FIRST BANCORP /NC/ (FBNC) Business

Item 1. Business

General Description

The Company is the fourth largest commercial bank holding company headquartered in North Carolina. At December 31, 2025, the Company had total consolidated assets of $12.7 billion, total loans of $8.7 billion, total deposits of $10.7 billion, and shareholders’ equity of $1.7 billion. Our principal activity is the ownership and operation of the Bank, a state-chartered bank with its headquarters in Southern Pines, North Carolina, through which we engage in a full range of banking activities. Our principal executive offices are located at 205 SE Broad St., Southern Pines, North Carolina 28387, and our telephone number is (910) 246-2500.

The Company was incorporated in North Carolina on December 8, 1983 for the purpose of acquiring 100% of the outstanding common stock of the Bank through a stock-for-stock exchange. The Bank began banking operations in 1935 as the Bank of Montgomery, named for the county in which it originally operated. In 1985, its name was changed to First Bank and in September 2013, the Company and the Bank moved their headquarters and main offices to Southern Pines, North Carolina.

As of December 31, 2025, the Bank had two wholly-owned subsidiaries, Magnolia Financial and First Troy SPE, LLC. Magnolia Financial is a business financing company that offers accounts receivable financing and factoring, inventory financing, and purchase order financing throughout the southeastern United States. First Troy SPE, LLC is a holding entity for certain foreclosed real estate. SBA Complete, which was in the process of dissolution as of December 31, 2024, was formerly a subsidiary of the Bank and specialized in providing consulting services for financial institutions across the country related to SBA loan origination and servicing.

The Company is the parent of a series of statutory business trusts organized for the purpose of issuing trust preferred debt securities that qualify as regulatory capital. For purposes of the discussion below, these statutory business trusts are not included in our consolidated financial statements as they are variable interest entities and the Company is not the primary beneficiary. See additional discussion below in Item 7 under the section entitled “Borrowings” and Note 1 to the consolidated financial statements.

Acquisitions

In January, 2023, we acquired GrandSouth, a community bank headquartered in Greenville, South Carolina with $1.2 billion in total assets, $1.0 billion in loans, and $1.1 billion in deposits. GrandSouth operated from eight branches located throughout South Carolina, all of which we have continued to operate. The acquisition accomplished the Company's strategic initiative to expand its presence in South Carolina, specifically in the high-growth markets of the state including Greenville, Charleston and Columbia.

5

Table of Contents

Recent acquisitions include the following:

Principal Business and Services We Provide

Lending Activities

We maintain a diversified loan portfolio by providing a broad range of commercial and retail lending services to business entities and individuals. We provide commercial business loans, commercial and residential real estate construction and mortgage loans, revolving lines of credit, letters of credit, and loans for personal uses, such as home improvement, and automobiles. Commercial real estate loans include loans secured by owner-occupied and non-owner occupied commercial buildings for improved commercial, office, retail, and warehouse and shopping center space. Through Magnolia Financial we provide accounts receivable financing and factoring, inventory financing, and purchase order financing. We also provide used car floor-plan financing through our CarBucks division. These lines of credit are typically offered to small used car dealers and are subject to traditional floor-plan administration procedures.

In 2025, we established a loan participation initiative to engage with regional and national commercial borrowers within the Bank’s footprint and nearby jurisdictions. The total of loan participations as of December 31, 2025 was nominal.

Because the majority of our customers are individuals and small- to medium-sized businesses, we do not believe that the loss of a single customer or group of customers would have a material adverse impact on the Bank. There are no seasonal factors that tend to have any material effect on the Bank’s business. Because we operate primarily within North Carolina and South Carolina, the economic conditions of these areas could have a material impact on the Company. See additional discussion below in the section entitled “Market Area and Competition.”

Credit Administration and Lending Policies

Conservative lending policies and procedures and appropriate underwriting standards are high priorities of the Bank. We seek to maintain a comprehensive lending policy that meets the credit needs of each of the communities served by the Bank, including low- and moderate-income customers, and to employ lending procedures and policies consistent with this approach. All loans are subject to our loan policy and financing guide, which are reviewed annually and updated as needed. Our lending policy requires, among other things, an analysis of the borrower's projected cash flow and ability to service the debt.

Individual lending authority is assigned by the Bank’s Chief Credit Officer. Loans are approved under our loan policy, which provides that lending officers have sole authority to approve loans of various amounts commensurate with their seniority, experience and needs within the market. All requests for extensions of credit in excess of any individual lending officer's authority are reviewed by one of our regional credit officers, who can approve loans up to their respective lending authority of $10 million to $15 million. When the request for approval exceeds the authority level of the regional credit officer, the request is then reviewed for approval by the Bank’s Chief Credit Officer who has $25 million in lending authority. For loans in excess of this amount, the Bank's Chief Executive Officer, the Company's President and the Bank's Chief Credit Officer have joint authority to approve loans up to $125 million. The Board, generally through its Executive Loan Committee, approves loans in excess of $125 million. In addition, the Executive Loan Committee reviews and approves loans to executive officers, directors, and their affiliates and recommends those loans to the Board for its approval.

Our legal lending limit to any one borrower is approximately $223.5 million. All lending authorities are based on the borrower’s total credit exposure, which is an aggregate of the Bank’s lending relationship with the borrower either directly or indirectly through loan guarantees or other borrowing entities related to the borrower through ownership or other control relationship(s).

6

Table of Contents

We continually monitor our loan portfolio to identify areas of concern and to enable us to take corrective action. Lending and credit administration officers and the Board meet periodically to review past due loans and portfolio quality, the status of large loans and certain other credit or economic related matters which may impact the risk in the portfolio. Individual lending officers are responsible for monitoring any changes in the financial status of borrowers and pursuing collection of early-stage past due amounts. For certain types of loans that exceed our established parameters of past due status, the Bank’s Asset Resolution Group assumes the management of the loans, and in some cases, we engage a third-party firm to assist in collection efforts. Loans that are serviced by others, such as certain residential mortgage loans, are monitored by the Bank’s credit officers, although ultimate collection of past due amounts is the responsibility of the servicing agents.

