AMERICAN EXPRESS CO (AXP) Business

ITEM 1.    BUSINESS

Overview

American Express is a global payments and premium lifestyle brand powered by technology. Founded in 1850 and headquartered in New York, American Express’ card-issuing, merchant-acquiring and card network businesses offer products and services to a broad range of customers, including consumers, small businesses, mid-sized companies and large corporations around the world.

Our range of products and services includes:

•Credit and charge cards and complementary products and services, including travel, dining, lifestyle and expense management products and services

•Banking and other payment and financing products and services, including deposits and non-card lending

•Merchant acquisition and processing, servicing and settlement, fraud prevention, and point-of-sale marketing and information products and services

•Network services

These products and services are offered through various channels, including mobile and online applications, affiliate marketing, customer referral programs, third-party service providers and business partners, in-house sales teams, direct mail, telephone and direct response advertising.

We were founded as a joint stock association and incorporated in 1965 as a New York corporation. American Express Company and its principal operating subsidiary, American Express Travel Related Services Company, Inc. (TRS), are bank holding companies under the Bank Holding Company Act of 1956, as amended (the BHC Act), subject to supervision and examination by The Board of Governors of the Federal Reserve System (the Federal Reserve).

We principally engage in businesses comprising four reportable operating segments: U.S. Consumer Services (USCS), Commercial Services (CS), International Card Services (ICS) and Global Merchant and Network Services (GMNS). Corporate functions and certain other businesses are included in Corporate & Other. Our businesses function together to form our end-to-end integrated payments platform, which we believe is a differentiator that underpins our business model. For further information about our reportable operating segments, see “Business Segment Results of Operations” under “MD&A.”

1

Table of Contents

Our Integrated Payments Platform and Technology

Through our card-issuing, merchant-acquiring and card network businesses, we are able to connect participants and provide differentiated value across the commerce path. We maintain direct relationships with Card Members (as a card issuer) and merchants (as an acquirer), which provides us with access to information at both ends of the card transaction, distinguishing our integrated payments platform from the bankcard networks. Through contractual relationships, we also obtain information from third-party card issuers, merchant acquirers, processors and payment facilitators with whom we do business.

Our integrated payments platform and the systems and infrastructure that underlie it provide us with data and analytics, while maintaining our commitment to respect Card Member preferences and protect Card Member and merchant data in compliance with applicable policies and legal requirements. Our models and analytical tools help us reduce fraud and underwrite risk, such as in determinations regarding the extension of credit. We also leverage our technology to provide differentiated value to customers, such as special offers and benefits to Card Members and targeted marketing and other information services for merchants and partners, as well as to develop and improve our customer interfaces and service capabilities to continue to deliver a high-quality customer experience. We also continue to explore ways to deploy new and developing technologies to enhance our payments platform and customer experience, such as uses for generative artificial intelligence (AI) and the integration of our products and services in agentic commerce.

Card Issuing Businesses

We are a leader in providing general purpose credit and charge cards to consumers, small businesses, mid-sized companies and large corporations. We offer a broad set of card products, rewards and services to this premium consumer and broad commercial customer base, in the United States and internationally, through our USCS, CS and ICS reportable operating segments. We focus on differentiating American Express Membership through our Membership Model of premium products, lifestyle services for consumers and business-centric solutions for our commercial customers, and benefits for our Card Members that we co-create and co-fund with our business partners. We believe the many benefits that come with American Express Membership build a strong, emotional connection with our brand across generations and geographies.

We acquire and retain high-spending, engaged and creditworthy Card Members by designing innovative credit, charge and debit card products and payment and lending solutions that appeal to our target customer base and meet their spending and borrowing needs. We seek to provide attractive value propositions to Card Members in a number of different ways, including:

•providing incentives to drive spending on our various card products and increase customer engagement, including our Membership Rewards® and Amex Offers™ programs, cash-back reward features, statement credits for purchases with partners, interest rates offered on deposits and participation in loyalty programs sponsored by our cobrand and other partners;

•offering an array of benefits, services and experiences through our Membership Model, such as lounge access, dining experiences, entertainment and other travel-, lifestyle- and business-related benefits; and

•delivering on our brand attributes of trust, security and service, including by providing exceptional levels of customer care.

A key element of our Membership Model is our development of a wide range of partner relationships, including to design, cobrand and distribute certain of our cards and provide benefits, services and experiences to our Card Members. We also enhance the American Express Membership experience through a suite of digital applications and tools, such as the new Amex Travel App that we launched in 2025, which make it easier for our Card Members to engage with our products and benefits and improve their service experience.

We regularly refresh many of our card products, such as the 2025 refresh of our U.S. Consumer and Business Platinum cards, to enhance their value propositions, increase engagement with existing customers and attract new customers. We also have a number of products that complement our card products. We offer banking and financing products such as high yield savings, business and consumer checking accounts, consumer installment loans and lines of credit offered to small businesses. We also provide non-card business-to-business (B2B) payment products and cash and expense management solutions to our commercial clients, which we are enhancing through our 2025 acquisition of Center, an expense management software company. In addition, we provide Card Members with reservation capabilities and elevated dining experiences through our dining platform spanning our network of Resy® and Tock® restaurants and venues.

For the year ended December 31, 2025, worldwide billed business (spending on American Express cards issued by us) was $1,670 billion and as of December 31, 2025, we had 86.6 million proprietary cards-in-force worldwide. Jurisdictions that represent a significant portion of our billed business include the United States, the United Kingdom, the European Union, Australia, Japan, Canada and Mexico.

2

Table of Contents

Merchant Acquiring Business

Our GMNS reportable operating segment builds and manages relationships with millions of merchants around the world that choose to accept American Express cards. This includes signing new merchants to accept our cards, agreeing on the discount rate (a fee charged to the merchant for accepting our cards) and handling servicing for merchants. We also build and maintain relationships with merchant acquirers, processors and payment facilitators to manage aspects of our merchant services business. For example, through our OptBlue® merchant-acquiring program, these third parties contract directly with small merchants for card acceptance on our network and determine merchant pricing. We continue to grow merchant acceptance of American Express cards around the world and work with merchant partners so that our Card Members are warmly welcomed and encouraged to spend in the millions of places where their American Express cards are accepted. We also seek to drive greater usage of the American Express network by deepening merchant engagement and increasing Card Member awareness through initiatives such as our Shop Small® campaigns and expanding our payment options such as through debit and B2B capabilities.

GMNS also provides fraud-prevention tools, marketing solutions, data analytics and other programs and services to merchants and other partners that leverage the capabilities of our integrated payments platform.

Card Network Business

We operate a payments network that processes and settles transactions across the globe. To enhance and extend the reach of our global network and broaden our customer base, we establish and maintain relationships with third-party banks and other institutions in approximately 110 countries and territories through our card network business. These network partners are licensed to issue American Express-branded cards in their countries and/or serve as the merchant acquirer for local merchants on our network.

For the year ended December 31, 2025, worldwide processed volume (spending on American Express cards issued by third parties as well as alternative payment solutions facilitated by American Express) was $227.2 billion and as of December 31, 2025, we had 66.2 million cards-in-force issued by third parties worldwide.

Diverse Customer Base and Global Footprint

The following chart provides a summary of our diverse set of customers and broad geographic footprint based on worldwide network volumes:

3

Table of Contents

Partners and Relationships

Our integrated payments platform allows us to work with a range of business partners, and our partners in return help drive the scale and relevance of the platform.

