ASSOCIATED BANC-CORP (ASB) Business

ITEM 1. Business

General

Associated Banc-Corp is a bank holding company registered pursuant to the BHC Act. Our bank subsidiary, Associated Bank, traces its history back to the founding of the Bank of Neenah in 1861. We were incorporated in Wisconsin in 1964 and were inactive until 1969 when permission was received from the Federal Reserve to acquire three banks. At December 31, 2025, we owned one nationally chartered commercial bank headquartered in Green Bay, Wisconsin, which serves local communities across the upper Midwest, one nationally chartered trust company headquartered in Milwaukee, Wisconsin, and 12 limited purpose banking and nonbanking subsidiaries either located in or conducting business primarily in our four-state branch footprint (Wisconsin, Illinois, Minnesota, and Missouri) that are closely related or incidental to the business of banking or financial in nature. Measured by total assets reported at December 31, 2025, we are the largest bank holding company headquartered in Wisconsin.

Services

Through Associated Bank and various nonbanking subsidiaries, we provide a broad array of banking and nonbanking products and services to individuals and businesses through 184 banking branches as of December 31, 2025, serving more than 100 communities, primarily within our four-state branch footprint. Our business is primarily relationship-driven and is organized into three reportable segments: Corporate and Commercial Specialty; Community, Consumer, and Business; and Risk Management and Shared Services.

See Note 20 Segment Reporting of the notes to consolidated financial statements in Part II, Item 8, Financial Statements and Supplementary Data, for additional information concerning our reportable segments.

We are not dependent upon a single or a few customers, the loss of which would have a material adverse effect on us.

2

Human Capital Matters

We are very fortunate to have a team of approximately 4,000 colleagues at December 31, 2025 who are capable, determined and empowered to drive our company forward. None of our colleagues are represented by unions.

We believe attracting and retaining talent in a highly competitive candidate market fuels our ability to serve our customers and support our communities. We are focused on sourcing talent from all backgrounds through engagement with workforce development programs, partnerships with various organizations, and active campus recruitment. As a result, we were able to hire 675 external candidates in 2025. At the same time, in 2025, we had low voluntary turnover of 12% while 21% of colleagues advanced their careers at the Corporation through nearly 853 internal promotions or lateral moves. At December 31, 2025, the average tenure of our workforce was 8.8 years while the average tenure of our executive leadership team was 11.0 years.

Through internal and external training and development programs, we aim to help our colleagues improve their skills so they can achieve their career goals and transition to more challenging roles.

•Beginning in 2024, the Corporation initiated quarterly progress reviews for all colleagues designed to enhance colleague development, growth, and performance through consistent coaching and feedback.

•In 2024, we introduced significant training and resources for development and career planning to include new leadership development programs and workshops for both leaders and colleagues.

•During 2025, we completed over 280 individual career coaching sessions and offered nearly 70 hours of training to assist colleagues in creating meaningful performance and development objectives.

By strengthening our workforce and providing opportunities for colleagues to apply their talent and grow as professionals, we strive to foster pride in working for Associated and to be recognized as the employer of choice among Midwestern financial services firms.

Colleague engagement is a focus for our company. During 2025, 90% of our colleagues provided feedback through an annual workplace survey conducted by a third-party on key topics related to the overall health and culture of the organization. The survey respondent percentage is well above the average response rate for commercial banks. For the ninth year in a row, we received more than 8,000 colleague comments, including 9,500 in 2025, which we believe demonstrates that colleagues are interested in, and comfortable with, sharing candid feedback.

We are pleased to support total health and well-being through a variety of benefits, programs, activities, and educational opportunities throughout the year. Our dedicated Total Well-being team provides free and confidential health coaching while a 24/7/365 Employee Assistance Program (EAP) provides access to complimentary counseling services, financial coaching, and a variety of additional resources to support the unique needs of our colleagues and their families (e.g. elder, adult, child, family support and legal services). Additionally, our comprehensive Total Well-being platform provides all colleagues with an opportunity to earn incentives throughout the year for participating in activities, challenges, and educational opportunities. As of December 31, 2025:

•Nearly 2,700 colleagues and spouses participated in an annual wellness visit with a primary care provider.

•Nearly 1,884 colleagues received a well-being reimbursement for the purchase of items such as gym memberships, home fitness equipment, and/or fitness tracking devices. The total value for well-being reimbursements was over $340,000.

•Over 1,454 colleagues earned incentives through our Total Well-being program totaling over $180,000.

We regularly review our Total Rewards programs so that we are offering a total rewards package (including salary, incentives, benefits, and well-being opportunities) that we believe is fair, equitable, and competitive in our marketplace.

We believe our success begins and ends with people. For this reason, fostering a culture where people feel valued, respected, and comfortable sharing ideas and perspectives is a core focus of the Corporation. Our culture is anchored in the belief that we are better together, and great ideas can come from anywhere in the Corporation.

We are committed to nurturing an inclusive culture that is centered around providing equal opportunity to our colleagues (regardless of background), responding to community and customer needs, and producing exceptional value for our shareholders. Business lines are focused on fostering a culture of belonging and inclusion among our colleagues in support of equal opportunity. Our efforts are supported by the work of our seven CRGs. These groups, which are open to all employees,

3

are centered on development, colleague growth, and community involvement. Our CRG members contribute to discussions around workforce development, workplace culture, policies and programs, and marketplace practices.

•During 2025, CRGs hosted more than 100 events that focused on support of our business strategy, professional development, talent recruitment, and community involvement.

Our commitment to our communities goes beyond providing banking services. We use our expertise and financial resources to support communities in accordance with the CRA requirements. These initiatives and investments create opportunities for individuals, families, and businesses to fully participate in and share the rewards of building economic stability in our communities.