The Bank has an internal loan review department that conducts on-going and targeted reviews of the Bank’s loan portfolio and assesses the Bank’s adherence to loan policies, risk grading, and accrual policies. Reports are generated for management based on these activities and findings are used to adjust risk grades as deemed appropriate. In addition, these reports are shared with the Board. The loan review department also provides training assistance to the Bank’s training and credit administration departments.

To further assess the Bank’s loan portfolio, in addition to the Bank’s internal loan review department, we also contract with an independent consulting firm to perform independent assessments, including reviewing new loan originations meeting certain criteria and reviewing risk grades of existing credits meeting certain thresholds. The consulting firm’s observations, comments, and risk grade recommendations, including variances with the Bank’s risk grades, are shared with the Audit Committee of the Board and are considered by management in setting Bank policy, and in evaluating the adequacy of our ACL.

Loan Concentrations

Our commercial loan portfolio consists predominately of owner-occupied real estate and non-owner occupied income-producing real estate and land development loans, which are primarily secured by real estate located in North Carolina and South Carolina. In order to monitor the portfolio for possible concentrations, we categorize our CRE loans by regulatory categories, including multi-family, retail, warehouse, office, healthcare, hotel/motel, and other commercial real estate. As of December 31, 2025, the largest categories of CRE loans as a percentage of total loans were retail at approximately 13%, followed by office, of which non owner-occupied was approximately 6% and owner-occupied was approximately 3%, commercial at approximately 6% and warehouse at approximately 6%. These CRE categories are within management's guidelines as a percent of total capital. The loans within these categories are generally secured by real estate and are therefore susceptible to changes in real estate valuations and other market disruptions. The loans were originated using underwriting standards as set forth by management. Our loan policies are focused on the risk characteristics of the loan portfolio, including commercial real estate loans, in terms of loan approval and credit quality. It is the opinion of management that these loans do not pose any unusual risks and that adequate consideration has been given to the above loans in establishing the ACL.

Most of our business activity is with customers located within the markets where we have banking operations. The following table presents our total lending exposure in the counties with the largest percentage of our loan portfolio as of December 31, 2025 and 2024. These percentages represent the geographic location of the customer, which may or may not also be the location of the loan collateral.

No other county had total loans outstanding in excess of 5% of the total portfolio at either period presented. We have no significant concentrations in a few borrowers or in individual Metropolitan Statistical Areas. Therefore, while our exposure to credit risk is affected by changes in the economy within our markets, the risk is not significantly concentrated.

Investment Activities

Our investment policy is designed to maximize our income from funds not needed to meet loan demand in a manner consistent with appropriate liquidity and risk objectives. Pursuant to this policy, we may invest in U.S. government

7

Table of Contents

bonds, GSEs, mortgage-backed securities, collateralized mortgage obligations, commercial mortgage-backed securities, state and municipal obligations, public housing authority bonds, and, to a limited extent, corporate bonds. Investments are subject to concentration and maturity limits to avoid unnecessary risks. We may also invest in time deposits with other financial institutions up to a defined limit.

Investments in our portfolio must satisfy certain quality criteria. In making investment decisions, we do not solely rely on credit ratings to determine the creditworthiness of an issuer of securities, but we use credit ratings in conjunction with other information when performing due diligence prior to the purchase of a security. Investments must be “investment-grade” as determined by a nationally recognized investment rating service. Securities rated below Moody’s BAA or Standard and Poor’s BBB generally will not be purchased. We may purchase non-rated municipal bonds only if the issues of bonds are located in our general market area and we determine these bonds have a credit risk no greater than the minimum ratings referred to above. We also are authorized to invest a portion of our securities portfolio in high quality corporate bonds, with the amount of such bonds not to exceed 15% of the entire securities portfolio. Prior to purchasing a corporate bond, the Bank’s management performs due diligence on the issuer of the bond, and the purchase is not made unless we believe that the purchase of the bond bears no more risk to the Bank than would an unsecured loan to the same company. On a periodic basis, as determined based on materiality and other relevant factors, we review the financial statements of the issuers of the corporate bonds that we own for any signs of deterioration so that we can take timely action if deemed necessary.

Our Chief Investment Officer implements the investment policy, monitors the investment portfolio, recommends portfolio strategies, and reports to the Bank’s Investment Committee. The Investment Committee generally meets at least quarterly and reviews investment activity, portfolio composition, portfolio tenure, and other elements as necessary to assess the overall position of the securities portfolio and risk of the portfolio relative to the overall balance sheet. In addition, reports of all purchases, sales, issuer calls, net profits or losses and market appreciation or depreciation of the securities portfolio are reviewed by the Board. Once a quarter, our interest rate risk exposure is evaluated by the Bank’s Asset Liability Committee ("ALCO") and a summary report is presented to the Board. A subset of the Bank's ALCO meets more regularly to evaluate a number of possible interest rate related activities. Each year, our written investment policy is reviewed by the Board and appropriate changes are made.

Deposits

We offer a full range of deposit accounts and services to both retail and commercial customers. These deposit accounts have a variety of interest rates and terms and consist of interest-bearing and noninterest-bearing accounts, including commercial and retail checking accounts, savings accounts, money market accounts, and time deposits, including various types of certificates of deposits and individual retirement accounts. The Bank is a member of the CDARS and ICS programs, which gives our customers the ability to obtain FDIC insurance on deposits of up to $50 million, while continuing to work directly with their local First Bank deposit team.

