in turn, our liquidity. Further, if we need to raise capital in the future, we may have to do so when many other financial institutions are also seeking to raise capital and we would then have to compete with those institutions for investors. The inability to raise additional capital on acceptable terms when needed could have a materially adverse effect on our business, financial condition, or results of operations.
Adverse changes in economic or market conditions, including health-related events, may hurt our businesses.
Our success depends, to a certain extent, upon local, national and global economic and political conditions, as well as governmental monetary policies. Conditions such as an economic recession, pandemics, rising unemployment, adverse immigration policies impacting the labor market (notably agriculture), inflation, changes in interest rates, declines in asset values and other factors beyond our control may adversely affect our asset quality, deposit levels and our net income. Adverse changes in the economy may also have a negative effect on the demand for new loans and the ability of our existing borrowers to make timely repayments of their loans, which could adversely impact our growth and earnings. Economic and market conditions may also be affected by political developments in the U.S. and other countries and global conflicts, such the conflicts in Ukraine and the Middle East. Uncertainty about the federal fiscal policymaking process, the fiscal outlook of the federal government, prolonged government shutdowns, and future tax rates is a concern for businesses, consumers and investors in the United States. If these conditions continue for a prolonged period or result in sustained economic stress or recession, many of the risk factors identified in our Form 10-K could be exacerbated and such effects could have a material adverse impact on us in a number of ways related to credit, collateral, customer demand, funding, operations, interest rate risk, and human capital, as described in this document.
If the United States economy weakens or does not improve, our growth and profitability from our lending, deposit and investment operations could be constrained. Any of these potential outcomes could cause us to suffer losses in our investment securities portfolio, reduce our liquidity and capital levels, hamper our ability to deliver products and services to our clients and customers, and weaken our results of operations and financial condition.
Our business is subject to interest rate risk and variations in interest rates may negatively affect our financial performance.
Our profitability is dependent to a large extent on our net interest income, which is the difference between interest income we earn as a result of interest paid to us on loans and investments and interest we pay to third-parties such as our depositors and those from which we borrow funds. Like most financial institutions, we are highly sensitive to many factors that are beyond our control, including general economic conditions and policies of various governmental and regulatory agencies and, in particular, the Federal Reserve Board. Changes in monetary policy, including changes in interest rates, could influence not only the interest we receive on loans and securities and the amount of interest we pay on deposits and borrowings, but such changes could also affect (i) our ability to originate loans and obtain deposits, (ii) the fair value of our financial assets and liabilities, (iii) the average duration of our securities portfolio, (iv) the value of our loan servicing rights, and (v) the slope of the overall yield curve and its impact on the value of the investment portfolio and reinvestment income. If the interest rates paid on deposits and other borrowings increase at a faster rate than the interest rates received on loans and investments, our net interest income, and earnings, could be adversely affected. Earnings could also be adversely affected if the interest rates received on loans and investments fall more quickly than the interest rates paid on deposits and other borrowings.
After an extended period at a target rate of 0-0.25%, the FRB began aggressively increasing interest rates in March 2022 and continuing into 2023. In late 2024, the FRB began lowering rates as inflationary pressure started to ease, and in late 2025, the FRB again lowered
rates. However, the economic and inflationary outlook continues to remain uncertain. If the FRB were to reverse course and rapidly increase rates, the increase could result in further declines in the fair market values of long duration fixed rate investment securities, constrain our interest rate spread and may adversely affect our business forecasts. Increases in interest rates can have negative impacts on our business, including reducing our customers' desire to borrow money from us or adversely affecting their ability to repay their outstanding loans by increasing their debt obligations through the periodic reset of adjustable interest rate loans. If our borrowers' ability to pay their loans is impaired by increasing interest payment obligations, our level of non-performing assets would increase, producing an adverse effect on operating results. Asset values, especially commercial real estate as collateral, securities or other fixed rate earning assets, can decline significantly with relatively minor changes in interest rates. Conversely, decreases in interest rates can affect the amount of interest we earn on our loans and investment securities, which could have a material adverse effect on our financial condition and results of operations.
Elevated inflation and expectations for elevated future inflation can adversely impact economic growth, consumer and business confidence, and our financial condition and results. In addition, elevated inflation may cause unexpected changes in monetary policies and actions which may adversely affect confidence and the economy. Although we have implemented strategies that we believe reduce the potential effects of adverse changes in interest rates on our results of operations, these strategies may not always be successful. Any of these events could adversely affect our results of operations, financial condition and liquidity.
Reduction in the value, or impairment of our investment securities, can impact our earnings and common shareholders' equity.
We maintained a balance of $2.0 billion, or approximately 21.1% of our assets, in investment securities at December 31, 2025. Changes in market interest rates can affect the fair value of these investment securities, with increasing interest rates generally resulting in a reduction of value. Although the reduction in value from temporary increases in market rates does not affect our income unless the security is sold, it does result in an unrealized loss recorded in accumulated other comprehensive income that can reduce our common stockholders' equity. Further, we must periodically test our investment securities for other-than-temporary impairment in value. In assessing whether the impairment of investment securities is other-than-temporary, we consider the length of time and extent to which the fair value has been less than cost, the financial condition and near-term prospects of the issuer, and the intent and ability to retain our investment in the security for a period of time sufficient to allow for any anticipated recovery in fair value in the near term.
If we are required to sell securities to meet liquidity needs, we could realize significant losses.