Competition

The financial services industry is highly competitive. We compete for loans, deposits, and financial services in all of our principal markets. We compete directly with other bank and nonbank institutions located within our markets, internet-based banks, out-of-market banks and bank holding companies that advertise or otherwise serve our markets, money market funds and other mutual funds, brokerage houses, and various other financial institutions. Additionally, we compete with insurance companies, leasing companies, regulated small loan companies, credit unions, governmental agencies, and commercial entities offering financial services products, including nonbank lenders and financial technology companies, including those related to cryptocurrencies (including stablecoins). Competition involves, among other things, efforts to retain current customers and to obtain new loans and deposits, the scope and types of services offered, interest rates paid on deposits and charged on loans, as well as other aspects of banking. We also face direct competition from subsidiaries of bank holding companies that have far greater assets and resources than ours.

Strategic Transactions

On November 30, 2025, the Corporation entered into a definitive agreement under which American National will merge into Associated Banc-Corp. Under the terms of the merger agreement, American National shareholders will receive 36.250 shares of Associated stock for each share of American National stock. The all-stock, fixed exchange ratio transaction is valued at approximately $604 million based on Associated's closing stock price of $26.29 as of November 28, 2025. The Board of Directors of both Associated and American National have unanimously approved the transaction. American National's two primary shareholders, who together own 99% of American National, have voted to approve the transaction and have entered into transfer, voting and registration rights agreements. The transaction is expected to close in the second quarter of 2026 subject to customary closing conditions including the receipt of regulatory approvals.

Supervision and Regulation

Overview

The Corporation and its banking and nonbanking subsidiaries are subject to extensive regulation and oversight both at the federal and state levels. The second Trump Administration has implemented significantly different policies from the Biden Administration, including new proposed regulations and rescissions or withdrawals of previous guidance, and sharply reduced the workforce at the federal banking agencies. The cumulative impact of these changes, and whether they will last over time, is unclear. The following is an overview of the statutory and regulatory framework that affects the business of the Corporation and our subsidiaries.

BHC Act Requirements

As a registered bank holding company under the BHC Act, we are regulated, supervised, and examined by the Federal Reserve. In connection with applicable requirements, bank holding companies file periodic reports and other information with the Federal Reserve. The BHC Act governs the activities that are permissible for bank holding companies and their affiliates and permits the Federal Reserve, in certain circumstances, to issue cease and desist orders and other enforcement actions against bank holding companies and their nonbanking affiliates to correct and curtail unsafe or unsound banking practices. Under the Dodd-Frank Act and longstanding Federal Reserve policy, bank holding companies are required to act as a source of financial strength to each of their banking subsidiaries pursuant to which such holding company may be required to commit financial resources to support such subsidiaries in circumstances when, absent such requirements, they might not otherwise do so. The BHC Act further regulates holding company activities, including requirements and limitations relating to capital, transactions with officers, directors and affiliates, securities issuances, dividend payments, inter-affiliate liabilities, extensions of credit, and expansion through mergers and acquisitions.

4

The BHC Act allows certain qualifying bank holding companies that elect treatment as “financial holding companies” to engage in activities that are financial in nature and that explicitly include the underwriting and sale of insurance. The Parent Company thus far has not elected to be treated as a financial holding company. Bank holding companies that have not elected such treatment generally must limit their activities to banking activities and activities that are closely related to banking.

Regulation of Associated Bank and Trust Company Subsidiaries

Associated Bank and our nationally-chartered trust company subsidiary are regulated, supervised and examined by the OCC. The OCC has primary supervisory and regulatory authority over the operations of Associated Bank and the Corporation's trust company subsidiary. As part of this authority, Associated Bank and our trust company subsidiary are required to file periodic reports with the OCC and are subject to regulation, supervision and examination by the OCC. To support its supervisory function, the OCC has the authority to assess and charge fees on all national banks according to a set fee schedule. For the assessment collection on September 30, 2025, the OCC reduced the marginal rates in the general assessment fee schedule for banks with assets above $40 billion, such as Associated Bank, by 22 percent. On December 1, 2025, the OCC announced that it is maintaining the assessment rates adopted on September 30, 2025, for the 2026 calendar year.

Associated Bank, our only subsidiary that accepts insured deposits, is also subject to examination by the FDIC under certain conditions. Under the Dodd-Frank Act, the FDIC has backup enforcement authority over a depository institution holding company, such as the Parent Company, if the conduct or threatened conduct of such holding company poses a risk to the DIF, although such authority may not be used if the holding company is generally in sound condition and does not pose a foreseeable and material risk to the DIF.

We are subject to the enforcement and rule-making authority of the CFPB regarding consumer financial products. The CFPB has the authority to create and enforce consumer protection rules and regulations and has the power to examine us for compliance with such rules and regulations. The CFPB has the authority to prohibit “unfair, deceptive or abusive” acts and practices. The CFPB has examination and enforcement authority over all banks with more than $10 billion in assets. For additional information, please refer to Item 1— Business — Supervision and Regulation — Consumer Financial Services Regulations.

Standards for Safety and Soundness

The federal banking agencies have adopted the Interagency Guidelines for Establishing Standards for Safety and Soundness (the “Guidelines”). The Guidelines establish certain safety and soundness standards for all depository institutions. The operational and managerial standards in the Guidelines relate to the following: (1) internal controls and information systems; (2) internal audit systems; (3) loan documentation; (4) credit underwriting; (5) interest rate exposure; (6) asset growth; (7) compensation, fees and benefits; (8) asset quality; and (9) earnings. Rather than providing specific rules, the Guidelines set forth basic compliance considerations and guidance with respect to a depository institution. Failure to meet the standards in the Guidelines, however, could result in a request by the OCC for a written compliance plan to demonstrate efforts to come into compliance with such Guidelines. Failure to provide and implement a plan requires the appropriate federal banking agency to issue an order to the institution requiring compliance.

Corporate and Risk Governance

Corporate and risk governance oversight is a core supervisory function of the federal banking agencies, including the OCC. We are required, as a supervisory matter, to implement an effective corporate and risk governance framework commensurate with our size, complexity and risk profile. Fundamental components of this framework include the authorities and responsibilities of directors and senior managers to govern the operations and structure of the Corporation and the Bank, as well as the implementation and management of systems and processes designed to identify, measure, monitor and control the risks to the organization, including strategic, compliance and operational risks.