There are many examples of how we work with partners, including: issuing cards under cobrand arrangements with other corporations and institutions (e.g., Delta Air Lines (Delta), Marriott International, British Airways and Hilton Worldwide Holdings); providing greater value to our Card Members (e.g., Amex Offers and statement credits for purchases with partners); offering innovative ways for our Card Members to earn and use points with our merchants (e.g., Pay with Points at Amazon.com); expanding merchant acceptance with third-party acquirers and processors (e.g., OptBlue program participants); offering access to payment technologies, marketing solutions and brand assets for cards issued by third-party banks, financial technology companies and other institutions on the American Express network (e.g., cards offered by Coinbase and Credit Saison); integrating into expense management processes of our business customers (e.g., Emburse and SAP Concur); enhancing our travel and lifestyle benefits and services (e.g., Fine Hotels and Resorts®); and providing experiences and entertainment for Card Members (e.g., via Formula 1 and AEG Worldwide). We also have an equity investment in, and commercial arrangements with, Global Business Travel Group, Inc. (GBTG), which provides business travel-related services.

Delta is our largest strategic partner. Our relationships with, and revenues and expenses related to, Delta are significant and represent an important source of value for our Card Members. We issue cards under cobrand arrangements with Delta and the Delta cobrand portfolio continued to represent approximately 13 percent of worldwide billed business and approximately 21 percent of worldwide Card Member loans as of December 31, 2025. The Delta cobrand portfolio generates fee revenue and interest income from Card Members and discount revenue from Delta and other merchants for spending on Delta cobrand cards. The current Delta cobrand agreement runs through the end of 2029 and we expect to continue to make significant investments in this partnership. Among other things, Delta is also a key participant in our Membership Rewards program, provides travel-related benefits and services, including airport lounge access for certain American Express Card Members, accepts American Express cards as a merchant and is a corporate payments customer.

Working with all of our partners, we seek to provide value, choice and unique experiences across our customer base.

Our Premium Customer Base, Revenue Mix and Membership Model

We seek to attract premium, high-spending and high-credit-quality customers and our business model focuses on generating revenues primarily by driving spending on our cards and secondarily through finance charges and fees. Spending on our cards, which is higher on average on a per-card basis versus our network competitors, offers superior value to merchants in the form of loyal customers and larger transactions, and attracts partners to provide value to our Card Members and merchants. We also aim to meet the borrowing needs of our customers through a variety of card and non-card financing products, and we charge an annual fee on many of our card products, which helps support the value offered on those products. Because of the spend, lend and fee revenues we generate, we are able to invest in our Membership Model, which provides attractive rewards and other benefits for Card Members, as well as in marketing and payment solutions for merchants. This attracts new Card Members and creates incentives for Card Members to spend more on their cards, attracts merchants and partners to provide additional value to our Membership Model and positively differentiates American Express cards.

The American Express Brand and Service Excellence

Our brand and its attributes—trust, security and service—are key assets. We invest heavily in managing, marketing, promoting and protecting our brand, including through the delivery of our products and services in a manner consistent with our brand promise. The American Express brand is ranked among the most valuable brands in the world. We place significant importance on trademarks, service marks and patents, and seek to secure our intellectual property rights around the world.

We aim to provide the world’s best customer experience every day and our reputation for world-class service has been recognized by numerous awards over the years. Our customer care professionals, travel consultants and partners treat servicing interactions as an opportunity to bring the brand to life for our customers, add meaningful value and deepen relationships. We also utilize technology to provide customers with a range of servicing channels and tools designed to meet their preferences and enhance their service experience.

4

Table of Contents

Our Business Strategies

We seek to grow our business by focusing on five strategic imperatives:

First, we aim to expand our leadership in the premium consumer space by continuing to deliver membership benefits that span our customers’ everyday spending, borrowing, travel and lifestyle needs, expanding our roster of business partners around the globe and developing a range of experiences that attract high-spending customers.

Second, we seek to build on our strong position in commercial payments by evolving our card value propositions, further differentiating our corporate card and accounts payable expense management solutions and designing innovative products and features, including financing, banking and payment solutions for our business customers.

Third, we are focused on strengthening our global, integrated network by continuing to increase merchant acceptance, providing merchants with fraud protection services, marketing insights and connections to higher-spending Card Members and working with our network partners to offer expanded products and services.

Fourth, we want to continue to build on our unique global position, seeking ways to use our differentiated business model and global presence as we progress against our other strategic imperatives.

Finally, we seek to reimagine our customer and colleague experiences to drive innovation, improve productivity and efficiency and enhance customer satisfaction. We added this fifth strategic imperative as technology is transforming how we work and changing our customers’ expectations.

5

Table of Contents

Our Colleagues

Our colleagues are integral to executing our business strategies and to our overall success. As of December 31, 2025, we employed approximately 76,800 people, whom we refer to as colleagues, with approximately 25,900 colleagues in the United States and approximately 50,900 colleagues outside the United States.

We conduct an annual Colleague Experience Survey for colleagues to share their feedback about the work environment and culture at American Express, which helps us better understand colleague sentiment across several aspects of their experience including leadership, engagement, work life, risk and controls, career development and well-being. In 2025, 91 percent of colleagues who participated in the survey said they would recommend American Express as a great place to work.

At the heart of our workplace culture are our Blue Box Values, which are a set of guiding principles that serve as the foundation for how we operate as a company and lead. We believe that maintaining our strong culture, adhering to our Blue Box Values and ensuring that our people feel respected, valued, recognized and backed helps us attract, develop and engage the right talent for American Express’ success.

We support our colleagues with competitive total compensation packages, holistic well-being programs and opportunities for career growth and development to attract and retain top talent.

Competitive Total Compensation. Our compensation programs seek to recognize colleagues for their contributions, leadership and impact, and every colleague has the opportunity to share in American Express’ success. In addition, maintaining pay equity is an important part of our compensation philosophy and is reviewed annually to ensure colleagues are compensated fairly, based on key factors such as tenure, role, level, geography, merit and performance.

Holistic Well-Being. We also provide leading benefits and take a holistic approach to well-being, providing resources that address the physical, financial and mental health of our colleagues. We support our colleagues’ physical health and well-being through our corporate wellness program, Healthy Living, which highlights the importance of preventive care, encourages and rewards healthy actions, and delivers practical and accessible resources that promote a healthy lifestyle. We also offer resources and support for our colleagues’ mental health through our Healthy Minds Program, which provides colleagues and their household members with access to free counseling and a personalized health concierge service, and aims to increase mental health awareness across American Express. Our financial well-being program, Smart Saving, provides tools and resources to help colleagues build their financial knowledge and skills for all life stages.

Career Growth & Development. We provide colleagues at all levels with access to a wide variety of resources to support their ongoing career growth and leadership development. We start with opportunities for colleagues to learn on the job, build cross-functional skills and grow in their careers through a defined, collaborative process for performance management. Colleagues have access to a number of other resources, such as career coaching, mentoring, professional networking and rotation opportunities, as well as courses on-demand and with classroom-style instruction. To help support a culture of conduct and risk management, we also require colleagues undergo trainings on laws, regulations and policies applicable to them and American Express.

6

Table of Contents

Information About Our Executive Officers

Set forth below, in alphabetical order, is a list of our executive officers as of February 6, 2026, including each executive officer’s principal occupation and employment during the past five years. None of our executive officers has any family relationship with any other executive officer, and none of our executive officers became an officer pursuant to any arrangement or understanding with any other person. Each executive officer has been elected to serve until the next annual election of officers or until his or her successor is elected and qualified. Each officer’s age is indicated by the number in parentheses next to his or her name.

