CAMDEN NATIONAL CORP (CAC) Business

Item 1. Business

Overview. Camden National Corporation (hereafter referred to as “we,” “our,” “us,” or the “Company”) is a publicly-held bank holding company, with $7.0 billion in assets at December 31, 2025, incorporated under the laws of the State of Maine and headquartered in Camden, Maine. Camden National Bank (the “Bank”), a wholly-owned subsidiary of the Company, was founded in 1875. The Company was founded in 1984, went public in 1997, and is registered with NASDAQ Global Market (“NASDAQ”) under the ticker symbol “CAC.”

Our consolidated financial statements accompanying this Form 10-K include the accounts of the Company, the Bank and the Bank’s subsidiaries and divisions. All inter-company accounts and transactions have been eliminated in consolidation.

On January 2, 2025, we completed our acquisition of Northway Financial, Inc. (“Northway”) and its bank subsidiary, Northway Bank. The acquisition of Northway added $971.9 million of deposits and $1.2 billion total assets to our balance sheet, and expanded our presence in New Hampshire by adding 17 branches to our network. Refer to Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations” and Note 2 of the consolidated financial statements for additional details regarding the Northway acquisition.

Who We Are. We are an award-winning, relationship-driven community bank with a long history of supporting individuals, families, and businesses at every stage of their financial journey. We combine local decision-making with scalable products, modern digital capabilities, and deep market knowledge.

With 72 branches across Northern New England, we offer a comprehensive suite of competitive financial products and services. Our investments in digital banking convenience, efficiency, and engagement, enabling customers to bank how, when, and where they choose. Our experienced teams provide personalized advance and tailored solutions.

Founded in 1875, we are passionate about making a difference in the lives of our customers and communities we serve, so that together we can thrive in a vibrant, prosperous community for all. We are committed to helping customers succeed financially and supporting sustainable economic growth in the markets we serve. We actively reinvest in the neighborhoods where we live and operate through local lending, targeted philanthropy, and employee volunteerism. As we grow, we remain committed to doing so responsibly, supporting economic vitality, strengthening relationships, and reinforcing our brand as a trusted local partner. We believe strong communities and strong financial performance are mutually reinforcing, and together, they drive long-term value creation.

Our Commitment to Community and Responsible Corporate Governance. Our commitment to responsible corporate governance and community engagement is embedded in our culture and decision-making. These principles support our strategic objective to generate consistent, sustainable long-term value for our shareholders, customers, employees, and communities we serve.

What We Do. The Company, as a diversified financial services provider, pursues the objective of achieving long-term sustainable and profitable growth, while mitigating risks inherent in the financial services industry. The primary business of the Company and the Bank is to attract deposits from, and to extend loans to, consumer, institutional, municipal, non-profit and commercial customers. The Company, through the Bank, provides a broad array of banking and other financial services including wealth management and trust services, brokerage, investment advisory and insurance services to consumer, business, non-profit and municipal customers. For the years ended December 31, 2025, 2024 and 2023, net interest income was our primary revenue source, representing 79%, 75%, and 81%, of our total revenues1, respectively. Net interest income is the interest earned on our lending activities, investment securities and other interest-earning assets, less the interest paid on interest-bearing deposits and borrowings (i.e. our primary business activities).

We have achieved a five-year compounded annual asset growth rate of 7%, resulting in $7.0 billion in total assets at December 31, 2025. Asset growth over the past five years of $1.4 billion included organic growth of $219.2 million and acquired total assets of $1.2 billion. Our growth over this period has been primarily within our Southern Maine, New Hampshire and select Massachusetts markets, complemented by the acquisition of Northway on January 2, 2025. We continue to focus on driving profitable organic growth through growing customer relationships and deepening our market penetration across our markets, as well as pursuing attractive acquisition opportunities that support our strategy and fit our culture and core values, such as the acquisition of Northway.

1 Revenue is the sum of net interest income and non-interest income.

3

The financial services industry continues to experience consolidations through mergers that could create opportunities for us to promote our value proposition to other financial institutions and financial service companies. We continue to evaluate the possibility of expansion into new markets through both de novo expansion and acquisitions. Regardless of merger and acquisition opportunities that may be present, we are always focused on maximizing growth within our current markets, and particularly those that we see as growth markets. We consider our growth markets to be those that have accelerated growth opportunities in comparison to our other markets, based on current and forecasted demographic information, and where we currently have less of a presence and market share. Further details of our financial information can be found within the consolidated financial statements in Item 8. Financial Statements and Supplementary Data of this report.

Camden National Bank. The Bank is a national banking association chartered under the laws of the United States and headquartered in Camden, Maine. Originally founded in 1875, the Bank became a direct, wholly-owned subsidiary of the Company as a result of a corporate reorganization in 1984. The Bank provides a broad array of banking and other financial services to consumer, institutional, municipal, non-profit, and commercial customers. As of December 31, 2025, the Bank had 72 branches throughout Maine and New Hampshire. The Bank complements its in-person banking services with digital delivery channels supported by internally developed and third-party technology platforms. These digital offerings provide customers with access to banking services and include digital banking for self-service transactions; MortgageTouch®, an easy-to-use online platform for consumer borrowers; BusinessTouch®, an online loan application system for small business customers, making borrowing faster and easier for small businesses; and TreasuryLink®, a secure online platform providing cash management services, monitoring capabilities, and control features for commercial customers.

The Bank offers comprehensive wealth management and trust services, including investment advisory services, through our wealth management team, doing business as Camden National Wealth Management, and brokerage, investment advisory, insurance, and financial planning services through our financial consulting team, doing business as Camden Financial Consultants.

•Camden National Wealth Management provides a comprehensive suite of fiduciary and asset management services for both individual and institutional clients. Designed to complement the Bank’s core offerings, the Camden National Wealth Management platform serves high net worth individuals and families, businesses, and not-for profit customers investment management, financial planning and trustee services.

•Camden Financial Consultants is in the business of helping clients work toward their financial goals. Camden Financial Consultants provides full-service brokerage and insurance and its financial offerings include college, retirement, and estate planning, mutual funds, strategic asset management accounts, and variable and fixed annuities.

Securities and advisory services are offered through LPL Financial (“LPL”), a registered investment advisor and broker-dealer (member FINRA/SIPC). Insurance products are offered through LPL or its licensed affiliates. Camden Financial Consultants and the Bank are not registered as a broker-dealer or investment advisor and are not affiliated with LPL Financial. Registered representatives of LPL offer products and services using Camden Financial Consultants, and may also be employees of the Bank. These products and services are being offered through LPL or its affiliates, which are separate entities from, and not affiliates of, Camden Financial Consultants or the Bank. Securities and insurance offered through LPL or its affiliates are not insured by the Federal Deposit Insurance Corporation (“FDIC”) or any other government agency, are not bank deposits or obligations and may lose value.

