CHAIN BRIDGE BANCORP INC (CBNA) Business

Verbatim Item 1 Business section from CHAIN BRIDGE BANCORP INC's latest 10-K. Filing date: 2026-03-20. Accession: 0001628280-26-020177.

This page reproduces the company's own Item 1 Business text from the linked SEC filing. It is filer text, not grepcent analysis, scoring, or investment advice.

Informational only - not investment advice. See Disclaimer.

Extracted from Item 1 Business to the first Item 1A/1B/1C/2 boundary after HTML sanitization. Confidence: high. Source form: 10-K. Character span: 43032-125547.

Back to CBNA company profile

ITEM 1. BUSINESS

Our Company

Chain Bridge Bancorp, Inc. is a Delaware-chartered bank holding company and the parent of its wholly-owned subsidiary, Chain Bridge Bank, N.A., a nationally chartered commercial bank with fiduciary powers granted by the OCC. The Company was incorporated on May 26, 2006, and the Bank opened on August 6, 2007. The Company conducts substantially all of its operations through the Bank and has no other subsidiaries.

We offer a range of commercial and personal banking services, including deposits, treasury management, payments, loans, commercial lending, residential mortgage financing, consumer loans, trusts and estate administration, wealth management, and asset custody.

Our mission is to deliver exceptional banking and trust services nationwide, blending financial strength, personalized service, and advanced technology to offer tailored solutions to businesses, non-profit organizations, political organizations, individuals, and families. Our vision is to grow responsibly by adapting our personalized service and advanced technology solutions to our clients’ evolving needs while emphasizing liquidity, asset quality, and financial strength. We aim to be recognized for our “Strength, Service, Solutions: Your Bridge to Better Banking Nationwide.”

As of December 31, 2025, we held total assets of $1.8 billion, including $586.6 million in cash and cash equivalents, of which $580.9 million were interest-bearing reserves held at the Federal Reserve. Our portfolio included $865.4 million in securities, with $527.8 million or 61.0% of that in U.S. Treasury securities. Net loans held for investment, after accounting for deferred fees and costs and allowances, totaled $270.7 million. Our total deposits stood at $1.6 billion, with stockholders’ equity at $169.2 million. Approximately 95.3% of these deposits were held in transaction accounts (as such term is defined in the instructions for the Call Report, which the Bank files with the FFIEC on a quarterly basis). Our loan-to-deposit ratio was 17.46%.

Additionally, we hold excess deposits sold one-way to other participating banks through the IntraFi Cash Service® (ICS®). For our clients that opt into the ICS® network, this service allows us to place their deposits in increments up to the FDIC insurance limits at other banks within the ICS® network. In exchange, we may elect to either receive reciprocal deposits from other banks within the ICS® network or place the deposits at other banks as “One-Way Sell®” deposits and receive a deposit placement fee. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations — Financial Condition — Deposits” for more information on ICS® deposits.

Our Regulatory Framework and Banking Philosophy

Chain Bridge Bank, N.A. operates under a national charter with full fiduciary powers granted by the OCC. Our national charter allows us to offer banking services across state lines without additional state banking licenses. The OCC serves as our primary federal regulator, overseeing our operations and compliance with applicable federal banking laws and regulations. Our national bank fiduciary powers enable us to offer trust services broadly.

Our operations under this regulatory framework reflect a banking philosophy that emphasizes liquidity, asset quality, and financial strength. This approach guides our asset allocation strategy, risk management practices, and deposit gathering efforts.

Balance Sheet Strategy and Composition

Our balance sheet composition reflects our banking philosophy of emphasizing liquidity, asset quality, and financial strength. We aim to allocate a high proportion of our assets to interest-bearing reserves at the Federal Reserve and to securities that we believe qualify as investment grade.

Our asset allocation strategy is designed to balance liquidity maintenance with income generation. We prioritize investments in securities that we believe qualify as investment grade, with a significant portion allocated to U.S. Treasury securities. This approach reflects our focus on managing credit risk while maintaining liquidity. We strive to maintain a low proportion of assets that we consider to be illiquid.

Lending Approach and Credit Risk Management

Our lending policies are designed to manage credit risk. Our approach has historically resulted in what we consider to be low levels of non-performing loans and loan charge-offs. As of December 31, 2025, we have reported no non-performing assets since June 30, 2012. The Company has not reported any loan charge-offs since the third quarter of 2017 and has incurred a cumulative net loan charge-offs of $265 thousand since inception.

Deposit Composition and Strategy

We aim to attract transaction account deposits, particularly from commercial clients. Our investment approach for these funds is intended to be conservative, based on our interpretation of prudent banking practices and current regulatory guidelines.

As of December 31, 2025, we served deposit clients in 49 states, the District of Columbia, and Puerto Rico.

To support our strategy of attracting commercial transaction account deposits, we emphasize services designed to attract commercial clients who manage high transaction volumes. These services include digital onboarding solutions, image cash letter (“ICL”) processing and treasury management offerings that accommodate multiple users with customizable approval hierarchies. This focus aligns with our goal of attracting and retaining commercial clients with complex transactional needs.

At December 31, 2025, 95.3% of our total deposits were held in transaction accounts. For the year ended December 31, 2025, our cost of funds was 0.32%.

The composition of our deposit base and the associated cost of funds are consistent with our focus on transaction accounts. Our experience suggests that clients with these types of accounts may interact more frequently with our banking services and relationship officers compared to those with other account types. This interaction may be associated with increased use of our services, which aligns with our approach to client relationships.

Operational Model and Technology Focus

Our model emphasizes attentive, relationship-based service enhanced by technology solutions. This strategy allows the Bank to serve clients efficiently across a wide geographic area while maintaining lower overhead costs compared to some branch-based banking models.

We believe our technology-driven approach allows us to deliver banking services efficiently, with a focus on meeting the needs of commercial clients who manage high transaction volumes and have complex organizational structures. Our treasury management system is designed to handle substantial transaction volumes and accommodate complex organizational structures often found in larger commercial entities. The system features multi-user access with customizable approval hierarchies, allowing clients to tailor the system to their specific operational needs. It also offers integration capabilities with popular accounting software and includes mobile batch check deposit functionality.

Our technology infrastructure is designed to process electronic transactions efficiently, including support for industry-standard formats commonly used for large-scale deposits. This infrastructure is intended to facilitate the handling of significant transaction volumes for our more active commercial clients, including political organizations, in a timely manner. While the technologies we employ are generally available in the banking industry, we believe our approach to implementing and customizing these solutions for specific client needs may distinguish us from many institutions of comparable size. We have developed capabilities in adapting our systems to address the particular requirements of clients with high transaction volumes. This allows us to offer banking solutions that we believe are comparable to those typically associated with larger financial institutions. As payment technologies continue to evolve, we strive to maintain our technological capabilities and adapt our services to meet the changing needs of our diverse commercial client base.

Our business model operates without a traditional branch network. As of December 31, 2025, we provide in-person banking services exclusively from our headquarters and do not operate additional physical banking locations. Based on our experience, we believe many of our clients prefer to conduct their banking transactions electronically through our digital platform, which offers services such as mobile deposit, ACH, wire transfers, and bill payment. This approach allows clients to manage their banking needs from anywhere, reducing the need to visit a physical branch.

We believe our technology-driven approach enables us to provide attentive, personalized service, despite our limited physical footprint. Our relationship officers are required to be directly accessible via phone, email, and video conferencing, which is intended to ensure that we meet the needs of our clients, particularly modern businesses. This service delivery model offers broad geographic reach and the potential for a competitive advantage by combining attentive personal service with the efficiency and convenience of remote access.

By operating without a branch network, we can direct resources toward enhancing our technology infrastructure and expanding our digital services. This approach is intended to provide our clients with secure, efficient, and convenient banking solutions. However, our branch-less business model may limit our ability to expand our retail lending and deposit businesses beyond the Washington, D.C. metropolitan area, where we have a more concentrated presence.