As a result of increases in interest rates in 2023 and most of 2024, the market values of previously issued government and other debt securities declined in value, resulting in unrealized losses in our securities portfolio. While we anticipate that the scheduled cash flows generated from our investment portfolio will be adequate to support the liquidity needs of the Company, if we were required to sell these securities to expedite the generation of cash flows to meet liquidity needs, we may be required to realize significant losses, which could impair our capital and financial condition and adversely affect our results of operations. Further, while we have taken actions to maximize our sources of liquidity, there is no guarantee that such sources will be available or sufficient in the event of sudden liquidity needs.
We operate in a highly regulated environment and we may be adversely affected by new laws and regulations or changes in existing laws and regulations. Any additional regulations are expected to increase our cost of operations. Furthermore, regulations may prevent or impair our ability to pay dividends, engage in acquisitions or operate in other ways.
We are subject to extensive regulation, supervision and examination by the DFPI, FDIC, and the FRB as well as regulations and policies of the CFPB. See "Item 1. Business - Regulation and Supervision" of this report for information on the regulation and supervision which governs our activities. Regulatory authorities have extensive discretion in their supervisory and enforcement activities, including the imposition of restrictions on our operations, the classification of our assets and determination of the level of our allowance for credit losses. Banking regulations or the actions of our banking regulators may limit our growth, earnings and the return to our shareholders by restricting certain of our activities, such as the payment of dividends to our shareholders, possible mergers with or acquisitions of or by other institutions, desired investments, loans and interest rates on loans, interest rates paid on deposits, service charges on deposit account transactions, the possible expansion or reduction of branch offices, and the ability to provide new products or services.
We also are subject to regulatory capital requirements. We could be subject to regulatory enforcement actions if any of our regulators determines for example, that we have violated a law or regulation, engaged in unsafe or unsound banking practice or lack adequate capital. Federal and state governments and regulators could pass legislation and adopt policies responsive to current credit conditions that would have an adverse effect on us and our financial performance. We cannot predict what changes, if any, will be made to existing federal and state legislation and regulations or the effect that such changes may have on our future business and earnings prospects. Any change in such regulation and oversight, whether in the form of regulatory policy, regulations, legislation or supervisory action, may have a material adverse impact on our operations, including the cost to conduct business.
Furthermore, the evolving landscape of legislative and regulatory actions, influenced by election cycles, introduces an additional layer of uncertainty for our operations. Elections can precipitate changes in government policies and regulations across various industries, potentially impacting our business. Uncertainty regarding potential changes in regulations or policies related to our industry may lead to increased costs of doing business and operational challenges. Economic conditions, including interest rates, inflation, and consumer spending, may be influenced by shifts in government leadership and policies, affecting our ability to maintain historical growth rates.
Furthermore, the election process often introduces market volatility, impacting financial markets, currency exchange rates, and commodity prices. This volatility may pose risks to our financial performance, cost of capital, and access to funding.
While there have been significant revisions to the laws and regulations applicable to us that have been finalized in recent years, there are other rules to implement changes that have yet to be proposed or enacted by our regulators. The final timing, scope and impact of these changes to the regulatory framework applicable to financial institutions remains uncertain. Uncertainty exists with respect to new laws or regulations or changes in the interpretation or enforcement of existing laws or regulations, including potential deregulation in some areas. In addition, litigation challenging actions or regulations by federal or state authorities could, depending on the outcome, significantly affect the regulatory and supervisory framework affecting our operations. For more information on regulations to which we are subject and recent initiatives to reform financial institution regulation, see the "Regulation and Supervision" section in Item 1.
Goodwill resulting from acquisitions may adversely affect our results of operations.
Our balance sheet contains a substantial level of goodwill and other intangible assets as a result of our acquisitions. Potential impairment of goodwill and amortization of other intangible assets could adversely affect our financial condition and results of operations. We assess our goodwill and other intangible assets and long-lived assets for impairment annually and more frequently when required by U.S. GAAP. We are required to record an impairment charge if circumstances indicate that the asset carrying values exceed their fair values. Our assessment of goodwill, other intangible assets, or long-lived assets could indicate that an impairment of the carrying value of such assets may have occurred that could result in a material, non-cash write-down of such assets, which could have a material adverse effect on our results of operations and future earnings.
Potential acquisitions may disrupt our business and dilute shareholder value, we may not be able to successfully consummate or integrate such acquisitions, and we may not realize the anticipated benefits contemplated when pursuing a potential acquisition.
The Company has in the past and may in the future pursue mergers and acquisition opportunities. Mergers and acquisitions involve a number of risks and uncertainties to us in addition to those presented by the nature of the business acquired, which may materially and adversely affect our results of operations. Our ability to analyze the risks presented by prospective acquisitions, as well as our ability to prepare in advance of closing for integration, may be limited to the extent that we cannot gather necessary or desirable information with respect to the business we are acquiring. We may also make certain assumptions related to an acquisition that may prove to be inaccurate that limit the anticipated benefits (such as cost savings from synergies or strategic gains or be able to offer enhanced product sets) or make the acquisition more expensive or take longer to complete and integrate than anticipated. Prior to closing an acquisition, prospective acquisition targets are also subject to their own risks that we cannot manage or control. Any acquisition could be dilutive to our earnings and shareholders' equity per share of our common stock.