Customers may also access our products and services using other channels, including online at www.CamdenNational.bank or by downloading our mobile phone application (or “app”).

Competition. We compete throughout Maine, New Hampshire, and select areas of Massachusetts. Many of the markets we compete in are characterized as rural areas. Major competitors in our primary market areas include local independent banks, as well as local branches of large regional and national banking organizations and brokerage houses, marketplace lenders and other financial technology companies (“fintechs”), financial advisors, thrift institutions and credit unions. Other competitors for deposits and loans within our primary market area include insurance companies, money market funds, consumer finance companies and financing affiliates of consumer durable goods manufacturers.

Our competitive strategy emphasizes customer service through local decision-making, relationship-based banking, and the delivery of products and services, supported by digital delivery channels, that are intended to meet customer needs. Through Camden National Wealth Management and Camden Financial Consultants, we compete for trust, trust-related, investment management, individual retirement, foundation and endowment management services and brokerage services with local banks and non-banks, as well as with a number of brokerage firms and investment advisors with offices in our market area. In

4

addition, most of these services are widely available to our customers via telephone, online and mobile channels from firms located outside our market area.

Investor Relations. The Company’s Investor Relations information can be obtained through our internet address, www.CamdenNational.bank or www.CamdenNationalCorporation.com. The Company makes available on or through its Investor Relations page, without charge, its annual reports on Form 10-K, quarterly reports on Form 10-Q, and current reports on Form 8-K and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended, as soon as reasonably practicable after such reports are electronically filed with, or furnished to, the SEC. The Company’s reports filed with, or furnished to, the SEC are also available at the SEC’s website at www.sec.gov. In addition, the Company makes available, free of charge, its press releases and Code of Business Conduct and Ethics through the Company’s Investor Relations page. Information on our website is not incorporated by reference into this document and should not be considered part of this report.

Human Capital

We recognize the importance of our relationships with our employees, customers, and the communities we serve. Our employees—known as “Stakeholders” at Camden National Bank—are the key to our success. We are powered by an extraordinary team of 683 employees, as of December 31, 2025, who work together to provide expert banking solutions to help people achieve their financial potential.

We believe we have the experience and responsibility to engage proactively with, and support, a broad range of employees. We strive to ensure our employees’ work experience permits them to use their skills and passions to make a difference while growing their careers and being recognized and appreciated for their unique talents, backgrounds, and perspectives.

Employee Development and Retention. To attract, engage, and retain top talent, we strive to create a supportive workplace, with opportunities for our employees to grow and develop in their careers. We provide numerous training and development opportunities, a robust tuition reimbursement program, and competitive compensation, including a minimum starting wage of $18 per hour for all employees effective February 2026.

Workplace Safety and Inclusion. We recognize that an inclusive workforce is essential to achieving and maintaining a thriving company. Through our commitment to fostering a fair, safe, and welcoming workplace environment for all, we aim to maintain a culture that enables our employees to be their best in serving our customers and communities, while achieving business success. We maintain a number of human resources and other policies, including an anti-harassment and anti-retaliation policy, to promote a workplace that is safe for all and that supports a culture where people feel they can report incidents that threaten that safety. In addition, we have a confidential whistleblower program that forwards complaints to the audit committee and the Board of Directors, and we work to take necessary action as quickly as possible after a complaint is received.

Health and Wellness. We are also deeply committed to the health and well-being of our employees. This commitment is reflected in the benefits we offer our employees, including: market-competitive compensation; healthcare; paid time off, including parental/family leave; retirement benefits; short-term and long-term disability; an employee hardship fund, which provides employees dealing with a financial hardship access to funds that the employee is not required to repay; an emotional well-being support program and a wellness reimbursement program.

5

Information about our Executive Officers

The following table sets forth certain information regarding the executive officers of the Company, as defined by Rule 3b-7 of the Securities and Exchange Act of 1934, as amended.

Simon R. Griffiths joined the Company in November 2023 as Executive Vice President (“EVP”) and Chief Operating Officer until he became President and Chief Executive Officer (“CEO”), and a member of the board of directors of the Company and the Bank on January 1, 2024. Prior to joining the Company, Mr. Griffiths most recently served as EVP – Head of Core Banking at Citizens Bank, managing the retail, business banking, contact center, deposit and core banking delivery channels. Mr. Griffiths joined Citizens Bank in 2015 from Santander Bank, where he served as EVP, Managing Director of the retail network. Mr. Griffiths started his banking career at Washington Mutual Bank in 2002.

Michael R. Archer joined the Company in 2013 and became EVP, Chief Financial Officer (“CFO”) of the Company on January 3, 2022. Prior to becoming EVP, CFO, Mr. Archer served as the Company’s Senior Vice President (“SVP”) and Corporate Controller from June 2016 until January 2022. Prior to joining the Company, Mr. Archer spent seven years at PricewaterhouseCoopers, LLP (“PwC”). Mr. Archer is a licensed Certified Public Accountant, and a graduate of the American Bankers Association (“ABA”) Stonier Graduate School of Banking where he also completed the Wharton Leadership Program. Mr. Archer currently serves as a member of local non-profit organizations, including as the Treasurer and Executive Committee member of the board of JMG, Inc. and as a committee member for the local town recreational department.

David J. Ackley joined the Company in 2011 and became EVP, Chief Risk Officer (“CRO”) in July 2023. Prior to becoming EVP, Chief Risk Officer, Mr. Ackley served as SVP and Director of Information Security & Enterprise Risk Management for the Company from 2016 through July 2023 and prior to that served as Vice President (“VP”) and Senior Information Security Officer of the Company. Mr. Ackley began his career as a Communication Computer Systems Operator for the United States Air Force, specializing in information technology, cybersecurity, risk mitigation, and encrypted communications before spending 14 years as Science and Technology Corporation’s Manager of Information Technology. He achieved the ABA Certified Enterprise Risk Professional designation and currently serves on the ABA’s Risk and Compliance Conference Planning Committee.

Brandon Y. Boey joined the Company in 2020 and was named General Counsel in 2023 and Corporate Secretary in 2024, overseeing the Bank’s legal functions, including corporate governance. Prior to becoming General Counsel and Corporate Secretary, Mr. Boey served as SVP, Legal Affairs and BSA Officer, and Director of Compliance bringing a unique range of corporate, regulatory and litigation experience to the Company. Mr. Boey previously worked as Managing Counsel and head of product compliance at Unum Group, a publicly traded Fortune 500 financial services company in Maine, practiced law at Willkie Farr & Gallager in Washington D.C., and was a mergers and acquisitions investment banker at UBS in New York and at Updata Partners in D.C. Mr. Boey is a member of the bar in Maine, New York and Washington D.C.