Brokered deposits are deposits obtained by utilizing an outside broker that is paid a fee. The Bank utilizes brokered deposits to accomplish several purposes, such as acquiring a certain maturity and dollar amounts without repricing the deposits of the Bank’s current customers (which could increase or decrease the overall cost of deposit), and to help manage interest rate risk.

Other Funding Sources

The FHLB of Atlanta allows us to obtain advances through its credit program. These advances are secured by qualifying loans secured by real estate, including residential mortgage loans, home equity lines of credit and commercial real estate loans.

If appropriate, subordinated debentures or senior debt may be used to augment our funding sources. The availability of these funding sources is subject to broad economic conditions, regulation and investor assessment of our financial strength and, as such, the cost of funds may fluctuate significantly and/or the availability of such funds may be restricted, thus impacting our net interest income, our immediate liquidity and/or our access to additional liquidity. The proceeds of these issuances could be downstreamed to the Bank as common equity at the Bank level.

As additional sources of funding, we maintain credit arrangements with various other financial institutions to purchase federal funds and participate in the Federal Reserve's discount window borrowings program.

8

Table of Contents

Other Services

We also offer credit cards, debit cards, letters of credit, safe deposit box rentals, and electronic funds transfer services, including wire transfers. In addition, to enhance the convenience of our customers, we provide internet banking, mobile banking and mobile check deposit, cash management, remote deposit capture, bank-by-phone capabilities, and ATMs across our branch network.

We offer various ancillary services as part of our commitment to customer service. Through a contractual relationship, we offer the placement of property and casualty insurance. We also provide non-FDIC insured investment and insurance products, including mutual funds, annuities, long-term care insurance, life insurance, and company retirement plans, as well as financial planning services through FB Wealth Management Services, our Investments Division.

Market Area and Competition

We are a community-oriented commercial bank offering a wide variety of financial services to meet the needs of our customers and communities. As of December 31, 2025, we conducted business from 113 branches, with 100 branch offices located across North Carolina and 13 branches in South Carolina.

Our branches and facilities are located in small- to medium-sized communities and in larger metropolitan areas with economies based primarily on a variety of industries, including services and manufacturing. Our branch footprint includes larger North Carolina cities, including Charlotte, Raleigh (Triangle region), Greensboro/Winston-Salem/High Point (Triad region), Asheville and Wilmington, and larger South Carolina cities including Greenville, Columbia and Charleston.

Our primary loan markets were previously presented in the Loan Concentrations section above. The following table presents the counties with the largest share of our deposit base as of December 31, 2025 and 2024. No other market area (as defined by county) comprises more than 5% of our deposit base at either period presented.

We experience strong competition in all aspects of the businesses in which we engage, including both making loans and attracting deposits, from both bank and non-bank competitors. Broadly speaking, we compete with national banks, super-regional banks, smaller community banks, non-traditional internet-based banks, insurance companies and agencies, and other financial intermediaries and investment alternatives, including mortgage companies, credit card issuers, leasing companies, finance companies, credit unions, money market mutual funds, brokerage firms, governmental and corporate bond issuers, and other securities firms. In many cases, our competitors have substantially greater resources, including broader geographic markets, higher lending limits, and the ability to make greater use of large-scale advertising and promotions, and offer certain services that we are unable to provide to our customers. We attempt to compete successfully with our competitors, regardless of their size, by emphasizing customer service, responsiveness, local decision making, and establishing relationships with our customers, while continuing to provide a wide variety of services. Additionally, many non-bank competitors are not subject to the same regulatory oversight or capital requirements, which can provide them a competitive advantage in some instances, such as operational flexibility and lower cost structures.

We encounter strong pricing competition in providing our services, particularly in making loans and attracting deposits. Competition for deposits in our markets and for national brokered deposits is primarily based on the types of deposits offered and rate paid on the deposits. Given the current rate environment, we are continuing to experience pressure to increase deposit rates in order to retain existing deposits and attract new deposits. Continued strong competition also exists in all of the lending activities we emphasize. With banks of all sizes attempting to maximize yields on earning assets and growth of their balance sheets, the competition for high-quality loans remains strong. Accordingly, loan rates in our markets continue to be under competitive pressure.

We expect competition in the industry to remain high. Competition may further intensify as additional companies (both banks and non-banks) enter the markets where we conduct business, competitors combine to present more formidable challengers, and we enter mature markets consistent with our expansion strategy.

9

Table of Contents

Human Capital Resources

At First Bank, we consider our associates to be our primary competitive advantage, and continued investment in human capital is a top priority for us. We have historically focused on building a rewarding work environment as we believe that valued and engaged associates lead to satisfied and active customers, which contributes to enriched shareholder value. We emphasize open and honest communication, collaboration, goal attainment, and personal and professional growth as the foundation to delivering high-quality service to one another and our customers. As of December 31, 2025, we had 1,332 full-time and 42 part-time associates, all of whom are employed by the Bank and the majority of whom are located in North Carolina and South Carolina.

Our human capital management strategy focuses on attracting, developing and retaining top quality talent regardless of sex, sexual orientation, gender identity, race, color, national origin, age, religion, or physical ability. We strive to identify and select the best candidates for all open positions based on the qualifying factors for each job. We are dedicated to providing a workplace for our associates that is inclusive, supportive, and free of any form of discrimination or harassment; rewarding and recognizing our team members based on their individual results and team performance; and recognizing and respecting all of the characteristics and differences that make each of our associates unique. Our workforce consists of approximately 72% females and 19% minorities. Of our officer population, 73% are female or minorities, while our senior management team consists of 29% female or minority executives.