Our ability to complete an acquisition may be dependent on regulatory agencies with responsibilities for reviewing or approving the transaction, which could delay, restrictively condition or result in denial of an acquisition, or otherwise limit the benefits of the acquisition. Changes in regulatory rules or standards or the application of those rules or standards, or future regulatory initiatives designed to mitigate risk or promote competition may also limit our ability to complete an acquisition. Further, once an acquisition is completed, it may be difficult for us to integrate the acquired business with our operations, and we may not see the anticipated benefits of any such acquisition.
If we cannot attract deposits, our growth may be inhibited.
We plan to increase the level of our assets, including our loan portfolio. Our ability to increase our assets depends in large part on our ability to attract additional deposits at favorable rates. We intend to seek additional deposits by offering deposit products that are competitive with those offered by other financial institutions in our markets and by establishing personal relationships with our customers. We cannot assure that these efforts will be successful. Our inability to attract additional deposits at competitive rates could have a material adverse effect on our business, financial condition and results of operations.
Our growth and expansion may strain our ability to manage our operations and our financial resources.
Our financial performance and profitability depend on our ability to execute our corporate growth strategy. In addition to seeking deposit and loan and lease growth in our existing markets, we may pursue expansion opportunities in new markets, enter into new lines of business or market areas or offer new products or services. Continued growth, however, may present operating and other problems that could adversely affect our business, financial condition and results of operations. Furthermore, any new line of business or market areas and/or new products or services could have a significant impact on the effectiveness of our system of internal controls. Accordingly, there can be no assurance that we will be able to execute our growth strategy or maintain the level of profitability that we have recently experienced.
Our growth may place a strain on our administrative, operational and financial resources and increase demands on our systems and controls. This business growth may require continued enhancements to and expansion of our operating and financial systems and controls and may strain or significantly challenge them. In addition, our existing operating and financial control systems and infrastructure may not be adequate to maintain and effectively monitor future growth. Our continued growth may also increase our need for qualified personnel. We cannot assure you that we will be successful in attracting, integrating and retaining such personnel.
We will become subject to increased regulation when we have more than $10 billion in total consolidated assets.
An insured depository institution with $10 billion or more in total assets is subject to supervision, examination, and enforcement with respect to consumer protection laws by the CFPB rather than its primary federal banking regulator. Under its current policies, the CFPB will assert jurisdiction in the first quarter after an insured depository institution's call reports show total consolidated assets of $10 billion or more for four consecutive quarters. The Bank had slightly less than $10 billion in total assets at December 31, 2025, so it is possible that with only modest growth, the CFPB, instead of the FDIC, may soon have primary examination and enforcement authority over the Bank. As an independent bureau focused solely on consumer financial protection, the CFPB may interpret or enforce consumer protection laws more strictly or severely than the FDIC.
Additionally, other regulatory requirements apply to depository institutions and holding companies with $10 billion or more in total consolidated assets, including a cap on interchange transaction fees for debit cards, as required by Federal Reserve Board regulations, which would significantly reduce our interchange revenue, and restrictions on proprietary trading and investment and sponsorship in hedge
funds and private equity funds known as the Volcker Rule. See also "Item 1 - Business - Regulation and Supervision - Interchange Fees" in this report. Further, deposit insurance assessment rates are calculated differently, and may be higher, for insured depository institutions with
$10 billion or more in total consolidated assets.
Our ability to pay dividends is subject to legal and regulatory restrictions.
Our ability to pay dividends to our shareholders is limited by California law and the policies and regulations of the FRB. The FRB has issued a policy statement on the payment of cash dividends by bank holding companies, which expresses the FRB's view that a bank holding company should pay cash dividends only to the extent that its net income for the past year is sufficient to cover both the cash dividends and a rate of earnings retention that is consistent with the holding company's capital needs, asset quality and overall financial condition. See "Item 1. Business - Regulation and Supervision - Restrictions on Dividends and Distributions."
As a holding company with no significant assets other than the Bank, our ability to continue to pay dividends depends in large part upon the Bank's ability to pay dividends to us. The Bank's ability to pay dividends or make other capital distributions to us is subject to the restrictions in the California Financial Code.
Our ability to pay dividends to our shareholders and the ability of the Bank to pay in dividends to us are subject to the requirements that we and the Bank maintain a sufficient level of capital to be considered a "well capitalized" institution as well as a separate capital conservation buffer, as further described under "Item 1. Business - Supervision and Regulation - Regulatory Capital Requirements" in this report.
From time to time, we may become a party to financing agreements or other contractual arrangements that have the effect of limiting or prohibiting us or the Bank from declaring or paying dividends. Our holding company expenses and obligations with respect to our trust preferred securities and corresponding junior subordinated deferrable interest debentures issued by us may limit or impair our ability to declare or pay dividends.
Provisions of our governing documents and federal law may limit the ability of another party to acquire us, which could cause our stock price to decline.
Various provisions of our articles of incorporation and bylaws could delay or prevent a third party from acquiring us, even if doing so might be beneficial to our shareholders. These provisions provide for, among other things, specified factors that the Board of Directors shall or may consider when evaluating an offer to merge, an offer to acquire all assets or a tender offer is received; advance notice provisions for director nominations and shareholder proposals; and the authority to issue preferred stock by action of the board of directors acting alone, without obtaining shareholder approval.
The BHC Act and the Change in Bank Control Act of 1978, as amended, together with federal regulations, require that, depending on the particular circumstances, either FRB approval must be obtained or notice must be furnished to the Federal Reserve Board and not disapproved prior to any person or entity acquiring "control" of a bank holding company such as TriCo. These provisions may prevent a merger or acquisition that would be attractive to shareholders and could limit the price investors would be willing to pay in the future for our common stock
Holders of our junior subordinated debentures have rights that are senior to those of our shareholders.
