HUNTINGTON BANCSHARES INC /MD/ (HBAN) Risk Factors

Verbatim Item 1A Risk Factors from HUNTINGTON BANCSHARES INC /MD/'s latest 10-K. Filing date: 2026-02-13. Accession: 0000049196-26-000015.

This page reproduces the company's own Item 1A Risk Factors text from the linked SEC filing. It is filer text, not grepcent analysis, scoring, or investment advice.

Informational only - not investment advice. See Disclaimer.

Extracted from Item 1A Risk Factors to the first Item 1B/1C/2 boundary after HTML sanitization. Confidence: high. Source form: 10-K. Character span: 245065-331754.

Back to HBAN company profile

Item 1A: Risk Factors

Risk Factors Summary

The following is a summary of material risks that could adversely affect Huntington’s business, financial condition, results of operation, or business.

Credit Risks

•Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures, which could adversely affect our net income and capital.

•Weakness in economic conditions could adversely affect our business.

•Our emphasis on commercial lending may expose us to increased lending risks.

Market Risks

•Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital.

•Inflation could negatively impact our business, our profitability, and our stock price.

•Industry competition may have an adverse effect on our success.

Liquidity Risks

•Changes in Huntington’s financial condition or in the general banking industry, or changes in interest rates, could result in a loss of depositor confidence.

•We are a holding company and depend on dividends from our subsidiaries for liquidity needs.

•If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities.

•A reduction in our credit rating could adversely affect our access to capital and could increase our cost of funds.

•Instability in global economic conditions and geopolitical matters, as well as volatility in financial markets, could have a material adverse effect on our results of operations and financial condition.

Operational Risks

•Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our operations, liquidity, and financial condition, as well as cause legal or reputational harm.

•We face risks from cyber-attacks and other information or security breaches, including denial of service attacks, hacking, social engineering attacks targeting our colleagues, contractors, and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential, proprietary, personal and other information, any of which could adversely affect our business or reputation, and create significant legal and financial exposure.

•We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets.

•We grow our business in part by acquiring, from time to time, other financial services businesses and businesses with technologies or other assets valuable to us. Acquisitions present several risks and uncertainties related both to the acquisition transactions themselves and to the integration of the acquired businesses into Huntington after closing.

•Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price.

•We rely on quantitative models to measure risks and to estimate certain financial values.

•We rely on third parties to provide key components of our business infrastructure.

28 Huntington Bancshares Incorporated

•Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations.

•Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations.

•Climate change manifesting as physical or transition risks could adversely affect our operations, businesses, and customers.

•We use AI in connection with our business and operations, which exposes us to inherent risks that may expose us to material harm.

Compliance Risks

•We operate in a highly regulated industry, and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us and our business model.

•Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price.

•The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period.

•Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss.

•Cybersecurity and data privacy are areas of heightened legislative and regulatory focus.

Strategic Risks

•We operate in a highly competitive industry which depends on our ability to successfully execute our strategic plan and adapt our products and services to evolving industry standards and consumer preferences.

•We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services.

•Bank regulations regarding capital and liquidity, including the CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities.

Reputational Risk

•Damage to our reputation could significantly harm our business, including our competitive position and business prospects.

Cadence Merger Risks

•We are expected to incur substantial costs related to the Cadence Merger and integration.

•Combining Huntington and Cadence may be more difficult, costly or time consuming than expected and Huntington and Cadence may fail to realize the anticipated benefits of the Cadence Merger.

•The future results of the combined company following the Cadence Merger may suffer if the combined company does not effectively manage its expanded operations.

•The combined company may be unable to retain Huntington or Cadence personnel successfully.

2025 Form 10-K 29

The risks and uncertainties listed below present risks that could have a material impact on Huntington’s financial condition, results of operations, or its business. Some of these risks and uncertainties are interrelated and the occurrence of one or more of them may exacerbate the effect of others. The risks and uncertainties described below are not the only ones Huntington faces. Additional risks and uncertainties not presently known to Huntington or that Huntington believes to be immaterial may also adversely affect its business. Additionally, refer to factors set forth under the caption “Forward-Looking Statements.” For more information on how we manage risks, see discussion in the “Risk Management” section of our MD&A.

In addition to the other information included or incorporated by reference into this report, readers should carefully consider that the following important factors, among others, could negatively impact our business, future results of operations, and future cash flows materially.

Credit Risks:

Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures, which could adversely affect our net income and capital.

Our business depends on the creditworthiness of our customers. Our ACL of $2.7 billion at December 31, 2025, represented management’s estimate of the current expected losses in our loan and lease portfolio (ALLL), as well as our unfunded lending commitments (AULC). We regularly review our ACL for appropriateness. In doing so, we consider probability of default, loss given default, and exposure at default depending on economic parameters for each month of the remaining contractual term of the credit exposure. The economic parameters are developed using available information relating to past events, current conditions, and reasonable and supportable forecasts. There is no certainty that our ACL will be appropriate over time to cover lifetime losses of the portfolio because of unanticipated adverse changes in the economy, market conditions, or events adversely affecting specific customers, industries, or markets. If the credit quality of our customer base materially decreases, if the risk profile of a market, industry, or group of customers changes materially, or if the ACL is not appropriate, our net income and capital could be materially adversely affected, which could have a material adverse effect on our financial condition and results of operations.

In addition, regulatory review of risk ratings and loan and lease losses may impact the level of our ACL and could have a material adverse effect on our financial condition and results of operations.

Weakness in economic conditions could adversely affect our business.

Continued economic uncertainty and a recessionary or stagnant economy could adversely affect our business, financial condition, and results of operations. Our performance could be negatively affected to the extent there is deterioration in business and economic conditions, including persistent inflation, rising interest rates, supply chain issues, labor shortages, or changes in U.S. trade policies, including the imposition of tariffs and retaliatory tariffs, which have direct or indirect material adverse impacts on us, our customers, and our counterparties. These conditions could result in one or more of the following:

•A decrease in the demand for loans and other products and services offered by us;

•A decrease in customer savings generally, and in the demand for savings and investment products offered by us;

•An increase in the number of customers and counterparties who become delinquent, file for protection under bankruptcy laws, or default on their loans or other obligations to us; and

•An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale.

The markets we serve are dependent on industrial and manufacturing businesses and, thus, are particularly vulnerable to adverse changes in economic conditions affecting these sectors.

30 Huntington Bancshares Incorporated

A U.S. government debt default would have a material adverse impact on our business and financial performance, including a decrease in the value of Treasury bonds and other government securities held by us, which could negatively impact Huntington’s and the Bank’s capital positions and their ability to meet regulatory requirements. Other negative impacts of a U.S. government debt default, budget deficit concerns, government shutdown, or related credit ratings downgrades could include volatile capital markets, an adverse impact on the U.S. economy and the U.S. dollar, as well as increased default rates among borrowers in light of increased economic uncertainty. Some of these impacts might occur even in the absence of an actual default or government shutdown as a consequence of extended political negotiations around the threat of such a default or government shutdown.

Our emphasis on commercial lending may expose us to increased lending risks.

At December 31, 2025, 60% of our loan portfolio was comprised of loans in our commercial loan portfolio, which includes commercial and industrial loans, commercial real estate loans, and lease financing. While commercial loans are generally more interest rate sensitive and carry higher yields than residential mortgage loans, these types of loans generally expose a lender to greater risk of non-payment and loss than single-family residential mortgage loans because repayment of the loans often depend on the income stream of the borrowers or successful operation of the property. Such loans typically involve larger loan balances to single borrowers or groups of related borrowers compared to single-family residential mortgage loans. At December 31, 2025, we had $1.7 billion of reserves specifically allocated to loans in our commercial loan portfolio. We also monitor loan concentrations on an individual relationship and industry wide basis to evaluate the amount of risk we have in our loan portfolio.

Market Risks:

Changes in interest rates could reduce our net interest income, reduce transactional income, and negatively impact the value of our loans, securities, and other assets. This could have an adverse impact on our cash flows, financial condition, results of operations, and capital.