Andrew R. Forbes joined the Company in March 2024 as EVP, Chief Human Resources Officer and has 25 years of Human Resources experience across multiple industries, which have provided him with expertise in talent acquisition and management, compensation and benefits, and culture and engagement. He served as Chief People Officer for Alcom LLC from 2022 until joining the Company. Prior to that he served as VP, Human Resources for Rimini Street from 2020 to 2022, as VP,

6

Human Resources for Maine Medical Center from 2016 to 2020 and as Senior Director, Global Human Resources for Fairchild Semiconductor from 2010 to 2016. Mr. Forbes is a Society for Human Resource Management – Senior Certified Professional, and holds a master’s degree in industrial and organizational psychology from Hofstra University. Mr. Forbes currently serves on the Board of Directors of the Maine Mathematics and Science Alliance.

William H. Martel joined the Company in March 2020 as EVP, Technology and Support Services and currently holds the title of EVP, Chief Technology Officer. Prior to joining the Company Mr. Martel served as Head of U.S. Operations Technology for Santander U.S. in Boston, leading the Operations and Information Technology Service Management transformations for the US. Previously, Mr. Martel was a SVP at TD Bank and served in several senior management positions in the US and Canada. Mr. Martel began his banking career as a senior branch manager for People’s Heritage Bank, a predecessor to BankNorth Group. He is a founding member, past president and the current Treasurer of Amagara Marungi, a Maine-based non-profit.

Garrett A. McKnight joined the Company in April 2024 as the Managing Director of Camden National Wealth Management. Prior to joining the Company, Mr. McKnight served as SVP and Senior Managing Director of The Northern Trust Company, where he spent 15 years, and worked in U.S. Bank’s Private Client Group as a Private Banker and Managing Director for seven years, he began his career at NationsBank/Bank of America. Mr. McKnight serves on the Investment Committee for Elon University’s Endowment and the Board of Directors at Cape Arundel Golf Club.

Barbara Raths joined the Company in 2019 and became EVP, Commercial Banking in March 2024. Prior to becoming EVP, Ms. Raths served as the Company’s SVP and Director of Treasury Management and Government Banking, leading business, nonprofit, and government treasury management business development efforts. Prior to joining the Company, Ms. Raths held government banking roles at People’s United Bank, worked in corporate treasury finance at Wex, Inc., and served as the Deputy State Treasurer for the State of Maine. Ms. Raths currently chairs the Board of Trustees for the Maine Health and Higher Education Facilities Authority, serves on the Board of Directors for the Maine International Trade Center, and is a member of the Maine District Export Council. Ms. Raths is a graduate of the ABA Stonier Graduate School of Banking and received a leadership certificate from The Wharton School.

Patricia A. Rose joined the Company in September 2017 as EVP, Retail and Mortgage Banking. Ms. Rose came to the Company from Citizens Bank where she served for two years as Head of Strategic Onboarding & Orientation, and, prior to that, Director level roles in Retail Network Sales and Strategy at Santander Bank for six years. Ms. Rose began her career in banking at Fleet Bank and Sovereign Bank where she held a variety of leadership roles and served as Market President of Retail Banking in Eastern Massachusetts and New Hampshire.

Ryan A. Smith joined the Company in 2012 and held the title of EVP, Commercial Banking for the Company from 2020 through 2023 before being named as EVP, Chief Credit Officer in December 2023. Prior to becoming an EVP, Mr. Smith led the Southern Maine commercial banking line of business and the treasury management line of business from 2012 through 2015, when he then became Director of Commercial Banking for Central and Midcoast Maine from 2015 through 2019. In 2019, he was promoted to SVP, Director of Credit Administration. Prior to his time at Camden National Bank, Mr. Smith spent ten years with People’s United Bank (and its predecessor Maine Bank & Trust) in commercial banking and credit roles, beginning his career with Ford Motor Credit.

Renée D. Smyth joined the Company as SVP, Chief Marketing Officer upon completion of the merger of Camden National Corporation and SBM Financial, Inc., the parent company of The Bank of Maine, on October 16, 2015. She was promoted to EVP, Chief Experience and Marketing Officer in May 2017. Ms. Smyth served as SVP, Head of Marketing for The Bank of Maine, from 2010 through October 15, 2015. Prior to joining the Company, Ms. Smyth was SVP and Director of Affinity Programs for Override, an international loyalty marketing service company. Earlier in her career, Ms. Smyth served as an investment banker, advising clients on mergers and acquisitions and capital raising activities. She is a member of Junior Achievement of Maine’s Board of Directors and serves on its Finance Committee and is a strategic advisor to Finding Our Voices.

All of the executive officers hold office at the discretion of the Company’s Board of Directors. There are no arrangements or understandings between any of the directors, officers or any other persons pursuant to which any of the officers have been selected as officers. There are no “family relationships” among the directors and executive officers, as the Securities and Exchange Commission defines that term.

7

Supervision and Regulation

The following discussion addresses elements of the regulatory framework applicable to bank holding companies and their subsidiaries. This regulatory framework is intended primarily for the protection of depositors, the Federal Deposit Insurance Fund (“DIF”), and the banking system as a whole, rather than the protection of shareholders or non-depository creditors of a bank holding company such as the Company.

As a bank holding company, the Company is subject to regulation, supervision and examination by the Board of Governors of the Federal Reserve System (“FRB”) under the Bank Holding Company Act of 1956, as amended (“BHCA”). As a national bank, the Bank is subject to primary regulation, supervision and examination by the Office of the Comptroller of the Currency (“OCC”).

The following is a summary of certain aspects of various statutes and regulations applicable to the Company and its direct and indirect subsidiaries. This summary is not a comprehensive analysis of all applicable laws, and you should refer to the applicable statutes and regulations for more information. Changes in applicable laws or regulations, and in their interpretation and application by regulatory agencies and other governmental authorities, cannot be predicted, but may have a material effect on our business, financial condition or results of operations.

Regulation of the Company

As a bank holding company, the Company is subject to regulation, supervision and examination by the FRB, which has the authority, among other things, to order bank holding companies to cease and desist from unsafe or unsound banking practices; to assess civil money penalties; and to order termination of non-banking activities or termination of ownership and control of a non-banking subsidiary by a bank holding company.

Source of Strength. Under the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”), the Company is required to serve as a source of financial strength for the Bank. This support may be required at times when the Company may not have the resources to provide it. In the event of a bank holding company’s bankruptcy, any commitment by the bank holding company to a federal bank regulatory agency to maintain the capital of a bank subsidiary will be assumed by the bankruptcy trustee and entitled to a priority of payment.