In 2020, we formed a Diversity Council, which is chaired by our CEO and meets regularly. The Diversity Council is focused on providing feedback and recommending actions for improvement, as well as removing barriers that impede progress related to the following areas:

•Creating a work environment that demonstrates all views are respected and provides equal access to opportunities for growth and advancement;

•Ensuring all open positions have a diverse pool of candidates, and our job requirements align with our principles and the markets we serve; and

•Creating internal organizational learning opportunities in which associates may voluntarily participate to deepen and develop personal understanding of diversity and inclusion.

Our Board and its Compensation Committee provide oversight on human capital matters, including overall compensation philosophy, equity award programs, and succession planning. Our human resources and legal departments develop policies to support and manage our human capital management strategy, identify risks, and implement practices to mitigate those risks, under the oversight of the Board and its committees.

Maintaining and further enhancing our corporate culture is an important element of our Board’s oversight of risk because our people are critical to the implementation of our corporate strategy. Our Board sets the “tone at the top” and holds senior management accountable for embodying, maintaining, and communicating our culture to associates. Our culture is guided by a philosophy we call "Our Promise to Service Excellence" ("Our Promise"). The principles of Our Promise are: Safety and Soundness, Knowledge and Accuracy, Courteous Service, and Convenience and Ease. All associates joining the Company, including those joining as a result of an acquisition, start their employment by participating in an orientation that focuses on learning about and embracing our culture.

We also seek to design careers with our Company that are fulfilling while fostering professional and personal growth with continuing education, on-the-job training, and development programs. In 2020, we launched our Leadership Development Program, which consists of three development tracks designed to instruct and enhance leadership skills at various levels of an associate's management experience. We believe that effective and meaningful leadership development will further elevate the Company and support us in continuing to attract and retain top talent as well as create a succession plan for future growth.

Providing associates with meaningful, competitive and supportive benefits to care for their lives and families is a top priority for the Company. We are proud to offer a comprehensive benefits package that includes medical, dental, vision and life insurance, paid time-off, 401(k) profit-sharing plan participation and an employee stock purchase plan. In 2025, the Company’s 401(k) plan matched 100% of each employee’s elective deferral amount, up to 6% of their compensation.

The Company’s benefits programs also include an Employee Assistance Program which provides all associates a comprehensive and personalized process to meet their individual needs and support them through issues they may be facing. The program provides unlimited phone access for information, resources, and referrals and provides sessions with a counselor for the associate and their family members.

10

Table of Contents

Supervision and Regulation

As a bank holding company, we are subject to supervision, examination, and regulation by the Federal Reserve and the Commissioner. The Bank is also subject to supervision and examination by the Federal Reserve and the Commissioner.

The Company and the Bank are subject to extensive regulation under federal and state laws. The regulatory framework is designed to protect the banking system as a whole and not for the protection of our shareholders and creditors.

The applicable statutes and regulations, as well as related policies, continue to be subject to changes by Congress, state legislatures, and federal and state regulators. Changes in statutes, regulations, and polices applicable to Company and the Bank (including their interpretations or implementation) cannot be predicted and could have a material adverse impact on the business and operations of the Company and the Bank.

Since our total assets exceed $10.0 billion, under current banking regulations and as discussed further below, we are subject to heightened supervision and regulation.

The following is a general summary of the material aspects of certain statutes, regulations and policies applicable to us. This summary does not purport to be complete and is qualified by reference to the applicable statutes, regulations, and policies.

Supervision and Regulation of the Company

General. The BHC Act limits the business of a bank holding company to owning or controlling banks and engaging in other activities closely related to the business of banking. In addition, the Company also must file reports with, and provide additional information, to the Federal Reserve.

Holding Company Bank Ownership. The BHC Act requires every bank holding company to obtain the prior approval of the Federal Reserve before: (1) acquiring, directly or indirectly, ownership or control of any voting shares of another bank or bank holding company if, after such acquisition, it would own or control more than 5% of such shares; (2) acquiring all or substantially all of the assets of another bank or bank holding company; or (3) merging with another bank holding company.

Holding Company Control of Non-Banks. With some exceptions, the BHC Act prohibits a bank holding company from acquiring or retaining direct or indirect ownership or control of more than 5% of the voting shares of any company that is not a bank or bank holding company, or from engaging directly or indirectly in activities other than those of banking, managing or controlling banks, or providing services for its subsidiaries. The principal exceptions to these prohibitions involve certain non-bank activities that are deemed activities closely related to the business of banking or of managing or controlling banks under applicable law.

Transactions with Affiliates. Bank subsidiaries of a bank holding company are subject to restrictions imposed by the Federal Reserve Act on extensions of credit to the holding company or its subsidiaries, on investments in securities, and on the use of securities as collateral for loans to any borrower. The Dodd-Frank Act further extends the definition of an “affiliate” and treats credit exposure arising from derivative transactions, securities lending and borrowing transactions involving an affiliate as covered transactions under applicable regulations. It also expands the scope of covered transactions required to be collateralized, requires collateral to be maintained at all times for covered transactions required to be collateralized, and places limits on acceptable collateral. These restrictions may limit the Company’s ability to obtain funds from the Bank for its cash needs, including funds for payments of dividends, interest, and operational expenses.

Tying Arrangements. The Company is prohibited from engaging in certain tie-in arrangements in connection with any extension of credit, sale or lease of property, or furnishing of services. For example, with certain exceptions, neither the Company nor the Bank may condition an extension of credit to a customer on either a requirement that the customer obtain additional services provided by the Company or the Bank, or an agreement by the customer to refrain from obtaining other services from a competitor.

Support of Bank Subsidiaries. Under Federal Reserve policy and the Dodd-Frank Act, the Company is required to act as a source of financial and managerial strength to the Bank. This means that the Company is required to

11

Table of Contents

commit, as necessary, capital and resources to support the Bank, including at times when the Company may not be in a financial position to provide such resources or when it may not be in the Company’s or its shareholders’ best interests to do so. Any capital loans a bank holding company makes to a bank subsidiary are subordinate to deposits and to certain other indebtedness of that subsidiary.