We have supported our growth through the prior issuance of trust preferred securities from special purpose trusts and accompanying junior subordinated debentures. At December 31, 2025, we had outstanding trust preferred securities and accompanying junior subordinated debentures with principal amount of $41.2 million. Payments of the principal and interest on the trust preferred securities are conditionally guaranteed by us. Further, the accompanying junior subordinated debentures we issued to the trusts are senior to our shares of common stock. As a result, we must make payments on the junior subordinated debentures before we can pay any dividends on our common stock and, in the event of our bankruptcy, dissolution or liquidation, the holders of the junior subordinated debentures must be satisfied before any distributions can be made on our common stock.
If we fail to maintain an effective system of internal and disclosure controls, we may not be able to accurately report our financial results or prevent fraud. As a result, current and potential shareholders could lose confidence in our financial reporting, which would harm our business and the trading price of our securities.
Effective internal control over financial reporting and disclosure controls and procedures are necessary for us to provide reliable financial reports and effectively prevent fraud and to operate successfully as a public company. If we cannot provide reliable financial reports or prevent fraud, our reputation and operating results would be harmed. We continually review and analyze our internal control over financial reporting for Sarbanes-Oxley Section 404 compliance. As part of that process we may discover material weaknesses or significant deficiencies in our internal controls. Any failure to maintain effective controls or timely effect any necessary improvement of our internal and disclosure controls could harm operating results or cause us to fail to meet our reporting obligations, which could affect our ability to remain listed with Nasdaq. Ineffective internal and disclosure controls could also cause investors to lose confidence in our reported financial information, which would likely have a negative effect on the trading price of our securities.
We experienced a criminal cyberattack in February 2023, which resulted in the temporary interruption of our systems, disclosure of certain confidential information, litigation and governmental inquiries, all of which could damage our reputation or create additional financial and legal exposure.
As previously disclosed in the Current Report on Form 8-K we filed on February 14, 2023, the Bank experienced a cybersecurity incident in February 2023. After detecting unusual network activity, we shut down networked systems by taking them offline, which prevented access to internal systems, data and telephones for a limited period of time. We immediately launched an investigation and notified law enforcement and banking regulators. A digital forensics firm was engaged to help determine the scope of the incident and identify potentially impacted data. We received a demand for ransom from a party claiming responsibility for the incident. The Bank's core banking systems, including those that facilitate loan and deposit related transactions, were not affected and the Bank's resumed customer facing operations within two days. However, the Bank's internal system/server access as well as communication capabilities, including e-mail correspondence and telephones, required approximately one week of time for the restoration process to be completed in a safe and secure environment. The Company restored its systems without paying ransom.
The Bank worked with third-party forensic investigators to understand the nature and scope of the incident and to determine what and how much information was impacted. The Bank determined that its internal computer network had been infected with malware which prevented access to certain files on the network. Through its investigation, the Bank determined that an unauthorized actor illegally accessed and acquired data from certain systems, including the personal information of approximately 75,000 individuals, including certain current and former customers, individuals related to current and former customers, current and former employees and their dependents, and others. While the information impacted varied by individual, the types of information that were impacted included name, social security number, driver's license number, state identification number, financial account information, medical information, health insurance information, date of birth, passport number, digital/electronic signature, tax information, tax identification number, access credentials, and mother's maiden name. The Bank notified and will continue to notify impacted individuals consistent with state and federal requirements and the Bank is offered impacted individuals credit restoration services and 24 months of credit monitoring services at no cost. The Bank issued a press release regarding this event and posted notice of this event on its website.
As a result of the 2023 cyberattack, we have incurred and may continue to incur significant costs or experience other material financial impacts, which may not be covered by, or may exceed the coverage limits of, our cyber liability insurance, and such costs and impacts may have a material adverse effect on our business, reputation, financial condition and operating results. These risks may stem from litigation or governmental inquiries litigation to which we currently are or may become subject in connection with this incident, and the extent of remediation and other additional costs that may be incurred by us.
We face three purported class action lawsuits numerous lawsuits related to the 2023 cyberattack that have been filed in California Superior Court for the Counties of Contra Costa and Butte, seeking unspecified monetary damages, equitable relief, costs and attorneys' fees. The lawsuits were consolidated (Donna Dryden v. Tri Counties Bank et. al., Superior Court of State of California - Butte County, 23-CV-03115) and allege breach of contract, negligence, violations of various privacy laws and a variety of other legal causes of action. Following mediation, the parties entered into a settlement agreement and on January 21, 2026, the court preliminarily approved the agreement. The Class is being notified by mail and we and hope to resolve this litigation quickly. The cost of the settlement is expected to be covered by insurance. However, we are unable to predict whether we may be subject to further private litigation. In addition, the Company received inquiries from various government authorities related to the 2023 cyberattack, which could result in sanctions, fines or penalties. We responded to these inquiries and cooperated fully. However, we cannot predict the timing or outcome of any of these inquiries, or whether we may be subject to further governmental inquiries.