Acquisitions and Activities. The BHCA prohibits a bank holding company, without prior approval of the FRB, from acquiring all or substantially all the assets of a bank, acquiring control of a bank, merging or consolidating with another bank holding company, or acquiring direct or indirect ownership or control of any voting shares of another bank or bank holding company if, after such acquisition, the acquiring bank holding company would control more than 5% of any class of the voting shares of such other bank or bank holding company. The BHCA also prohibits a bank holding company from engaging directly or indirectly in activities other than those of banking, managing or controlling banks or furnishing services to its subsidiary banks. However, a bank holding company may engage in and may own shares of companies engaged in activities that the FRB has determined, by order or regulation, to be so closely related to banking as to be a proper incident thereto.

In determining whether to approve a proposed bank acquisition, federal bank regulators will consider a number of factors, including the effect of the acquisition on competition, financial condition and future prospects (including current and projected capital ratios and levels); the competence, experience and integrity of management and its record of compliance with laws and regulations; the convenience and needs of the communities to be served (including the acquiring institution’s record of compliance under the Community Reinvestment Act (“CRA”)); the effectiveness of the acquiring institution in combating money laundering activities; and the extent to which the transaction would result in greater or more concentrated risks to the stability of the United States banking or financial system. In addition, approval of interstate transactions requires that the acquirer satisfy regulatory standards for a well-capitalized and well-managed institution.

Limitations on Acquisitions of Company Common Stock. The Change in Bank Control Act prohibits a person or group of persons acting in concert from acquiring “control” of a bank holding company unless the FRB has been notified and has not objected to the transaction. Under a rebuttable presumption established by the FRB, the acquisition of 10% or more of a class of voting securities of a bank holding company with a class of securities registered under Section 12 of the Exchange Act would generally constitute the acquisition of control of a bank holding company. In addition, the BHCA prohibits any company from acquiring control of a bank or bank holding company without first having obtained the approval of the FRB. Under the BHCA, a company is deemed to control a bank or bank holding company if the company owns, controls or holds with power to vote 25% or more of a class of voting securities of the bank or bank holding company, controls in any manner the election of a

8

majority of directors or trustees of the bank or bank holding company, or the FRB determines that the company has the power to exercise a controlling influence over the management or policies of the bank or bank holding company.

Regulation of the Bank

The Bank is subject to regulation, supervision, and examination by the OCC. Additionally, the Federal Deposit Insurance Corporation (“FDIC”) has secondary supervisory authority as the insurer of the Bank’s deposits. The Bank is also subject to regulations issued by the Consumer Financial Protection Bureau (“CFPB”), as enforced by the OCC. The FRB may directly examine the subsidiaries of the Company, including the Bank. The enforcement powers available to the federal banking regulators include, among other things, the ability to issue cease and desist or removal orders; to terminate insurance of deposits; to assess civil money penalties; to issue directives to increase capital; to place the Bank into receivership; and to initiate injunctive actions against banking organizations and institution-affiliated parties.

Deposit Insurance. The deposit obligations of the Bank are insured by the FDIC’s DIF up to the applicable limits. Under the Federal Deposit Insurance Act (“FDIA”), insurance of deposits may be terminated by the FDIC if the FDIC finds that the insured depository institution has engaged in unsafe and unsound practices, is in an unsafe or unsound condition to continue operations or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC.

The Bank’s deposits are subject to deposit insurance assessments to maintain the DIF. The Bank’s deposit insurance assessments are based on its assets. To determine its deposit insurance assessment, the Bank computes the base amount of its average consolidated assets less its average tangible equity (defined as the amount of Tier I capital) and the applicable assessment rate. The rule for calculating assessment rates for established small banks, including the Bank, utilizes the CAMELS rating system, which is a supervisory rating system designed to take into account and reflect all financial and operational risks that a bank may face, including capital adequacy, asset quality, management capability, earnings, liquidity and sensitivity to market risk. Each of the seven financial ratios and a weighted average of CAMELS component ratings is multiplied by a corresponding pricing multiplier. The sum of these products is added to a uniform amount, with the resulting sum being an institution’s initial base assessment rate (subject to minimum or maximum assessment rates based on a bank’s CAMELS composite rating). This method takes into account various measures, including an institution’s leverage ratio, brokered deposit ratio, one year asset growth, the ratio of net income before taxes to total assets and considerations related to asset quality. The FDIC has the power to make further adjustments to deposit insurance assessment rates at any time, and the Company is not able to predict the amount or timing of any such adjustment.

Activities and Investments of National Banking Associations. National banking associations must comply with the National Bank Act and the regulations promulgated thereunder by the OCC, which limit the activities of national banking associations to those that are deemed to be part of, or incidental to, the “business of banking.” Activities that are part of, or incidental to, the business of banking include taking deposits, borrowing and lending money and discounting or negotiating promissory notes, drafts, bills of exchange, and other evidences of debt. Subsidiaries of national banking associations generally may only engage in activities permissible for the parent national bank.

Lending Restrictions. Federal law limits a bank’s authority to extend credit to its insiders, including its directors, executive officers and 10% shareholders, as well as to entities controlled by such persons. Among other things, extensions of credit to insiders are required to be made on terms that are substantially the same as, and follow credit underwriting procedures that are not less stringent than, those prevailing for comparable transactions with unaffiliated persons. Also, the terms of such extensions of credit may not involve more than the normal risk of repayment or present other unfavorable features and may not exceed certain limitations on the amount of credit extended to such persons, individually and in the aggregate, which limits are based, in part, on the amount of the bank’s capital. An extension of credit to an insider includes credit exposure arising from a derivatives transaction, repurchase agreement, reverse repurchase agreement, securities lending transaction or securities borrowing transaction. Additionally, asset sale transactions with insiders must be on market terms, and if the transaction represents more than 10% of the capital and surplus of the Bank, the transactions must be approved by a majority of the disinterested directors of the Bank.

Brokered Deposits. Section 29 of the FDIA and FDIC regulations generally limit the ability of an insured depository institution to accept, renew or roll over any brokered deposit unless the institution’s capital category is “well capitalized” under the prompt corrective action framework described below or, with a waiver from the FDIC, “adequately capitalized.” A bank that is “adequately capitalized” and that accepts or renews brokered deposits subject to a waiver from the FDIC is subject to additional restrictions on the interest rates it may offer. Depository institutions that have brokered deposits in excess of 10% of total assets will be subject to increased FDIC deposit insurance premium assessments. Under FDIC regulations, an institution that is “well capitalized” and has a CAMELS composite rating of 1 or 2 is permitted to exempt reciprocal deposits from

9

treatment as brokered deposits up to the lesser of $5 billion or 20% of the institution’s total liabilities. Institutions that are not well rated or “well capitalized” may treat reciprocal deposits as non-brokered up to an amount equal to a “special cap” set forth in the regulations.