Serving Political Organizations

We focus on clients and business segments where our experience may offer advantages, such as services for political organizations and related entities, including treasury management, deposit services, and trust and wealth management. Our approach generally favors developing capabilities in less saturated sectors and avoiding highly competitive markets, like commercial real estate or mass-market consumer banking. We have historically grown organically and many of our new business opportunities have come through word-of-mouth referrals. We believe our client-focused approach has contributed to maintaining strong relationships.

We estimate that there are points in time when at least a majority of our deposit balances are sourced from political organizations. This estimate is subject to data limitations and identifying a client as a political organization sometimes requires judgment, and the actual number of our deposits represented by political organizations may differ from this estimate. See “Risk Factors — Operational Risks — Our reliance on estimates and risk management activities may not always prevent or mitigate risks effectively, leading to potential differences between actual results and our forecasts.”

We have experience providing deposit services to several different types of political organizations, including:

•Campaign committees

•Party committees (national, state, and local);

•Corporate and trade association political action committees (“PACs”);

•Super PACs and Hybrid PACs;

•Non-committee 527 organizations;

•Leadership PACs;

•Joint fundraising committees; and

•Presidential inaugural committees.

In addition to political organizations, we also provide deposit accounts to a variety of businesses that support the campaigns and elections industry. These businesses include vendors involved in advertising, television advertisement buying, digital marketing, public opinion polling, opposition research firms, general consulting, fundraising, and services related to treasury, legal, and compliance matters.

Seasonality

Certain aspects of our deposits fluctuate seasonally. Most of this seasonality comes from commercial depositors, primarily political organizations and their vendors that generate and spend funds around federal election cycles. Federal elections in the United States occur every two years in the fourth quarter, on the first Tuesday after the first Monday in November. Primary elections for federal offices, determined by the state and political parties, typically occur in the first, second, or third quarter of the year. Historically, our total deposits have gradually increased in quarters leading up to a federal election, followed by a decline around the election. Deposit growth tends to be stronger leading up to presidential elections, which occur every four years, compared to biennial midterm elections.

Historically, deposits from political organizations have typically increased in the periods leading up to federal elections, declined in the quarters around federal elections, and tended to rebuild gradually in the quarters following federal elections. Although the timing and magnitude of these flows have varied from cycle to cycle, such fluctuations are longstanding characteristics of our deposit base. Election outcomes may also influence deposit activity, including post-election inflows driven by new fundraising or account activities. For further details regarding these seasonal fluctuations and their impact on our financial condition, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations.”

Certain types of accounts, such as political party committee accounts, maintain funds throughout the election cycle. Other types of accounts, such as campaign committee accounts, are often established for a single campaign cycle and exhibit greater seasonality. In order to mitigate seasonality risk, we aim to maintain a relatively high level of cash reserve deposits at the Federal Reserve.

Federal election cycles also impact revenue-generating activities, such as wire transfers, payments, check processing, debit card usage, deposit placement through ICS®, and treasury management services, which also increase during this period until the end of the election cycle. Additionally, deposits from trade associations may exhibit seasonality. These associations typically bill their members annually for dues and spend the funds down over the course of the year.

Certain clients organized under Section 501(c)(4) of the Internal Revenue Code as social welfare organizations may experience fluctuations in deposit balances and transaction activity in connection with issue advocacy or public policy initiatives. Although such activity may occur during election cycles, these organizations are not considered “political organizations” under the Company’s definition, which is limited to entities organized under Section 527 of the Internal Revenue Code and related campaign and party committees. The Company manages potential variability associated with such activity through its liquidity and asset allocation practices.

Competition

The banking industry is highly competitive. We compete for loans, deposits, capital and fiduciary services with other banks and other kinds of financial institutions and enterprises, such as securities firms, insurance companies, savings and loan associations, credit unions, mortgage brokers, fintechs, and private lenders, many of which have substantially greater resources or are subject to less stringent regulations. We primarily compete for commercial deposit accounts with the country’s largest banks, which have national reach, and regional banks, some of which also have national reach and advanced technology and treasury management platforms for commercial clients. We also compete with other state, national and international financial institutions located in our market areas, as well as savings associations, savings banks and credit unions for loans and retail deposits. Competition among providers of financial products and services continues to increase, with consumers having the opportunity to select from a growing variety of traditional and nontraditional alternatives, including fintech companies, and the emergence, adoption and evolution of new technologies that do not require intermediation, including stablecoins, digital assets, blockchains, and other technologies based on distributed ledgers, all of which have grown significantly in recent years. The ability of non-bank financial institutions to provide services previously limited to commercial banks has intensified competition. See “Risk Factors — Other Risks Related to Our Business — There is no assurance that the Bank will be able to compete successfully with others for its business.”

Our Principal Products, Services and Markets

We offer a range of banking and trust services, including deposits, treasury management, payments, commercial lending, residential loans, mortgage financing, consumer loans, trust and estate administration, and wealth management. While our deposits come from across the United States, the majority of our loans and trust services are concentrated in the Washington, D.C. metropolitan area.

Deposit Services

As of December 31, 2025, transaction account deposit balances made up 95.3% of our total deposits. We provide a variety of commercial and personal deposit services to commercial and individual clients.

Commercial Deposit Services. We offer a suite of deposit accounts designed to meet the needs of businesses:

•Business Checking Accounts: These accounts are designed for startups, sole proprietors, and organizations with limited check-writing and deposit activity, featuring online and mobile banking capabilities.

•Commercial Analysis Checking: These accounts are designed for businesses with high transaction volumes and substantial balances, offering an earnings credit in lieu of interest to offset item processing and service charges.

•Commercial Money Market Accounts: These accounts provide competitive interest rates that increase with higher deposit balances, which is an attractive option for clients managing excess cash reserves.

Personal Banking Services. For individual clients, we offer a variety of checking and savings accounts. These accounts offer online and mobile banking, debit card controls, electronic statements and digital wallet capabilities.

We provide deposit services electronically, which allows us to avoid the costs associated with maintaining a traditional branch network, allowing us to invest more in people and technology and provide our deposit services to clients nationwide. We are also a member of the IntraFi® network of institutions, which allows our deposit clients to enroll in the ICS® program to achieve full FDIC insurance. For a discussion of the ICS® program, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations.” As of December 31, 2025, we held deposits from clients across 49 states, the District of Columbia, and Puerto Rico, with approximately 37.2% of total deposits and One-Way Sell® deposits from the District of Columbia and approximately 24.6% from Virginia.

We have experience in providing deposit services to political organizations. A substantial portion of our deposit business is derived from federal and, to a lesser extent, state political organizations. We have developed a familiarity with the particular banking needs of these entities, many of which are highly regulated under federal or state law, and the compliance professionals who serve them. Our experience in processing transactions for these organizations allows us to offer services designed to meet the needs of our clients in this sector. For example, we serve our deposit clients through experienced relationship officers and seek to offer personal service and tailored solutions for account management, image cash letters, remote deposit capture, payment processing, and treasury management.

Lending

We provide lending services to consumers and commercial borrowers primarily located in the Washington, D.C. metropolitan area. As of December 31, 2025, our loan portfolio consisted of 73.2% in residential real estate loans, 17.6% in commercial real estate loans, 1.6% in commercial loans, and 7.6% in consumer loans, and approximately 83.4% of our loans were to borrowers located in the Washington, D.C. metropolitan area.

Consumer Lending. Our consumer lending primarily consists of residential mortgage financing, with a primary focus on adjustable rate mortgages. Long-term fixed-rate mortgages exceeding fifteen years are generally not retained on our balance sheet. We specialize in non-conforming jumbo mortgages designed for individuals with sophisticated financial profiles and diverse income streams, as well as construction loans for building or renovating a primary residence. As of December 31, 2025, the Bank held 44 non-conforming single-family residential jumbo mortgage loans with an aggregate balance of $82.0 million, representing 42.0% of the Bank’s total single-family residential mortgage portfolio. We also provide co-op financing, a service typically not offered by mass retail lenders.