State Law Restrictions. As a North Carolina corporation, the Company is subject to certain limitations and restrictions under applicable North Carolina corporate laws. For example, those laws include limitations and restrictions relating to indemnification of directors, distributions to shareholders, transactions involving directors, officers, or interested shareholders, maintenance of books, records, and minutes, and observance of certain corporate formalities.

North Carolina Holding Company Laws. The Commissioner is empowered to regulate certain acquisitions of North Carolina banks and bank holding companies, issue cease and desist orders for violations of North Carolina banking laws, and promulgate rules necessary to effectuate the purposes of those laws.

Supervision and Regulation of the Bank

General. The Bank is a North Carolina state-chartered bank and is a member of the Federal Reserve. Federal banking regulations applicable to all depository financial institutions provide federal bank regulatory agencies with powers to prevent unsafe and unsound banking practices, restrict preferential loans by banks to their “insiders," require banks to keep information on loans to major shareholders and executive officers, and bar certain director and officer interlocks between financial institutions.

As a state-chartered bank, the Bank is subject to regulation by the Commissioner. The Commissioner has a wide range of regulatory authority over the activities and operations of the Bank, and the Commissioner’s staff conducts periodic examinations of the Bank and its affiliates to ensure compliance with state banking laws and regulations and to assess the safety and soundness of the Bank. Among other things, the Commissioner regulates the merger of state-chartered banks, the payment of dividends, recordkeeping, types and amounts of loans and investments, the total of loans to one borrower and the establishment of branches. The Commissioner also has cease and desist powers over state-chartered banks for violations of state banking laws or regulations and for unsafe or unsound conduct that is likely to jeopardize the interest of depositors.

The Federal Reserve is authorized to approve mergers and assumptions of deposit liability transactions by member banks, and to prevent capital or surplus diminution in such transactions if the resulting, continuing, or assumed bank is an insured member bank. The Bank is a member of the Federal Reserve, and accordingly the Federal Reserve also conducts periodic examinations of the Bank to assess its safety and soundness and its compliance with banking laws and regulations, and it has the power to implement changes to, or restrictions on, the Bank’s operations if it finds that a violation is occurring or is threatened.

Consumer Protection. The Bank is subject to a variety of federal and state consumer protection laws and regulations that govern its relationships and interactions with consumers, including those that impose certain disclosure requirements and that govern the manner in which the Bank takes deposits, makes and collect loans, and provides other services. Failure to comply with these laws and regulations may subject the Bank to various penalties. Failure to comply with consumer protection requirements may also result in failure to obtain any required regulatory approval for merger or acquisition transactions we may wish to pursue.

Community Reinvestment. The CRA requires that, in connection with examinations of an applicable financial institution, federal bank regulators evaluate the record of those institutions in meeting the credit needs of local communities, including low- and moderate-income neighborhoods, consistent with the safe and sound operation of the institution. A bank's community reinvestment record is also considered by the applicable banking agencies in evaluating mergers, acquisitions, and applications to open a branch or facility. In some cases, a bank's failure to comply with the CRA or the filing of CRA protests by interested parties during applicable comment periods can result in the denial of approval or delay of such transactions.

Insider Credit Transactions. Banks are subject to certain restrictions on extensions of credit to executive officers, directors, principal shareholders, and their related interests. Extensions of credit (1) must be made on substantially the same terms (including interest rates and collateral) and follow credit underwriting procedures that are at least as stringent as those prevailing at the time for comparable transactions with persons not related to the lending bank; and (2) must not involve more than the normal risk of repayment or present other unfavorable features. Banks are also subject to certain lending limits and restrictions on overdrafts to insiders. A violation of these restrictions may

12

Table of Contents

result in the assessment of substantial civil monetary penalties, regulatory enforcement actions, and other regulatory sanctions. The Dodd-Frank Act and federal regulations place additional restrictions on loans to insiders and generally prohibit loans to executive officers other than for certain specified purposes.

Regulation of Management. Federal law sets forth circumstances under which officers or directors of a bank may be removed by the bank's federal supervisory agency, and generally prohibits management personnel of a bank from serving as directors or in other management positions of another financial institution whose assets exceed a specified amount or which has an office within a specified geographic area.

Safety and Soundness Standards. Certain non-capital safety and soundness standards also are imposed upon banks. These standards cover, among other things, internal controls, information systems, internal audit systems, loan documentation, credit underwriting, interest rate exposure, asset growth, compensation, fees and benefits, such other operational and managerial standards as the applicable regulator determines to be appropriate, and standards for asset quality, earnings, regulatory capital and liquidity. In addition, each bank must implement a comprehensive written information security program that includes administrative, technical, and physical safeguards appropriate to the institution's size and complexity and the nature and scope of its activities. The program must be designed to ensure the security and confidentiality of customer information, protect against unauthorized access to or use of such information, and ensure the proper disposal of customer and consumer information. A bank that fails to meet these standards may be required to submit a compliance plan or be subject to regulatory sanctions, including restrictions on growth.

Inspections. The Federal Reserve conducts periodic inspections of bank holding companies, such as the Company. In general, the objectives of this inspection program are to ascertain whether the financial strength of a bank holding company is maintained on an ongoing basis and to determine the effects or consequences of transactions between a bank holding company or its non-banking subsidiaries and its bank subsidiaries. The inspection type and frequency typically varies depending on asset size, complexity of the organization, and the bank holding company's rating at its last inspection.

Examinations. Banks are subject to periodic examinations by their primary regulators. In assessing a bank's condition, bank examinations have evolved from reliance on transaction testing to a risk-focused approach. These examinations are extensive and cover the entire breadth of the operations of a bank. Examinations alternate between the federal and state bank regulatory agencies, and in some cases they may occur on a combined schedule. The frequency of consumer compliance and CRA examinations is linked to the size of the institution and its compliance and CRA ratings of its most recent examinations. However, the examination authority of the Federal Reserve and the Commissioner allow examinations of supervised institutions as frequently as deemed necessary based on the condition of the institution or as a result of certain triggering events.