Community Reinvestment Act. The CRA requires the OCC to evaluate the Bank’s performance in helping to meet the credit needs of the entire communities it serves, including low and moderate-income neighborhoods, consistent with its safe and sound banking operations, and to take this record into consideration when evaluating certain applications. The OCC rates a national bank’s compliance with the CRA as “Outstanding,” “Satisfactory,” “Needs to Improve” or “Substantial Noncompliance.” Failure of the Bank to receive at least a “Satisfactory” rating could inhibit the Bank or the Company from undertaking certain activities, including acquisitions of other financial institutions. The Bank currently has a “Satisfactory” CRA rating resulting from its most recent CRA performance evaluation in 2024.

In October 2023, the OCC, together with the FRB and FDIC, issued a joint final rule that introduced many changes to the CRA regulatory framework. However, the final rule was paused in 2024 as the result of a court ordered injunction. In July 2025, the agencies proposed a rule to rescind the revised CRA framework and to replace it with the framework that existed prior to the 2023 rule.

Capital Adequacy and Safety and Soundness

Regulatory Capital Requirements. The Company and the Bank are subject to risk-based capital requirements and rules issued by the FRB, the OCC and the FDIC (the “Capital Rules”) that are based on the Basel Committee on Banking Supervision’s (“Basel Committee”) framework for strengthening capital and liquidity regulation (referred to as Basel III). The Capital Rules are intended to reflect the relationship between the banking organization’s capital and the degree of risk associated with its operations based on transactions recorded on-balance sheet as well as off-balance sheet items. The FRB and the OCC may from time to time require that a banking organization maintain capital above the minimum levels discussed below, due to the banking organization’s financial condition or actual or anticipated growth. Under the Capital Rules, the Company and the Bank apply the Standardized Approach in measuring their risk-weighted assets (“RWA”) and regulatory capital.

The Capital Rules define qualifying capital instruments and specify minimum amounts of capital as a percentage of assets that banking organizations are required to maintain.

Under the Capital Rules, risk-based capital ratios are calculated by dividing Common Equity Tier 1 (“CET1”) capital, Tier 1 capital and total risk-based capital, respectively, by RWA. Assets and off-balance sheet credit equivalents are assigned a risk weight based primarily on supervisory assessments of relative credit risk.

Under the Capital Rules, the Company and the Bank are each required to maintain a minimum CET1 capital to RWA ratio of 4.5%, a minimum Tier 1 capital to RWA ratio of 6%, a minimum total capital to RWA ratio of 8% and a minimum leverage ratio of 4%. Additionally, the Capital Rules require a capital conservation buffer, consisting solely of CET1 capital in an amount above the minimum risk-based capital requirements for “adequately capitalized” institutions equal to 2.5% of total RWA, resulting in a requirement for the Company and the Bank effectively to maintain CET1, Tier 1 and total capital ratios of 7%, 8.5% and 10.5%, respectively. Banking institutions with a ratio of CET1 capital to RWA above the minimum requirement but below the capital conservation buffer face restrictions on the ability to pay dividends, pay discretionary bonuses, and to engage in share repurchases based on the amount of the shortfall and the institution’s “eligible retained income” (the greater of (i) net income for the preceding four quarters, net of distributions and associated tax effects not reflected in net income and (ii) average net income over the preceding four quarters).

The Capital Rules provide for a number of deductions from and adjustments to CET1 capital. As a “non-advanced approaches” firm under the Capital Rules, the Company is subject to rules that provide for simplified capital requirements relating to the threshold deductions for mortgage servicing assets, deferred tax assets arising from temporary differences that a banking organization could not realize through net operating loss carry backs, and investments in the capital of unconsolidated financial institutions, as well as the inclusion of minority interests in regulatory capital.

The Company and the Bank, as non-advanced approaches banking organizations, made a one-time, permanent election under the Capital Rules to exclude the effects of certain components of accumulated other comprehensive income (“AOCI”) included in shareholders’ equity under U.S. GAAP in determining regulatory capital ratios.

The federal bank regulators have adopted regulations as required by the Economic Growth, Regulatory Relief, and Consumer Protection Act (“EGRRCPA”) to implement an exemption from the Capital Rules for smaller banking organizations,

10

including the Company and the Bank, that maintain a “Community Bank Leverage Ratio” of at least 8% to 10%. Under these regulations, a “qualifying small banking organization” can choose to apply the Community Bank Leverage Ratio framework if its Community Bank Leverage Ratio (i.e., the ratio of its Tier 1 capital to average total consolidated assets minus certain deductions from total assets), is greater than the required threshold of 9%. A “qualifying small banking organization” that maintains tangible equity in excess of the applicable Community Bank Leverage Ratio would be deemed to be in compliance with (i) the leverage and risk-based capital requirements promulgated by the federal banking agencies; (ii) in the case of a depository institution, the capital ratio requirements to be considered “well-capitalized” under the federal banking agencies’ “prompt corrective action” regime (see “—Prompt Corrective Action” below); and (iii) “any other capital or leverage requirements” to which the organization is subject, unless the appropriate federal banking agency determines otherwise based on the particular organization’s risk profile. In November 2025, the federal bank regulatory agencies proposed a rule that would reduce the minimum Community Bank Leverage Ratio requirement from 9% to 8%. The Company has evaluated the potential impact of this rule, including the proposal to lower the minimum required ratio, and has elected not to apply the Community Bank Leverage Ratio framework to its operations, and instead measures its capital adequacy under the Capital Rules as described above. Under these regulations, as long as the Company and the Bank continue to meet the requirements to be qualifying small banking organizations (i.e., they have less than $10 billion in total consolidated assets and meet certain risk-based criteria), they are permitted to opt into (or out of) the Community Bank Leverage Ratio framework at any time and for any reason. The Company will continue to evaluate the impact of the Community Bank Leverage Ratio and may opt into that framework in the future. The Company cannot guarantee, however, that it or the Bank will continue to meet the conditions to be eligible to apply the Community Bank Leverage Ratio, nor can the Company predict at this time whether it or the Bank will choose to apply the Community Bank Leverage Ratio in the future.

In December 2017, the Basel Committee published standards that it described as the finalization of the Basel III post-crisis regulatory reforms. Among other things, these standards revise the Basel Committee's standardized approach for credit risk (including by recalibrating risk weights and introducing new capital requirements for certain “unconditionally cancellable commitments,” such as home equity lines of credit) and provides a new standardized approach for operational risk capital. Under the current U.S. capital rules, operational risk capital requirements and a capital floor apply only to advanced approaches institutions, and not to the Company or Bank. In July 2023, the federal banking regulators proposed revisions to the Basel III Capital Rules to implement the Basel Committee’s 2017 standards and make other changes to the Basel III Capital Rules. The revised capital requirements of the proposed rule would not apply to the Company or Bank because they have less than $100 billion in total consolidated assets and trading assets and liabilities below the threshold for market risk requirements. However, the federal banking regulators have indicated they expect to issue a revised proposal, which is expected to modify aspects of the July 2023 proposal, including those described above.