A portion of our residential mortgage borrowers also maintain consumer deposit accounts with us. We believe this overlap is an important aspect of our strategy to deepen client relationships by offering a broad range of banking services. For certain residential mortgage clients, the ability to access both lending and deposit services within our institution may enhance their overall banking experience and support the development of long-term relationships. Our ability to serve as both a lender and a depository institution for our residential mortgage clients is a component of our service offering.

Commercial Lending. We provide commercial real estate loans and commercial loans to businesses primarily located in the Washington, D.C. area. We also provide commercial real estate loans secured by income-producing properties or owner-occupied properties. We also provide commercial loans to finance a range of business needs, including expansion, equipment purchases and working capital. In the fourth quarter of 2023, we launched our own branded business credit card program, offering both secured and unsecured credit lines, helping us reduce our reliance on third-party product providers. Our secured business credit card provides businesses with a credit line backed by collateral. Our unsecured business credit card offers a line of credit without collateral, suitable for established businesses with strong credit histories. This initiative was designed to meet the needs of our commercial clients. As of December 31, 2025, the outstanding balance on our business credit cards was immaterial.

Many of our commercial borrowers maintain deposit accounts with us as part of their loan agreements, which supports our strategy of offering integrated financial services. However, our depositors and our borrowers are typically distinct client groups. Large depositors generally use their available cash to avoid incurring significant loan balances, while large borrowers tend to have minimal deposits as they focus on repaying their loans.

The deposit accounts maintained by our commercial borrowers tend to be relatively small and transactional in nature, and we believe the loss of these deposits would not materially affect our financial condition. As such, while there may be limited overlap between loan clients and depositors, we do not consider this overlap to be a significant risk to the Bank’s operations or liquidity.

We actively monitor these relationships as part of our broader risk management efforts, but we believe that any overlap in deposit and loan clients is not material and does not pose a material risk to our business.

FEC-Compliant Lending to Political Organizations

Our lending practices for political organizations are designed to comply with the regulations set forth by the FEC. These regulations require that loans to political committees be made on commercially reasonable terms and be secured by collateral owned by the borrower or the political committee itself. These requirements are intended to ensure that loans are legitimate commercial transactions and not improperly structured as contributions to political campaigns.

We occasionally extend loans to candidate committees, though such committees do not frequently borrow from us. When loans are made to candidate committees, they are structured in accordance with FEC regulations, including requiring appropriate collateral to secure the loan and mitigate repayment risks.

In addition to loans, we offer secured credit cards to a range of political committees, including authorized committees, PACs, and party committees. These credit cards are typically secured by cash deposits, which helps ensure compliance with applicable FEC regulations.

Lines of credit may be extended to national party committees. These lines of credit are generally secured by collateral, such as contributor lists, which we arrange to have appraised by independent third-party appraisers to assess whether the value of the collateral is sufficient to cover the loan amounts. In accordance with FEC requirements, the terms offered for loans to political committees are intended to align with those available to non-political clients, with the goal of ensuring that these transactions are conducted on a commercially reasonable basis.

We also provide letters of credit to our commercial borrowers, including political organizations, to assist them in meeting the security deposit requirements for their office leases. These letters of credit are issued in accordance with our standard lending practices and are typically supported by collateral or other security arrangements consistent with commercial lending norms.

Trust and Wealth Management Services

Our Trust & Wealth Department commenced operations in the third quarter of 2020 after the approval by the OCC of the Bank’s application for full fiduciary powers. Our trust offerings serve individuals, families, charitable organizations, and businesses. Our Trust & Wealth Department offers a range of fiduciary services, including:

•Serving as trustee, investment manager with sole or joint discretion, executor, administrator, registrar of stocks and bonds, and guardian of estates, management of hard-to-value assets such as real estate, closely held businesses, mineral interests, loans and notes, life insurance, and tangible assets like collectibles, and offering specialized trusts such as special needs trusts, settlement protection trusts, land trusts, and charitable trusts.

•Providing wealth management services, including investment management, financial planning, and personalized strategies integrating investments, cash flow, risk management, and estate planning.

•Providing custodial services for both publicly traded and unique and hard-to-value assets to individual investors, trust administrators, nonprofits, and retirement account holders.

Although we primarily provide trust and wealth management services to clients in the Washington, D.C. area, our national banking charter and fiduciary powers enable us to provide these services in the majority of states, differentiating us from many other financial institutions. However, some states have physical presence requirements for trust services, and the interplay between federal and state regulations in this area continues to evolve. We consider these factors as we serve clients across jurisdictions.

Our Trust & Wealth Department is subject to the supervision, examination and regulation of the OCC, which requires us to adhere to federal regulations and industry standards pertinent to fiduciary activities. In addition, our fiduciary activities are governed by the National Bank Act, which creates a statutory lien for funds our clients hold in trust and custodial accounts, and prohibits the use of trust and custodial assets for the Bank’s business activities.

Risk Management

We believe that effective risk management and control processes are essential to the Bank’s safety and soundness, our ability to address the challenges that we face and, ultimately, our long-term corporate success. Generally speaking, risk is the potential that events, expected or unanticipated, may have an adverse effect on our current or projected earnings or financial condition or on our franchise value. Consistent with the risk assessment system used by the OCC, we evaluate and monitor the following categories of risk:

•Credit risk. Credit risk refers to the risk arising from an obligor’s failure to perform as agreed. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Financial Condition—Credit Policies and Procedures” for a discussion of how we seek to manage credit risk.

•Interest rate risk. Interest rate risk refers to the risk arising from movements in interest rates. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Interest Rate Sensitivity and Market Risk” for a discussion of how we seek to manage interest rate risk.

•Liquidity risk. Liquidity risk refers to the risk arising from our inability to meet our obligations when they come due. Liquidity risk also includes the risk of being unable to access funding sources or manage funding levels, or failing to recognize or address changes in market conditions that affect our ability to liquidate assets quickly and with minimal loss in value. See “Management’s Discussion and Analysis of Financial Condition and Results of Operations—Liquidity and Capital Management—Liquidity Risk Management” for a discussion of how we seek to manage liquidity risk.

•Price risk. Price risk refers to the risk arising from changes in the value of assets or liabilities accounted for on a mark-to-market basis. To manage price risk, we monitor our investment portfolio and generally attempt to avoid activities that would incur additional price risk, such as market-making, dealing, trading, or otherwise taking positions in futures, foreign exchange, equities, commodities, or other speculative markets.

•Operational risk. Operational risk refers to the risk arising from inadequate or failed internal processes or systems, the misconduct or errors of people or adverse external events. We seek to mitigate operational risks by maintaining adequate staffing and training of our operations team; working with our vendors to use antifraud protections; establishing security procedures for our clients; and engaging in periodic independent audits of our

operations and operating controls. We also seek to mitigate operational risks related to misconduct by employees or contractors by implementing internal controls, including dual authorization for monetary transactions, conducting background and credit checks for new hires, screening contractors and third parties providing critical services using a vendor management process, and offering whistleblower protections to our employees to encourage the reporting of misconduct.

•Compliance risk. Compliance risk refers to the risk arising from violations of, or nonconformance with, laws, rules, regulations, prescribed practices, policies and procedures, or ethical standards. We have implemented a compliance training program for our employees that includes policies, training, monitoring and change management. We engage an outside firm to monitor our compliance functions on a quarterly basis.

•Strategic risk. Strategic risk refers to the risk arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to changes in the banking industry and operating environment. Our Board is charged with overseeing our corporate strategy, and our Risk Committee oversees strategic risks and the control processes with respect to such risks.