7

Table of Contents

8

Table of Contents

COMPETITION

We compete in the global payments industry with networks, issuers, acquirers and other payment service providers and methods of payment, including paper-based transactions (e.g., cash and checks) and electronic transfers (e.g., wire transfers and Automated Clearing House (ACH)), as well as evolving and growing alternative mechanisms, systems and products that leverage new technologies, business models and customer relationships to create payment, financing or banking solutions. The payments industry continues to undergo changes in response to evolving technologies, business dynamics and competition for premium customers.

As a card issuer, we compete with financial institutions that issue general-purpose credit and debit cards, as well as businesses that issue private label cards, operate mobile wallets, provide payment services or extend credit. We face intense competition in the premium space and for cobrand relationships, as both card issuer and network competitors have targeted high-spending customers and key business partners with attractive value propositions. For example, there is heightened competition with respect to several aspects of our Card Member value propositions, such as in partnerships and other differentiated offerings (e.g., lounge space in U.S. and global hub airports, dining experiences and other experiential offerings). Our banking products also face strong competition, such as with respect to the rates offered on deposits.

Our global card network competes in the global payments industry with other card networks, including, among others, Visa, China UnionPay, Mastercard, JCB, Discover and Diners Club International (the last two of which are owned by Capital One). We are the fourth largest general-purpose card network globally based on purchase volume, behind Visa, China UnionPay and Mastercard. In addition to such networks, we compete against a range of companies globally, including merchant acquirers, processors, payment facilitators and web- and mobile-based payment platforms (e.g., Alipay, PayPal and Shop Pay), as well as regional payment networks (such as the National Payments Corporation of India).

The principal competitive factors that affect card-issuing, merchant and network businesses include:

•The features, value and quality of the products and services, including customer care, rewards programs and offers, partnerships, travel-, lifestyle- and business-related benefits (including lounges, dining and other entertainment, as well as business tools), banking services and digital and mobile services, as well as the costs associated with providing such features and services

•Reputation and brand recognition

•The number, spending characteristics and credit performance of customers

•The quantity, diversity and quality of the establishments where the cards can be used

•The attractiveness of the value proposition to cardholders, corporate clients, merchants, merchant acquirers, card issuers and processors, payment facilitators and other payment intermediaries (including the relative cost and ease of using or accepting the products and services, and capabilities such as fraud prevention and data analytics)

•The number, quality and cost of other cards and other forms of payment and financing available to customers, as well as the integration and connectivity of those products

•The security of cardholder, merchant and network partner information

•The success of marketing and promotional campaigns

•The speed of innovation and investment in systems, technologies and product and service offerings

•The nature and quality of expense management tools, electronic payment methods and data capture and reporting capabilities, particularly for business customers

9

Table of Contents

Another aspect of competition is the dynamic and rapid growth of alternative payment and financing mechanisms, systems and products, which include payment facilitators and processors, digital payment, open banking and electronic wallet platforms, point-of-sale lenders and buy now, pay later products, real-time settlement and processing systems, financial technology companies, digital currencies developed by both the private sector and central banks, tokenization, blockchain and similar distributed ledger technologies, prepaid systems and gift cards, and systems linked to customer accounts or that provide payment solutions. The development of agentic commerce solutions, in which autonomous or semi-autonomous AI agents initiate and execute transactions on behalf of users, has accelerated as generative AI technologies have advanced and become more popular. In addition, the use of stablecoins, which can be used for payments in a number of settings, including in e-commerce and cross-border and B2B payments, has grown. The integration of these and other new or evolving technologies has the potential to create new or better competitor products, alter the competitive environment and reshape customer payment experiences, including in ways that disintermediate our relationship with customers. Furthermore, the business models and cost structures of competitors in these areas may differ from ours, such as those of certain financial technology companies, which can provide them with a number of advantages, including differing revenue streams, lower costs, greater scale or ability to pursue and adopt new technologies and less stringent regulatory requirements, and may enable them to disintermediate us from our customers. Additionally, various competitors are integrating more financial services into their product offerings and seeking to attain the benefits of an integrated payments platform, such as ours.

In addition to the discussion in this section, see “Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry” under “Risk Factors” for further discussion of the potential impact of competition on our business, and “Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition” and “Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand” under “Risk Factors” for a discussion of the potential impact on our ability to compete effectively due to government regulations or if ongoing legal proceedings limit our ability to prevent merchants from engaging in various actions that discriminate against our card products.

10

Table of Contents

SUPERVISION AND REGULATION

Overview

We are subject to evolving and extensive government regulation and supervision in jurisdictions around the world, and the costs of ongoing compliance are substantial. The financial services industry is subject to rigorous scrutiny, high regulatory expectations, a range of regulations and a stringent and unpredictable enforcement environment.

Governmental authorities have focused, and we believe will continue to focus, considerable attention on reviewing compliance by financial services firms and payment systems with laws and regulations, and as a result, we continually work to evolve and improve our risk management framework, governance structures, practices and procedures. Reviews by us and governmental authorities to assess compliance with laws and regulations, as well as our own internal reviews to assess compliance with internal policies, including errors or misconduct by colleagues or third parties or control failures, have resulted in, and are likely to continue to result in, changes to our products, practices and procedures, restitution to our customers and increased costs related to regulatory oversight, supervision and examination. We have also been subject to regulatory actions and may continue to be the subject of such actions, including governmental inquiries, investigations, enforcement proceedings and the imposition of fines or civil money penalties, in the event of noncompliance or alleged noncompliance with laws or regulations.

Policymakers around the world continue to propose and adopt new and increasingly complex laws and regulations governing a wide variety of issues that may impact our business or change our operating environment in substantial and unpredictable ways. For example, legislators and regulators in various countries in which we operate have focused on the offering of consumer financial products and the operation of payment networks, resulting in changes to certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, the establishment of broad and ongoing regulatory oversight regimes.

The following discussion summarizes elements of the extensive regulatory environment in which we operate; it does not purport to be complete or to describe all of the laws or regulations to which we are subject or all possible or proposed changes in laws or regulations that may become applicable to us. See “Operational and Compliance Risks” under “Risk Factors” for a discussion of the potential impact that changes in applicable law or regulation, and in their interpretation and application by regulatory agencies and other governmental authorities, may have on our business, results of operations and financial condition.

Banking Regulation

American Express entities are subject to banking regulation in the United States and in certain jurisdictions internationally. U.S. federal and state banking laws, regulations and policies extensively regulate the Company, TRS and our U.S. bank subsidiary, American Express National Bank (AENB). For purposes of this Supervision and Regulation section, the “Company” refers only to American Express Company, a bank holding company, and does not include its subsidiaries. Both the Company and TRS are subject to comprehensive consolidated supervision, regulation and examination by the Federal Reserve and AENB is supervised, regulated and examined by the Office of the Comptroller of the Currency (OCC) and with respect to certain matters by the Federal Deposit Insurance Corporation (FDIC). The Company and its subsidiaries are also subject to the rulemaking, enforcement and examination authority of the Consumer Financial Protection Bureau (CFPB). Banking regulators have broad examination and enforcement powers, including the power to impose substantial fines, limit dividends and other capital distributions, restrict operations and acquisitions and require divestitures, any of which could compromise our competitive position. Many aspects of our business also are subject to rigorous regulation by other U.S. federal and state regulatory agencies and by non-U.S. government agencies and regulatory bodies. For example, non-U.S. regulators supervising our international regulated financial institutions use many of the same principles of regulation and supervision that are used by U.S. federal bank regulators.