Given the uncertainties about any further impacts of the incident, including the inherent uncertainties involved in litigation, contractual obligations, government investigations and regulatory enforcement decisions, we face the risk that outcomes from these risks could have a material adverse effect on our reputation, business and/or financial condition. In addition, litigation, government interventions, and negative media reports and any resulting damage to our reputation or loss of confidence in the security of our systems could adversely affect our business. It is possible that we could incur losses associated with these proceedings and inquiries, and the Company will continue to evaluate information as it becomes known and will record an estimate for losses at the time or times when it is both probable that a loss has been incurred and the amount of the loss is reasonably estimable. While we believe we have adequate insurance to cover most of the costs of the cyberattack, ongoing legal and other costs related to these proceedings and inquiries, as well as any potential future proceedings and inquiries, may be substantial, and losses associated with any adverse judgments, settlements, penalties or other resolutions of such proceedings and inquiries could be material to our business, reputation, financial condition and operating results.
We face the risk that failures or breaches, including cyberattacks, of our operational or security systems or of those of our customers or vendors, could disrupt our business, result in the disclosure of confidential information, damage our reputation, and create significant financial and legal exposure.
The Company, our customers, our vendors, and other third parties have experienced security breaches and cyber attacks in the past, and it is inevitable that additional breaches and attacks will occur in the future. While such breaches and attacks have not materially impacted the Company to date, future security breaches and cyber attacks could result in serious and harmful consequences for us or our clients and customers. A principal reason that we cannot provide absolute security against cyber attacks is that we may not always be possible to anticipate, detect or recognize threats to the Company's systems, or to implement effective preventive measures against all breaches because: the techniques used in cyber attacks evolve frequently and are increasingly sophisticated, and therefore may not be recognized until launched; cyber attacks can originate from a wide variety of sources, including our own employees, cyber-criminals, hacktivists, groups
linked to terrorist organizations or hostile countries, or third parties whose objective is to disrupt the operations of financial institutions more generally; we do not have control over the cybersecurity of the systems of the large number of clients, customers, counterparties and third-party service providers with which we do business; and it is possible that a third party, after establishing a foothold on an internal network without being detected, might obtain access to other networks and systems. The risk of a security breach due to a cyber attack could increase in the future due to factors such as: our ongoing expansion of mobile and digital banking and other internet-based products and applications, and the increased use of remote access to facilitate remote arrangements for employees, vendors and other third parties. In addition, a third party could misappropriate confidential information obtained by intercepting signals or communications from mobile devices used by our employees. The techniques used in cyber attacks and breaches change rapidly and are increasingly sophisticated, including through the use of generative AI and deepfakes, and we expect additional risks in the future through the use of quantum computing, and we may not be able to anticipate cyber attacks or other data security breaches. Additionally, cyber attacks and breaches in some cases appear to be supported by foreign governments or other well-financed entities and often originate from less regulated and remote areas of the world. We have seen a higher volume and complexity of attacks during times of increased geopolitical tensions. A successful penetration or circumvention of the security of our systems or the systems of a vendor, governmental body or another market participant could cause serious negative consequences, including: significant disruption of our operations and those of our clients, customers and counterparties, including: losing access to operational systems; misappropriation of our confidential information or that of our clients, customers, counterparties, employees, regulators, or other individuals; disruption of or damage to our systems and those of our clients, customers and counterparties; the inability, or extended delays in the ability, to fully recover and restore data that has been stolen, manipulated or destroyed or the inability to prevent systems from processing fraudulent transactions; allegations or violations by the Company of applicable privacy and other laws; financial loss to us or to our clients, customers, counterparties, employees, or others; loss of confidence in our cybersecurity and business resiliency measures; dissatisfaction among our clients, customers or counterparties; significant exposure to litigation and regulatory fines, penalties or other sanctions; and harm to our reputation, all of which could have a material adverse effect on us. If personal, confidential or proprietary information of customers or others in the Bank's or such vendors' or other third-parties' possession were to be mishandled or misused, we could suffer significant regulatory consequences, reputational damage and financial loss, as discussed earlier regarding the Bank's 2023 cyberattack. The extent of a particular cyber attack and the steps that we may need to take to investigate the attack may not be immediately clear, and it may take a significant amount of time before such an investigation or determination, judicial or otherwise, can be completed. While such an investigation is ongoing, we may not necessarily know the full extent of the harm caused by the cyber attack, and that damage may continue to spread. These factors may inhibit our ability to provide rapid, full and reliable information about the cyber attack to its clients, customers, counterparties and regulators, and the public. Furthermore, it may not be clear how best to contain and remediate the harm caused by the cyber attack, and certain errors or actions could be repeated or compounded before they are discovered and remediated. Any or all of these factors could further increase the costs and consequences of a cyber attack.
In addition to threats from external sources, insider threats represent a significant risk to us. Insiders, including those having legitimate access to our information, communications systems and other technology and the information contained therein, have the easiest opportunity to make inappropriate use of their access. Addressing that risk requires understanding not only how to protect us from unauthorized use and disclosure of data, but also how to engage behavioral analytics and other tools to identify potential internal threats before any damage is done. As more work is conducted outside of our facilities, the risk of improper access to our network or confidential information has increased, including for reasons such as a failure by an employee or contractor to secure a device with Company access.
Although we devote significant resources to maintain and regularly upgrade our systems and processes that are designed to protect the security of our computer systems, software, networks, and other technology assets and the confidentiality, integrity, and availability of information belonging to us and our customers, there is no assurance that our security measures will be sufficient. We have implemented employee and customer awareness training regarding phishing, malware, and other cyber risks, however there can be no assurances that this training will be effective or sufficient. Furthermore, these risks are expected to increase in the future as we continue to increase our electronic payments and other internet-based product offerings and expand our internal usage of web-based products and applications.