We also seek to monitor our exposure to cyber risk, which generally refers to the risk arising from inadequate or failed information technology systems, vulnerabilities to internal information technology networks, engineered breaches of client information or inadequate information technology policies and procedures. Given the rapidly changing cybersecurity landscape, we evaluate our cyber risk management practices regularly, which may include testing the security of our information technology infrastructure, incident response planning, employee training, engaging third parties to conduct independent reviews and audits, scanning for internal vulnerabilities and adopting measures designed to help our clients stay protected against cybersecurity threats.

Our Board, both directly and through its committees, is responsible for overseeing our risk management processes. In particular, our Risk Committee oversees our enterprise-wide risk management activities, our financial and operational risks (including, without limitation, capital adequacy, compliance, credit, liquidity, market, operational, strategic, asset and reputational risks and the control processes with respect to such risks), and our risk appetite and tolerance. In addition, the Bank’s Information Technology Committee oversees the Bank’s cybersecurity initiatives and strives to ensure that the Bank’s information technology infrastructure aligns with strategic goals while managing related risks, particularly cybersecurity threats. The Information Technology Committee also reviews and updates the Bank’s cybersecurity policies, evaluates information technology controls, and monitors the performance of internal and third-party IT service providers as part of its efforts to enhance the Bank’s defense mechanisms.

Intellectual Property

Our intellectual property is important to the success of our business. We own a variety of trademarks, service marks, trade names, logos and other intellectual property, including the trademarks “Chain Bridge Bank,” “Chain Bridge Bank, N.A.,” “Chain Bridge Bank, N.A. Trust & Wealth,” and “Chain Bridge Bank, N.A. Mortgage,” which we have registered with the United States Patent and Trademark Office. We intend to protect the use of our trademarks and other intellectual property nationwide.

Human Resources

As of December 31, 2025, we employed the equivalent of 92 full-time employees. None of our employees is party to a collective bargaining agreement. We consider our relationship with our employees to be excellent and have not experienced interruptions of operations due to labor disagreements.

Our success depends on our ability to attract, develop and retain qualified professionals. We offer competitive compensation and benefits designed to attract and retain top talent. We offer a short-term cash incentive compensation plan (the “Incentive Compensation Plan”) for which all employees of the Bank as of the end of the fiscal year are eligible. The Incentive Compensation Plan focuses on both financial results and risk management and is designed to incentivize prudent and profitable growth by rewarding participants based on the performance of the Company as a whole, rather than individual achievement, in order to promote teamwork and collaboration among employees. We also administer a long-term cash incentive plan to incentivize and retain key employees of the Bank and encourage participants to contribute to the long-term increase of the Company’s retained earnings.

The Company uses talent development and succession planning to promote leadership continuity and operational stability. We prioritize internal promotion to maintain cultural continuity and minimize leadership transition risks. Management invests in human capital in several specific areas, such as: encouraging participation in leadership and management training programs; providing required annual skills training focusing on areas such banking, finance, technology and regulatory compliance; and supporting continuous professional development by offering educational benefits for employees to gain additional relevant expertise and certifications.

The Company seeks to foster a strong and collaborative workplace culture through regular all-staff meetings led by our CEO that provide ongoing training, discussions on Bank operations and strategic initiatives, employee recognition, and an open forum for questions. We believe our leadership’s commitment to a positive tone at the top cultivates an inclusive and engaged workforce contributing to low staff turnover and encouraging innovation and teamwork across departments. We believe this translates to value added for our clients and shareholders.

Supervision and Regulation

The Company and the Bank are subject to extensive regulation under federal and state law. The following information describes certain aspects of that regulation applicable to the Company and the Bank and does not purport to be complete. The costs of compliance with the regulatory regime and supervisory framework applicable to the Company and the Bank are significant. The level of regulation and oversight over financial services activities, including the regulatory enforcement environment applicable to banks and bank holding companies, has in the past increased, and may in the future increase. The laws, regulations and supervisory guidance applicable to the Company and the Bank are subject to frequent and ongoing change. A change in applicable laws, regulations or policies, or a change in the way such laws, regulations, or policies are interpreted or enforced by regulatory agencies or courts, may have a material impact on the business, operations, and earnings of the Company and the Bank. The likelihood and timing of any future changes, and the effect of such changes on the Company and the Bank, are not determinable at this time with any degree of certainty.

Chain Bridge Bancorp, Inc.

The Company is a bank holding company organized under the laws of Delaware within the meaning of the BHC Act, and is registered as such with the Federal Reserve. As a bank holding company, the Company is subject to supervision, regulation, and examination by the Federal Reserve and is required to file various reports with the Federal Reserve, including FR Y-9SP (Parent Company Only Financial Statements for Small Holding Companies).

Under the BHC Act, a bank holding company may elect to become a financial holding company and thereby engage in a broader range of financial and other activities than are permissible for traditional bank holding companies. The Company has not elected to become a financial holding company and has no immediate plans to become a financial holding company.

Chain Bridge Bank, National Association

The Bank is a national bank chartered under the laws of the United States and is subject to supervision, regulation, periodic examination, enforcement authority and oversight by the OCC, Charter Number 24755, and is required to file Call Reports on a quarterly basis with the FFIEC and various other reports and additional information with the OCC. The OCC has primary supervisory and regulatory authority over the operations of the Bank. The OCC has broad enforcement powers over national banks, such as the Bank, including the power to impose fines and other civil and criminal penalties and to appoint a conservator or receiver if any of a number of conditions are met. In addition to its supervisory and regulatory oversight over banking operations, the OCC also undertakes examinations and supervision of the fiduciary activities of the Bank, as described further under “— Permitted Activities” below.

As the Bank is a member of the FDIC and accepts FDIC-insured deposits from the public, it is subject to additional regulatory oversight by the FDIC. As a result, the Bank is subject to the FDIC’s deposit insurance requirements. The Bank’s FDIC membership is confirmed under Certificate Number 58595.

Depository institutions, including the Bank, are subject to extensive federal regulations that significantly affect their businesses and activities. Regulatory bodies have broad authority to implement standards and initiate proceedings designed to prohibit depository institutions from engaging in unsafe and unsound banking practices. The standards relate generally to operations and management, asset quality, interest rate exposure, and capital. The bank regulatory agencies are authorized to take action against institutions that fail to meet such standards.

As required for national banks, the Bank is a member of the Federal Reserve and has subscribed for stock in the Federal Reserve in an amount equal to 6% of its capital and surplus, of which 3% was paid upon becoming a member of the Federal Reserve and 3% is held in reserve and callable by the Federal Reserve.

The Dodd-Frank Act

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the “Dodd-Frank Act”), signed into law in July 2010, significantly restructured the financial regulatory regime in the United States and has had a broad impact on the financial services industry as a result of the significant regulatory and compliance changes required under the act.

The Economic Growth, Regulatory Relief and Consumer Protection Act of 2018 (the “EGRRCPA”), which became effective May 24, 2018, amended the Dodd-Frank Act to provide regulatory relief for certain smaller and regional financial institutions, such as the Company and the Bank. The EGRRCPA, among other things, provides financial institutions with

less than $10 billion in total consolidated assets with relief from certain capital requirements. The EGRRCPA also expanded the category of bank holding companies that may rely on the Federal Reserve’s Small Bank Holding Company Policy Statement (the “SBHC Policy Statement”) by raising the maximum amount of consolidated assets a qualifying bank holding company may have from $1 billion to $3 billion. In addition to meeting the asset threshold, a bank holding company must not engage in significant nonbanking activities, not conduct significant off-balance sheet activities, and not have a material amount of debt or equity securities outstanding and registered with the SEC (subject to certain exceptions). The Federal Reserve may, in its discretion, exclude any bank holding company from the application of the SBHC Policy Statement if such action is warranted for supervisory purposes.