Our results of operations depend substantially on net interest income, which is the difference between interest earned on interest earning assets (such as investments and loans) and interest paid on interest bearing liabilities (such as deposits and borrowings). Interest rates are highly sensitive to many factors, including governmental monetary policies, inflation, and domestic and international economic and political conditions. Conditions such as inflation, deflation, recession, unemployment, money supply, and other factors beyond our control may also affect interest rates. In addition, the Federal Reserve’s monetary policies, including changes in the federal funds rate and increasing or reducing the size of its balance sheet, may also affect interest rates. If our interest earning assets mature or reprice faster than interest bearing liabilities in a declining interest rate environment, our net interest income could be materially adversely impacted. Likewise, if interest bearing liabilities mature or reprice more quickly than interest earning assets in a rising interest rate environment, our net interest income could be adversely impacted.

Changes in interest rates can affect the value of loans, securities, assets under management, and other assets, including mortgage servicing rights. An increase in interest rates that adversely affects the ability of borrowers to pay the principal or interest on loans and leases may lead to an increase in NPAs and a reduction of income recognized, which could have a material adverse effect on our results of operations and cash flows. When we place a loan on nonaccrual status, we reverse any accrued but unpaid interest receivable, which decreases interest income. However, we continue to incur interest expense as a cost of funding NALs without any corresponding interest income. In addition, transactional income, including trust income, brokerage income, and gain on sales of loans, can vary significantly from period-to-period based on a number of factors, including the interest rate environment. A decline in interest rates could result in declining net interest margins if longer duration assets reprice faster than deposits.

Rising interest rates reduce the value of our fixed-rate securities. Unrealized losses from available-for-sale securities impact our OCI, shareholders’ equity, and the Tangible Common Equity ratio. Any realized securities losses impact our regulatory capital ratios. For more information, refer to “Market Risk” section of the MD&A.

2025 Form 10-K 31

Certain investment securities, notably mortgage-backed securities, are sensitive to rising and falling interest rates. Generally, when rates rise, prepayments of principal and interest will decrease, and the duration of mortgage-backed securities will increase. Conversely, when rates fall, prepayments of principal and interest will increase, and the duration of mortgage-backed securities will decrease. In either case, interest rates have a significant impact on the value of mortgage-backed securities.

MSR fair values are sensitive to movements in interest rates, as expected future net servicing income depends on the projected outstanding principal balances of the underlying loans, which can be reduced by prepayments. Prepayments usually increase when mortgage interest rates decline and decrease when mortgage interest rates rise.

In addition to volatility associated with interest rates, the Company also has exposure to equity markets related to the investments within our benefit plans and other income from client-based transactions.

Inflation could negatively impact our business, our profitability, and our stock price.

Prolonged periods of inflation may impact our profitability by negatively impacting our fixed costs and expenses, including increasing funding costs and expense related to talent acquisition and retention. Additionally, inflation may lead to a decrease in consumer and clients’ purchasing power and negatively affect the need or demand for our products and services. If significant inflation continues, our business could be negatively affected by, among other things, increased default rates leading to credit losses which could decrease our appetite for new credit extensions. These inflationary pressures could also result in missed earnings and budgetary projections causing our stock price to suffer.

Industry competition may have an adverse effect on our success.

Our profitability depends on our ability to compete successfully. We operate in a highly competitive environment, and we expect competition to intensify. Certain of our competitors are larger and have more resources than we do, enabling them to be more aggressive than us in competing for loans and deposits. Our competitors could be made larger through merger or consolidation. In our market areas, we face competition from other banks and financial service companies that offer similar services. Some of our non-bank competitors are not subject to the same extensive regulations we are and, therefore, may have greater flexibility in competing for business. Technological advances have made it possible for our non-bank competitors to offer products and services that traditionally were banking products and for financial institutions and other companies to provide electronic and internet-based financial solutions, including mobile payments, online deposit accounts, electronic payment processing, and marketplace lending, without having a physical presence where their customers are located. Legislative or regulatory changes also could lead to increased competition in the financial services sector. Our ability to compete successfully depends on a number of factors, including customer convenience, quality of service by investing in new products and services, electronic platforms, personal contacts, pricing, and range of products. If we are unable to successfully compete for new customers and retain our current customers, our business, financial condition, or results of operations may be adversely affected. In particular, if we experience an outflow of deposits as a result of our customers seeking investments with higher yields or greater financial stability, or a desire to do business with our competitors, we may be forced to rely more heavily on borrowings and other sources of funding to operate our business and meet withdrawal demands, thereby adversely affecting our net interest margin. For more information, refer to “Competition” section of Item 1: Business.

Liquidity Risks:

Changes in Huntington’s financial condition or in the general banking industry, or changes in interest rates, could result in a loss of depositor confidence.

Liquidity is the ability to meet cash flow needs on a timely basis at a reasonable cost. The Bank uses its liquidity to extend credit and to repay liabilities as they become due or as demanded by customers.

32 Huntington Bancshares Incorporated

Our primary source of liquidity is our large supply of deposits from consumer and commercial customers. The continued availability of this supply depends on customer willingness to maintain deposit balances with banks in general, and with us in particular. The availability of deposits can also be impacted by regulatory changes (e.g., changes in FDIC insurance, liquidity requirements, etc.), changes in the financial condition of Huntington, other banks, or the banking industry in general, changes in the interest rates our competitors pay on their deposits, and other events which can impact the perceived safety or economic benefits of bank deposits. While we make significant efforts to consider and plan for hypothetical disruptions in our deposit funding, market-related, geopolitical, or other events could impact the liquidity derived from deposits.

We are a holding company and depend on dividends from our subsidiaries for liquidity needs.

Huntington is an entity separate and distinct from the Bank. The Bank conducts most of our operations, and Huntington depends upon dividends from the Bank to service Huntington’s operating costs and to pay dividends to Huntington’s shareholders. The availability of dividends from the Bank is limited by various statutes and regulations. It is possible, depending upon the financial condition, including liquidity and capital adequacy of the Bank, and other factors, that the OCC could limit the payment of dividends or other payments to Huntington by the Bank. In addition, the payment of dividends by our other subsidiaries is also subject to the laws of the subsidiary’s state of incorporation, and regulatory capital and liquidity requirements applicable to such subsidiaries. In the event that the Bank was unable to pay dividends to us, we in turn would likely have to reduce or stop paying dividends on our Preferred and Common Stock. Our failure to pay dividends on our Preferred and Common Stock could have a material adverse effect on the market price of our Preferred and Common Stock. Additional information regarding dividend restrictions is provided in Item 1: Business - “Regulatory Matters.”

If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities.

Wholesale funding sources can include securitization, federal funds purchased, securities sold under repurchase agreements, brokered deposits, and long-term debt. The Bank is also a member of the FHLB, which provides members access to funding through advances collateralized with mortgage-related assets. We maintain a portfolio of highly rated, marketable securities that is available as a source of liquidity.

Capital markets disruptions can directly impact the liquidity of Huntington and the Bank. Our ability to access the capital markets, if needed, will depend on a number of factors, including the state of the financial markets. Rising interest rates, disruptions in financial markets, negative perceptions of our business or our financial strength, negative perceptions of the overall banking industry or of other regional banks, or other factors may impact our ability to raise additional capital, if needed, on terms acceptable to us. For example, in the event of future turmoil in the banking industry or other idiosyncratic events, there is no guarantee that the U.S. government will invoke the systemic risk exception, create additional liquidity programs, or take any other action to stabilize the banking industry or provide liquidity. Any diminished ability to access short-term funding or capital markets to raise additional capital, if needed, could subject us to liability, restrict our ability to grow, require us to take actions that would affect our earnings negatively or otherwise adversely affect our business and our ability to implement our business plan, capital plan, and strategic goals.

A reduction in our credit rating could adversely affect our access to capital and could increase our cost of funds.