Dividends

A principal source of the Company's cash is from dividends received from the Bank, which are subject to regulation and limitation. As a general rule, regulatory authorities may prohibit banks from paying dividends in a manner that would constitute an unsafe or unsound banking practice. For example, paying dividends that deplete a bank's capital base to an inadequate level is typically deemed an unsafe and unsound banking practice. In addition, a bank may not pay cash dividends that would reduce the amount of its capital to less than minimum applicable regulatory capital requirements. North Carolina banking law also places limitations upon the payment of dividends by North Carolina banks.

Rules adopted in accordance with Basel III also impose limitations on the Bank's ability to pay dividends. In general, these rules limit the Bank's ability to pay dividends unless the Bank's common equity conservation buffer exceeds the minimum required capital ratio by at least 2.5% of risk-weighted assets.

The Federal Reserve has also issued a policy statement expressing the view that although no specific regulations restrict dividend payments by bank holding companies other than state corporate laws, a bank holding company should not pay cash dividends unless its earnings for the past year are sufficient to cover both the cash dividends and a prospective rate of earnings retention that is consistent with the bank holding company's capital needs, asset quality, and overall financial condition. A bank holding company's ability to pay dividends may also be restricted if a subsidiary bank becomes under-capitalized. These various regulatory policies may affect the Company's and the Bank's ability to pay dividends or otherwise engage in capital distributions.

13

Table of Contents

Dodd-Frank Act

General. The Dodd-Frank Act and its related regulations significantly changed the bank regulatory structure and affect the lending, deposit, investment, trading, and operating activities of banks and bank holding companies, including the Bank and the Company. Some of the provisions of the Dodd-Frank Act that impact the Company's and the Bank's business and operations are summarized below.

Corporate Governance. The Dodd-Frank Act requires publicly traded companies to provide their shareholders with a non-binding shareholder vote on executive compensation, a non-binding shareholder vote on the frequency of such vote, disclosure of "golden parachute" arrangements in connection with specified change in control transactions, and a non-binding shareholder vote on golden parachute arrangements in connection with these change in control transactions. The SEC has adopted rules mandated by the Dodd-Frank Act that require a public company to disclose the ratio of the compensation of its CEO to the median compensation of its employees and a comparison of executive compensation to the market performance of the Company's stock. These rules are intended to provide shareholders with information that they can use to evaluate executive compensation.

Consumer Financial Protection Bureau. The Dodd-Frank Act established the CFPB and empowered it to exercise broad rule making, supervision, and enforcement authority for a wide range of consumer protection laws. The Bank is subject to the direct supervision of the CFPB. The CFPB focuses on risks to consumers and compliance with federal consumer financial laws, the markets in which firms operate and risks to consumers posed by activities in those markets, depository institutions that offer a wide variety of consumer financial products and services, and non-depository companies that offer one or more consumer financial products or services.

The consumer financial laws administered by the CFPB apply to all banks and include, among other things, the authority to prohibit “unfair, deceptive or abusive” acts and practices. Abusive acts or practices are defined as those that materially interfere with a consumer’s ability to understand a term or condition of a consumer financial product or service or take unreasonable advantage of a consumer’s lack of financial savvy, inability to protect himself in the selection or use of consumer financial products or services, or reasonable reliance on a covered entity to act in the consumer’s interests. The CFPB can issue cease and desist orders against banks and other entities that violate Federal consumer financial laws. The CFPB also may institute a civil action against an entity in violation of those consumer financial laws in order to impose a civil penalty or injunction.

Interchange Fees. The Bank is subject to limitations on interchange fees under the Durbin Amendment to the Dodd-Frank Act (the "Durbin Amendment"). The Durbin Amendment rules establish a maximum permissible interchange fee for an electronic debt transaction equal to the sum of $0.21 per transaction and five basis points multiplied by the value of the transaction. The rules also allow for an upward adjustment of no more than $0.01 to an issuer’s debit card interchange fee if the issuer develops and implements policies and procedures reasonably designed to achieve certain fraud prevention standards.

FDIC Insurance

As an FDIC insured depository institution, the Bank's deposits are insured up to applicable limits by the DIF which is generally $250,000. For this protection, each insured bank pays a quarterly statutory assessment and is subject to the rules and regulations of the FDIC.

The FDIC insurance premium is based on an institution’s total assets minus its Tier 1 capital, and premiums are determined based on its capital, supervisory ratings, and other factors. Premium rates generally may increase if the DIF is strained due to the cost of bank failures and the number of troubled banks. In addition, if a bank experiences financial distress, operates in an unsafe or unsound manner, or is subject to a regulatory agreement or order, its deposit premiums may increase. The Dodd-Frank Act made banks with $10 billion or more in total assets responsible for increasing the DIF reserve ratio from 1.15% to 1.35% if necessary. Accordingly, the Bank's premiums may increase from time to time if the FDIC needs to increase assessments in order to replenish the fund and restore the DIF reserve ratio to 1.35%.

In December 2023, the FDIC approved a final rule implementing a special assessment to replenish the DIF reserve ratio. Based upon the terms of the special assessment, the Bank was not required to pay at the increased assessment rate.

14

Table of Contents

Legislative and Regulatory Guidance and Developments

Regulatory Capital Requirement under Basel III. The Company and the Bank are subject to the Basel III regulatory capital rules that became fully phased-in as of January 1, 2019.