Deposit Insurance

The Bank’s deposits are insured by the FDIC up to the applicable limits. Under the FDIA, the FDIC may terminate the insurance of an institution’s deposits upon a finding that the institution has engaged in unsafe or unsound practices; is in an unsafe or unsound condition to continue operations; or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC. We do not know of any practice, condition or violation that might lead to termination of deposit insurance at the Bank. The FDIC’s DIF is funded by assessments on insured depository institutions, including the Bank, which are subject to adjustment by the FDIC.

On October 18, 2022, the FDIC adopted a final rule to increase base deposit insurance assessment rate schedules uniformly by two basis points beginning in the first quarterly assessment period of 2023. The increase is being instituted to account for extraordinary growth in insured deposits during the first and second quarters of 2020, which caused a substantial decrease in the “designated reserve ratio” of the DIF to total industry deposits. The FDIC has indicated that the new assessment rate schedules will remain in effect until the DIF reserve ratio meets or exceeds 2%.

Capital Requirements

The Federal Reserve, the OCC, and the FDIC have issued substantially similar capital requirements applicable to all banks and bank holding companies. In addition, those regulatory agencies may from time to time require that a banking organization maintain capital above the minimum levels because of its financial condition or actual or anticipated growth.

As a bank holding company with less than $3 billion in total consolidated assets, the Company is currently treated as a “small bank holding company” under the Federal Reserve’s SBHC Policy Statement and is exempt from the Federal Reserve’s consolidated risk-based capital and leverage rules at the holding company level. Although the Company expects to continue to be treated as “small bank holding company” under the SBHC Policy Statement, the Federal Reserve has significant discretion to determine whether a publicly traded bank holding company (or any bank holding company) may continue to rely on the SBHC Policy Statement. If the Company continues to be treated as a “small bank holding company,” the Company’s capital adequacy will be evaluated at the bank level and on a parent-only basis, and it would not be subject to consolidated capital standards for regulatory purposes. If the Company in the future is advised by the Federal Reserve that it may no longer rely on the SBHC Policy Statement, the Company will become subject to the Federal Reserve’s consolidated capital standards applicable to bank holding companies. The Company believes that it would be able to satisfy the Federal Reserve’s consolidated capital rules.

The Bank is subject to the rules implementing the Basel III capital framework and certain related provisions of the Dodd-Frank Act (the “Basel III Capital Rules”). Under the Basel III Capital Rules, banks must hold a capital conservation buffer above the adequately capitalized risk-based capital ratio of 2.50% for all ratios except the Tier 1 leverage ratio. The Basel III Capital Rules, effective January 1, 2015, require the Bank to comply with the following minimum capital ratios: (i) a ratio of common equity Tier 1 capital to risk-weighted assets of at least 4.50%, plus a 2.50% “capital conservation buffer” (effectively resulting in a minimum ratio of common equity Tier 1 capital to risk-weighted assets of 7.00%); (ii) a ratio of Tier 1 capital to risk-weighted assets of at least 6.00%, plus the 2.50% capital conservation buffer (effectively resulting in a minimum Tier 1 capital ratio of 8.50%); (iii) a ratio of total capital to risk-weighted assets of at least 8.00%, plus the 2.50% capital conservation buffer (effectively resulting in a minimum total capital ratio of 10.50%); and (iv) a leverage ratio of 4.00%, calculated as the ratio of Tier 1 capital to average assets (the “Tier 1 Leverage ratio”). The capital conservation buffer is designed to absorb losses during periods of economic stress. Banking institutions with a ratio of common equity Tier 1 capital to risk-weighted assets above the minimum but below the conservation buffer face constraints on dividends, equity repurchases, and compensation, based on the amount of the shortfall.

With respect to banks, the “prompt corrective action” regulations pursuant to Section 38 of the FDIA require, among other things, that federal bank regulators take “prompt corrective action” with respect to institutions that do not meet minimum capital requirements. For this purpose, the law establishes five capital categories: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. At each successive lower capital category, an insured depository institution is subject to more restrictions and prohibitions, including restrictions on growth, restrictions on interest rates paid on deposits, restrictions or prohibitions on payment of dividends, and restrictions

on the acceptance of brokered deposits. To be well capitalized under these regulations, a bank must have the following minimum capital ratios: (i) a common equity Tier 1 capital ratio of at least 6.50%; (ii) a Tier 1 capital to risk-weighted assets ratio of at least 8.00%; (iii) a total capital to risk-weighted assets ratio of at least 10.00%; and (iv) a Tier 1 Leverage ratio of at least 5.00%.

In September 2019, the federal banking agencies jointly issued a final rule required by the EGRRCPA that permits qualifying banks and bank holding companies that have less than $10 billion in consolidated assets to elect to be subject to a 9% leverage ratio that would be applied using less complex leverage calculations (commonly referred to as the community bank leverage ratio or “CBLR”). Under the rule, which became effective on January 1, 2020, banks and bank holding companies that opt into the CBLR framework and maintain a CBLR of greater than 9% are not subject to other risk-based and leverage capital requirements under the Basel III Capital Rules and would be deemed to have met the well-capitalized ratio requirements under the “prompt corrective action” framework. The Bank has not opted into the CBLR framework.

Enforcement Actions and Receivership

In addition to measures taken under the “prompt corrective action” regulations, insured banks may be subject to potential enforcement actions by the federal banking agencies for unsafe or unsound practices in conducting their businesses or for violations of any law, rule, regulation, or condition imposed in writing by the agency or any written agreement with the agency. Enforcement actions may include the imposition of a conservator or receiver, the issuance of a cease-and-desist order that can be judicially enforced, the termination of insurance of deposits (in the case of a depository institution), the imposition of civil money penalties, the requirement to make restitution payments to clients who have experienced an economic loss due to bank actions, the issuance of directives to increase capital, the issuance of formal and informal agreements, the issuance of removal, and prohibition orders against institution-affiliated parties. The enforcement of such actions through injunctions or restraining orders may be based upon a judicial determination that the agency would be harmed if such equitable relief was not granted.

If the FDIC is appointed the conservator or receiver of the Bank, the FDIC has the power: (1) to transfer any of the Bank’s assets and liabilities to a new obligor without the approval of the Bank’s creditors; (2) to enforce the terms of the Bank’s contracts pursuant to their terms; or (3) to repudiate or disaffirm any contract or lease to which the Bank is a party, the performance of which is determined by the FDIC to be burdensome and the disaffirmation or repudiation of which is determined by the FDIC to promote the orderly administration of the Bank. In addition, the claims of holders of U.S. deposit liabilities and certain claims for administrative expenses of the FDIC against the Bank would be afforded priority over other general unsecured claims against the Bank, including claims of debt holders and depositors in non-U.S. offices, in the liquidation or other resolution of the Bank. As a result, whether or not the FDIC ever sought to repudiate any debt obligations of the Bank, the debt holders and depositors in non-U.S. offices would be treated differently from, and could receive substantially less, if anything, than the depositors in the U.S. offices of the Bank.

Dividends

The Company’s ability to pay dividends or repurchase shares of its common stock is subject to restrictions set forth in the DGCL. The DGCL provides that a Delaware corporation may pay dividends or repurchase its shares either (i) out of the corporation’s surplus (as defined by Delaware law) or (ii) if there is no surplus, out of the corporation’s net profits for the fiscal year in which the dividend is declared and/or the preceding fiscal year. It is the Federal Reserve’s policy, however, that bank holding companies should generally pay dividends on common stock only out of income available over the previous four quarters, and only if prospective earnings retention is consistent with the organization’s expected future needs and financial condition. Federal Reserve policy requires that a bank holding company must notify the Federal Reserve if its dividends or repurchase or redemption of shares would cause a net reduction in the amount of such capital instrument outstanding at the beginning of the quarter in which the redemption or repurchase occurs. It is also the Federal Reserve’s policy that bank holding companies should not maintain dividend levels or repurchase shares in amounts that would undermine their ability to be a source of strength to their banking subsidiaries. The Federal Reserve also discourages dividend payment ratios that are at maximum allowable levels unless both asset quality and capital are very strong. In addition, if the Company does not maintain an adequate capital conservation buffer under the Basel III Capital Rules, its ability to pay dividends to or repurchase shares from stockholders may be restricted.