The credit rating agencies regularly evaluate Huntington and the Bank. Credit ratings are based on a number of factors, including our financial strength and ability to generate earnings, as well as factors not entirely within our control, including conditions affecting the financial services industry, the economy, and changes in rating methodologies. There can be no assurance that we will maintain our current credit ratings. A downgrade of the credit ratings of Huntington or the Bank could adversely affect our access to liquidity and capital, and could significantly increase our cost of funds, trigger additional collateral or funding requirements, and decrease the number of investors and counterparties willing to lend to us or purchase our securities. This could affect our growth, profitability, and financial condition, including liquidity.

2025 Form 10-K 33

Instability in global economic conditions and geopolitical matters, as well as volatility in financial markets, could have a material adverse effect on our results of operations and financial condition.

Instability in global economic conditions and geopolitical matters, as well as volatility in financial markets, could have a material adverse effect on our results of operations and financial condition. The macroeconomic environment in the U.S. is susceptible to global events and volatility in financial markets. For example, global conflicts (including the continuing conflicts involving Ukraine and the Russian Federation and those in the Middle East) or other similar events, as well as government actions or other restrictions in connection with such events, and trade negotiations between the U.S. and other nations could adversely impact economic and market conditions for the Company and its clients and counterparties. In addition, global supply chain disruptions may cause prolonged inflation, adversely impact consumer and business confidence, and adversely affect the economy as well as our financial condition and results.

Operational Risks:

Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our operations, liquidity, and financial condition, as well as cause legal or reputational harm.

The potential for operational risk exposure exists throughout our business and, as a result of our interactions with, and reliance on, third parties, is not limited to our own internal operational functions. Our operational and security systems and infrastructure, including our computer systems, data management, and internal processes, as well as those of third parties, are integral to our performance. We rely on our employees and third parties in our day-to-day and ongoing operations, who may, as a result of human error, misconduct, malfeasance, failure, or breach of our or of third-party systems or infrastructure, expose us to risk. For example, our ability to conduct business may be adversely affected by any significant operational disruptions, compromises or failures of us or of third parties with which we do business or upon which we rely.

We face indirect technology, cybersecurity, data privacy and operational risks relating to the contractors, customers, clients, and other third parties with which we do business or upon which we rely to facilitate or enable our business activities, including, for example, financial counterparties, regulators, and providers of critical infrastructure such as internet access and electrical power. As a result of increasing consolidation, interdependence, and complexity of financial entities and technology systems and infrastructure, a disruption, compromise or failure that significantly degrades, damages or destroys the systems or infrastructure, or the confidential, proprietary, personal and other information stored or processed thereon, of one or more financial entities could have a material impact on counterparties or other market participants, including us. This consolidation, interconnectivity, and complexity increases the risk of operational disruption, compromise or failure. Any third-party disruption, compromise or failure, including any technology failure, cyber-attack or other information or security breach, termination, or constraint could, among other things, adversely affect our ability to effect transactions, service our clients, manage our exposure to risk, or expand our business.

Our financial, accounting, data processing, backup, or other operational or security systems and infrastructure may also fail to operate properly or become disabled or damaged as a result of a number of factors, including events that are wholly or partially beyond our control, which could adversely affect our ability to process transactions, provide services, or otherwise conduct business. Such events may include: sudden increases in customer transaction volume; electrical, telecommunications, or other major service outages; disruptions in client access to our digital platforms and mobile applications; disease pandemics; cyber-attacks or other information or security breaches; software or hardware failures; and events arising from local or larger scale political or social matters, including wars and terrorist attacks. Additional events beyond our control that could impact our business directly or indirectly include natural disasters such as wildfires, earthquakes, and weather events, including tornadoes, hurricanes, and floods. Neither the occurrence nor the potential impact of these events can be predicted, and the frequency and severity of weather events may be impacted by climate changes. In addition, we may need to take our systems or infrastructure off-line if they become subject to a cyber-attack or other information or security breach, such as becoming infected with malware or a computer virus.

34 Huntington Bancshares Incorporated

We frequently update our systems and infrastructure to support our operations and growth and to remain compliant with applicable laws, rules, and regulations. These updates entail significant costs and create risks associated with implementing new systems and integrating them with existing ones, including business interruptions. Implementation and testing of controls related to our computer systems and infrastructure, security monitoring, and retaining and training personnel required to operate our systems and infrastructure also entail significant costs. For more information regarding the Company’s process for assessing, identifying, and managing material risks from cybersecurity threats, refer to Item 1C: Cybersecurity. There can be no guarantee that our updates to our systems and infrastructure or any other measures we take in order to prevent, mitigate or remediate any disruption, compromise or failure of our systems or infrastructure will be successful, adequate or otherwise result in our intended outcomes. For example, in the event that backup systems are utilized, they may not process data as quickly as our primary systems, and some data might not have been saved to backup systems, potentially resulting in a temporary or permanent loss of such data. In addition, our ability to implement backup systems and infrastructure and other safeguards with respect to third-party systems or infrastructure is more limited than with respect to our own systems and infrastructure. Even when a disruption, compromise, or failure is prevented, mitigated, or remediated in a timely manner, doing so may require substantial resources and management attention or other actions that could adversely affect customer satisfaction or retention, as well as harm our reputation. We also cannot be sure that our existing insurance coverage will continue to be available on acceptable terms, or at all, or that our insurers will not deny coverage to any future claim. Operational risk exposures could adversely impact our operations, liquidity, and financial condition, as well as cause reputational harm.

We face risks from cyber-attacks and other information or security breaches, including denial of service attacks, hacking, social engineering attacks targeting our colleagues, contractors, and customers, malware intrusion or data corruption attempts, and identity theft that could result in the disclosure of confidential, proprietary, personal and other information, any of which could adversely affect our business or reputation, and create significant legal and financial exposure.

Our computer and data management systems and network infrastructure, and those of third parties on which we are highly dependent, are subject to cybersecurity risks and could be susceptible to cyber-attacks or other information or security breaches. Our business relies on the secure processing, transmission, storage, and retrieval of confidential, proprietary, personal, and other information in our computer and data management systems and network infrastructure, and in the computer and data management systems and network infrastructure of third parties. In addition, to access our network, products, and services, our customers and other third parties may use personal mobile devices or computing devices that are outside of our network environment and are subject to their own cybersecurity risks.

We, along with our customers, regulators, and other third parties, including other financial services institutions and companies engaged in data processing, have been subject to, and are likely to continue to be the target of, cyber-attacks or other information or security breaches. These cyber-attacks or other information or security breaches include computer viruses, denial of service attacks, hacking, social engineering attacks (including phishing and smishing attacks) targeting our colleagues, contractors, and customers, malware intrusion or data corruption attempts, ransomware, improper access by employees or contractors, identity theft, and other security breaches that could result in the unauthorized release, gathering, monitoring, misuse, loss, destruction, or other processing of confidential, proprietary, personal, and other information of ours, our employees, our customers, or of third parties, damage our systems and infrastructure or otherwise materially disrupt our, our customers’, or other third parties’ network access or business operations. As cyber-attacks or other information or security breaches continue to evolve, we may be required to expend significant additional resources to continue to modify or enhance our protective measures or to investigate and remediate any cybersecurity vulnerabilities or cyber-attacks or other information or security breaches. Despite efforts to ensure the integrity of our systems and implement controls, processes, policies, and other protective measures, we may not be able to anticipate all security breaches, nor may we be able to implement sufficient preventive measures against such cyber-attacks or other information or security breaches, which may result in material losses or consequences for us.