Our procedures and safeguards to prevent unauthorized access to confidential information and to defend against cyberattacks seeking to disrupt our operations must be continually evaluated and enhanced to address the ever-evolving threat landscape and changing cybersecurity regulations. These preventative actions require the investment of significant resources and management time and attention. Nevertheless, we may not be able to anticipate, prevent, timely detect and/or effectively remediate all security breaches.
Any inability to prevent or adequately respond to the issues described above could disrupt the Company's business, inhibit its ability to retain existing customers or attract new customers, otherwise harm its reputation and/or result in financial losses, litigation, increased costs
or other adverse consequences that could be material to the Company.
Our reliance on third-party vendors exposes us to risks, including additional cybersecurity risks.
Third-party vendors provide key components of our business infrastructure, including certain data processing and information services. On our behalf, third parties may transmit confidential, propriety information. Some of these third parties may engage vendors of their own, which introduces the risk that these "fourth parties" could be the source of operational and/or security failures. Although we require third-party providers and these fourth-party vendors to maintain certain levels of information security, such providers may remain vulnerable to breaches, unauthorized access, misuse, computer viruses, or other malicious attacks that could ultimately compromise sensitive information. Additionally, we do not have control of the cybersecurity systems, breach prevention, and response protocols of our third- or fourth-party vendors, including through our cybersecurity programs or policies. While the Company may have contractual rights to assess the effectiveness of many of our providers' systems and protocols, we do not have the means to know or assess the effectiveness of all of our providers' systems and controls at all times. We cannot provide any assurances that actions taken by us, or our third- or fourth-party vendors, including through our cybersecurity programs or policies, will adequately prevent or substantially mitigate the impacts of cybersecurity breaches or misuses of confidential information, unauthorized access to our networks or systems or exploits against third-or
fourth-party environments, or that we, or our third- or fourth-party vendors, will be able to effectively identify, investigate, and remediate such incidents in a timely manner or at all. While we may contractually limit our liability in connection with attacks against third-party providers, we remain exposed to the risk of loss associated with such vendors.
Furthermore, a number of our vendors are large national entities with dominant market presence in their respective fields. Their services could prove difficult to replace in a timely manner if a failure or other service interruption were to occur. Failures of certain vendors to provide contracted services could adversely affect our ability to deliver products and services to our customers and cause us to incur significant expense.
These types of third-party relationships are subject to evolving and increasingly demanding regulatory requirements and attention by our bank regulators. Regulatory guidance requires us to enhance our due diligence, ongoing monitoring and control over our third-party vendors and subcontractors and other ongoing third-party business relationships. In certain cases, we may be required to renegotiate our agreements with these vendors and/or their subcontractors to meet these enhanced requirements, which could increase our costs. If our regulators conclude that we have not exercised adequate oversight and control over our third-party vendors and subcontractors or other ongoing third-party business relationships, or that such third parties have not performed appropriately, we could be subject to enforcement actions, including the imposition of civil money penalties or other administrative or judicial penalties or fines as well as requirements for customer remediation.
We are subject to certain industry standards regarding our credit/debit card-related services. Failure to meet those standards may significantly impact our ability to offer these services.
We are subject to the PCI-DSS, issued by the Payment Card Industry Security Standards Council. PCI-DSS contains compliance guidelines with regard to our security surrounding the physical and electronic storage, processing and transmission of cardholder data. Compliance with PCI-DSS and implementing related procedures, technology and information security measures requires significant resources and ongoing attention. Costs and potential problems and interruptions associated with the implementation of new or upgraded systems and technology, such as those necessary to achieve compliance with PCI-DSS or with maintenance or adequate support of existing systems could also disrupt or reduce the efficiency of our operations. Any material interruptions or failures in our payment-related systems or third parties that we rely upon could have a material adverse effect on our business, results of operations and financial condition. If there are amendments to PCI-DSS, the cost of compliance could increase, and we may suffer loss of critical data and interruptions or delays in our operations as a result. If we or our service providers are unable to comply with the standards imposed by PCI-DSS, we may be subject to fines and restrictions on our ability to offer certain services, which could materially and adversely affect our business.
Our business is highly reliant on technology and our ability and our third-party service providers to manage the operational risks associated with technology.
Our business involves storing and processing sensitive consumer and business customer data. We depend on internal systems, third-party service providers, cloud services and outsourced technology to support these data storage and processing operations. In addition, cloud technologies are also critical to the operation of our systems, and our reliance on cloud technologies is growing. Despite our efforts to ensure the security and integrity of our systems, we may not be able to anticipate, detect or recognize threats to our systems or those of third-party service providers or to implement effective preventive measures against all cybersecurity breaches. Cyberattack techniques change regularly and can originate from a wide variety of sources, including third parties who are or may be involved in organized crime or linked to terrorist organizations or hostile foreign governments, and such third parties may seek to gain access to systems directly or using equipment or security passwords belonging to employees, customers, third-party service providers or other users of our systems. These risks may increase in the future as we continue to increase our mobile, digital and other internet-based product offerings and expand our internal usage of web-based products and applications. A cybersecurity breach or cyberattack could persist for a long time before being detected and could result in theft of sensitive data or disruption of our transaction processing systems.