The Bank is a legal entity that is separate and distinct from the Company. The Company’s principal source of cash flow is dividends it receives from the Bank. Statutory and regulatory limitations apply to the Bank’s payment of dividends to the Company. As a general rule, the amount of a dividend may not exceed, without prior regulatory approval, the sum of net income in the calendar year to date and the retained net earnings of the immediately preceding two calendar years. A depository institution may not pay any dividend if payment would cause the institution to become “undercapitalized” or if it already is “undercapitalized.” The OCC may prevent the payment of a dividend if it determines that the payment would

be an unsafe and unsound banking practice. The OCC also has advised that a national bank should generally pay dividends only out of current operating earnings.

Permitted Activities

As a bank holding company, the Company is limited generally to managing or controlling banks, furnishing services to or performing services for its subsidiaries, and engaging in other activities that the Federal Reserve determines by regulation or order to be so closely related to banking or managing or controlling banks as to be a proper incident thereto. Other than its ownership and management of the Bank, the Company does not engage in any other material business.

The Bank is authorized to engage in activities permissible for national banks under federal law. On March 5, 2020, the OCC granted the Bank separate authorization to perform fiduciary activities. The Bank initiated these activities on September 18, 2020 with the opening of its Trust & Wealth Department. The Bank is authorized to perform a range of fiduciary services, including serving as trustee, investment manager with sole or joint discretion, executor, administrator, registrar of stocks and bonds, and guardian of estates. Some states have physical presence requirements for trust services, and the interplay between federal and state regulations in this area continues to evolve. The Bank’s fiduciary activities are subject to the supervision, examination and regulation of the OCC, which, among other things, requires adherence to conflict of interest rules, rigorous record-keeping requirements, and regular audits and internal controls to maintain the integrity of fiduciary activities.

Banking Acquisitions; Changes in Control

The BHC Act requires, among other things, the prior approval of the Federal Reserve in any case where a bank holding company proposes to (i) acquire direct or indirect ownership or control of more than 5% of the outstanding voting stock of any bank or bank holding company (unless it already owns a majority of such voting shares), (ii) acquire all or substantially all of the assets of another bank or bank holding company, or (iii) merge or consolidate with any other bank holding company. In determining whether to approve a proposed bank acquisition, the Federal Reserve will consider, among other factors, the effect of the acquisition on competition, the effect of the transaction on the convenience and needs of the community to be served, and the projected capital ratios and levels on a post-acquisition basis, as well as the acquiring institution’s performance under the CRA and its compliance with fair housing and other consumer protection laws.

In addition, Section 18(c) of the FDIA, commonly known as the “Bank Merger Act,” requires the prior written approval of the OCC before any national bank may (i) merge or consolidate with, (ii) purchase or otherwise acquire the assets of or (iii) assume the deposit liabilities of another bank if the resulting institution is to be a national bank. In determining whether to approve a proposed merger transaction, the OCC must consider the effect on competition, the financial and managerial resources and future prospects of the existing and resulting institutions, the convenience and needs of the communities to be served, and the effectiveness of each insured depository institution involved in the proposed merger transaction in combating money-laundering activities.

In acting on any application by a banking organization to make an investment or acquisition subject to its approval, federal banking regulators have substantial discretion in whether or not to grant any approval or non-objection. If the Company or the Bank were to fail to meet certain regulatory criteria or expectations, it could have a material negative effect on the Company’s or the Bank’s ability to obtain the approvals and non-objections necessary to engage in investments or acquisitions.

Subject to certain exceptions, the BHC Act and the CIBC Act, together with their applicable regulations, require Federal Reserve approval (or, depending on the circumstances, no notice of disapproval) prior to any person or company acquiring “control” of a bank or bank holding company. A conclusive presumption of control exists if an individual or company acquires the power, directly or indirectly (including, in the case of the Bank, through Chain Bridge), to direct the management or policies of an insured depository institution or to vote twenty-five percent (25%) or more of any class of voting securities (including, in the case of Chain Bridge, the Class A common stock) of any insured depository institution. A rebuttable presumption of control exists if a person or company acquires ten percent (10%) or more but less than twenty-five percent (25%) of any class of voting securities (including, in the case of Chain Bridge, the Class A common stock) of an insured depository institution and either the institution has registered its securities with the SEC under Section 12 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or no other person will own a greater percentage of that class of voting securities immediately after the acquisition.

Source of Strength

Federal Reserve policy has historically required bank holding companies to act as a source of financial and managerial strength to their subsidiary banks. The Dodd-Frank Act codified this policy as a statutory requirement. Under this requirement, the Company is expected to commit resources to support the Bank, including at times when the Company

may not be in a financial position to provide such resources. Any capital loans by a bank holding company to any of its subsidiary banks are subordinate in right of payment to depositors and to certain other indebtedness of such subsidiary banks. In the event of a bank holding company’s bankruptcy, any commitment by the bank holding company to a federal bank regulatory agency to maintain the capital of a subsidiary bank will be assumed by the bankruptcy trustee and entitled to priority of payment.

The Federal Deposit Insurance Corporation Improvement Act

Under FDICIA, the federal bank regulatory agencies possess broad powers to take prompt corrective action to resolve problems of insured depository institutions. The extent of these powers depends upon whether the institution is “well capitalized,” “adequately capitalized,” “undercapitalized,” “significantly undercapitalized,” or “critically undercapitalized,” as defined by FDICIA.

As required by FDICIA, the federal bank regulatory agencies also have adopted Interagency Guidelines Prescribing Safety and Soundness Standards relating to, among other things, internal controls and information systems, internal audit activities, loan documentation, credit underwriting, and interest rate exposure. In general, the guidelines require appropriate systems and practices to identify and manage the risks and exposures specified in the guidelines. In addition, the agencies adopted regulations that authorize, but do not require, an institution that has been notified that it is not in compliance with safety and soundness standards to submit a compliance plan. If, after being so notified, an institution fails to submit an acceptable compliance plan, the agency must issue an order directing action to correct the deficiency and may issue an order directing other actions of the types to which an undercapitalized institution is subject under the prompt corrective action provisions described above.

Transactions with Affiliates

Sections 23A and 23B of the Federal Reserve Act and Regulation W establish certain quantitative limits and other requirements for loans, purchases of assets, and certain other transactions between the Bank and its “affiliates,” including the Company. Among other requirements, loans or extensions of credit to, or other covered transactions with, an affiliate, to the extent permitted, must be on terms and conditions that are substantially the same, or at least as favorable to the Bank, as those prevailing for comparable nonaffiliated transactions.

Loans to executive officers, directors, or any person who, directly or indirectly, or acting through or in concert with one or more persons, owns, controls or has the power to vote more than 10% of any class of voting securities of a bank and their related interests, are subject to Sections 22(g) and 22(h) of the Federal Reserve Act and their corresponding regulation (Regulation O). Among other things, these loans must be made on terms (including interest rates charged and collateral required) substantially the same as those offered to unaffiliated individuals or be made as part of a benefit or compensation program and on terms widely available to employees, and must not involve a greater than normal risk of repayment. In addition, the amount of loans a bank may make to these persons is subject to both quantitative limits and procedural requirements.