National banks with at least $50 billion in total assets are currently subject to heightened standards for, among other things, the implementation of risk governance frameworks addressing credit risk, interest rate risk, liquidity risk, price risk, operational risk, compliance risk, strategic risk, and reputation risks.

The heightened standards require those national banks to establish and adhere to a written governance framework in order to manage and control their risk-taking activities and to incorporate their risk appetite statement and concentration risk limits into capital and liquidity stress. On December 23, 2025, the OCC issued a notice of proposed rulemaking that would increase the threshold at which the heightened standards apply from $50 billion to $700 billion in total assets. The Bank is not presently subject to the OCC's heightened standards but, if our proposed acquisition of American National closes and causes the Bank's average total consolidated assets to exceed $50 billion, would become subject to the OCC's heightened standards until the OCC's proposal to increase the threshold becomes effective.

5

Further, the federal banking agencies have in previous years increased their focus on banks’ third-party risk management controls and practices. The federal banking agencies, including the OCC, adopted interagency guidance on risk management of third-party relationships. The guidance applies broadly to any business agreement between a banking organization and another entity, by contract or otherwise (including affiliated entities), and it requires banking organizations to analyze the risks associated with each third-party relationship and establish effective governance and risk management processes for all stages of a third-party relationship, including planning, due diligence and third-party selection, contract negotiation, ongoing monitoring, and termination.

On July 25, 2024, the federal banking agencies, including the OCC, issued a joint statement on banks’ arrangements with third parties to deliver bank deposit products and services. The joint statement identifies potential risks related to arrangements between banks and third parties to deliver bank deposit products and services to customers and provides examples of risk management practices to manage such risks.

Banking Acquisitions

We are required to obtain prior Federal Reserve approval before acquiring more than 5 percent of the voting shares, or substantially all of the assets, of a bank holding company, bank or savings association. In addition, the prior approval of the OCC is required for a national bank to merge with another bank or purchase the assets or assume the deposits of another bank. In determining whether to approve a proposed bank acquisition, federal bank regulators will consider, among other factors, the effect of the acquisition on competition, the public benefits expected to be received from the acquisition, the projected capital ratios and levels on a post-acquisition basis, and the acquiring institution’s record of addressing the credit needs of the communities it serves, including the needs of LMI neighborhoods, consistent with the safe and sound operation of the bank, under the CRA.

The standards by which bank and financial institution acquisitions are evaluated may be subject to change. In September 2024, the OCC adopted a final rule and policy statement regarding its review of BMA applications for OCC-supervised institutions, including the Bank. In May 2025, the OCC adopted a final rule that restored the ability for BMA applicants to file a streamlined application form for certain types of acquisitions and the expedited review process for BMA applications, which had been removed by the 2024 final rule, and rescinded the 2024 policy statement. The FDIC similarly adopted a final statement of policy in September 2024 but rescinded the 2024 statement of policy in May 2025. Concurrent with the FDIC and OCC issuances of revised policy statements in 2024, the DOJ withdrew from its 1995 Bank Merger Guidelines and announced that it would consider bank mergers under its 2023 Merger Guidelines, which are not industry specific, as well as under a separate, recently adopted bank merger addendum. Unlike the FDIC and OCC, the DOJ has not reinstated the guidance that was in effect prior to 2024.

Banking Subsidiary Dividends

The Parent Company is a legal entity separate and distinct from the Bank and other nonbanking subsidiaries. A substantial portion of our cash flow comes from dividends paid to us by Associated Bank. The OCC’s prior approval of the payment of dividends by Associated Bank to the Parent Company is required only if the total of all dividends declared by the Bank in any calendar year exceeds the sum of the Bank’s retained net income for that year and its retained net income for the preceding two calendar years, less any required transfers to surplus. Federal law prohibits national banks from paying dividends that would be greater than the bank’s undivided profits after deducting statutory bad debt in excess of the bank’s allowance for loan losses. In addition, under the FDICIA, an IDI, such as the Bank, is prohibited from making capital distributions, including the payment of dividends, if, after making such distribution, the institution would become “undercapitalized” as such term is used in the FDICIA.

Holding Company Dividends

In addition, the Corporation and the Bank are subject to various general regulatory policies and requirements relating to the payment of dividends, including requirements to maintain adequate capital above regulatory minimums. The appropriate federal regulatory authority is authorized to determine under certain circumstances relating to the financial condition of a bank or bank holding company that the payment of dividends would be an unsafe or unsound practice and to prohibit payment thereof. Under the Dodd-Frank Act and the requirements of the Federal Reserve, the Parent Company, as a bank holding company, is required to serve as a source of financial strength to the Bank and to commit resources to support the Bank. Consistent with its source of strength policy, the Federal Reserve has stated that, as a matter of prudent banking, a bank holding company should not maintain a level of cash dividends to its shareholders that places undue pressure on the capital of its bank subsidiaries, or that can be funded only through additional borrowings or other arrangements that may undermine the bank holding company’s ability to serve as a source of strength. The appropriate federal regulatory authorities have indicated that paying dividends that

6

deplete a bank’s capital base to an inadequate level would be an unsafe and unsound banking practice and that banking organizations should generally pay dividends only out of current operating earnings.

Capital Requirements

We are subject to various regulatory capital requirements both at the Parent Company and at the Bank level administered by the Federal Reserve and the OCC, respectively. Failure to meet minimum capital requirements could result in certain mandatory and possible additional discretionary actions by regulators that, if undertaken, could have an adverse material effect on our financial condition and results of operations. Under capital adequacy guidelines and the regulatory framework for prompt corrective action (described below), we must meet specific capital guidelines that involve quantitative measures of our assets, liabilities, and certain off-balance sheet items as calculated under regulatory accounting policies. Our capital amounts and classification are subject to judgments by the regulators regarding qualitative components, risk weightings, and other factors.