Under Basel III, CET1 is comprised of common stock and related surplus, plus retained earnings, and is reduced by goodwill and other intangible assets, net of associated deferred tax liabilities. Tier I capital is comprised of CET1 capital plus additional elements, such as trust preferred securities, which the Company includes in Tier 1 capital. Total capital is comprised of Tier I capital plus certain adjustments, the largest of which for the Company and the Bank is the ACL. Risk-weighted assets refer to the on- and off-balance sheet exposures of the Company and the Bank, adjusted for their related risk levels using formulas set forth in Federal Reserve regulations.

The Basel III capital rules include a “capital conservation buffer,” composed entirely of CET1, on top of these minimum risk-weighted asset ratios. The capital conservation buffer is designed to absorb losses during periods of economic stress. Banking institutions with a ratio of CET1 to risk-weighted assets above the minimum but below the capital conservation buffer will face constraints on dividends, equity repurchases, and compensation based on the amount of the shortfall. The Company and the Bank are required to maintain the following minimum capital ratios:

•4.5% CET1 to risk-weighted assets, plus the capital conservation buffer, effectively resulting in a minimum ratio of CET1 to risk-weighted assets of at least 7.0%;

•6.0% Tier I capital to risk-weighted assets, plus the capital conservation buffer, effectively resulting in a minimum Tier I capital ratio of at least 8.5%;

•8.0% total capital to risk-weighted assets, plus the capital conservation buffer, effectively resulting in a minimum total capital ratio of at least 10.5%; and

•4.0%% Tier I leverage ratio.

In addition to the minimum capital requirements described above, the regulatory framework for prompt corrective action also contains specific capital guidelines for a bank’s classification as “well capitalized.” The current specific guidelines are as follows:

•CET1 Capital Ratio of at least 6.5%;

•Tier I Capital Ratio of at least 8.0%;

•Total Capital Ratio of at least 10.0%; and a

•Leverage Ratio of at least 5.0%.

If a bank falls below “well capitalized” status in any of these four ratios, it must ask for FDIC permission to originate or renew brokered deposits.

Financial Privacy and Cybersecurity. The federal banking regulators have adopted rules that limit the ability of banks and other financial institutions to disclose non-public information about consumers to non-affiliated third parties. These limitations require disclosure of privacy policies to consumers and, in some circumstances, allow consumers to prevent disclosure of certain personal information to a non-affiliated third party. These regulations affect how consumer information is transmitted through diversified financial companies and conveyed to outside vendors. In addition, consumers may also prevent disclosure of certain information among affiliated companies that is assembled or used to determine eligibility for a product or service, such as that shown on consumer credit reports and asset and income information from applications. Consumers also have the option to direct banks and other financial institutions not to share information about transactions and experiences with affiliated companies for the purpose of marketing products or services.

Under various policy statements, financial institutions should design multiple layers of security controls to establish lines of defense and to ensure that their risk management processes also address the risk posed by compromised customer credentials, including security measures to reliably authenticate customers accessing internet-based services of the financial institution. Additionally, management is expected to maintain sufficient business continuity planning processes to ensure the rapid recovery, resumption, and maintenance of the institution’s operations after a cyber-attack involving destructive malware. A financial institution is also expected to develop appropriate processes to enable recovery of data and business operations and address rebuilding network capabilities and restoring data if the institution or its critical service providers fall victim to this type of cyber-attack. The Company has multiple information security programs that reflect the requirements of this guidance. If, however, we fail to observe the regulatory guidance in the future, we could be subject to various regulatory sanctions, including financial penalties.

15

Table of Contents

A banking organization is required to notify its primary federal regulators as soon as possible and within 36 hours after identifying a “computer-security incident” that the banking organization believes in good faith is reasonably likely to materially disrupt or degrade its business or operations in a manner that would, among other things, jeopardize the viability of its operations, result in customers being unable to access their deposit and other accounts, result in a material loss of revenue, profit or stock price, or pose a threat to the financial stability of the U.S.

The SEC cybersecurity disclosure rules for public companies require disclosures regarding cybersecurity risk management (including the role of the Board in overseeing cybersecurity risks, management’s role and expertise in assessing and managing cybersecurity risks, and processes for assessing, identifying and managing cybersecurity risks) in annual reports. These cybersecurity disclosure rules also require the disclosure of material cybersecurity incidents in a Form 8-K, generally within four business days of determining an incident is material. Refer to Item 1A, “Risk Factors,” and Item 1C, "Cybersecurity," for additional disclosures related to cybersecurity.

In the ordinary course of business, we rely on electronic communications and information systems to conduct our operations and to store sensitive data. We employ an in-depth, layered, defensive approach that leverages people, processes, and technology to manage and maintain cybersecurity controls. We employ a variety of preventative and detective tools to monitor, block, and provide alerts regarding suspicious activity, as well as to report on any suspected advanced persistent threats. Notwithstanding the strength of our defensive measures, the threat from cyber-attacks is severe, attacks are sophisticated and increasing in volume, and attackers respond rapidly to changes in defensive measures. While to date we have not detected a significant compromise, the risks of significant data loss or any material financial losses related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats. Additional discussion of our cybersecurity risk management process and strategy are contained in Item 1C. of this Report.

Anti-Money Laundering and the USA Patriot Act. The BSA requires all financial institutions to establish a risk-based system of internal controls reasonably designed to prevent money laundering and the financing of terrorism; sets forth various recordkeeping and reporting requirements (such as reporting suspicious activities that might signal criminal activity); and mandates certain due diligence procedures and "know your customer" documentation. The Patriot Act substantially broadened the scope of United States anti-money laundering laws and regulations by imposing significant new compliance and due diligence obligations on financial institutions; creating new crimes and penalties; and expanding the extra-territorial jurisdiction of the United States. Financial institutions are also prohibited from entering into specified financial transactions and account relationships and must use enhanced due diligence procedures in their dealings with certain types of high-risk customers and implement a written customer identification program. Financial institutions must take certain steps to assist government agencies in detecting and preventing money laundering and report certain types of suspicious transactions. Regulatory authorities routinely examine financial institutions for compliance with these obligations, and failure of a financial institution to maintain and implement adequate programs to combat money laundering and terrorist financing, or to comply with all of the relevant laws or regulations, could have serious financial, legal and reputational consequences for the institution, including causing applicable bank regulatory authorities not to approve merger or acquisition transactions when regulatory approval is required or to prohibit such transactions even if approval is not required. Regulatory authorities have imposed cease and desist orders and civil money penalties against institutions found to be violating these obligations.