Prompt Corrective Action. The FDIA requires the federal banking agencies to take prompt corrective action with respect to depository institutions that do not meet the minimum capital requirements described above. The FDIA establishes five capital categories (“well capitalized,” “adequately capitalized,” “undercapitalized,” “significantly undercapitalized” and “critically undercapitalized”). The federal banking regulators must take certain mandatory supervisory actions, and are authorized to take other discretionary actions, with respect to institutions that are less than adequately capitalized, with supervisory actions progressively becoming more punitive as the institution’s capital category declines. Supervisory actions include: (i) restrictions on payment of capital distributions and management fees, (ii) requirements that a federal bank regulator monitor the condition of the institution and its efforts to restore its capital, (iii) submission of a capital restoration plan, (iv) restrictions on the growth of the institution’s assets and (v) requirements for prior regulatory approval of certain expansion proposals. A bank that is “critically undercapitalized” (i.e., has a ratio of tangible equity to total assets that is equal to or less than 2.0%) will be subject to further restrictions and generally will be placed in conservatorship or receivership within 90 days. An insured depository institution is considered “well capitalized” if it (i) has a total risk-based capital ratio of 10.0% or greater; (ii) has a Tier 1 risk-based capital ratio of 8.0% or greater; (iii) has a CET1 ratio of at least 6.5% or greater; (iv) has a leverage capital ratio of 5.0% or greater; and (v) is not subject to any written agreement, order, capital directive, or prompt corrective action directive to meet and maintain a specific capital level for any capital measure.

The FDIA’s prompt corrective action provisions apply only to depository institutions such as the Bank, and not to bank holding companies. Under the FRB’s regulations, a bank holding company, such as the Company, is considered “well capitalized” if the bank holding company (i) has a total risk based capital ratio of at least 10%, (ii) has a Tier 1 risk-based capital ratio of at least 6%, and (iii) is not subject to any written agreement order, capital directive or prompt corrective action directive to meet and maintain a specific capital level for any capital measure. Although prompt corrective action regulations apply only to depository institutions and not to bank holding companies, a bank that is required to submit a capital restoration plan generally must concurrently submit a performance guarantee by its parent holding company. The liability of the parent holding company under any such guarantee is limited to the lesser of five percent of the bank’s assets at the time it became “undercapitalized” or the amount needed to comply.

11

Information concerning the Company and the Bank with respect to capital requirements is incorporated by reference from Item 7. "Management’s Discussion and Analysis of Financial Condition and Results of Operations—Capital Resources" and Note 15 of the consolidated financial statements included within this report.

The Bank and the Company meet all capital requirements under the Capital Rules, including the capital conservation buffer, and each meet the capital ratio requirements to be “well capitalized” for purposes of the prompt corrective action provisions of the FDIA and applicable FRB regulations, respectively.

Safety and Soundness Standards. The FDIA requires the federal bank regulatory agencies to prescribe safety and soundness standards, by regulations or guidelines, as the agencies deem appropriate. Guidelines adopted by the federal bank regulatory agencies establish general standards relating to internal controls and information systems, internal audit systems, loan documentation, credit underwriting, interest rate exposure, asset growth, asset quality, earnings and compensation, fees and benefits. In general, these guidelines require, among other things, appropriate systems and practices to identify and manage the risk and exposures specified in the guidelines. In addition, the federal banking agencies adopted regulations that authorize, but do not require, an agency to order an institution that has been given notice by an agency that it is not satisfying any of such safety and soundness standards to submit a compliance plan. If, after being so notified, an institution fails to submit an acceptable compliance plan or fails in any material respect to implement an acceptable compliance plan, the agency must issue an order directing action to correct the deficiency and may issue an order restricting asset growth, requiring an institution to increase its ratio of tangible equity to assets or directing other actions of the types to which an undercapitalized institution is subject under the “prompt corrective action” provisions of the FDIA. See “—Prompt Corrective Action” above. If an institution fails to comply with such an order, the agency may seek to enforce such order in judicial proceedings and to impose civil money penalties.

Dividend and Share Repurchase Restrictions

The Company is a legal entity separate and distinct from its subsidiaries. The revenue of the Company (on a parent-only basis) is derived primarily from interest and dividends paid to it by the Bank. The right of the Company, and consequently the right of shareholders of the Company, to participate in any distribution of the assets or earnings of the Bank through the payment of such dividends or otherwise is necessarily subject to the prior claims of creditors of the Bank (including depositors), except to the extent that certain claims of the Company in a creditor capacity may be recognized. The Company and the Bank are subject to various federal and state restrictions on their ability to pay dividends as described below.

Restrictions on Bank Holding Company Dividends. The FRB has the authority to prohibit bank holding companies from paying dividends if such payment is deemed to be an unsafe or unsound practice. The FRB has indicated generally that it may be an unsafe or unsound practice for bank holding companies to pay dividends unless the bank holding company’s net income over the preceding year is sufficient to fund the dividends and the expected rate of earnings retention is consistent with the organization’s capital needs, asset quality and overall financial condition. FRB guidance also directs bank holding companies to inform the FRB reasonably in advance of declaring or paying a dividend that exceeds earnings for the period for which the dividend is being paid. Further, the Company’s ability to pay dividends is restricted if it does not maintain the capital conservation buffer. See “—Capital Adequacy and Safety and Soundness—Regulatory Capital Requirements” above.

Under Maine law, a corporation’s Board of Directors may declare, and the corporation may pay, dividends on its outstanding shares, in cash or other property, generally only out of the corporation’s unreserved and unrestricted earned surplus, or out of the unreserved and unrestricted net earnings of the current fiscal year and the next preceding fiscal year taken as a single period, except under certain circumstances, including when the corporation is insolvent, or when the payment of the dividend would render the corporation insolvent or when the declaration would be contrary to the corporation’s charter.

Restrictions on Bank Dividends. Under OCC regulations, national banks generally may not declare a dividend in excess of the bank’s undivided profits or, absent OCC approval, if the total amount of dividends declared by the national bank in any calendar year exceeds the total of the national bank’s retained net income year-to-date combined with its retained net income for the preceding two years. National banks also are prohibited from declaring or paying any dividend if, after making the dividend, the national bank would be considered “undercapitalized” (as defined by reference to other OCC regulations). The OCC has the authority to use its enforcement powers to prohibit a national bank, such as the Bank, from paying dividends if, in its opinion, the payment of dividends would constitute an unsafe or unsound practice. Further, the Bank’s ability to pay dividends is restricted if it does not maintain the capital conservation buffer. See “—Capital Adequacy and Safety and Soundness—Regulatory Capital Requirements” above.