2025 Form 10-K 35

Cybersecurity risks for banking organizations have significantly increased in recent years in part because of the proliferation of new technologies, including AI, and the use of the internet and telecommunications technologies to conduct financial transactions. For example, cybersecurity risks may increase in the future as we continue to increase our mobile-payment and other internet-based product offerings and expand our internal usage of web-based products and applications. In addition, cybersecurity risks have significantly increased in recent years in part due to the increased sophistication and activities of cyber threat actors, such as organized crime affiliates, terrorist organizations, state-sponsored actors, hostile foreign governments, disgruntled employees or vendors, activists, and other external parties, including those involved in corporate espionage, any of whom may enhance their efforts through the use of AI. Even the most advanced internal control environment may be vulnerable to compromise. Due to increasing geopolitical tensions, nation state cyber-attacks and ransomware are both increasing in sophistication and prevalence. Targeted social engineering and email attacks (i.e., “spear phishing” attacks) are becoming more sophisticated and are extremely difficult to prevent. In such an attack, an attacker will attempt to fraudulently induce colleagues, contractors, customers, clients, or other users of our systems and infrastructure to disclose sensitive information in order to gain access to our, our customers’, or our clients’ systems and infrastructure, or the confidential, proprietary, personal, or other information stored or processed thereon. Persistent attackers may succeed in penetrating defenses given enough resources, time, and motive. The techniques used by cyber threat actors change frequently, may not be recognized until launched, and may not be recognized until well after a cyber-attack or other information or security breach has occurred. The speed at which new vulnerabilities are discovered and exploited, often before security patches are published, continues to rise. Remote work further increases the risk that we may experience cyber-attack or other information or security breaches as a result of our colleagues, contractors, and other third parties with which we do business or upon which we rely working remotely on less secure systems and environments.

The risk of a security breach caused by a cyber-attack or other information security breach at a third party with which we do business or upon which we rely, or by unauthorized access by such third party, has also increased in recent years. Additionally, the existence of cyber-attacks or other information or security breaches at such third parties with access to our confidential, proprietary, personal, and other information may not be disclosed to us in a timely manner. Further, our ability to monitor such third parties’ cybersecurity practices is limited. Although we generally have agreements relating to cybersecurity and data privacy in place with third parties, we cannot guarantee that such agreements will prevent a cyber-attack or other information or security breach impacting our confidential, proprietary, personal, or other information, or enable us to obtain adequate or any reimbursement from such third parties in the event we should suffer any disruption, compromise, failure, liability, reputational harm, or other cost or expense. Due to applicable laws and regulations or contractual obligations, we may be held responsible for cyber-attacks or other information or security breaches attributed to such third parties as they relate to the information we share with them.

Cyber-attacks or other information or security breaches, whether directed at us or third parties, may result in a material loss or have material consequences. Furthermore, the public perception that a cyber-attack or other information or security breach on our systems or infrastructure has been successful, whether or not this perception is correct, may damage our reputation with customers, clients, and third parties with which we do business. Risks related to the hacking of confidential, proprietary, personal, and other information and identity theft risks, in particular, could cause serious reputational harm. A successful penetration or circumvention of our cybersecurity measures could cause us serious negative consequences, including: loss of customers, clients, and business opportunities; costs associated with maintaining business relationships after a cyber-attack or other information or security breach; significant business disruption to our operations and business, misappropriation, exposure, or destruction of our confidential, proprietary, personal, and other information, intellectual property, funds, and/or those of our customers or clients; or damage to our, our customers’, our clients’, and/or third parties’ systems or infrastructure. The occurrence of any of these events could result in a violation of applicable data privacy laws and regulations and other laws and regulations, litigation exposure, regulatory fines, penalties or intervention, loss of confidence in our cybersecurity measures, reputational damage, reimbursement or other compensatory costs, additional compliance costs, and could adversely impact our results of operations, liquidity, and financial condition. In addition, we may not have adequate insurance coverage to compensate for losses from a major cyber-attack or other information or security breach. We also cannot be sure that our existing insurance coverage will continue to be available on acceptable terms or at all or that our insurers will not deny coverage to any future claim.

36 Huntington Bancshares Incorporated

We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets.

We are exposed to many types of operational risks, including the risk of fraud or theft by colleagues or outsiders, unauthorized transactions by colleagues or outsiders, operational errors by colleagues, business disruption, and system failures. Huntington executes against a significant number of controls, a large percent of which are manual and dependent on adequate execution by colleagues and third-party service providers. There is inherent risk that unknown single points of failure through the execution chain could give rise to material loss through inadvertent errors or malicious attack. These operational risks could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and the capital markets.

Moreover, negative public opinion can result from our actual or alleged conduct in any number of activities, including relating to our customers, products, and business practices; corporate governance; acquisitions; and from actions taken by government regulators and community organizations in response to those activities. Negative public opinion can adversely affect our ability to attract and retain customers and can also expose us to litigation and regulatory action.

We grow our business in part by acquiring, from time to time, other financial services businesses and businesses with technologies or other assets valuable to us. Acquisitions present several risks and uncertainties related both to the acquisition transactions themselves and to the integration of the acquired businesses into Huntington after closing.

Acquisitions of other companies or of financial assets, deposits, and other liabilities present risks and uncertainties to us, in addition to those presented by the nature of the business acquired, which may materially and adversely affect our results of operations. Many of the same risks arise when we engage in strategic partnerships. Our ability to analyze the risks presented by prospective acquisitions, as well as our ability to prepare in advance of closing and integration, may be limited to the extent that we cannot gather necessary or desirable information with respect to the business we are acquiring. We may also make certain assumptions related to an acquisition that may prove to be inaccurate and that may limit the anticipated benefits (such as cost savings from synergies or strategic gains from being able to offer enhanced product sets) or make the acquisition more expensive or take longer to complete and integrate than anticipated. Prior to closing, prospective acquirees are also subject to their own risks that we cannot manage or control. Our ability to complete an acquisition may be dependent on regulatory agencies with responsibilities for reviewing or approving the transaction, which could delay, restrictively condition, or result in denial of an acquisition, or otherwise limit the benefits of the acquisition. Changes in regulatory rules or standards or the application of those rules or standards, or future regulatory initiatives designed to promote competition or limit systematic risk and the potential for a financial institution to become too big to fail, may also limit our ability to complete an acquisition.

Acquisitions have their own risks that could impact the success of an acquisition and its integration into Huntington, such as:

•If a significant aspect of the value of the transaction is intellectual property, the extent to which the intellectual property may be utilized or protected and commercialized by Huntington.

•If the acquisition includes loan portfolios, the extent of actual credit losses and the required allowance for credit losses following completion of the acquisition.

•If the acquisition involves entering into new businesses or geographic or other markets, potential limitations on our ability to take advantage of those opportunities because of our inexperience with respect to them.

•The results of litigation and governmental investigations that may be pending at the time of the acquisition or that may be filed or commenced thereafter, because of an acquisition or otherwise, which are often hard to predict.

•Operational and compliance issues at an acquiree may not be fully identified or remediated until after the acquisition closes, potentially resulting in increased costs or penalties.

2025 Form 10-K 37

•Models used by an acquiree, such as for capital planning and credit loss accounting, may be designed or implemented in a manner different than at Huntington, and our necessary reliance on these for a period of time, could materially impact our financial position or results of operations to the extent that our estimates based on these models are inaccurate.

•Enterprise risk management systems, policies, and procedures may be different and less mature than those of Huntington, and our necessary reliance on those for a period of time may limit our ability to identify, monitor, manage, and report risks, or subject us to heightened regulatory, legal, operational, or reputational risk.

After closing, the success of an acquisition is partially dependent on our ability to retain and expand upon the acquired company’s customer base. It is also frequently subject to risks related to human capital, including risks related to integrating the corporate culture of the acquired company and, to the extent being retained, the quality of leadership of the acquired company.

Failure to maintain effective internal controls over financial reporting could impair our ability to accurately and timely report our financial results or prevent fraud, resulting in loss of investor confidence and adversely affecting our business and our stock price.

Effective internal controls over financial reporting are necessary to provide reliable financial reports and prevent fraud. We are subject to regulation that focuses on effective internal controls and procedures. Such controls and procedures are modified, supplemented, and changed from time-to-time as necessitated by our growth and in reaction to external events and developments. Any failure to maintain an effective internal control environment could impact our ability to report our financial results on an accurate and timely basis, which could result in regulatory actions, loss of investor confidence, and an adverse impact on our business and our stock price.