The Federal Reserve, the OCC and the FDIC have adopted risk-based capital regulations implementing certain provisions of the Dodd-Frank Act and Basel III. In general, subject to certain exceptions as discussed further below, minimum capital standards established under the risk-based capital regulations include a CET1 capital to risk-weighted assets ratio of 4.5 percent, a Tier 1 capital to risk-weighted assets ratio of 6.0 percent, a total capital to risk-weighted assets ratio of 8.0 percent, and a Tier 1 capital to adjusted average total assets leverage ratio of 4.0 percent. In determining the amount of risk-weighted assets for purposes of calculating risk-based capital ratios, all assets, including certain off-balance sheet assets (for example, recourse obligations, direct credit substitutes and residual interests) are multiplied by a risk-weight factor assigned by the regulations based on the risks believed inherent in the type of asset. Higher levels of capital are required for asset categories believed to present greater risk. CET1 capital is generally defined as common shareholders’ equity and retained earnings. Tier 1 capital is generally defined as CET1 and additional Tier 1 capital. Additional Tier 1 capital includes certain noncumulative perpetual preferred stock and related surplus and minority interests in equity accounts of consolidated subsidiaries. Total capital includes Tier 1 capital (CET1 capital plus additional Tier 1 capital) and Tier 2 capital. Tier 2 capital is comprised of capital instruments and related surplus, meeting specified requirements, and may include cumulative preferred stock and long-term perpetual preferred stock, mandatory convertible securities, intermediate preferred stock and subordinated debt. Also included in Tier 2 capital is the ACL limited to a maximum of 1.25 percent of risk-weighted assets.

Calculation of all types of regulatory capital is subject to deductions and adjustments specified in the regulations. In assessing an institution’s capital adequacy, the OCC takes into consideration not only these numeric factors, but qualitative factors as well, and has the authority to establish higher capital requirements for individual institutions where deemed necessary.

In addition to establishing the minimum regulatory capital requirements, the capital regulations limit capital distributions and certain discretionary bonus payments to management if the institution does not hold a capital conservation buffer consisting of 2.5 percent of CET1 capital to risk-weighted assets above the amount necessary to meet its minimum risk-based capital requirements.

The federal banking agencies have provided certain forms of relief to banking organizations that are not subject to the capital regulation's advanced approaches, such as the Corporation. For instance, non-advanced approaches institutions are subject to simpler regulatory capital requirements for MSAs, certain DTAs arising from temporary differences, investments in the capital of unconsolidated financial institutions, and requirements for the amount of capital issued by a consolidated subsidiary of a banking organization and held by third parties (sometimes referred to as a minority interest) that is includable in regulatory capital.

Such institutions may deduct from CET1 capital any amount of MSAs, temporary difference DTAs, and investments in the capital of unconsolidated financial institutions that individually exceeds 25 percent of CET1 capital.

On July 27, 2023, the federal banking agencies issued a proposed rule to implement the final components of the Basel III standards set by the Basel Committee on Banking Supervision in 2017. In light of the adverse reaction to the proposal, the Federal Reserve announced that it would publish a re-proposal of its regulations finalizing the Basel III standards. That re-proposal is expected in early 2026. The extent to which the re-proposal would impact institutions of the Corporation's size is unknown since the original proposal applied to bank holding companies of $100 billion or more.

We continue to exceed all capital requirements necessary to be deemed “well-capitalized” for all regulatory purposes under the capital regulations. For further detail on capital and capital ratios, see discussion under the Liquidity and Capital sections under Part II, Item 7, Management's Discussion and Analysis of Financial Condition and Results of Operations, and under Part II, Item 8, Financial Statements and Supplementary Data, Note 18 Regulatory Matters of the notes to consolidated financial statements.

Current Expected Credit Loss Treatment

7

Under the CECL model, we are required to present certain financial assets carried at amortized cost, such as loans held for investment and HTM securities, at the net amount expected to be collected. The measurement of expected credit losses is to be based on information about past events, including historical experience, current conditions, and reasonable and supportable forecasts that affect the collectability of the reported amount. The federal banking regulators have issued final rules providing financial institutions with the option to delay the estimated impact on regulatory capital stemming from the CECL model. As permitted under applicable regulations, the Corporation elected to delay the estimated impact of adopting CECL on its regulatory capital through December 31, 2021 and then phase in the estimated cumulative impact from January 1, 2022 through December 31, 2024. The deferral impacts began to phase in at 25% per year from January 1, 2022, were phased-in at 75% from January 1, 2024 and were fully phased-in from January 1, 2025.

Capital Planning and Stress Testing Requirements

As a result of the Economic Growth Act and related OCC rulemaking, the asset threshold for IDIs to conduct and report to their primary federal bank regulators company-run stress tests, as well as to comply with leverage limits, liquidity requirements, and resolution planning requirements, was raised from $10 billion to $250 billion in total consolidated assets and the Bank is no longer subject to Dodd-Frank Act stress testing requirements. The Economic Growth Act provided that bank holding companies under $100 billion in assets were no longer subject to stress testing requirements. Moreover, Section 214 of the Economic Growth Act and its implementing regulation prohibit the federal banking agencies from requiring the Bank to assign a heightened risk weight to certain HVCRE ADC loans as previously required under the Basel III capital rules. Notwithstanding these regulatory amendments, the federal banking agencies indicated through interagency guidance that the capital planning and risk management practices of institutions with total assets less than $100 billion would continue to be reviewed through the regular supervisory process. Although the Corporation will continue to monitor and stress test its capital consistent with the safety and soundness expectations of the federal regulators, the Corporation no longer publishes stress testing results as a result of the legislative and regulatory amendments.

Enforcement Powers of the Federal Banking Agencies; Prompt Corrective Action

The Federal Reserve, the OCC, and the CFPB have extensive supervisory authority over their regulated institutions, including, among other things, the power to compel higher reserves, the ability to assess civil money penalties, the ability to issue non-public memorandums of understanding, the ability to issue cease-and-desist or removal orders and the ability to initiate injunctive actions. In general, these enforcement actions may be initiated for violations of laws and regulations or for unsafe or unsound banking practices. Other actions or inactions by the Parent Company may provide the basis for enforcement action, including misleading or untimely reports.