11

Table of Contents

Activities

The BHC Act generally limits bank holding companies to activities that are considered to be banking activities and certain closely related activities. As noted above, each of the Company and TRS is a bank holding company and each has elected to become a financial holding company, which is authorized to engage in a broader range of financial and related activities. In order to remain eligible for financial holding company status, the Company and TRS must meet certain eligibility requirements. Those requirements include that each of the Company and AENB must be “well capitalized” and “well managed,” and AENB must have received at least a “satisfactory” rating on its most recent assessment under the Community Reinvestment Act of 1977 (the CRA). The Company, TRS and their subsidiaries engage in various activities permissible only for financial holding companies, including, in particular, providing travel agency services, acting as a finder and engaging in certain insurance underwriting and agency services. If the Company fails to meet eligibility requirements for financial holding company status, it and its subsidiaries are likely to be barred from engaging in new types of financial activities or making certain types of acquisitions or investments in reliance on its status as a financial holding company, and ultimately could be required to either discontinue the broader range of activities permitted to financial holding companies or divest AENB. In addition, the Company and its subsidiaries are prohibited by law from engaging in practices that regulatory authorities deem unsafe or unsound (which such authorities generally interpret broadly) and regulatory authorities have discretion in determining whether new or modified activities can be conducted in a safe and sound manner.

Acquisitions and Investments

Applicable federal and state laws place limitations on the ability of persons to invest in or acquire control of us without providing notice to or obtaining the approval of one or more of our regulators. In addition, we are subject to banking laws and regulations that limit our investments and acquisitions and, in some cases, subject them to the prior review and approval of our regulators, including the Federal Reserve and the OCC. Federal banking regulators have broad discretion in evaluating proposed acquisitions and investments that are subject to their prior review or approval.

Enhanced Prudential Standards

The Company is subject to the U.S. federal bank regulatory agencies’ rules that tailor the application of enhanced prudential standards to bank holding companies and depository institutions with $100 billion or more in total consolidated assets. Under these rules, each such bank holding company is assigned to one of four categories based on its status as a U.S. global systemically important banking organization and five other risk-based indicators: (i) total assets, (ii) cross-jurisdictional activity, (iii) non-bank assets, (iv) off-balance sheet exposure, and (v) weighted short-term wholesale funding, with the most stringent requirements applying to Category I firms and the least stringent requirements applying to Category IV firms. Under these rules, the Company has been a Category III firm since 2024 as a result of the Company’s total consolidated assets exceeding $250 billion. Category III firms are subject to heightened capital, liquidity and prudential requirements, single-counterparty credit limits and additional stress tests, which in some cases are subject to a transition period. AENB, as a depository institution subsidiary of a Category III firm, is also subject to certain enhanced prudential standards under these tailoring rules as described below.

Further changes in the levels of the risk-based indicators described above, such as if we have $75 billion or more in cross-jurisdictional activity (based on a four-quarter trailing average), could result in the Company becoming a Category II firm and subject to more stringent capital, liquidity and prudential requirements. Our cross-jurisdictional activity was $76 billion as of December 31, 2025, and the four-quarter trailing average was $73 billion.

Capital and Liquidity Regulation

Capital Rules

The Company and AENB are required to comply with the applicable capital adequacy rules established by federal banking regulators. These rules are intended to ensure that bank holding companies and depository institutions (collectively, banking organizations) have adequate capital given their level of assets and off-balance sheet obligations. The federal banking regulators’ current capital rules (the Capital Rules) implement the Basel Committee on Banking Supervision’s (the Basel Committee) framework for strengthening international capital regulation, known as Basel III. For additional information regarding our capital ratios, see “Consolidated Capital Resources and Liquidity” under “MD&A.”

12

Table of Contents

Under the Capital Rules, banking organizations are required to maintain minimum ratios for Common Equity Tier 1 (CET1 capital), Tier 1 capital (that is, CET1 capital plus additional Tier 1 capital) and Total capital (that is, Tier 1 capital plus Tier 2 capital) to risk-weighted assets. We report our capital adequacy ratios using risk-weighted assets calculated under the standardized approach. Category III firms such as the Company are not subject to the advanced approaches capital requirements, whereas Category II firms are subject to the advanced approaches capital requirements under current capital rules, which introduce additional complexities in the methodologies used to calculate risk-weighted assets for purposes of determining capital adequacy ratios.

In 2017, the Basel Committee published standards that, among other things, revise the standardized approach for credit risk (including by recalibrating risk weights and introducing additional capital requirements for certain “unconditionally cancellable commitments” such as unused credit card lines of credit) and provide a new standardized calculation for operational risk capital requirements. In 2023, the U.S. federal bank regulatory agencies issued a notice of proposed rulemaking to implement and supplement the Basel Committee standards, which would have significantly revised U.S. regulatory capital requirements for large banking organizations, including the Company and AENB. The U.S. federal bank regulatory agencies have subsequently indicated that they intend to work on a revised proposal; however, any future rulemaking with respect to the Basel Committee standards remains uncertain. The ultimate impact of any such rulemaking will depend on a number of factors, including the content of the final rulemaking, future minimum regulatory requirements and management decisions regarding our product constructs, capital distributions and target capital levels, and such rulemaking could result in significantly higher regulatory capital requirements for the Company and AENB.

The Company and AENB must each maintain CET1 capital, Tier 1 capital and Total capital ratios of at least 4.5 percent, 6.0 percent and 8.0 percent, respectively. On top of these minimum capital ratios, the Company is subject to a dynamic stress capital buffer (SCB) composed entirely of CET1 capital with a floor of 2.5 percent and AENB is subject to a static 2.5 percent capital conservation buffer (CCB). The SCB equals (i) the difference between a bank holding company’s starting and minimum projected CET1 capital ratios under the supervisory severely adverse scenario under the Federal Reserve’s stress tests described below, plus (ii) one year of planned common stock dividends as a percentage of risk-weighted assets. The required minimum capital ratios for the Company may be further increased by a countercyclical capital buffer of up to an additional 2.5 percent of risk-weighted assets, if enacted by the Federal Reserve, which must be held in the form of CET1 capital. The countercyclical capital buffer is currently set at zero percent; however it could change in the future. If the Federal Reserve were to raise the countercyclical capital buffer, covered banking organizations such as the Company would generally have 12 months after the announcement of such increase to meet the increased buffer requirement, unless the Federal Reserve sets an earlier effective date.

On August 29, 2025, the Federal Reserve confirmed the SCB for the Company of 2.5 percent, which remained unchanged from the level announced in August 2024. As a result, the effective minimum ratios for the Company (taking into account the SCB requirement) and AENB (taking into account the CCB requirement) are 7.0 percent, 8.5 percent and 10.5 percent for the CET1 capital, Tier 1 capital and Total capital ratios, respectively. Banking organizations with ratios of CET1 capital, Tier 1 capital or Total capital to risk-weighted assets below these effective minimum ratios face constraints on discretionary distributions such as dividends, repurchases and redemptions of capital securities and executive compensation. A bank holding company’s SCB requirement is effective on October 1 of each year and will remain in effect through September 30 of the following year unless it is reset in connection with resubmission of a capital plan, as discussed below.