The AML, which amended the BSA, was intended to be a comprehensive reform and modernization of the United States bank secrecy and anti-money laundering laws. Among other things, it codifies a risk-based approach to anti-money laundering compliance for financial institutions; requires the development of standards for evaluating technology and internal processes for BSA compliance; and expands enforcement- and investigation-related authority, including increasing available sanctions for certain BSA violations and instituting BSA whistleblower incentives and protections.

Office of Foreign Assets Control Regulation. The United States has imposed economic sanctions that affect transactions with designated foreign countries, nationals, and others which are administered by OFAC. Failure to comply with these sanctions could have serious legal and reputational consequences, including causing applicable bank regulatory authorities not to approve merger or acquisition transactions when regulatory approval is required or to prohibit such transactions even if approval is not required.

Community Reinvestment Act. In October 2023, the Federal Reserve, FDIC, and OCC issued a final rule to amend their regulations implementing the CRA. The rule would have materially revised the current CRA framework, including the assessment areas in which a bank is evaluated to include activities associated with online and mobile

16

Table of Contents

banking, the tests used to evaluate the bank in its assessment areas, new methods of calculating credit for lending, investment and service activities, and additional data collection and reporting requirements. The rule would have resulted in a significant increase in the thresholds for large banks to receive “Outstanding” ratings in the future. Most of the provisions of the rule were scheduled to become applicable on January 1, 2026. Reporting of the collected data would be required in 2027.

The 2023 rule was preliminarily enjoined in March 2024, following legal challenge. In July 2025, the Federal Reserve, the OCC and the FDIC proposed to rescind the 2023 rule and replace it with the prior CRA regulations. The Federal Reserve continues to apply the 1995 CRA regulations.

Incentive Compensation. The federal bank regulatory agencies comprehensive guidance on incentive compensation policies are intended to ensure that the incentive compensation policies of financial institutions are not detrimental to the safety and soundness of such institutions by encouraging excessive risk-taking. This guidance covers all employees who have the ability to materially affect the risk profile of a financial institution, either individually or as part of a group, and is based upon the key principles that a financial institution’s incentive compensation arrangements should (1) provide incentives that do not encourage risk-taking beyond the institution’s ability to effectively identify and manage risks; (2) be compatible with effective internal controls and risk management; and (3) be supported by strong corporate governance, including active and effective oversight by the financial institution’s board of directors.

As required by the Dodd-Frank Act, U.S. banking agencies have jointly issued comprehensive regulations or guidance designed to ensure that incentive compensation policies do not undermine the safety and soundness of banking organizations by encouraging teammates to take imprudent risks. This guidance significantly affects the amount, form, and context of incentive compensation that may be provided to teammates and could negatively affect the Company’s ability to compete for talent relative to non-banking companies. The SEC finalized its incentive compensation clawback rule which may result in additional costs and restrictions on the form of the Company’s incentive compensation.

Federal Securities Laws. The common stock of the Company is registered with the SEC under the Exchange Act and the Company is subject to the reporting, information disclosure, proxy solicitation, insider trading limits and other requirements imposed on public companies by the SEC under the Exchange Act. This includes limits on sales of stock by certain insiders and the filing of insider ownership reports with the SEC. The SEC and NASDAQ have adopted regulations under the Sarbanes-Oxley Act of 2002 and the Dodd-Frank Act that apply to the Company as a NASDAQ-traded, public company, which seek to improve corporate governance, provide enhanced penalties for financial reporting improprieties and improve the reliability of disclosures in SEC filings.

Digital Asset Regulation

Although the federal banking and securities agencies are in the process of considering regulations governing the digital asset activities of banking organizations, it is not expected that such regulations will be issued until the third quarter of 2026. The existing supervisory framework dictates that, in order to effectively identify and manage digital asset-related risks and obtain supervisory non-objection to the proposed engagement in digital asset activities, banking organizations must implement appropriate risk management practices, including with respect to board and management oversight, policies and procedures, risk assessments, internal controls and monitoring.

Future Legislation and Regulation

Congress may enact legislation from time to time that affects the regulation of the financial services industry, and state legislatures may enact legislation from time to time affecting the regulation of financial institutions chartered by or operating in those states. Federal and state regulatory agencies governing the Company and the Bank also periodically propose and adopt changes to their regulations or change the manner in which existing regulations are applied. The substance or impact of pending or future legislation or regulation, or the application thereof, cannot be predicted, although enactment of future legislation or the issuance of new regulations could impact the regulatory structure under which we operate and may significantly increase costs, impede the efficiency of internal business processes, require an increase in regulatory capital, require modifications to business strategy, and limit the ability to pursue business opportunities in an efficient manner, or otherwise adversely affect our operations and financial condition.

17

Table of Contents

Available Information

We maintain a corporate internet site at www.LocalFirstBank.com, which contains a link within the “Investor Relations” section of the site to each of our filings with the SEC, including our annual reports on Form 10-K, as well as our quarterly reports on Form 10-Q, our current reports on Form 8-K, and amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Exchange Act. These filings are available, free of charge, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. These filings can also be accessed at the SEC’s website located at www.sec.gov. Information included on our internet site is not incorporated by reference into this Report.