Federal banking regulators are authorized and, under certain circumstances, required to take certain actions against banks that fail to meet their capital requirements. The federal banking agencies have additional enforcement authority with respect to undercapitalized depository institutions.

“Well-capitalized” institutions may generally operate without supervisory restriction. “Adequately capitalized” institutions cannot normally pay dividends or make any capital contributions that would leave them undercapitalized; they cannot pay a management fee to a controlling person if, after paying the fee, they would be undercapitalized; and they cannot accept, renew or roll over any brokered deposit unless the bank has applied for and been granted a waiver by the FDIC.

The federal banking agencies are required to take action to restrict the activities of an “undercapitalized,” “significantly undercapitalized,” or “critically undercapitalized” IDI. Any such bank must submit a capital restoration plan that is guaranteed by the parent holding company. Until such plan is approved, it may not increase its assets, acquire another institution, establish a branch or engage in any new activities, and generally may not make capital distributions. In certain situations, a federal banking agency may reclassify a well-capitalized institution as adequately capitalized and may require an adequately capitalized or undercapitalized institution to comply with supervisory actions as if the institution were in the next lower category.

Institutions must file a capital restoration plan with the OCC within 45 days of the date it receives a notice from the OCC that it is “undercapitalized,” “significantly undercapitalized,” or “critically undercapitalized.” Compliance with a capital restoration plan must be guaranteed by a parent holding company. In addition, the OCC is permitted to take any one of a number of discretionary supervisory actions, including but not limited to the issuance of a capital directive and the replacement of senior executive officers and directors.

Finally, bank regulatory agencies have the ability to impose higher than normal capital requirements known as individual minimum capital requirements for institutions with a high-risk profile.

At December 31, 2025, the Bank satisfied the capital requirements necessary to be deemed “well-capitalized.” In the event of a change to this status, the imposition of any of the measures described above could have a material adverse effect on the

8

Corporation and on its profitability and operations. The Corporation’s shareholders do not have preemptive rights and, therefore, if the Corporation is directed by the OCC or the FDIC to issue additional shares of common stock, such issuance may result in dilution in shareholders’ percentage of ownership of the Corporation.

Deposit Insurance Premiums

Associated Bank pays an insurance premium to the FDIC based upon its assessment rates on a quarterly basis. Deposits are insured up to applicable limits by the FDIC and such insurance is backed by the full faith and credit of the United States Government.

Under the Dodd-Frank Act, a permanent increase in deposit insurance was authorized to $250,000 per depositor, per IDI for each account ownership category.

This insurance is funded through assessments on the Bank and other IDIs. Each bank's assessment base is determined based on its average consolidated total assets less average tangible equity, and there is a scorecard method for calculating assessments that combines CAMELS (an acronym that refers to the five components of a bank's condition that are addressed: capital adequacy, asset quality, management, earnings, and liquidity) ratings and specified forward-looking financial measures to determine each institution's risk to the DIF.

The FDIC has the flexibility to adopt actual rates that are higher or lower than the total base assessment rates adopted without notice and comment, if certain conditions are met.

In 2022, the FDIC adopted a final rule, applicable to all IDIs, to increase base deposit insurance assessment rate schedules uniformly by 2 bp beginning in the first quarterly assessment period of 2023. The increase was instituted to account for extraordinary growth in insured deposits during the first and second quarters of 2020, which caused a substantial decrease in the DIF reserve ratio. The new assessment rate schedules are expected to remain in effect until the DIF reserve ratio meets or exceeds 2 percent.

In 2023, the FDIC issued a final rule to implement a special assessment to recover the loss to the DIF associated with protecting uninsured depositors following the closure of SVB and SBNY. Under the final rule, the assessment base for an IDI is equal to the institution’s estimated uninsured deposits as of December 31, 2022, adjusted to exclude the first $5 billion in estimated uninsured deposits. The FDIC started collecting the special assessment at an annual rate of 13.4 bp beginning with the first quarterly assessment period of 2024. The FDIC anticipates collecting special assessments for a total of eight quarterly assessment periods. On December 16, 2025, the FDIC issued an interim final rule that would reduce the special assessment rate for the eighth collection quarter from 3.36 bp to 2.97 bp. Under the interim final rule, upon termination of the receiverships, the FDIC will either provide an offset to regular quarterly deposit insurance assessments for IDIs subject to the special assessment if the amount collected exceeds losses or collect from IDIs subject to the special assessment a one-time final shortfall special assessment if losses at the termination of the receiverships exceed the amount collected.

The FDIC is authorized to conduct examinations of and require reporting by FDIC-insured institutions. It is authorized to terminate a depository bank’s deposit insurance upon a finding by the FDIC that the bank’s financial condition is unsafe or unsound or that the institution has engaged in unsafe or unsound practices or has violated any applicable rule, regulation, order or condition enacted or imposed by the bank’s regulatory agency. The termination of deposit insurance for the Bank would have a material adverse effect on our earnings, operations and financial condition.

Historically, deposit insurance premiums we have paid to the FDIC have been deductible for federal income tax purposes; however, the Tax Act disallows the deduction of such premium payments for banking organizations with total consolidated assets of $50 billion or more. For banks with less than $50 billion in total consolidated assets, such as ours, the premium deduction is phased out based on the proportion of a bank’s assets exceeding $10 billion. The Corporation anticipates that the Bank's total consolidated assets will exceed $50 billion upon the completion of its proposed acquisition of American National.

Brokered Deposits

The FDI Act and FDIC regulations limit the ability of an IDI, such as the Bank, to accept, renew or roll over brokered deposits unless the bank is well-capitalized under the prompt corrective action framework described above, or unless it is adequately capitalized and obtains a waiver from the FDIC. In addition, less than well-capitalized banks are subject to restrictions on the interest rates they may pay on deposits. The characterization of deposits as brokered may result in the imposition of higher deposit assessments on such deposits. The FDIC's regulations include a limited exception for reciprocal deposits for IDIs that have a composite condition of outstanding or good in the IDI's most recent examination and well-capitalized (or adequately capitalized and have obtained a waiver from the FDIC as mentioned above). Under the limited exception, IDIs that qualify, like the Bank, are able to exclude from treatment as "brokered" deposits up to the lesser of $5 billion or 20 percent of the bank's

9

total liabilities in reciprocal deposits (which is defined as deposits received by a bank through a deposit placement network with the same maturity (if any) and in the same aggregate amount as deposits placed by the bank in other network member banks).