We rely on quantitative models to measure risks and to estimate certain financial values.

Quantitative models may be used to help manage certain aspects of our business and to assist with certain business decisions, including estimating expected lifetime credit losses, measuring the fair value of financial instruments when reliable market prices are unavailable, estimating the effects of changing interest rates and other market measures on our financial condition and results of operations, managing risk, and for capital planning purposes (including during the CCAR capital planning and capital adequacy process). Our measurement methodologies rely on many assumptions, historical analyses, and correlations. These assumptions may not capture or fully incorporate conditions leading to losses, particularly in times of market distress, and the historical correlations on which we rely may no longer be relevant. Additionally, as businesses and markets evolve, our measurements may not accurately reflect this evolution. Even if the underlying assumptions and historical correlations used in our models are adequate, our models may be deficient due to errors in computer code, inaccurate data, misuse of data, or the use of a model for a purpose outside the scope of the model’s design.

All models have certain limitations. Reliance on models presents the risk that our business decisions based on information incorporated from models will be adversely affected due to incorrect, missing, or misleading information. In addition, our models may not capture or fully express the risks we face, may suggest that we have sufficient capitalization when we do not, or may lead us to misjudge the business and economic environment in which we will operate. If our models fail to produce reliable results on an ongoing basis, we may not make appropriate risk management, capital planning, or other business or financial decisions. Strategies that we employ to manage and govern the risks associated with our use of models may not be effective or fully reliable. Also, information that we provide to the public or regulators based on poorly designed models could be inaccurate or misleading.

Banking regulators continue to focus on the models used by banks and bank holding companies in their businesses. Some of our decisions that the regulators evaluate, including distributions to our shareholders, could be affected adversely due to their perception that the quality of the models used to generate the relevant information is insufficient.

38 Huntington Bancshares Incorporated

We rely on third parties to provide key components of our business infrastructure.

We rely on third-party service providers, both domestically and offshore, to leverage subject matter expertise and industry best practice, provide enhanced products and services, and reduce costs. Although there are benefits in entering into third-party relationships with vendors and others, there are risks associated with such activities. When entering a third-party relationship, the risks associated with that activity are not passed to the third party but remain our responsibility. The Risk Oversight Committee of the Board of Directors provides oversight related to the overall risk management process associated with third-party relationships. Management is accountable for the review and evaluation of all new and existing third-party relationships. Management is responsible for ensuring that adequate controls are in place to protect us and our customers from the risks associated with vendor relationships.

Increased risk could occur based on poor planning, oversight, control, and inferior performance or service on the part of the third party and may result in legal costs or loss of business. While we have implemented a vendor management program to actively manage the risks associated with the use of third-party service providers, any problems caused by third-party service providers could adversely affect our ability to deliver products and services to our customers and to conduct our business. Replacing a third-party service provider could also take a long period of time and result in increased expenses.

Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations.

The FASB, regulatory agencies, and other bodies that establish accounting standards periodically change the financial accounting and reporting standards governing the preparation of our financial statements. Additionally, those bodies that establish and interpret the accounting standards (such as the FASB, SEC, and banking regulators) may change prior interpretations or positions on how these standards should be applied. Any such changes could affect how we report our financial conditions and results of operations.

For further discussion, see Note 2 - “Accounting Standards Update” to the Consolidated Financial Statements.

Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations.

Our goodwill could become impaired in the future. If goodwill were to become impaired, it could limit the ability of the Bank to pay dividends to Huntington, adversely impacting Huntington liquidity and ability to pay dividends to shareholders or repay debt. Assumptions affecting our goodwill impairment evaluation include earnings projections, the discount rates used in the income approach to measure fair value, and observed peer multiples used in estimating the fair value under the market approach. We are required to test goodwill for impairment at least annually or when impairment indicators are present. If an impairment determination is made in a future reporting period, our earnings and book value of goodwill will be reduced by the amount of the impairment. If an impairment loss is recorded, it will have little or no impact on the tangible book value of our common stock, or our regulatory capital levels, but such an impairment loss could significantly reduce the Bank’s earnings and thereby restrict the Bank’s ability to make dividend payments to us without prior regulatory approval, which in turn could impact our ability to pay dividends. At December 31, 2025, the book value of our goodwill was $6.0 billion, substantially all of which was recorded at the Bank. Any such write down of goodwill or other acquisition-related intangibles will reduce Huntington’s earnings, as well.

2025 Form 10-K 39

Climate change manifesting as physical or transition risks could adversely affect our operations, businesses, and customers.

There is an increasing concern over the risks of climate change and related environmental sustainability matters. The physical risks of climate change include discrete events, such as flooding, hurricanes, and wildfires, and longer-term shifts in climate patterns, such as extreme heat, sea level rise, and more frequent and prolonged drought. Under medium or longer-term scenarios, such events, if uninterrupted or unaddressed, could disrupt our operations or those of our customers or third parties on which we rely, including through direct damage to assets and indirect impacts from supply chain disruption and market volatility. Additionally, transitioning to a low-carbon economy may entail extensive policy, legal, technology, and market initiatives. Transition risks, including changes in consumer preferences and additional regulatory requirements or supervisory expectations or taxes, could increase our expenses and undermine our strategies. In addition, our reputation and client relationships may be damaged as a result of our practices related to climate change, including our involvement, or our customers’ involvement, in certain industries or projects, in the absence of mitigation and/or transition measures, associated with causing or exacerbating climate change, as well as any decisions we make to continue to conduct or change our activities in response to considerations relating to climate change. As climate risk is interconnected with all key risk types, we have established a formal climate risk program to embed climate risk considerations into our risk management processes across all established risk pillars, such as market, credit, and operational risks. While the timing and severity of climate change may not be entirely predictable and our risk management processes may not be effective in mitigating climate risk exposure, we continue to build capabilities to identify, assess, and manage climate risks.

We use AI in connection with our business and operations, which exposes us to inherent risks that may expose us to material harm.

We use AI in connection with our business and operations, including through the models we employ. AI is complex and rapidly evolving, and the introduction of AI, a relatively new and emerging technology in the early stages of commercial use, into our business and operations may subject us to new or heightened legal, regulatory, ethical, operational, reputational, or other risks. The models underlying AI may be incorrectly or inadequately designed or implemented and trained on, or otherwise use, data or algorithms that are, and output that may be, incomplete, inadequate, misleading, biased, poor-quality or otherwise flawed, any of which may not be easily detectable. Further, inappropriate or controversial data practices by developers and end-users or other factors adversely affecting public opinion of AI could impair the acceptance of AI, including those incorporated in our business and operations. If the AI that we use is deficient, inaccurate or controversial, we could incur operational inefficiencies, competitive harm, legal and regulatory action, brand or reputational harm, or other adverse impacts on our business and financial results. Further, there can be no assurance that our use of AI will be successful in enhancing our business or operations, be successfully adopted and deployed by our colleague base, or otherwise result in our intended outcomes, and our competitors may incorporate AI into their businesses or operations more quickly or more successfully than us.

AI and the use thereof is also subject to a variety of existing laws and regulations, including fair lending, consumer protection, intellectual property, cybersecurity, data privacy, and equal opportunity, and is expected to be subject to new laws and regulations or new applications of existing laws and regulations. AI is the subject of evolving review by various governmental and regulatory agencies, and changes in laws and regulations governing AI may adversely affect our ability to use AI. Additionally, various federal, state and foreign governments and regulators have implemented, or are considering implementing, general legal and regulatory frameworks for the appropriate use of AI. It is possible that we will not be able to anticipate how to respond to these rapidly developing laws and regulations. Further, if we do not have sufficient rights to use the data or algorithms on which our AI solutions rely or the output generated thereby, we also may incur liability through the violation of applicable laws and regulations, such as fair lending laws and regulations, third-party intellectual property, privacy or other rights, or contracts to which we are a party. We may not be able to sufficiently mitigate or detect any of the foregoing risks or concerns given our and other market participants’ lack of experience with using AI, the pace of technological change, and rapid adoption of AI by our business partners and competitors. Any actual or perceived failure to address risks or concerns relating to the use of AI, whether unfounded or not, could adversely affect our business and operations.