12

Certain Transactions by Banks with their Affiliates

Sections 23A and 23B of the Federal Reserve Act and the FRB’s Regulation W restrict transactions between a bank and its affiliates, including its parent bank holding company. The Bank is subject to these restrictions, which include quantitative and qualitative limits on the amounts and types of transactions that may occur, including extensions of credit (which include credit exposure arising from repurchase and reverse repurchase agreements, securities borrowing and derivative transactions) to affiliates, investments in the stock or securities of affiliates, purchases of assets from affiliates and other “covered transactions.” Generally, a bank’s (including its subsidiaries) covered transactions with any affiliate are subject to the following limits: (i) the aggregate amount of covered transactions with any one affiliate cannot exceed 10% of the bank’s capital stock and surplus; and (ii) the aggregate amount of covered transactions with all affiliates cannot exceed 20% of the bank’s capital stock and surplus. Transactions between a bank and its affiliates, including a parent holding company, must be on market terms and not otherwise unduly favorable to an affiliate, and, in the case of extensions of credit, be secured by specified amounts and types of collateral.

Anti-Tying Restrictions

Generally, a bank is prohibited from extending credit, leasing or selling property, furnishing any service or fixing or varying the consideration for any of the foregoing on the condition that (i) the customer obtains additional credit, property or services from the bank’s parent holding company or any subsidiary of the holding company, or (ii) the customer will not obtain credit, property or services from a competitor of the bank or its affiliates (except to the extent the restriction is a reasonable condition imposed to assure the soundness of the credit extended).

Consumer Protection Regulation

The Company and the Bank are subject to federal and state laws designed to protect consumers and prohibit unfair or deceptive business practices, including the Equal Credit Opportunity Act, the Fair Housing Act, the Home Ownership Protection Act, the Fair Credit Reporting Act (“FCRA”), as amended by the Fair and Accurate Credit Transactions Act of 2003 (“FACT Act”), the Gramm-Leach-Bliley Act of 1999 (“GLBA”), the Truth in Lending Act, the CRA, the Home Mortgage Disclosure Act, the Real Estate Settlement Procedures Act, the National Flood Insurance Act and various state law counterparts. These laws and regulations mandate certain disclosure requirements and regulate the manner in which financial institutions must interact with customers when taking deposits, making loans, collecting loans and providing other services. In addition, the CFPB has a broad mandate to prohibit unfair, deceptive or abusive acts and practices, is specifically empowered to require certain disclosures to consumers and draft model disclosure forms, and is responsible for making rules and regulations under the federal consumer protection laws relating to financial products and services. Failure to comply with consumer protection laws and regulations can subject financial institutions to enforcement actions, fines and other penalties. The OCC examines the Bank for compliance with CFPB rules and enforces CFPB rules with respect to the Bank. During 2025, the CFPB reduced its staff by over 80%. The reduction in force is the subject of litigation. The effects of these developments on banking organizations subject to CFPB regulation is uncertain. States and state attorneys general may increase regulatory, investigative and enforcement activity with respect to consumer protection, in response to changes in regulation, supervision and enforcement of consumer protection laws by federal regulators.

FCRA. Like other lenders, the Bank uses consumer reports in its underwriting activities. Use of such information is regulated under the FCRA, and the FCRA also regulates reporting information to consumer reporting agencies, prescreening individuals for credit offers, sharing of consumer reports between affiliates, and using affiliate credit data for marketing purposes. Similar state laws may impose additional requirements on the Bank. A notice of proposed rulemaking to revise the FCRA was published in December 2024, with comments to the proposal due in March 2025. The CFPB subsequently withdrew the proposed rule in May 2025.

Mortgage Reform. The Dodd-Frank Act prescribes certain standards that mortgage lenders must consider before making a residential mortgage loan, including verifying a borrower’s ability to repay such mortgage loan, and allows borrowers to assert violations of certain provisions of the Truth in Lending Act as a defense to foreclosure proceedings. Under the Dodd-Frank Act, prepayment penalties are prohibited for certain mortgage transactions and creditors are prohibited from financing insurance policies in connection with a residential mortgage loan or home equity line of credit. In addition, the Dodd-Frank Act prohibits mortgage originators from receiving compensation based on the terms of residential mortgage loans and generally limits the ability of a mortgage originator to be compensated by others if compensation is received from a consumer. The Dodd-Frank Act requires mortgage lenders to make additional disclosures prior to the extension of credit, in each billing statement and for negative amortization loans and hybrid adjustable rate mortgages.

Data Privacy and Cyber Security. The GLBA requires financial institutions to implement policies and procedures regarding the disclosure of nonpublic personal information about consumers to nonaffiliated third parties. In general, the Bank

13

must provide its customers with an initial and annual disclosure that explains its policies and procedures regarding the disclosure of such nonpublic personal information, and, except as otherwise required or permitted by law, the Bank is prohibited from disclosing such information except as provided in such policies and procedures. However, an annual disclosure is not required to be provided by a financial institution if the financial institution only discloses information under exceptions from GLBA that do not require an opt out to be provided and if there has been no change in its privacy policies and practices since its most recent disclosure provided to consumers. The GLBA also requires that the Bank develop, implement and maintain a comprehensive written information security program designed to ensure the security and confidentiality of customer information (as defined under GLBA), to protect against anticipated threats or hazards to the security or integrity of such information; and to protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. The Bank is also required to send a notice to customers whose sensitive information has been compromised if unauthorized use of this information is reasonably possible.

Most states, including the states where the Bank operates, have enacted legislation concerning breaches of data security and Congress is considering federal legislation that would require consumer notice of data security breaches. Pursuant to the FACT Act, the Bank must develop and implement a written identity theft prevention program to detect, prevent, and mitigate identity theft in connection with the opening of certain accounts or certain existing accounts. Additionally, the FACT Act amends the Fair Credit Reporting Act to generally prohibit a person from using information received from an affiliate to make a solicitation for marketing purposes to a consumer, unless the consumer is given notice and a reasonable opportunity and a reasonable and simple method to opt out of the making of such solicitations.

The U.S. federal bank regulatory agencies impose notification requirements on banking organizations with respect to significant computer security incidents. Under these regulations, a bank holding company, such as the Company, and a national bank, such as the Bank, are required to notify the FRB or OCC, respectively, within 36 hours of incidents that have materially disrupted or degraded, or are reasonably likely to materially disrupt or degrade the banking organization’s ability to deliver services to a material portion of its customer base, jeopardize the viability of key operations of the banking organization, or pose a threat to the financial stability of the United States (“U.S.”).