Transactions with Affiliates and Insiders

Transactions between the Bank and its related parties or any affiliate are governed by Sections 23A and 23B of the Federal Reserve Act. An affiliate is any company or entity, which controls, is controlled by or is under common control with the bank. In a holding company context, at a minimum, the parent holding company of a national bank, and any companies that are controlled by such parent holding company, are affiliates of the bank. Generally, Sections 23A and 23B (i) limit the extent to which an institution or its subsidiaries may engage in “covered transactions” with any one affiliate to an amount equal to 10 percent of such institution’s capital stock and surplus, and contain an aggregate limit on all such transactions with all affiliates to an amount equal to 20 percent of such capital stock and surplus, and (ii) require that all such transactions be on terms substantially the same, or at least as favorable, to the institution or subsidiary as those provided to a nonaffiliate. The term “covered transaction” includes the making of loans, purchase of assets, issuance of a guarantee and similar types of transactions. Certain types of covered transactions must be collateralized according to a schedule set forth in the statute based on the type of collateral.

Certain transactions with our directors, officers or controlling persons are subject to conflicts of interest regulations. Among other things, these regulations require that loans to such persons and their related interests be made on terms substantially the same as for loans to unaffiliated individuals and must not create an abnormal risk of repayment or other unfavorable features for the financial institution. See Note 3 Loans of the notes to consolidated financial statements in Part II, Item 8, Financial Statements and Supplementary Data, for additional information on loans to related parties.

Community Reinvestment Act Requirements

The Bank is subject to periodic CRA reviews by the OCC. The CRA does not establish specific lending requirements or programs for banks and does not limit the ability of such banks to develop products and services believed best-suited for a particular community. An institution’s CRA assessment may be used by its regulators in their evaluation of certain applications, including a merger, acquisition or the establishment of a branch office. An unsatisfactory rating may be used as the basis for denial of such an application. The Bank received an “Outstanding” CRA rating in its most recent evaluation.

On October 24, 2023, the federal banking agencies jointly issued a final rule to revise the existing CRA regulations. In July 2025, the federal banking agencies issued a joint notice of proposed rulemaking to rescind the October 2023 final rule and restore the CRA framework that existed previously, which has remained in effect due to a preliminary injunction that stayed implementation of the October 2023 rule.

Privacy, Data Protection, and Cybersecurity

The Corporation collects, shares, uses, stores and otherwise processes information that relates to individuals and/or constitutes “personal data,” “personal information,” “nonpublic personal information,” or similar terms under applicable data privacy laws. The Corporation and its service providers are subject to a number of U.S. federal, state, local and foreign laws and regulations, industry standards and other requirements relating to consumer privacy and data protection, including those that apply generally to the handling of personal information. Under privacy protection provisions of the GLBA and its implementing regulations and guidance, financial institutions, such as the Bank, are limited in their ability to disclose certain non-public information about consumers to nonaffiliated third parties. Such financial institutions are required by statute and regulation to notify consumers of their privacy policies and practices and, in some circumstances, allow consumers to prevent disclosure of certain personal information to a nonaffiliated third party. In addition, such financial institutions must appropriately safeguard their customers’ nonpublic, personal information. Consumers and, in some instances, state and federal regulators, must be notified in the event of a data breach under applicable state laws and federal regulations. The Corporation had no material data breaches in 2025.

The changing privacy laws and regulations in the United States and elsewhere create new individual privacy rights and impose increased obligations on companies handling personal information, including the CCPA, as amended by the CPRA. While the CCPA does not apply to personal information collected, processed, sold or disclosed subject to the GLBA, the CCPA and other state laws apply to other personal information processed by the Corporation.

In addition, multiple states, Congress and regulators within and outside of the United States have adopted or are considering adopting similar laws or regulations which could create new individual privacy rights and impose additional obligations on the Corporation.

The federal banking agencies, including the OCC, have issued a rule imposing cybersecurity notification requirements for banking organizations and their service providers. Specifically, the rule requires banking organizations to notify their primary

10

federal regulator as soon as possible and no later than 36 hours after the discovery of a “computer-security incident” that rises to the level of a “notification incident,” as those terms are defined under the final rule.

The federal banking agencies have adopted guidelines for establishing information security standards and cybersecurity programs for implementing safeguards under the supervision of the board of directors. These guidelines, along with related regulatory materials, increasingly focus on risk management and processes related to information technology and the use of third parties in the provision of financial services. A financial institution should have a business continuity program to recover from a cyberattack and procedures for monitoring the security of third-party service providers that may have access to nonpublic data at the institution.

Further regulatory developments may impact the Corporation's data security- and privacy-related internal controls and risk profile. On October 22, 2024, the CFPB adopted a final rule regarding personal financial data rights that is designed to promote “open banking.” The final rule requires, among other things, that data providers, including any financial institution, make available to consumers and certain authorized third parties upon request certain covered transaction, account and payment information. However, in August 2025, the CFPB issued an advanced notice of proposed rulemaking to reconsider its final rule and, in October 2025, a district court issued a preliminary injunction preventing the CFPB from enforcing the final rule until the CFPB has completed its reconsideration of the rule.

The Corporation may be subject to rules and regulations promulgated under the authority of the Federal Trade Commission, which has the authority to regulate and enforce against unfair or deceptive acts or practices in or affecting commerce, including acts and practices with respect to data privacy and cybersecurity.

The Corporation is, or may become, subject to laws, regulations, and standards covering marketing, advertising and other activities conducted by telephone, email, mobile devices, and the internet, such as the TCPA, the CAN-SPAM Act, and similar state consumer protection and communication privacy laws, such as California's Invasion of Privacy Act.