40 Huntington Bancshares Incorporated

Compliance Risks:

We operate in a highly regulated industry, and the laws and regulations that govern our operations, corporate governance, executive compensation and financial accounting, or reporting, including changes in them, or our failure to comply with them, may adversely affect us and our business model.

The banking industry is highly regulated. We are subject to supervision, regulation, and examination by various federal and state regulators, including the Federal Reserve, OCC, SEC, CFPB, FDIC, FINRA, and various state regulatory agencies. The statutory and regulatory framework that governs us is generally intended to protect depositors and customers, the DIF, the U.S. banking and financial system, and financial markets as a whole - not to protect shareholders. These laws and regulations, many of which are discussed in Item 1: Business - “Regulatory Matters,” among other matters, prescribe minimum capital requirements, impose limitations on our business activities (including foreclosure and collection practices), limit the dividend or distributions that we can pay, restrict the ability of institutions to guarantee our debt, and impose certain specific accounting requirements that may be more restrictive and may result in greater or earlier charges to earnings or reductions in our capital than GAAP. Compliance with laws and regulations can be difficult and costly, and changes to laws and regulations often impose additional compliance costs. Such regulation and supervision may increase our costs and limit our ability to pursue business opportunities. Further, our failure to comply with these laws and regulations, even if the failure was inadvertent or reflects a difference in interpretation, could subject us to restrictions on our business activities, fines, and other penalties, any of which could adversely affect our results of operations, capital base, and the price of our securities. Further, any new laws, rules, and regulations could make compliance more difficult or expensive or otherwise adversely affect our business and financial condition.

Under the supervision of the CFPB, our consumer and business banking products and services are subject to heightened regulatory oversight and scrutiny with respect to compliance with consumer laws and regulations. We may face a greater number or wider scope of investigations, enforcement actions, and litigation in the future related to consumer practices, thereby increasing costs associated with responding to or defending such actions. Also, federal and state regulators have been increasingly focused on sales practices of branch personnel, including taking regulatory action against other financial institutions. In addition, increased regulatory inquiries and investigations, as well as any additional legislative or regulatory developments affecting our consumer businesses, and any required changes to our business operations resulting from these developments, could result in significant loss of revenue, require remuneration to our customers, trigger fines or penalties, limit the products or services we offer, limit the fees we are able to charge, require us to increase our prices and, therefore, reduce demand for our products, impose additional compliance costs on us, increase the cost of collection, cause harm to our reputation, or otherwise adversely affect our consumer businesses.

Legislative and regulatory actions taken now or in the future that impact the financial industry may materially adversely affect us by increasing our costs, adding complexity in doing business, impeding the efficiency of our internal business processes, negatively impacting the recoverability of certain of our recorded assets, requiring us to increase our regulatory capital, limiting our ability to pursue business opportunities, and otherwise resulting in a material adverse impact on our financial condition, results of operation, liquidity, or stock price.

Both the scope of the laws and regulations and the intensity of the supervision to which we are subject may increase in times of financial crisis, as well as a result of other factors such as technological and market changes. Compliance with these laws and regulations have resulted in and will continue to result in additional costs, which could be significant, and may have a material and adverse effect on our results of operations. In addition, if we do not appropriately comply with current or future legislation and regulations, especially those that apply to our consumer operations, which has been an area of heightened focus, we may be subject to fines, penalties or judgments, or material regulatory restrictions on our businesses, which could adversely affect operations and, in turn, financial results.

The Trump administration has sought to implement a regulatory reform agenda that is significantly different than that of the Biden administration. There have been changes in rulemaking, supervision, examination, and enforcement priorities of the federal banking agencies. The evolving regulatory and supervisory environment and uncertainty about the timing and scope of future laws, regulations, and policies may contribute to decisions we may make to suspend, reduce, or withdraw from existing businesses, activities, or initiatives, which may result in potential lost revenue or significant restructuring or related costs or exposures.

2025 Form 10-K 41

In addition, regulatory responses in connection with severe market downturns or unforeseen stress events may alter or disrupt our planned future strategies and actions. Adverse developments affecting the overall strength and soundness of other financial institutions, the financial services industry as a whole, and the general economic climate and U.S. Treasury market could have a negative impact on perceptions about the strength and soundness of our business even if we are not subject to the same adverse developments. For example, during 2023, the FDIC took control and was appointed receiver of Silicon Valley Bank, Signature Bank, and First Republic Bank, respectively. The failure of other banks and financial institutions and the measures taken by governments and regulators in response to these events, including increased regulatory scrutiny and heightened supervisory expectations, could adversely impact our business, financial condition, and results of operations.

The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period.

We face legal risks in our businesses, and the volume of claims and amount of damages and penalties claimed in litigation and regulatory proceedings against financial institutions remain high. Substantial legal liability against us could have material adverse financial effects or cause significant reputational harm to us, which in turn could seriously harm our business prospects. It is possible that the ultimate resolution of these matters, if unfavorable, may be material to the results of operations for a particular reporting period.

For more information on litigation risks, see Note 22 - “Commitments and Contingent Liabilities” to the Consolidated Financial Statements.

Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss.

The Bank Secrecy Act contains anti-money laundering and financial transparency provisions intended to detect and prevent the use of the U.S. financial system for money laundering and terrorist financing activities. The Bank Secrecy Act requires financial institutions to undertake activities including maintaining an anti-money laundering program, verifying the identity of clients, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. FinCEN, a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the federal bank regulatory agencies, as well as the DOJ, Drug Enforcement Administration, and IRS.

There is also increased scrutiny of compliance with the rules enforced by the OFAC. If our policies, procedures, and systems are deemed deficient or the policies, procedures, and systems of the financial institutions that we have already acquired or may acquire in the future are deficient, we would be subject to liability, including fines and regulatory actions such as restrictions on our ability to pay dividends and the necessity to obtain regulatory approvals to proceed with certain planned business activities, including acquisition plans, which would negatively impact our business, financial condition, and results of operations. Failure to maintain and implement adequate programs to combat money laundering and terrorist financing could also have serious reputational consequences for us.

For more information regarding the Bank Secrecy Act, Patriot Act, anti-money laundering requirements and OFAC-administered sanctions, refer to Item 1: Business - “Regulatory Matters.”

Cybersecurity and data privacy are areas of heightened legislative and regulatory focus.

As cybersecurity and data privacy risks for banking organizations and the broader financial system have significantly increased in recent years, cybersecurity and data privacy issues have become the subject of increasing legislative and regulatory focus. For more information regarding applicable cybersecurity and data privacy legislation and regulations, refer to Item 1: Business - “Regulatory Matters.”

42 Huntington Bancshares Incorporated

We share, use, collect, disclose and otherwise process personal information of our customers and counterparties, including, but not limited to, personal financial information. The sharing, use, collection, disclosure, and other processing of this type of information is governed by increasingly stringent and evolving legislation and regulations, the intent of which is to protect the privacy of personal information, including personal financial information. We may become subject to new legislation or regulations concerning cybersecurity and data privacy. We could be adversely affected if new legislation or regulations are adopted or if existing legislation or regulations are modified such that we are required to change our business practices, policies, or systems or otherwise incur significant additional costs and expenses in order to comply.

Further, we make public statements about our sharing, use, collection, disclosure, and other processing of personal information through our privacy policies, information provided on our website, and press statements. Although we endeavor to comply with our public statements and documentation, we may at times fail to do so or be alleged to have failed to do so. Our public statements and documentation that provide promises and assurances about cybersecurity and data privacy can subject us to potential government or legal action if they are found to be deceptive, unfair, or misrepresent our actual practices.