Anti-Money Laundering

The Bank Secrecy Act. Under the Bank Secrecy Act (“BSA”), a financial institution is required to have systems in place to detect certain transactions, based on the size and nature of the transaction, and to monitor and report suspicious activity to appropriate law enforcement or regulatory authorities. Financial institutions, such as the Bank, are also required to adopt and implement policies and procedures with respect to, among other things, anti-money laundering (“AML”) compliance, suspicious activity, currency transaction reporting, customer identity verification and customer risk analysis, enhanced due diligence based upon risk and identification and monitoring of beneficial ownership. In addition, financial institutions are required to take steps to monitor their correspondent banking and private banking relationships as well as, if applicable, their relationships with “shell banks.” In evaluating an application under Section 3 of the BHCA to acquire a bank or an application under the Bank Merger Act to merge banks or affect a purchase of assets and assumption of deposits and other liabilities, the applicable federal banking regulator must consider the AML compliance record of both the applicant and the target.

In January 2021, the Anti-Money Laundering Act of 2020 (“AMLA”), which amends the BSA, was enacted. Among other things, the AMLA codified a risk-based approach to AML compliance for financial institutions; required the development of standards by the U.S. Department of the Treasury for evaluating technology and internal processes for BSA compliance; and expanded enforcement- and investigation-related authority, including a significant expansion in the available sanctions for certain BSA violations. Many of the statutory provisions in the AMLA will require additional rule-makings, reports and other measures, and the impact of the AMLA will depend on, among other things, rule-making and implementation guidance. In June 2021, the Financial Crimes Enforcement Network, a bureau of the U.S. Department of the Treasury (“FinCEN”), issued the priorities for anti-money laundering and countering the financing of terrorism policy required under the AMLA. The priorities include corruption, cybercrime, terrorist financing, fraud, transnational crime, drug trafficking, human trafficking and proliferation financing. In July 2024, the OCC, the Federal Reserve, the FDIC and the National Credit Union Administration issued a joint proposed rule that would amend their rules regarding AML programs. Among other things, the proposed rule would require national banks to incorporate a risk assessment process into their AML programs that consider the priorities published by FinCEN and would encourage, but not require, banks to consider, evaluate and implement innovative approaches to meet BSA compliance obligations. The effects of the proposed rule on the Bank will depend on the final form of any rulemaking.

OFAC. The U.S. has imposed economic sanctions that affect transactions with designated foreign countries, nationals and others. These sanctions, which are administered by the U.S. Treasury’s Office of Foreign Assets Control (“OFAC”), take many different forms. Generally, however, they contain one or more of the following elements: (i) restrictions on trade with or

14

investment in a sanctioned country, including prohibitions against direct or indirect imports from and exports to a sanctioned country and prohibitions on “U.S. persons” engaging in financial or other transactions relating to a sanctioned country or with certain designated persons and entities; (ii) a blocking of assets in which the government or specially designated nationals of the sanctioned country have an interest, by prohibiting transfers of property subject to U.S. jurisdiction (including property in the possession or control of U.S. persons); and (iii) restrictions on transactions with or involving certain persons or entities. Blocked assets (for example, property and bank deposits) cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Failure to comply with these sanctions could have serious legal consequences for the Company or could significantly harm our brand

Digital Assets

In July 2025, the President signed into law the “Guiding and Establishing National Innovation for U.S. Stablecoins Act” or the “GENIUS Act.” The GENIUS Act establishes a regulatory framework for “payment stablecoins” and their issuers. The GENIUS Act permits payment stablecoins to be issued in the United States only by “permitted payment stablecoin issuers”, including the subsidiary of an insured depository institution. The GENIUS Act requires the Treasury Department and federal and state regulators to issue regulations on numerous topics to interpret and implement the statute. The effect of the GENIUS Act on the Company and the Bank will depend on the final form of any regulations and cannot be predicted at this time. In addition, although the federal banking regulators have not developed regulations governing the digital asset activities of banking organizations, the OCC has clarified that certain digital assets activities of national banks are permissible subject to safety-and-soundness standards and the OCC’s prior approval. In addition, Congress has recently proposed legislation that would, among other things, define when crypto tokens are securities, commodities or otherwise. Digital assets activities continue to be an area of significant focus for Congress, the current Presidential administration and the federal banking regulators. Any changes in law or in the Company’s or the Bank’s supervisory frameworks relating to digital assets cannot be predicted at this time.

Fair Access to Financial Services

In recent years, certain states have enacted, or have proposed to enact, statutes, regulations or policies that prohibit financial institutions from denying or canceling products or services to a person or business, or otherwise discriminating against a person or business in making available products or services, on the basis of certain social or political factors or other activities. The current Presidential administration has issued a number of executive orders and various agencies have taken positions that relate to environmental and social matters. In August 2025, President Trump signed Executive Order 14331, “Guaranteeing Fair Banking Access for All Americans,” which states that it is the policy of the United States that no American should be denied access to financial services because of their constitutionally or statutorily protected beliefs, affiliations, or political views. The Executive Order directs the Treasury Secretary and federal banking regulators to address politicized or unlawful debanking activities. Some of these measures may conflict with other regulatory requirements. Due to legal challenges and other uncertainties, the effects of these measures on the Company or the Bank cannot be predicted at this time

Executive and Incentive Compensation

Guidelines adopted by the federal banking agencies prohibit excessive compensation as an unsafe and unsound practice and describe compensation as “excessive” when the amounts paid are unreasonable or disproportionate to the services performed by an executive officer, employee, director or principal stockholder. The federal banking regulators have issued comprehensive guidance on incentive compensation policies (the “Incentive Compensation Guidance”) intended to ensure that the incentive compensation policies of banking organizations do not undermine safety and soundness of such organizations by encouraging excessive risk-taking. The Incentive Compensation Guidance is based upon the key principles that a banking organization’s incentive compensation arrangements should (i) provide incentives that do not encourage risk-taking beyond the organization’s ability to effectively identify and manage risks, (ii) be compatible with effective internal controls and risk management, and (iii) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors. The Incentive Compensation Guidance states that enforcement actions may be taken against a banking organization if its incentive compensation arrangements or related risk-management control or governance processes pose a risk to the organization’s safety and soundness and the organization is not taking prompt and effective measures to correct the deficiencies.

During 2016, the federal bank regulatory agencies and the SEC proposed revised rules on incentive-based payment arrangements at specified regulated entities having at least $1 billion of total assets. In July 2024, the OCC, FDIC, Federal Housing Finance Agency and National Credit Union Administration jointly re-proposed the regulatory text of the 2016 proposal. The Federal Reserve and the SEC did not join the proposal, and the proposed rule will not be published in the Federal Register until the agencies have joined.