Consumer Financial Protection

The Company is subject to a number of federal and state consumer protection laws that extensively govern its relationship with its clients. These laws include the ECOA, the Fair Credit Reporting Act, the Truth in Lending Act, the Truth in Savings Act, the Electronic Fund Transfer Act, the Expedited Funds Availability Act, the Home Mortgage Disclosure Act, the FHA, the Real Estate Settlement Procedures Act, the Fair Debt Collection Practices Act, the Service Members Civil Relief Act, laws governing flood insurance, federal and state laws prohibiting unfair and deceptive business practices, foreclosure laws, and various regulations that implement some or all of the foregoing. These laws and regulations mandate certain disclosure requirements and regulate the manner in which financial institutions must deal with clients when taking deposits, making loans, collecting loans, and providing other services. For example, mortgage lenders are required to make a reasonable and good faith determination based on verified and documented information that a consumer applying for a mortgage loan has a reasonable ability to repay the loan according to its terms, either by considering underwriting factors prescribed by Regulation Z or by originating loans that meet the definition of a “qualified mortgage.” If the Company fails to comply with these laws and regulations, it may be subject to various penalties. Failure to comply with consumer protection requirements may also result in failure to obtain any required bank regulatory approval for merger or acquisition transactions or in being prohibited from engaging in such transactions even if approval is not required.

The Dodd-Frank Act centralized responsibility for consumer financial protection by creating a new agency, the CFPB, and giving it responsibility for implementing, examining, and enforcing compliance with federal consumer protection laws for financial institutions, as well as their affiliates, with more than $10 billion of assets and, to a lesser extent, smaller institutions. The CFPB focuses on (i) risks to consumers and compliance with the federal consumer financial laws, (ii) the markets in which firms operate and risks to consumers posed by activities in those markets, (iii)

depository institutions that offer a wide variety of consumer financial products and services, and (iv) non-depository companies that offer one or more consumer financial products or services. The CFPB has broad rule-making authority for a wide range of consumer financial laws that apply to all banks, including, among other things, the authority to prohibit “unfair, deceptive or abusive” acts and practices. Abusive acts or practices are defined as those that materially interfere with a consumer’s ability to understand a term or condition of a consumer financial product or service or that take unreasonable advantage of a consumer’s (i) lack of financial savvy, (ii) inability to protect himself in the selection or use of consumer financial products or services, or (iii) reasonable reliance on a covered entity to act in the consumer’s interests. The CFPB can issue cease-and-desist orders against banks and other entities that violate consumer financial laws. The CFPB may also institute a civil action against an entity in violation of federal consumer financial law in order to impose a civil penalty or injunction.

Because the Company and the Bank have less than $10 billion in assets, most consumer protection aspects of the Dodd-Frank Act will continue to be applied to the Company by the Federal Reserve and to the Bank by the OCC. However, the CFPB may include its own examiners in regulatory examinations by a smaller institution’s principal regulators and may require smaller institutions to comply with certain CFPB reporting requirements. In addition, regulatory positions taken by the CFPB and administrative and legal precedents established by CFPB enforcement activities, including in connection with supervision of larger bank holding companies and banks, could influence how the Federal Reserve and OCC apply consumer protection laws and regulations to financial institutions that are not directly supervised by the CFPB. The precise effect of the CFPB’s consumer protection activities on the Company and the Bank cannot be determined with certainty.

Community Reinvestment Act

The CRA requires the appropriate federal banking agency, in connection with its examination of a bank, to assess the bank’s record in meeting the credit needs of the communities served by the bank, including low- and moderate-income neighborhoods. Furthermore, such assessment is also required of banks that have applied, among other things, to merge or consolidate with or acquire the assets or assume the liabilities of an insured depository institution, or to open or relocate a branch. In the case of a bank holding company applying for approval to acquire a bank or bank holding company, the record of each subsidiary bank of the applicant bank holding company is subject to assessment in considering the application. Under the CRA, institutions are assigned a rating of “outstanding,” “satisfactory,” “needs to improve,” or “substantial non-compliance.” The Bank was rated “outstanding” in its most recent CRA evaluation received on February 24, 2025.

On October 24, 2023, the federal bank regulatory agencies issued a final rule to modernize their respective CRA regulations. The revised rules substantially alter the methodology for assessing compliance with the CRA, with material aspects taking effect January 1, 2026 and revised data-reporting requirements taking effect January 1, 2027. The final rule is currently enjoined while a federal court considers a lawsuit challenging the rule, and on July 16, 2025, the agencies proposed to rescind the rule and reinstate the prior framework. Among other things, the revised rules evaluate lending outside traditional assessment areas generated by the growth of non-branch delivery systems, such as online and mobile banking, apply a metrics-based benchmarking approach to assessment, and clarify eligible CRA activities. The final rules, if implemented, would likely make it more challenging or costly for the Bank to maintain its current rating of “outstanding” or receive a rating of at least “satisfactory” on its CRA evaluation. See “Risk Factors — Legal, Regulatory and Compliance Risks — The Bank is subject to numerous ‘fair and responsible banking’ laws and regulations designed to protect consumers, which increase our compliance costs and subject us to potential legal liability or reputational damage.”

Anti-Money Laundering Legislation

The Company is subject to several federal laws that are designed to combat money laundering, terrorist financing, and transactions with persons, companies or foreign governments designated by U.S. authorities (the “AML laws”). This category of laws includes the Bank Secrecy Act of 1970, the Money Laundering Control Act of 1986, the USA PATRIOT Act of 2001, and the Anti-Money Laundering Act of 2020.

The AML laws and their implementing regulations require insured depository institutions, broker-dealers, and certain other financial institutions to have policies, procedures, and controls to detect, prevent, and report potential money laundering and terrorist financing. The AML laws and their regulations also provide for information sharing, subject to conditions, between federal law enforcement agencies and financial institutions, as well as among financial institutions, for counter-terrorism purposes. Federal banking regulators are required, when reviewing bank holding company acquisition and bank merger applications, to take into account the effectiveness of the anti-money laundering activities of the applicants.

Office of Foreign Assets Control

The U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) is responsible for administering and enforcing economic and trade sanctions against specified foreign parties, including countries and regimes, foreign individuals, and other foreign organizations and entities. OFAC publishes lists of prohibited parties that are regularly consulted by the Company in the conduct of its business in order to assure its compliance. The Bank is responsible for, among other things, blocking the accounts of, and transactions with, prohibited parties identified by OFAC, avoiding unlicensed trade and financial transactions with such parties, and reporting blocked transactions after their occurrence. Failure to comply with OFAC requirements could have serious legal, financial, and reputational consequences for the Company and Bank.

Privacy Legislation

Several laws, including the Right to Financial Privacy Act of 1978, and related regulations issued by the federal bank regulatory agencies also provide protections against the transfer and use of customer information by financial institutions. A financial institution must provide to its customers information regarding its policies and procedures with respect to the handling of customers’ personal information. Each institution must conduct an internal risk assessment of its ability to protect customer information. These privacy provisions generally prohibit a financial institution from providing a customer’s personal financial information to unaffiliated parties without prior notice to and approval from the customer.

In October 2024, the CFPB adopted a rule that requires a provider of payment accounts or products, such as the Bank, to make certain data available to consumers upon request regarding the products or services they obtain from the provider. The proposed rule is intended to give consumers control over their financial data, including with whom it is shared, and encourage competition in the provision of consumer financial products and services. For banks with over $850 million and less than $1.5 billion in total assets, such as the Bank, the compliance date for the rule is April 1, 2030, but that deadline is stayed by a court until the CFPB has completed a reconsideration of the rule that the CFPB announced in August 2025.

Incentive Compensation

In June 2010, the federal bank regulatory agencies issued final Interagency Guidance on Sound Incentive Compensation Policies intended to ensure that the incentive compensation policies of financial institutions do not undermine the safety and soundness of such institutions by encouraging excessive risk-taking. The Interagency Guidance on Sound Incentive Compensation Policies is based upon the key principles that a financial institution’s incentive compensation arrangements should (i) provide incentives that do not encourage risk-taking beyond the institution’s ability to effectively identify and manage risks, (ii) be compatible with effective internal controls and risk management, and (iii) be supported by strong corporate governance, including active and effective oversight by the financial institution’s board of directors.