On April 17, 2025, the Federal Reserve issued a notice of proposed rulemaking that would make certain changes to the SCB calculation for Category I to III firms such as the Company, including (i) using the average of the maximum CET1 declines projected in each of the two most recent annual supervisory stress tests to determine a firm’s SCB, while retaining the 2.5 percent floor; and (ii) moving the effective date of the stress capital buffer requirement in a given year from October 1 to January 1.

The Company is also required to comply with minimum leverage ratio requirements. The leverage ratio is the ratio of a banking organization’s Tier 1 capital to its average total consolidated assets (as defined for regulatory purposes). The Company is also subject to a minimum supplementary leverage ratio, which is the ratio of Tier 1 capital to an expanded concept of leverage exposure that takes into account both on‐balance sheet assets and certain off‐balance sheet exposures. All banking organizations are required to maintain a leverage ratio of at least 4.0 percent, and Category III banking organizations such as the Company are required to maintain a minimum supplementary leverage ratio of 3.0 percent.

13

Table of Contents

Liquidity Regulation

The Company and AENB are subject to two standards for liquidity risk supervision as implemented by the Federal Reserve and OCC: the minimum liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR). The LCR is designed to ensure that a banking entity maintains an adequate level of unencumbered high-quality liquid assets to meet its liquidity needs for a 30-day time horizon under an acute liquidity stress scenario specified by supervisors. The LCR measures the ratio of a firm’s high-quality liquid assets to its projected net outflows. The NSFR requires a minimum amount of longer-term funding sources based on the assets, commitments and derivative exposures of banking entities. As a Category III firm with less than $75 billion in weighted short-term wholesale funding, the Company, and its depository institution subsidiary, AENB, are required to calculate the LCR and NSFR on a daily basis, with total net cash outflows and required stable funding, respectively, multiplied by an adjustment of 85 percent. The Company is required to make public disclosures related to its LCR on a quarterly basis beginning with respect to the first quarter of 2026 and NSFR on a semi-annual basis beginning with respect to the first and second quarters of 2026. Category II firms and their depository institution subsidiaries are subject to the full requirements of the LCR and NSFR, as well as a requirement to submit a liquidity monitoring report on a daily (rather than monthly) basis.

In addition, the Federal Reserve’s enhanced prudential standards rule includes heightened liquidity and risk management requirements. The rule requires the maintenance of a liquidity buffer, consisting of highly liquid assets, that is sufficient to meet projected net outflows for 30 days over a range of liquidity stress scenarios. In contrast to the LCR, which is a standardized approach, the liquidity buffer requirement is calculated based on the Company’s own models.

Stress Testing and Capital Planning

Under the Federal Reserve’s regulations, the Company is subject to annual supervisory stress testing requirements and biennial company-run stress testing requirements (commonly referred to as Dodd-Frank Act Stress Tests or “DFASTs”) that are designed to evaluate whether a bank holding company has sufficient capital on a total consolidated basis to absorb losses and support operations under adverse economic conditions. Category II firms are required to conduct DFASTs on an annual rather than biennial basis.

As part of the Comprehensive Capital Analysis and Review (CCAR), the Federal Reserve uses pro-forma capital positions and ratios under stress scenarios to determine the size of the SCB for each CCAR participating firm. The Company is required to develop and submit to the Federal Reserve an annual capital plan and stress testing results on or before April 5 of each year.

The Company may be required to revise and resubmit its capital plan following certain events or developments, such as a significant acquisition or an event that could result in a material change in its risk profile or financial condition. If the Company is required to resubmit its capital plan, it must receive prior approval from the Federal Reserve for any capital distributions (including common stock dividend payments and share repurchases), other than a capital distribution on a newly issued capital instrument.

Dividends and Other Capital Distributions

The Company and TRS, as well as AENB and the Company’s insurance and other regulated subsidiaries, are limited in their ability to pay dividends by statutes, regulations and supervisory policy.

Common stock dividend payments and share repurchases by the Company are subject to the oversight of the Federal Reserve and the outcome of the annual CCAR stress testing exercise, as described above. The Company will be subject to limitations and restrictions on capital distributions if, among other things, (i) the Company’s regulatory capital ratios do not satisfy applicable minimum requirements and buffers or (ii) the Company is required to resubmit its capital plan.

In general, federal laws and regulations prohibit, without first obtaining the OCC’s approval, AENB from making dividend distributions to TRS, if such distributions are not paid out of available recent earnings or would cause AENB to fail to meet capital adequacy standards. In addition to specific limitations on the dividends AENB can pay to TRS, federal banking regulators have authority to prohibit or limit the payment of a dividend if, in the banking regulator’s opinion, payment of a dividend would constitute an unsafe or unsound practice in light of the financial condition of the institution.

Prompt Corrective Action

The Federal Deposit Insurance Act (FDIA) requires, among other things, that federal banking regulators take prompt corrective action in respect of depository institutions insured by the FDIC (such as AENB) that do not meet minimum capital requirements. The FDIA establishes five capital categories for FDIC-insured banks: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. The FDIA imposes progressively more restrictive constraints on operations, management and capital distributions, depending on the capital category in which an institution is classified. In order to be considered “well capitalized,” AENB must maintain CET1 capital, Tier 1 capital, Total capital and Tier 1 leverage ratios of 6.5 percent, 8.0 percent, 10.0 percent and 5.0 percent, respectively.

14

Table of Contents

Under the FDIA, AENB could be prohibited from accepting brokered deposits (i.e., deposits raised through third-party brokerage networks) or offering interest rates on any deposits significantly higher than the prevailing rate in its normal market area or nationally (depending upon where the deposits are solicited), unless (1) it is well capitalized or (2) it is adequately capitalized and receives a waiver from the FDIC. A portion of our outstanding U.S. retail deposits are considered brokered deposits for bank regulatory purposes. If a federal regulator determines that we are in an unsafe or unsound condition or that we are engaging in unsafe or unsound banking practices, the regulator may reclassify our capital category or otherwise place restrictions on our ability to accept or solicit brokered deposits.

Resolution Planning

Certain bank holding companies are required to submit resolution plans to the Federal Reserve and FDIC providing for the company’s strategy for rapid and orderly resolution in the event of its material financial distress or failure. As a Category III firm, the Company is required to submit a holding company resolution plan every three years, with submissions alternating between a full plan and a plan targeted on certain areas or subjects identified by the Federal Reserve and the FDIC. The Company submitted its most recent holding company resolution plan in 2025. If the Federal Reserve and the FDIC determine that the Company’s plan is not credible and we fail to cure the deficiencies, we may be subject to more stringent capital, leverage or liquidity requirements; may be subject to more restrictions on our growth, activities or operations; or may ultimately be required to divest certain assets or operations to facilitate an orderly resolution.

AENB continues to be required to prepare and provide a separate resolution plan to the FDIC that would enable the FDIC, as receiver, to effectively resolve AENB under the FDIA in the event of failure. In 2024, the FDIC issued a final rule revising its resolution plan requirements for insured depository institutions, which requires certain insured depository institutions with $100 billion or more in assets, including AENB, to submit full resolution plans every three years with interim supplements in non-submission years. AENB submitted its initial interim supplement in 2025 and will be required to submit its initial resolution plan under the final rule on or before July 1, 2026.