Our inability to use or access these information systems at critical points in time could unfavorably impact the timeliness and efficiency of our business operations. A breach of customer data security such as the breach of customer data in connection with the February 2023 cyberattack discussed above, may negatively impact our business reputation and cause a loss of customers. This event has resulted in increased expenses to contain the event, to notify impacted individuals and provide them with credit monitoring services, and to defend / respond to litigation. Cybersecurity risk management programs are expensive to maintain and will not protect us from all risks associated with maintaining the security of customer data and our proprietary data from external and internal intrusions, disaster recovery and failures in the controls used by our vendors.
Cybersecurity and data privacy are areas of heightened legislative and regulatory focus.
As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. The federal bank regulatory agencies have proposed enhanced cyber risk management standards, which would apply to a wide range of large financial institutions and their third-party service providers, including us, and would focus on cyber risk governance and management, management of internal and external dependencies, incident response, cyber resilience and situational awareness. Several states have also proposed or adopted cybersecurity legislation and regulations, which require, among other things, notification to affected individuals when there has been a security breach of their personal data. For more information regarding cybersecurity regulation, refer to "Item 1. Business -Supervision and Regulation."
We receive, maintain and store non-public personal information of our customers and counterparties, including, but not limited to, personally identifiable information and personal financial information. The sharing, use, disclosure, and protection of this information are governed by federal and state law. Both personally identifiable information and personal financial information is increasingly subject to legislation and regulation, the intent of which is to protect the privacy of personal information that is collected and handled. For more information regarding data privacy regulation, refer to "Item 1. Business - Supervision and Regulation."
We may become subject to new legislation or regulation concerning cybersecurity or the privacy of personally identifiable information and personal financial information or of any other information we may store or maintain. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to alter our systems or require changes to our business practices or privacy policies. If new or existing cybersecurity, data privacy, data protection, data transfer or data retention laws are implemented, interpreted or applied in a manner inconsistent with our current practices, including as a result of the network security incident discussed above, we may be subject to fines, litigation or regulatory enforcement actions or ordered to change our business practices, policies or systems in a manner that adversely impacts our operating results. In addition, any additional laws and regulatory enforcement measures will result in increased compliance costs.
A failure to implement technological advances could negatively impact our business.
The banking industry is undergoing technological changes with frequent introductions of new technology-driven products and services. In addition to improving customer services, the effective use of technology increases efficiency and enables financial institutions to reduce costs. Our future success will depend, in part, on our ability to address the needs of our customers by using technology to provide products and services that will satisfy customer demands for convenience as well as to create additional efficiencies in our operations. Many of our competitors have substantially greater resources than we do to invest in technological improvements. We may not be able to effectively implement new technology-driven products and services or successfully market such products and services to our customers. In addition, advances in technology such as digital, mobile, telephone, text, and online banking; e-commerce; and self-service automatic teller machines and other equipment, as well as changing customer preferences to access our products and services through digital channels, could decrease the value of our branch network and other assets. We may close or sell certain branches and restructure or reduce our remaining branches and work force. These actions could lead to losses on assets, expense to reconfigure branches and loss of customers in certain markets. As a result, our business, financial condition or results of operations may be adversely affected.
Our business is susceptible to fraud and conduct risk.
Our business exposes us to fraud risk from loan and deposit customers, the parties we do business with, as well as from employees, contractors and vendors. We rely on financial and other data from new and existing customers which could turn out to be fraudulent when accepting such customers, executing their financial transactions and making and purchasing loans and other financial assets. In times of increased economic stress we are at increased risk of fraud losses. We believe we have underwriting and operational controls in place to prevent or detect such fraud, but cannot provide assurance that these controls will be effective in detecting fraud or that we will not experience fraud losses or incur costs or other damage related to such fraud, at levels that adversely affect financial results or reputation. Our lending customers may also experience fraud in their businesses which could adversely affect their ability to repay their loans or make use of services. The Company's and its customers' exposure to fraud may increase our financial risk and reputation risk as it may result in unexpected loan losses that exceed those that have been provided for in the allowance for credit losses. In addition, we are subject to risk from the conduct of its employees, including the negative impact that can result from employee misconduct or failure by employees to conduct themselves in accordance with our policies, all of which could damage our reputation and result in loss of customers or other financial loss or expose us to increased regulatory or other risk.
New lines of business, products or services and technological advancements, like artificial intelligence, may subject us to additional risks.
From time to time, we implement new lines of business or offer new products and services within existing lines of business. There are substantial risks and uncertainties associated with these efforts, particularly in instances where the markets are not fully developed. In developing and marketing new lines of business and/or new products and services we invest significant time and resources. Initial timetables for the introduction and development of new lines of business and/or new products or services may not be achieved, and price and profitability targets may not prove feasible. External factors, such as compliance with regulations, competitive alternatives, and shifting market preferences, may also impact the successful implementation of a new line of business or a new product or service.
The financial services industry is continually undergoing rapid technological change with frequent introductions of new technology-driven products and services. Our future success depends, in part, upon our ability to address the needs of our customers by using technology to provide products and services that will satisfy customer demands, as well as to create additional efficiencies in our operations. Many of our competitors have substantially greater resources to invest in technological improvements. We may not be able to effectively implement new technology-driven products and services or be successful in marketing these products and services to our customers. In addition, our implementation of certain new technologies, such as those related to artificial intelligence ("AI"), automation and algorithms, in our business processes may have unintended consequences due to their limitations or our failure to use them effectively. In addition, the growing reliance on AI technologies by vendors, business partners, and technology solutions or applications introduces additional risks, including but not limited to: Algorithmic Bias that may result in unintended discriminatory outcomes and harm our reputation, loss of proprietary and confidential information through use of AI technologies, unauthorized access or breaches of data could compromise the integrity of our systems with AI dependency, evolving regulations and legal frameworks surrounding AI may pose challenges leading to legal and financial consequences for non-compliance, and protecting the intellectual property associated with AI technologies may be challenging, and unauthorized use or infringement by third parties could bring harm to our competitive position or reputation. Furthermore, cloud technologies are also critical to the operation of our systems, and our reliance on cloud technologies is growing. Failure to successfully keep pace with
technological change affecting the financial services industry could have a material adverse effect on our business, financial condition and results of operations.