If cybersecurity or data privacy legislation or regulations are implemented, interpreted, or applied in a manner inconsistent with our current practices, or if we fail to comply (or are perceived to have failed to comply) with applicable legislation and regulation relating to cybersecurity and data privacy, we may be subject to fines, civil or criminal penalties, sanctions, litigation (including class actions), investigations or inquiries, or regulatory enforcement actions or ordered to change our business practices, policies, or systems in a manner that adversely impacts our operating results.

Strategic Risks:

We operate in a highly competitive industry which depends on our ability to successfully execute our strategic plan and adapt our products and services to evolving industry standards and consumer preferences.

We are subject to intense competition from both other financial institutions and from non-bank entities, including FinTech companies. Technology has lowered the barriers to entry, with customers having a growing variety of traditional and nontraditional alternatives, such as crowdfunding, digital wallets, cryptocurrencies, and money transfer services. The continuous widespread adoption of new technologies, including internet services and mobile applications, and advanced ATM functionality, is influencing how individuals and firms conduct their financial affairs and is changing the delivery channels for financial services. Our “People-First, Customer-Centered” strategic plan considers the implications of these changes in technology and how it may impact our customers. Additionally, these changes require us to adapt our product and services, as well as our distribution of them, to evolving industry standards and customer preferences. Failure to address competitive pressures could make it more difficult for us to attract and retain customers across our businesses.

Our success depends, in part, on our ability to successfully implement our strategic plan as well as adapt existing products and services and develop competitive new products and services demanded by our customers. The widespread adoption of technologies will continue to require substantial investments to modify or adapt existing products and services and to develop new products or services. Additionally, we may not be successful in executing our strategic plan, introducing new products or services, achieving market acceptance of new products or services, anticipating or reacting to customers changing preferences, or attracting and retaining loyal customers.

2025 Form 10-K 43

We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services.

We believe that our continued growth and future success will depend in large part on the skills of our management team and our ability to motivate and retain these individuals and other key personnel. The loss of service of one or more of our executive officers or key personnel could reduce our ability to successfully implement our long-term business strategy, our business could suffer, and the value of our stock could be materially adversely affected. Leadership changes will occur from time to time, and we cannot predict whether significant resignations will occur or whether we will be able to recruit additional qualified personnel. We believe our management team possesses valuable knowledge about the banking industry and that their knowledge and relationships would be very difficult to replicate. Our success also depends on the experience of our branch managers and lending officers and on their relationships with the customers and communities they serve. The loss of these key personnel could negatively impact our banking operations. The loss of key personnel, or the inability to recruit and retain qualified personnel in the future, could have an adverse effect on our business, financial condition, or operating results.

Bank regulations regarding capital and liquidity, including the CCAR assessment process and the U.S. Basel III capital and liquidity standards, could require higher levels of capital and liquidity. Among other things, these regulations could impact our ability to pay common stock dividends, repurchase common stock, attract cost-effective sources of deposits, or require the retention of higher amounts of low yielding securities.

The Federal Reserve administers CCAR, a periodic forward-looking quantitative assessment of Huntington’s capital adequacy and planned capital distributions and a review of the strength of Huntington’s practices to assess capital needs. The Federal Reserve makes a quantitative assessment of capital based on supervisory-run stress tests that assess the ability to maintain capital levels above each minimum regulatory capital ratio after making all capital actions included in Huntington’s capital plan, under baseline and stressful conditions throughout a nine-quarter planning horizon. The CCAR process is also used to determine Huntington’s SCB requirement. There can be no assurance that the Federal Reserve or OCC will respond favorably to our capital plans, planned capital actions, or stress test results, and the Federal Reserve, OCC, or other regulatory capital requirements may limit or otherwise restrict how we utilize our capital, including common stock dividends and stock repurchases.

We are also required to maintain minimum capital ratios and the Federal Reserve and OCC may determine that Huntington and/or the Bank, based on size, complexity, or risk profile, must maintain capital ratios above these minimums in order to operate in a safe and sound manner. In the event we are required to raise capital to maintain required minimum capital and leverage ratios or ratios above the required applicable minimums, we may be forced to do so when market conditions are undesirable or on terms that are less favorable to us than we would otherwise require. Furthermore, in order to prevent becoming subject to restrictions on our ability to distribute capital or make certain discretionary bonus payments to management, the Bank must maintain a CCB of 2.5%, and Huntington must maintain the applicable SCB determined as part of the CCAR process, which are in addition to our required minimum capital ratios.

We also face the risk of becoming subject to new or more stringent requirements in connection with the introduction of new regulations or modification of existing regulations, which could require us to hold more capital or liquidity or have other adverse effects on our businesses or profitability. For example, proposed changes to applicable capital and liquidity requirements, such as the Basel III Endgame Proposal and the long-term debt proposal, could result in increased expenses or cost of funding, which could negatively affect our financial results or our ability to pay dividends and engage in share repurchases.

For more information regarding CCAR, stress testing, and capital and liquidity requirements, refer to Item 1: Business - “Regulatory Matters.”

44 Huntington Bancshares Incorporated

Reputational Risk:

Damage to our reputation could significantly harm our business, including our competitive position and business prospects.

Our ability to attract and retain customers, clients, investors, and employees is affected by our reputation. Significant harm to our reputation can arise from various sources, including officer, director, or employee misconduct, actual or perceived unethical behavior, conflicts of interest, security breaches, litigation or regulatory outcomes, compensation practices, failing to deliver minimum or required standards of service and quality, failing to address customer and agency complaints, compliance failures, unauthorized release, gathering, monitoring, misuse, loss, destruction or other processing of confidential, proprietary, personal, and other information due to cyber-attacks or other information or security breaches, disruptions, compromises or failures of our systems or infrastructure, perception of our corporate responsibility or environmental practices and disclosures, and the activities of our clients, customers, and counterparties, including vendors. Reputational risk related to corporate policies and practices on corporate responsibility and ESG topics is increasingly complex. Divergent ideological and social views may create competing stakeholder, legislative, and regulatory scrutiny that may impact our reputation or operations. In particular, there is an increasing number of state-level anti-ESG initiatives in the U.S. that may conflict with other regulatory requirements or our various stakeholders’ expectations. Such divergent, sometimes conflicting, views on corporate responsibility and ESG-related matters increase the risk that any action or lack thereof by us on such matters will be perceived negatively by some stakeholders. Actions by the financial service industry generally or by institutions or individuals in the industry can adversely affect our reputation indirectly by association. In addition, adverse publicity or negative information posted on social media, whether or not factually correct, may affect our business prospects. All of these could adversely affect our growth, results of operation, and financial condition.

Cadence Merger Risks:

We are expected to incur substantial costs related to the Cadence Merger and integration.

We have incurred and will incur substantial expenses in connection with the negotiation and completion of the transactions contemplated by the Cadence Merger Agreement. These costs include legal, financial advisory, accounting, consulting and other advisory fees, public company filing fees and other regulatory fees and financial printing and other related costs.

We are expected to incur substantial costs in connection with the related integration of Cadence. There are a large number of processes, policies, procedures, operations, technologies, and systems that may need to be integrated, including purchasing, accounting and finance, payroll, compliance, treasury management, branch operations, vendor management, risk management, lines of business, pricing and benefits. While we have assumed that a certain level of costs will be incurred, there are many factors beyond our control that could affect the total amount or the timing of the integration costs. Moreover, many of the costs that will be incurred are, by their nature, difficult to estimate accurately. These integration costs may result in us taking charges against earnings following the completion of the Cadence Merger, and the amount and timing of such charges are uncertain at present.

Combining Huntington and Cadence may be more difficult, costly or time consuming than expected and Huntington and Cadence may fail to realize the anticipated benefits of the Cadence Merger.