Orderly Liquidation Authority

The Company could become subject to the Orderly Liquidation Authority (OLA), a resolution regime under which the Treasury Secretary may appoint the FDIC as receiver to liquidate a systemically important financial institution, if the Company is in danger of default and is determined to present a systemic risk to U.S. financial stability. As under the FDIC resolution model, under the OLA, the FDIC has broad power as receiver. Substantial differences exist, however, between the OLA and the U.S. Bankruptcy Code, including the right of the FDIC under the OLA to disregard the strict priority of creditor claims in limited circumstances, the use of an administrative claims procedure to determine creditor claims (as opposed to the judicial procedure used in bankruptcy proceedings), and the right of the FDIC to transfer claims to a “bridge” entity.

The FDIC has developed a strategy under OLA, referred to as the “single point of entry” or “SPOE” strategy, under which the FDIC would resolve a failed financial holding company by transferring its assets (including shares of its operating subsidiaries) and, potentially, very limited liabilities to a “bridge” holding company; utilize the resources of the failed financial holding company to recapitalize the operating subsidiaries; and satisfy the claims of unsecured creditors of the failed financial holding company and other claimants in the receivership by delivering securities of one or more new financial companies that would emerge from the bridge holding company. Under this strategy, management of the failed financial holding company would be replaced and its shareholders and creditors would bear the losses resulting from the failure.

FDIC Powers upon Insolvency of AENB

If the FDIC is appointed the conservator or receiver of AENB, the FDIC has the power to: (1) transfer any of AENB’s assets and liabilities to a new obligor without the approval of AENB’s creditors; (2) enforce the terms of AENB’s contracts pursuant to their terms; or (3) repudiate or disaffirm any contract or lease to which AENB is a party, the performance of which is determined by the FDIC to be burdensome and the disaffirmation or repudiation of which is determined by the FDIC to promote the orderly administration of AENB. In addition, the claims of holders of U.S. deposit liabilities and certain claims for administrative expenses of the FDIC against AENB would be afforded priority over other general unsecured claims against AENB, including claims of debt holders and depositors in non-U.S. offices, in the liquidation or other resolution of AENB. As a result, regardless of whether the FDIC ever sought to repudiate any debt obligations of AENB, the debt holders and depositors in non-U.S. offices would be treated differently from, and could receive substantially less, if anything, than the depositors in the U.S. offices of AENB.

15

Table of Contents

Other Banking Regulations

Source of Strength

The Company is required to act as a source of financial and managerial strength to its U.S. bank subsidiary, AENB, and may be required to commit capital and financial resources to support AENB. Such support may be required at times when, absent this requirement, the Company otherwise might determine not to provide it. Capital loans by the Company to AENB are subordinate in right of payment to deposits and to certain other indebtedness of AENB. In the event of the Company’s bankruptcy, any commitment by the Company to a federal banking regulator to maintain the capital of AENB will be assumed by the bankruptcy trustee and entitled to a priority of payment.

Transactions Between AENB and its Affiliates

Certain transactions (including loans and credit extensions from AENB) between AENB and its affiliates (including the Company, TRS and their other subsidiaries) are subject to quantitative and qualitative limitations, collateral requirements and other restrictions imposed by statute and regulation. Transactions subject to these restrictions are generally required to be made on an arm’s-length basis.

FDIC Deposit Insurance and Insurance Assessments

AENB accepts deposits that are insured by the FDIC up to the applicable limits. Under the FDIA, the FDIC may terminate the insurance of an institution’s deposits upon a finding that the institution has engaged in unsafe or unsound practices; is in an unsafe or unsound condition to continue operations; or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC. We do not know of any practice, condition or violation that would lead to termination of deposit insurance at AENB. The FDIC’s deposit insurance fund is funded by assessments on insured depository institutions, including AENB, which are subject to adjustment by the FDIC.

Community Reinvestment Act

AENB is subject to the CRA, which imposes affirmative, ongoing obligations on depository institutions to meet the credit needs of their local communities, including low- and moderate-income neighborhoods, consistent with the safe and sound operation of the institution. AENB is currently designated a “limited purpose bank” under CRA regulations.

Consumer Financial Products Regulation

Our consumer-oriented activities are subject to regulation and supervision in the United States and internationally. In the United States, our marketing, sale and servicing of consumer financial products and our compliance with certain federal consumer financial laws are supervised and examined by the CFPB, which has broad rulemaking and enforcement authority over providers of credit, savings and payment services and products, and authority to prevent “unfair, deceptive or abusive” acts or practices. The CFPB has the authority to write regulations under federal consumer financial protection laws, to enforce those laws and to examine for compliance. It is also authorized to collect fines and require consumer restitution in the event of violations, engage in consumer financial education, track consumer complaints, request data and promote the availability of financial services to underserved consumers and communities. U.S. federal law also regulates abusive debt collection practices, which, along with bankruptcy and debtor relief laws, can affect our ability to collect amounts owed to us or subject us to regulatory scrutiny. In addition, a number of U.S. states have significant consumer credit protection, disclosure and other laws (in certain cases more stringent than U.S. federal laws). State regulators and state attorneys general may increase regulatory, investigative and enforcement activity with respect to consumer protection, including in response to changes in regulation, supervision and enforcement of consumer protection laws by federal regulators.

In 2024, the CFPB issued a final rule on personal financial data rights that requires financial institutions, including us, and other financial service providers (collectively referred to as data providers) to provide consumers and consumer-authorized third parties with access to consumers’ financial data in electronic form free of charge. In July 2025, a court granted the CFPB’s request to stay litigation challenging the final rule following the CFPB’s announcement that it would reexamine the final rule and in August 2025, the CFPB issued an advance notice of proposed rulemaking seeking input to inform its revisions to the final rule. While the impact of the CFPB’s rulemaking will depend upon the content of the final rule, this rulemaking and other open banking initiatives have the potential to change the competitive landscape, presenting challenges to our business model, such as limiting advantages provided by our integrated payments platform, as well as opportunities since we may also act as an authorized third party and receive data from data providers.

16

Table of Contents

We are also regulated in the United States under the “money transmitter” or “sale of check” laws in effect in most states. In addition, we are required by the laws of many states to comply with unclaimed and abandoned property laws, under which we must pay to states the face amount of any Travelers Cheque or prepaid card that is uncashed or unredeemed after a period of time depending on the type of product. Additionally, we are regulated under insurance laws in the United States and other countries where we offer insurance services. Our merchant acquiring business, and the third-party merchant acquirers, processors and payment facilitators with whom we have relationships, are also subject to certain aspects of regulation under consumer protection laws, such as by the Federal Trade Commission.

In countries outside the United States, regulators continue to focus on a number of key areas impacting our card-issuing businesses, particularly consumer protection (such as in the EU, the UK and Canada) and responsible lending (such as in Australia, Mexico, New Zealand and Singapore), with increasing importance on and attention to customers and outcomes rather than just ensuring compliance with local rules and regulations. For example, the Financial Conduct Authority’s Consumer Duty in the UK, among other things, requires firms to act to deliver “good outcomes” for retail customers with respect to products and services, price and value, consumer understanding and consumer support. Regulators’ expectations of firms in relation to their compliance, risk and control frameworks continue to increase and regulators are placing significant emphasis on a firm’s systems and controls relating to the identification and resolution of issues.

Payments Regulation

Legislators and regulators in various countries in which we operate have focused on the operation of card networks, including through enforcement actions, legislation and regulations to change certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, to establish broad regulatory regimes for payment systems.