Furthermore, any new line of business, new product or service and/or new technology could have a significant impact on the effectiveness of our system of internal controls. Failure to successfully manage these risks in the development and implementation of new lines of business, new products or services and/or new technologies could have a material adverse effect on our business, financial condition and results of operations.
The increased use and capacity of AI, Generative AI, large language models (LLMs), and AI agents by customers, vendors and competitors increases risks to our business.
The use and capacity of AI, Generative AI, LLMs and AI agents has increased in the past year and is being employed by customers, competitors, and vendors at increased rates. Many of these tools can increase cybersecurity risks, require specific technical expertise to operate, or expose information through open source code. These tools are being used by parties in various capacities, and employing these tools without sufficient knowledge or expertise of the power and risks associated with the tools can increase risks for the users. These tools are relatively new and there is potential of continued and/or increased adoption of legal and regulatory frameworks governing the use of these tools, by law, our primary banking regulators, other federal or state regulatory bodies, or other self-regulatory organizations.
The use of these tools by customers can increase the risk of exposure to their personal information and/or banking credentials which can result in increased opportunities for bad actors to initiate fraudulent activity with respect to a customer's account(s). While we have implemented commercially reasonable policies and procedures to protect against fraudulent activity on the accounts of our customers, we cannot assure that such policies and procedures will prevent all fraudulent activity or capture activity that has been inadvertently been authorized by the customer. Such activity can result in financial liability and litigation risk to us and/or our customers, as well as harm to our reputation and negative impacts on our financial condition, results of our operations, business and prospects.
The use of these tools by vendors engaged by us can increase the risk of unauthorized use or disclosure of sensitive or confidential client or customer information and cyberattacks. In conducting due diligence of our vendors, we request information regarding how the vendor uses these tools and attempt to mitigate risks related to exposure by agreement with vendors. While these processes seek to mitigate risks associated with vendor use of these tools, we cannot eliminate this risk. Vendors may employ tools without realizing the risks associated with the tools, may have employees that use unauthorized technology tools that were not disclosed to us during our diligence process, or the tools that were disclosed may implement new services, features, or technologies that increase the exposure to cybersecurity risks. If a vendor engaged by us experienced a cyberattack related to use of these tools, or deliberately or inadvertently exposed sensitive or confidential client or customer information, we may experience financial liability and litigation risk to us and/or our customers, as well as harm to our reputation and negative impact on our financial condition, results of operations and business. Additionally, if any vendors incur additional costs related to any legal or regulatory framework adopted governing the use of such tools, we may face increased costs to engage such vendor, which could impact or financial condition and results of operations if we continue to use such vendor or as a result of costs incurred to find an alternative vendor.
The use of these tools by competitors may impair our ability to attract or retain business if our competitors are successful in their implementation. Failure to keep pace with these evolving technologies can have a negative impact on our financial condition, results of operations, business and prospects. In addition, if our competitors suffer any reputational harm as a result of the implementation of these evolving technologies, it could have a negative effect on the financial services industry as a whole and have a negative impact on our financial condition, results of operations, business and prospects. The increased use of these tools by competitors may also increase pressure to impose legal or regulatory frameworks regarding these tools, which could impact the financial services industry as a whole and cause us to incur increased costs to comply with such legal or regulatory frameworks, which may result in a negative impact on our financial condition, results of operations and business.
We are subject to claims and litigation pertaining to intellectual property.
We rely on technology companies to provide information technology products and services necessary to support our day-to-day operations. Technology companies frequently enter into litigation based on allegations of patent infringement or other violations of intellectual property rights. In addition, patent holding companies seek to monetize patents they have purchased or otherwise obtained. Competitors of our vendors, or other individuals or companies, have from time to time claimed to hold intellectual property sold to us by its vendors. Such claims may increase in the future as the financial services sector becomes more reliant on information technology vendors. The plaintiffs in these actions frequently seek injunctions and substantial damages.
Regardless of the scope or validity of such patents or other intellectual property rights, or the merits of any claims by potential or actual litigants, we may have to engage in litigation that could be expensive, time-consuming, disruptive to our operations, and distracting to management. If we are found to infringe on one or more patents or other intellectual property rights, we may be required to pay substantial damages or royalties to a third-party. In certain cases, we may consider entering into licensing agreements for disputed intellectual property, although no assurance can be given that such licenses can be obtained on acceptable terms or that litigation will not occur. These licenses may also significantly increase our operating expenses. If legal matters related to intellectual property claims were resolved against us or settled, we could be required to make payments in amounts that could have a material adverse effect on our business, financial condition and results of operations.
Disclaimer
TriCo Bancshares published this content on April 20, 2026, and is solely responsible for the information contained herein. Distributed via Public Technologies (PUBT), unedited and unaltered, on April 20, 2026 at 18:34 UTC.