The Dodd-Frank Act requires the federal banking agencies and the SEC to adopt rules on incentive-based payment arrangements at specified regulated entities, including banks, having at least $1 billion in total assets. The federal banking agencies issued such proposed rules in March 2011 and issued a revised proposed rule in June 2016.

The Federal Reserve reviews, as part of the regular risk-focused examination process, the incentive compensation arrangements of financial institutions, such as the Company, that are not “large complex banking organizations.” These reviews are tailored to each financial institution based on the scope and complexity of the institution’s activities and the prevalence of incentive compensation arrangements. The findings of the supervisory initiatives are included in reports of examination. Deficiencies are incorporated into the institution’s supervisory ratings, which can affect the institution’s ability to make acquisitions and take other actions. Enforcement actions may be taken against a financial institution if its incentive compensation arrangements, or related risk management control or governance processes, pose a risk to the institution’s safety and soundness and the financial institution is not taking prompt and effective measures to correct the deficiencies.

In accordance with an SEC rule, securities exchanges have adopted rules mandating, in the case of a restatement, the recovery or “clawback” of excess incentive-based compensation paid to current or former executive officers and requiring listed issuers to disclose any recovery analysis where recovery is triggered by a restatement.

Ability-to-Repay and Qualified Mortgage Rule

Pursuant to the Dodd-Frank Act, the CFPB issued a final rule, effective in January 2014, amending Regulation Z as implemented by the Truth in Lending Act, requiring mortgage lenders to make a reasonable and good faith determination based on verified and documented information that a consumer applying for a mortgage loan has a reasonable ability to repay the loan according to its terms. Mortgage lenders are required to determine consumers’ ability to repay in one of two ways. The first alternative requires the mortgage lender to consider eight specified underwriting factors when making the

credit decision. Alternatively, the mortgage lender can originate “qualified mortgages,” which are entitled to a presumption that the creditor making the loan satisfies the ability-to-repay requirements. In general, a “qualified mortgage” is a mortgage loan without negative amortization, interest-only payments, balloon payments, or a term exceeding 30 years and must meet certain price-based thresholds, and the points and fees paid by a consumer cannot exceed 3% of the total loan amount. Qualified mortgages that are “higher priced” (e.g., subprime loans) garner a rebuttable presumption of compliance with the ability-to-repay rules, while qualified mortgages that are not “higher priced” (e.g., prime loans) are given a safe harbor of compliance. The Bank is predominantly an originator of compliant qualified mortgages.

Cybersecurity

In March 2015, federal regulators issued two related statements regarding cybersecurity. One statement indicates that financial institutions should design multiple layers of security controls to establish lines of defense and to ensure that their risk management processes also address the risk posed by compromised customer credentials, including security measures to reliably authenticate customers accessing the internet-based services of the financial institution. The other statement indicates that a financial institution’s management is expected to maintain sufficient business-continuity-planning processes to ensure the rapid recovery, resumption, and maintenance of the institution’s operations after a cyberattack involving destructive malware. A financial institution is also expected to develop appropriate processes to enable recovery of data and business operations and to address rebuilding network capabilities and restoring data if the institution or its critical service providers fall victim to this type of cyberattack. If the Company fails to observe the regulatory guidance, it could be subject to various regulatory sanctions, including financial penalties.

Effective April 1, 2022, the OCC, the Federal Reserve, and the FDIC issued a joint rule imposing upon banking organizations and their service providers notification requirements for significant cybersecurity incidents. Specifically, the rule requires banking organizations to notify their primary federal regulator as soon as possible and no later than 36 hours after the discovery of a “computer-security incident” that rises to the level of a “notification incident” as those terms are defined in the rule. Banks’ service providers are required under that rule to notify any affected bank to or on behalf of which the service provider provides services “as soon as possible” after determining that it has experienced an incident that materially disrupts or degrades, or is reasonably likely to materially disrupt or degrade, covered services provided to such bank for as much as four hours.

Additionally, effective December 9, 2022, amendments to the Gramm-Leach-Bliley Act of 1999 Safeguards Rule went into effect. That rule requires financial institutions to: (i) appoint a qualified individual to oversee and implement their information security programs; (ii) implement additional criteria for information security risk assessments; (iii) implement safeguards identified by assessments, including access controls, data inventory, data disposal, change management, and monitoring, among other things; (iv) implement information system monitoring in the form of either “continuous monitoring” or “periodic penetration testing”; and (v) implement additional controls, including training for security personnel, periodic assessment of service providers, written incident response plans, and periodic reports from the qualified individual to the board of directors. Additionally, multiple states and Congress are considering laws or regulations which could create new individual privacy rights and impose increased obligations on companies handling personal data.

The Company’s systems and those of its clients and third-party service providers are under constant threat. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of internet banking, mobile banking, and other technology-based products and services by the Company and its clients.

Future Legislation and Regulation

Congress may enact legislation from time to time that affects the regulation of the financial services industry, and state legislatures may enact legislation from time to time affecting the regulation of financial institutions chartered by or operating in those states. Federal and state regulatory agencies also periodically propose and adopt changes to their regulations or change the manner in which existing regulations are applied. The substance or impact of pending or future legislation or regulation, or the application thereof, cannot be predicted, although the enactment of proposed legislation could impact the regulatory structure under which the Company and the Bank operate and may significantly increase costs, impede the efficiency of internal business processes, require an increase in regulatory capital, require modifications to business strategy, and limit the ability to pursue business opportunities in an efficient manner. A change in statutes, regulations or regulatory policies applicable to the Company or the Bank could have a material adverse effect on the business, financial condition, and results of operations of the Company and the Bank.

Additional Information

The Company maintains an investor relations website at https://ir.chainbridgebank.com/ where it provides access, free of charge, to its Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and all amendments to these reports as soon as reasonably practicable after they are electronically filed with, or furnished to, the

SEC. In addition, materials filed with the SEC are available at www.sec.gov. References to these websites do not constitute incorporation by reference of the information contained therein and should not be considered part of this document.

CHAIN BRIDGE BANCORP INC (CBNA) Business

ITEM 1. BUSINESS

Our Company

Our Regulatory Framework and Banking Philosophy

Our operations under this regulatory framework reflect a banking philosophy that emphasizes liquidity, asset quality, and financial strength. This approach guides our asset allocation strategy, risk management practices, and deposit gathering efforts.

Balance Sheet Strategy and Composition

Lending Approach and Credit Risk Management

Table of Contents

Deposit Composition and Strategy

Operational Model and Technology Focus

Table of Contents

Serving Political Organizations

•Campaign committees

Seasonality

Table of Contents

Competition

Our Principal Products, Services and Markets

Deposit Services

Table of Contents

Lending

We actively monitor these relationships as part of our broader risk management efforts, but we believe that any overlap in deposit and loan clients is not material and does not pose a material risk to our business.

FEC-Compliant Lending to Political Organizations

Table of Contents

Trust and Wealth Management Services

•Providing wealth management services, including investment management, financial planning, and personalized strategies integrating investments, cash flow, risk management, and estate planning.

Risk Management

Table of Contents

Intellectual Property

Human Resources

Table of Contents

Supervision and Regulation

Chain Bridge Bank, National Association

The Dodd-Frank Act

Table of Contents

Deposit Insurance

Capital Requirements

Table of Contents

Enforcement Actions and Receivership

Dividends

Table of Contents

Permitted Activities

Banking Acquisitions; Changes in Control

Source of Strength

Table of Contents

The Federal Deposit Insurance Corporation Improvement Act

Transactions with Affiliates

Consumer Financial Protection

Table of Contents

Community Reinvestment Act

Anti-Money Laundering Legislation

Table of Contents

Office of Foreign Assets Control

Privacy Legislation

Incentive Compensation

Ability-to-Repay and Qualified Mortgage Rule

Table of Contents

Cybersecurity

Future Legislation and Regulation

Additional Information

Table of Contents