The Corporation is subject to the FCRA, under which it is considered both a “furnisher” of consumer report information and a “user” of consumer reports provided by consumer reporting agencies. The FCRA regulates and protects consumer information collected by consumer reporting agencies and imposes specific obligations on “furnishers” and “users” of consumer report information. Such obligations include, among others, taking steps to ensure that consumer report information furnished to consumer reporting agencies is accurate and, as required, inaccurate or incomplete information is corrected or updated, restricting the sharing of information contained in a consumer report, notifying consumers when such reports are used to make an adverse decision or to close a consumer's account, and, in the context of completing employee background checks, providing a notice containing certain disclosures to the consumer and obtaining their consent. Under the regulations implementing the FCRA, “furnishers” of consumer report information are required to establish, implement and follow reasonable policies and procedures regarding the accuracy and integrity of information furnished to consumer reporting agencies.

Artificial Intelligence

CFPB and other federal regulatory guidance reiterates that creditors are not excused from the adverse action notice requirements under ECOA if they rely on complex algorithmic underwriting models. States have started to regulate the use of AI technologies. Of note, the California Privacy Protection Agency has finalized regulations under the CCPA regarding the use of automated decision making. California also enacted new laws that further regulate use of AI technologies and provide consumers with additional protections around companies’ use of AI technologies, such as requiring companies to disclose certain uses of generative AI, and other states have also passed AI-focused legislation. In addition, the New York State Department of Financial Services issued an industry letter on combating cybersecurity risks associated with AI.

In July 2024, the federal banking agencies, including the OCC, the Federal Reserve, and the FDIC, issued a final rule that requires, among other things, financial institutions to ensure that their automated valuation models for property valuation follow certain quality control standards, including a requirement that such valuation models comply with nondiscrimination laws.

On January 23, 2025, President Trump issued an Executive Order aimed at reducing barriers to AI innovation in the U.S. economy. The Order requires relevant persons and bodies within the federal government to develop an AI action plan to carry out this objective and revokes an AI-related Executive Order issued in 2023 by President Biden, as well as all corresponding policies, regulations, orders, directives and other actions taken in response to such Order.

Bank Secrecy Act / Anti-Money Laundering

The BSA, as amended by the Patriot Act and the Anti-Money Laundering Act of 2020, requires financial institutions to develop policies, procedures, and practices to prevent and deter money laundering, mandates that every national bank have a written, board-approved program that is reasonably designed to assure and monitor compliance with the BSA. The program must, at a

11

minimum: (1) provide for a system of internal controls to assure ongoing compliance; (2) provide for independent testing for compliance; (3) designate an individual responsible for coordinating and monitoring day-to-day compliance; (4) provide training for appropriate personnel; and (5) provide for appropriate risk-based procedures for conducting customer due diligence. In addition, national banks are required to adopt a customer identification program as part of their BSA compliance program. National banks are required to file SARs when they detect certain known or suspected violations of federal law or suspicious transactions related to money laundering activity or a violation of the BSA, to file reports on cash transactions exceeding specified thresholds, and to respond to certain requests for information by regulatory authorities and law enforcement agencies. The regulations implementing the BSA require financial institutions to establish risk-based procedures for conducting ongoing customer due diligence and procedures for understanding the nature and purpose of customer relationships for the purpose of developing a customer risk profile. In addition, FinCEN has promulgated customer due diligence and customer identification rules that require banks to identify and verify the identity of the beneficial owners of all legal entity customers (other than those that are excluded) at the time a new account is opened (other than accounts that are exempted).

Interstate Branching

National and state-chartered banks may open an initial branch in a state other than its home state (e.g., a host state) by establishing a de novo branch at any location in such host state at which a bank chartered in such host state could establish a branch. Applications to establish such branches must still be filed with the appropriate primary federal regulator.

Volcker Rule

Banks and their affiliates are prohibited from engaging in proprietary trading and investing in, sponsoring and having certain relationships with private funds such as hedge funds or private equity funds that would be considered an investment company for purposes of the Volcker Rule. The compliance requirements under regulations implementing the Volcker Rule are tailored based on the size and scope of trading activities. Because total trading assets and liabilities are maintained under $20 billion, the Corporation benefit from significantly reduced compliance obligations even though it remains subject to the modified rules and requirements related to covered funds.

Incentive Compensation Policies and Restrictions

The federal banking agencies have issued guidance on sound incentive compensation policies that applies to all banking organizations supervised by the agencies (thereby including both the Parent Company and the Bank). Pursuant to the guidance, to be consistent with safety and soundness principles, a banking organization’s incentive compensation arrangements should: (1) provide employees with incentives that appropriately balance risk and reward; (2) be compatible with effective controls and risk management; and (3) be supported by strong corporate governance including active and effective oversight by the banking organization’s board of directors. Monitoring methods and processes used by a banking organization should be commensurate with the size and complexity of the organization and its use of incentive compensation.

The Dodd-Frank Act required the federal banking agencies and the SEC to establish joint regulations or guidelines for financial institutions, such as the Bank, to prohibit incentive-based payment arrangements that encourage inappropriate risk taking by providing an executive officer, employee, director or principal shareholder with excessive compensation, fees, or benefits or that could lead to material financial loss to the entity. Despite numerous proposals, no regulation has been finalized.

Pursuant to SEC regulations, we adopted a “clawback” policy with respect to the recovery of incentive-based compensation paid to current or former executive officers in the event of material noncompliance with any financial reporting requirement under the securities laws. A copy of our clawback policy is attached as Exhibit 97 to this Annual Report on 10-K.

The Federal Reserve will review, as part of its standard, risk-focused examination process, the incentive compensation arrangements of financial institutions, such as the Corporation. These reviews will be tailored to each organization based on the scope and complexity of the organization’s activities and the prevalence of incentive compensation arrangements. Deficiencies will be incorporated into the organization’s supervisory ratings, which can affect the organization’s ability to make acquisitions and take other actions. Enforcement actions may be taken against a banking organization if its incentive compensation arrangements, or related risk-management control or governance processes, pose a risk to the organization’s safety and soundness and the organization is not taking prompt and effective measures to correct the deficiencies.