The success of the Cadence Merger will depend, in part, on the ability to realize the anticipated cost savings from combining the businesses of Huntington and Cadence. To realize the anticipated benefits and cost savings from the Cadence Merger, Huntington and Cadence must successfully integrate and combine their businesses in a manner that permits those cost savings to be realized. If Huntington and Cadence are not able to successfully achieve these objectives, the anticipated benefits of the Cadence Merger may not be realized fully or at all or may take longer to realize than expected. In addition, the actual cost savings and anticipated benefits of the Cadence Merger could be less than anticipated, and integration may result in additional unforeseen expenses.

2025 Form 10-K 45

Prior to completion of the Cadence Merger on February 1, 2026, Huntington and Cadence operated independently. It is possible that the integration process could result in the loss of key employees, the disruption of each company’s ongoing businesses or inconsistencies in standards, controls, procedures, and policies that adversely affect the companies’ ability to maintain relationships with clients, customers, depositors, and colleagues or to achieve the anticipated benefits and cost savings of the Cadence Merger. Integration efforts between the two companies may also divert management attention and resources. These integration matters could have an adverse effect on each of Huntington and Cadence during this transition period and for an undetermined period after completion of the Cadence Merger on the combined company.

The future results of the combined company following the Cadence Merger may suffer if the combined company does not effectively manage its expanded operations.

Following the Cadence Merger, the size of the business of the combined company will increase significantly beyond the current size of either Huntington’s or Cadence’s business. The combined company’s future success will depend, in part, upon its ability to manage this expanded business, which may pose challenges for management, including challenges related to the management and monitoring of new operations and associated increased costs and complexity. The combined company may also become subject to higher regulatory and supervisory standards from governmental authorities as a result of the significant increase in the size of its business after the consummation of the Cadence Merger, which will cause Huntington to become subject to standards currently applicable to Category III banking organizations under the Federal Reserve’s Regulation YY, following the applicable transition period. There can be no assurances that the combined company will be successful or that it will realize the expected operating efficiencies, cost savings, revenue enhancements or other benefits currently anticipated from the Cadence Merger.

The combined company may be unable to retain Huntington or Cadence personnel successfully.

The success of the Cadence Merger will depend in part on the combined company’s ability to retain the talents and dedication of key employees currently employed by Huntington and Cadence. It is possible that these employees may decide not to remain with Huntington or Cadence, as applicable. If Huntington and Cadence are unable to retain key employees, including management, who are critical to the successful integration and future operations of the companies, Huntington and Cadence could face disruptions in their operations, loss of existing customers, loss of key information, expertise or know-how and unanticipated additional recruitment costs. In addition, if key employees terminate their employment, or if an insufficient number of employees are retained to maintain effective operations, the combined company’s business activities may be adversely affected and management’s attention may be diverted from successfully integrating the Bank and Cadence to hiring suitable replacements, all of which may cause the combined company’s business to suffer. In addition, Huntington and Cadence may not be able to locate or retain suitable replacements for any key employees who leave any of the companies.

HUNTINGTON BANCSHARES INC /MD/ (HBAN) Risk Factors

Item 1A: Risk Factors

Risk Factors Summary

The following is a summary of material risks that could adversely affect Huntington’s business, financial condition, results of operation, or business.

Credit Risks

•Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures, which could adversely affect our net income and capital.

•Weakness in economic conditions could adversely affect our business.

•Our emphasis on commercial lending may expose us to increased lending risks.

Market Risks

•Inflation could negatively impact our business, our profitability, and our stock price.

•Industry competition may have an adverse effect on our success.

Liquidity Risks

•Changes in Huntington’s financial condition or in the general banking industry, or changes in interest rates, could result in a loss of depositor confidence.

•We are a holding company and depend on dividends from our subsidiaries for liquidity needs.

•If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities.

•A reduction in our credit rating could adversely affect our access to capital and could increase our cost of funds.

•Instability in global economic conditions and geopolitical matters, as well as volatility in financial markets, could have a material adverse effect on our results of operations and financial condition.

Operational Risks

•Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our operations, liquidity, and financial condition, as well as cause legal or reputational harm.

•We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets.

•We rely on quantitative models to measure risks and to estimate certain financial values.

28 Huntington Bancshares Incorporated

Table of Contents

•Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations.

•Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations.

•Climate change manifesting as physical or transition risks could adversely affect our operations, businesses, and customers.

•We use AI in connection with our business and operations, which exposes us to inherent risks that may expose us to material harm.

Compliance Risks

•The resolution of significant pending litigation, if unfavorable, could have an adverse effect on our results of operations for a particular period.

•Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss.

Strategic Risks

•We operate in a highly competitive industry which depends on our ability to successfully execute our strategic plan and adapt our products and services to evolving industry standards and consumer preferences.

•We depend on our executive officers and key personnel to continue the implementation of our long-term business strategy and could be harmed by the loss of their services.

Reputational Risk

•Damage to our reputation could significantly harm our business, including our competitive position and business prospects.

Cadence Merger Risks

•Combining Huntington and Cadence may be more difficult, costly or time consuming than expected and Huntington and Cadence may fail to realize the anticipated benefits of the Cadence Merger.

•The future results of the combined company following the Cadence Merger may suffer if the combined company does not effectively manage its expanded operations.

•The combined company may be unable to retain Huntington or Cadence personnel successfully.

2025 Form 10-K 29

Table of Contents

Our ACL level may prove to not be adequate or be negatively affected by credit risk exposures, which could adversely affect our net income and capital.

In addition, regulatory review of risk ratings and loan and lease losses may impact the level of our ACL and could have a material adverse effect on our financial condition and results of operations.

Weakness in economic conditions could adversely affect our business.

•An increase in the number of delinquencies, bankruptcies, or defaults could result in a higher level of NPAs, NCOs, provision for credit losses, and valuation adjustments on loans held for sale.

30 Huntington Bancshares Incorporated

Table of Contents

Our emphasis on commercial lending may expose us to increased lending risks.

2025 Form 10-K 31

Table of Contents

Inflation could negatively impact our business, our profitability, and our stock price.

Industry competition may have an adverse effect on our success.

Changes in Huntington’s financial condition or in the general banking industry, or changes in interest rates, could result in a loss of depositor confidence.

32 Huntington Bancshares Incorporated

Table of Contents

We are a holding company and depend on dividends from our subsidiaries for liquidity needs.

If we lose access to capital markets, we may not be able to meet the cash flow requirements of our depositors, creditors, and borrowers, or have the operating cash needed to fund corporate expansion and other corporate activities.

A reduction in our credit rating could adversely affect our access to capital and could increase our cost of funds.

2025 Form 10-K 33

Table of Contents

Instability in global economic conditions and geopolitical matters, as well as volatility in financial markets, could have a material adverse effect on our results of operations and financial condition.

Our operational or security systems or infrastructure, or those of third parties, could fail or be breached, which could disrupt our business and adversely impact our operations, liquidity, and financial condition, as well as cause legal or reputational harm.

34 Huntington Bancshares Incorporated

Table of Contents

2025 Form 10-K 35

Table of Contents

36 Huntington Bancshares Incorporated

Table of Contents

We face significant operational risks which could lead to financial loss, expensive litigation, and loss of confidence by our customers, regulators, and capital markets.

•If a significant aspect of the value of the transaction is intellectual property, the extent to which the intellectual property may be utilized or protected and commercialized by Huntington.

•The results of litigation and governmental investigations that may be pending at the time of the acquisition or that may be filed or commenced thereafter, because of an acquisition or otherwise, which are often hard to predict.

•Operational and compliance issues at an acquiree may not be fully identified or remediated until after the acquisition closes, potentially resulting in increased costs or penalties.

2025 Form 10-K 37

Table of Contents

We rely on quantitative models to measure risks and to estimate certain financial values.

38 Huntington Bancshares Incorporated

Table of Contents

Changes in accounting policies, standards, and interpretations could affect how we report our financial condition and results of operations.

Impairment of goodwill could require charges to earnings, which could result in a negative impact on our results of operations.

2025 Form 10-K 39