Pricing for card acceptance, including interchange fees (that is, the fee paid by the bankcard merchant acquirer to the card issuer in payment networks like Visa and Mastercard), has been a focus of legislators and regulators in Australia, Canada, the EU, the United States and other jurisdictions. Recently, certain states in the United States have passed or are considering laws prohibiting interchange from being charged on all or certain components of transactions, such as sales tax and gratuities. Jurisdictions have also sought to regulate various other aspects of network operations and contract terms and practices governing merchant card acceptance, including information associated with electronic transactions, such as state legislation regarding the use of specific merchant categories codes or limiting the use of transaction data.

Regulation and other governmental actions relating to operations, pricing or practices could affect all networks and/or acquirers directly or indirectly, as well as adversely impact consumers and merchants. Among other things, regulation of bankcard fees has negatively impacted, and may continue to negatively impact, the discount revenue we earn, including as a result of downward pressure on our merchant discount rates from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend to certain aspects of our business, such as network and cobrand arrangements or the terms of card acceptance for merchants. For example, we exited our network business in the EU and Australia as a result of regulation in those jurisdictions. In addition, there is uncertainty as to when or how interchange fee caps and other provisions of the EU payments legislation might apply when we work with cobrand partners and agents in the EU. In 2018, the EU Court of Justice (CJEU) confirmed the validity of fee capping and other provisions in circumstances where three-party networks issue cards with a cobrand partner or through an agent, although its ruling provided only limited guidance as to when or how the provisions might apply in such circumstances and remains subject to differing interpretations by regulators and participants in cobrand arrangements. In 2024, the CJEU held a hearing on questions referred by the Dutch Trade and Industry Appeals Tribunal regarding the interpretation of the application of the interchange fee caps in connection with an administrative proceeding by the Netherlands Authority for Consumers and Markets regarding our cobrand relationship with KLM Royal Dutch Airlines. As a precursor to the CJEU’s final ruling, an advisory opinion was issued by the Advocate General in March 2025, advising the CJEU that our payments to the cobrand partner can be subject to the interchange fee caps but certain payments and services provided by the cobrand partner could potentially be netted against such payments for purposes of determining the capped amount. The advisory opinion is not binding on the CJEU and there can be no assurance as to the outcome of the proceeding. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. See “Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition” under “Risk Factors.”

17

Table of Contents

In various countries, such as certain Member States in the EU, Australia and Canada (other than in the Province of Quebec), merchants are permitted by law to surcharge card purchases. Certain jurisdictions are also reconsidering or may in the future reconsider their laws relating to surcharging, such as in Australia where the central bank released a consultation paper in July 2025 proposing to remove surcharging on designated card networks; however, the implementation and impact of any such proposals remain uncertain. In the United States, a number of state laws that prohibit surcharging have been overturned and certain states have passed or are considering laws to permit surcharging by merchants. In jurisdictions allowing surcharging, we have seen an increase in merchant surcharging on American Express cards, particularly in certain merchant categories. Surcharging is an adverse customer experience and could have a material adverse effect on us, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business. In addition, we also encounter steering or differential acceptance practices by merchants, which could also have a material adverse effect on us. See “Surcharging, steering or other differential acceptance practices by merchants could materially adversely affect our business and results of operations” under “Risk Factors.”

Central banks and other regulators have also established, or are seeking to establish, oversight over payment networks and other participants, including with respect to governance, risk management, resilience, transparency and access. For example, in November 2025, the Central Bank of Brazil issued a resolution which, among other things, will increase the responsibility of payment networks for the settlement of transactions on the network, including obligations in relation to issuer defaults, under revised network rules to be submitted by May 2026. Additionally, governments in some countries have established regulatory regimes that require international card networks to be locally licensed and/or to localize aspects of their operations. For example, the Reserve Bank of India, which has broad power under the Payment and Settlement Systems Act, 2007 to regulate the membership and operations of card networks, issued a mandate requiring payment systems operators in India to store certain payments data locally. In 2021, it imposed restrictions on American Express Banking Corp. from engaging in certain card issuing activities in India, which were lifted in 2022 following significant investment in technology, infrastructure and resources to comply with the regulation. The development and enforcement of these and other similar laws, regulations and policies heightens our exposure to third parties, increases costs and complexity of doing business and adversely affects our ability to compete effectively and maintain and extend our global network.

Privacy, Data Protection, Data Management, AI, Resiliency, Information Security and Cybersecurity

Regulatory and legislative activity in the areas of privacy, data protection, data management, AI, resiliency, information security and cybersecurity continues to increase worldwide. We have established, and continue to maintain, policies and a governance framework to comply with applicable laws and requirements in these areas, meet evolving customer and industry expectations and support and enable business innovation and growth; however, our policies and governance framework may not be sufficient given the size and complexity of our business and heightened regulatory scrutiny.

Our regulators are increasingly focused on ensuring that our privacy, data protection, data management, AI, resiliency, information security and cybersecurity-related policies and procedures are adequate to inform customers of our data collection, use, sharing, retention and/or security practices, to provide them with choices, if required, about how we use and share their information, and to appropriately safeguard their personal information and account access. Regulators are also focused on end-to-end management of data, technology infrastructure and architecture, technology operations, resiliency and business continuity, and third-party risk management policies and practices, with regulatory expectations continuing to increase as we grow in size. For example, the EU Digital Operational Resilience Act requires EU financial entities to have a comprehensive governance and risk management framework for information and communications technology risk. In addition, regulators and legislators have heightened their focus on the use of AI and machine learning (ML) through the application of existing laws and regulations as well as by adopting new laws and regulations, such as the EU AI Act and AI legislation in several U.S. states (e.g., in California, Colorado and Utah). These new and emerging laws and regulations are reshaping how we develop, deploy and manage AI systems, including by imposing new obligations related to data use, recordkeeping, transparency and human oversight.

In the United States, certain of our businesses are subject to the privacy, disclosure and safeguarding provisions of the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations and guidance. Among other things, GLBA imposes certain limitations on our ability to share consumers’ nonpublic personal information with nonaffiliated third parties and requires us to develop, implement and maintain a written comprehensive information security program containing safeguards that are appropriate to the size and complexity of our business, the nature and scope of our activities and the sensitivity of customer information that we process. We also have expanded privacy-related obligations with respect to California residents who are not covered by GLBA, pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020. Various regulators and other U.S. states and territories are considering similar requirements or have adopted laws, rules and regulations pertaining to privacy and/or information security and cybersecurity that may be more stringent and/or expansive than federal requirements.

18

Table of Contents

We are also subject to certain privacy, data protection, data management, AI, resiliency, information security and cybersecurity laws in other countries in which we operate, some of which are more stringent and/or expansive than those in the United States and may conflict with each other. The EU and UK General Data Protection Regulations (GDPR) impose legal and compliance obligations on companies that process personal data of individuals in the EU and UK, irrespective of the geographical location of the company, with the potential for significant fines for non-compliance (up to 4 percent of total annual worldwide revenue). The EU and UK GDPR also include requirements concerning the cross-border transfer of personal data and prompt notification of data breaches, in certain circumstances, to affected individuals and supervisory authorities. We are also subject to certain data protection laws in Member States in the EU, which may be more stringent than the EU GDPR. Other countries have also adopted or are considering similar omnibus privacy laws, including Australia, Brazil, Canada, China, India, Japan, the Philippines, Singapore, South Korea and Thailand. Certain countries also require in-country data processing and/or in-country storage of data or for us to provide foreign governments and other third parties broader access to our data and intellectual property. Data breach and operational outage notification laws or regulatory activities to encourage such notifications and regulatory activity and laws around resiliency, business continuity and third-party risk management are also becoming more prevalent in jurisdictions outside the United States in which we operate.