Consumer Financial Services Regulations

Federal and applicable state banking laws require us to take steps to protect consumers.

The CFPB is responsible for interpreting and enforcing federal consumer financial laws, as defined by the Dodd-Frank Act, that, among other things, govern the provision of deposit accounts along with mortgage origination and servicing. Some federal

12

consumer financial laws enforced by the CFPB include the ECOA, TILA, the Truth in Savings Act, the Home Mortgage Disclosure Act, RESPA, the Fair Debt Collection Practices Act, and the FCRA. The CFPB is authorized to prevent any institution under its authority from engaging in an unfair, deceptive, or abusive act or practice in connection with consumer financial products and services.

Under TILA as implemented by Regulation Z, mortgage lenders are required to make a reasonable and good faith determination based on verified and documented information that a consumer applying for a mortgage loan has a reasonable ability to repay the loan according to its terms. Mortgage lenders are required to determine consumers’ ATR in one of two ways. The first alternative requires the mortgage lender to consider the following eight underwriting factors when making the credit decision: (1) current or reasonably expected income or assets; (2) current employment status; (3) the monthly payment on the covered transaction; (4) the monthly payment on any simultaneous loan; (5) the monthly payment for mortgage-related obligations; (6) current debt obligations, alimony, and child support; (7) the monthly DTI ratio or residual income; and (8) credit history. Alternatively, the mortgage lender can originate QMs, which generally are mortgage loans without negative amortization, interest-only payments, balloon payments, or terms exceeding 30 years. QMs are entitled by rule to a presumption that the creditor making the loan satisfied the ATR requirements provided certain requirements are met. The Corporation is predominantly an originator of compliant QMs. The CFPB has implemented the TILA-RESPA Integrated Disclosure rules, which harmonize disclosure and certain regulatory compliance requirements required under those two statutes with respect to residential mortgage loans.

The CFPB has the authority to take supervisory and enforcement action against banks under its jurisdiction that fail to comply with federal consumer financial laws. The Bank is subject to the CFPB’s supervisory and enforcement authorities. The Dodd-Frank Act permits states to adopt stricter consumer protection laws and state attorneys general to enforce consumer protection rules issued by the CFPB. The Bank operates in a stringent consumer compliance environment and could incur additional costs related to consumer protection compliance, including but not limited to potential costs associated with CFPB examinations, regulatory and enforcement actions and consumer-oriented litigation. In previous years, the CFPB has been active in bringing enforcement actions to enforce consumer financial laws. The federal financial regulatory agencies, including the OCC, and states attorneys general also have been active in this area with respect to institutions over which they have jurisdiction. We have incurred and may in the future incur additional costs in complying with these requirements.

Other Regulations

The Bank is subject to a variety of other regulations with respect to the operation of its businesses, including but not limited to the Dodd-Frank Act, which among other restrictions placed limitations on the interchange fees charged for debit card transactions, TILA, Truth in Savings Act, ECOA, EFTA, Fair Housing Act, Home Mortgage Disclosure Act, Fair Debt Collection Practices Act, Expedited Funds Availability (Regulation CC), Reserve Requirements (Regulation D), Insider Transactions (Regulation O), Privacy of Consumer Information (Regulation P), Privacy of Consumer Financial Information and Safeguarding Personal Information (Regulation S-P), Margin Stock Loans (Regulation U), Right To Financial Privacy Act, Flood Disaster Protection Act, Homeowners Protection Act, Servicemembers Civil Relief Act, RESPA, Children’s Online Privacy Protection Act, and the John Warner NDAA.

The laws and regulations to which we are subject are constantly under review by Congress, the federal regulatory agencies, and the state authorities. These laws and regulations could be changed in the future, which could affect our profitability, our ability to compete effectively, or the composition of the financial services industry in which we compete.

Other Regulatory Authorities

In addition to regulation, supervision and examination by federal banking agencies, the Corporation and certain of its subsidiaries, including those that engage in securities brokerage, dealing and investment advisory activities, are subject to other federal and applicable state securities and other laws and regulations, and to supervision and examination by other regulatory authorities including the SEC, FINRA, NYSE, DOL and others.

Separately, in June 2019, the SEC adopted Regulation Best Interest, which, among other things, establishes a standard of conduct for a broker-dealer to act in the best interest of a retail customer when making a recommendation of any securities transaction or investment strategy involving securities to such customer. The rule requires us to review and possibly modify our compliance activities, which is causing us to incur some additional costs. In addition, state laws that impose a fiduciary duty may require monitoring, as well as require that we undertake other compliance measures.

Government Monetary Policies and Economic Controls

Our earnings and growth, as well as the earnings and growth of the banking industry, are affected by the credit policies of monetary authorities, including the Federal Reserve. An important function of the Federal Reserve is to regulate the national

13

supply of bank credit in order to combat recession and curb inflationary pressures. Among the instruments of monetary policy used by the Federal Reserve to implement these objectives are open market operations in U.S. government securities, changes in reserve requirements against member bank deposits, and changes in the Federal Reserve discount rate. These instruments are used in varying combinations to influence overall growth of bank loans, investments, and deposits, and may also affect interest rates charged on loans or paid for deposits. The monetary policies of the Federal Reserve authorities have had a significant effect on the operating results of commercial banks in the past and are expected to continue to have such an effect in the future.

In view of changing conditions in the national economy and in money markets, as well as the effect of credit policies by monetary and fiscal authorities, including the Federal Reserve, it is difficult to predict the impact of possible future changes in interest rates, deposit levels, and loan demand, or their effect on our business and earnings or on the financial condition of our various customers.

Available Information

We file annual, quarterly, and current reports, proxy statements, and other information with the SEC. These filings are available to the public on the Internet at the SEC’s web site at www.sec.gov.

Our principal internet address is www.associatedbank.com. We make available free of charge on or through our website our annual report on Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. In addition, shareholders may request a copy of any of our filings (excluding exhibits) at no cost by writing at Associated Banc-Corp, Attn: Investor Relations, 433 Main Street, Green Bay, WI 54301 or e-mailing us at investor.relations@associatedbank.com.