Our privacy and data protection programs have become the subject of heightened scrutiny and review in certain jurisdictions, including in the EU, and we continue to enhance our privacy program to comply with applicable requirements and regulatory expectations. Our compliance with the various and often diverging legal frameworks around privacy, data protection, AI, resiliency, information security and cybersecurity, as well as increased regulatory and legislative activity in these areas, may result in higher technology, administrative and other operational costs and hinder our ability to deploy and scale technology, innovate quickly and effectively utilize data.

Anti-Money Laundering, Countering the Financing of Terrorism, Economic Sanctions and Anti-Corruption Compliance

We are subject to significant supervision and regulation, and an increasingly stringent enforcement environment, with respect to compliance with anti-money laundering (AML), countering the financing of terrorism (CFT), sanctions and anti-corruption laws and regulations. Failure to maintain and implement adequate programs and policies and procedures for AML/CFT, sanctions and anti-corruption compliance could have material financial, legal and reputational consequences. Additionally, our AML/CFT, sanctions and anti-corruption compliance programs may limit our ability to pursue certain business opportunities or affect our relationships with certain partners, service providers and other third parties.

Anti-Money Laundering and Countering the Financing of Terrorism

We are subject to a significant number of AML/CFT laws and regulations globally.

In the United States, the majority of AML/CFT requirements are derived from the Currency and Foreign Transactions Reporting Act and the accompanying regulations issued by the U.S. Department of the Treasury (collectively referred to as the Bank Secrecy Act), as amended by the USA PATRIOT Act of 2001. The Anti-Money Laundering Act of 2020 (the AMLA), enacted in January 2021, amended the Bank Secrecy Act and is intended to comprehensively reform and modernize U.S. AML/CFT laws. Many of the statutory provisions in the AMLA will require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance.

In Europe, AML/CFT requirements are largely the result of countries transposing the 5th and 6th EU Anti-Money Laundering Directives (and preceding EU Anti-Money Laundering Directives) into local laws and regulations. Numerous other countries have also enacted or proposed new or enhanced AML/CFT legislation and regulations applicable to American Express.

Among other things, these laws and regulations generally require us to establish AML/CFT programs that meet certain standards, including policies and procedures to collect information from and verify the identities of our customers, and to monitor for and report suspicious transactions, in addition to other information gathering and recordkeeping requirements. Our AML/CFT programs have become the subject of heightened scrutiny and we are working to make enhancements to our existing programs, policies and procedures and to identify and remediate deficiencies. Errors, failures or delays in complying with AML/CFT laws, deficiencies in our AML/CFT programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activity could give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions.

19

Table of Contents

Economic Sanctions

National governments and international bodies, such as the United Nations and the EU, have imposed economic sanctions against individuals, entities, vessels, governments, regions and countries that endanger their interests or violate international norms of behavior. Sanctions have been used to advance a range of foreign policy goals, including conflict resolution, counterterrorism, counternarcotics and promotion of democracy and human rights, among other national and international interests. We maintain a global sanctions compliance program designed to meet the requirements of applicable sanctions regimes. Failure to comply with such requirements could subject us to serious legal and reputational consequences, including criminal penalties.

The United States has imposed economic sanctions that affect transactions involving targeted jurisdictions, parties or activities. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers most U.S. sanctions. OFAC regulations prohibit U.S. persons from engaging in financial transactions with or relating to, or other dealings involving, a targeted individual, entity, vessel, government or country without a license or other authorization. OFAC regulations require U.S. persons to block property and property interests of parties on OFAC’s Specially Designated Nationals and Blocked Persons List and entities owned 50 percent or more by one or more Specially Designated Nationals. Blocked property (e.g., bank deposits or other financial assets) cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Regulatory authorities in other international jurisdictions, such as the UK and Member States in the EU, administer similar programs to U.S. sanction programs.

Anti-Corruption

We are subject to complex anti-corruption laws and regulations, including the U.S. Foreign Corrupt Practices Act (the FCPA), the UK Bribery Act and other laws that prohibit the making or offering of improper payments. The FCPA makes it illegal to corruptly offer or provide anything of value to foreign government officials, political parties or political party officials for the purpose of obtaining or retaining business or an improper advantage. The FCPA also requires us to strictly comply with certain accounting and internal controls standards. The UK Bribery Act also prohibits commercial bribery and the receipt of a bribe, and makes it a corporate offense to fail to prevent bribery by an associated person, in addition to prohibiting improper payments to foreign government officials. Failure by us or our colleagues, contractors or agents to comply with the FCPA, the UK Bribery Act and other similar laws can expose us and/or individual colleagues to investigation, prosecution and potentially severe criminal and civil penalties.

Compensation Practices

Our compensation practices are subject to oversight by the Federal Reserve and the OCC. The federal banking regulators’ guidance on sound incentive compensation practices sets forth three key principles for incentive compensation arrangements that are designed to help ensure that incentive compensation plans do not encourage imprudent risk-taking and are consistent with the safety and soundness of banking organizations. The three principles provide that a banking organization’s incentive compensation arrangements should (1) provide incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks, (2) be compatible with effective internal controls and risk management and (3) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors. Any deficiencies in our compensation practices that are identified by the banking regulators in connection with their review of our compensation practices may be incorporated into our supervisory ratings, which can affect our ability to make acquisitions or perform other actions. Enforcement actions may be taken against us if our incentive compensation arrangements or related risk-management control or governance processes are determined to pose a risk to our safety and soundness, and we have not taken prompt and effective measures to correct the deficiencies.

The Dodd-Frank Act requires U.S. financial regulators, including the Federal Reserve and the Securities and Exchange Commission (SEC), to adopt rules on incentive-based payment arrangements at specified regulated entities having at least $1 billion in total assets. In 2016, the federal banking regulators, the SEC, the Federal Housing Finance Agency and the National Credit Union Administration proposed revised rules on incentive-based compensation practices, which were reproposed by certain of those agencies in 2024, but have not yet been finalized. If these or other regulations are adopted in a form similar to what has been proposed, they will impose limitations on the manner in which we may structure compensation for our colleagues, which could adversely affect our ability to hire, retain and motivate key colleagues.

20

Table of Contents

ADDITIONAL INFORMATION

We maintain an Investor Relations website at https://ir.americanexpress.com. We make available free of charge, on or through this website, our annual, quarterly and current reports and any amendments to those reports as soon as reasonably practicable following the time they are electronically filed with or furnished to the SEC.

In addition, we routinely post financial and other information, some of which could be material to investors, on our Investor Relations website. Information regarding our corporate sustainability initiatives and related disclosures are available on our Investor Relations website and on the Corporate Sustainability section of our website at https://www.americanexpress.com/en-us/company/corporate-sustainability.

The content of any of our websites referred to in this report is not incorporated by reference into this report or any other report filed with or furnished to the SEC. We have included such website addresses only as inactive textual references and do not intend them to be active links.

Our business as a whole has not experienced significant seasonal fluctuations, although billed business tends to be moderately higher in the fourth quarter than in other quarters. As a result, the amount of Card Member loans and receivables outstanding tends to be moderately higher during that quarter. Additionally, we tend to have a higher proportion of retail-related billed business in the fourth quarter, which on average has a slightly lower merchant discount rate.