INTERNATIONAL BANCSHARES CORP (IBOC) Business

Item 1. Business

General

We are a registered multibank financial holding company providing a diversified range of commercial and retail banking services in our main banking and branch facilities located in north, south, central, and southeast Texas and the State of Oklahoma. We were organized and we operate as a bank holding company within the meaning of the Bank Holding Company Act of 1956 (BHCA). As a bank holding company, we may own one or more banks and may engage in activities closely related to banking. In this regard, we are subject to supervision and regulation by the Board of Governors of the Federal Reserve System (FRB). In addition, all five of our wholly owned banking subsidiaries are members of and subject to regulation by the Federal Deposit Insurance Corporation (FDIC).  Our principal corporate offices are located in Laredo, Texas.

Our principal assets at December 31, 2025, consisted of all the outstanding capital stock of four Texas state banking associations and one Oklahoma state banking corporation as follows:

​

These five subsidiary banks are collectively referred to in this report as our “Subsidiary Banks.”

Our philosophy focuses on customer service as represented by the motto, “We Do More.” Our Subsidiary Banks maintain a strong commitment to their local communities by, among other things, appointing selected community members to local advisory boards. These local advisory boards help to direct the operations of the branches of each Subsidiary Bank under the supervision of the Subsidiary Bank’s board of directors, assist in developing or modifying our products and services to meet local customer needs, and introduce prospective customers to our many products and services.

We also own six direct, non-banking subsidiaries:

​

3

Table of Contents

We also own fifty-percent interests in Gulfstar Group I, Ltd. and Gulfstar Group II, Ltd., together with their related entities, all of which are involved in investment banking activities; a controlling interest in five merchant banking entities; and a majority ownership interest in a real-estate development partnership.

Available Information

Our Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to those reports, as well as our Proxy Statements, are available free of charge on or through the Investors section of our website at www.ibc.com/investors and can be accessed via the “SEC Filings” hyperlink under the “Investors” heading as soon as reasonably practicable after being electronically filed with, or furnished to, the SEC.  Those documents are also available on the SEC’s website at www.sec.gov. We have also posted on our website a Code of Ethics and Business Conduct, which applies to our directors, officers, and employees, and charters for our Audit Committee, Risk Committee, Compensation Committee, and Nominating Committee. Those documents can be accessed through the “Corporate Governance” hyperlink under the “Investors” heading of our website. The information found on our website is not incorporated by reference in this or any other report the Company files or furnishes to the SEC.

Services, Human Capital, and Diversified Workplace Culture

Our Subsidiary Banks have historically focused on providing commercial banking services to small- and medium-sized businesses located in their trade areas and select international banking services. In recent years, however, our Subsidiary Banks have emphasized consumer and retail banking, including mortgage lending, as well as opening branches in retail locations and shopping malls. Today, we have 166 facilities and 247 ATMs serving 75 communities in Texas and Oklahoma.

Through the Subsidiary Banks, we are engaged in the business of accepting checking and savings deposits and the making of commercial, real estate, personal, home improvement, automobile and other installment and term loans. Some Subsidiary Banks are highly active in facilitating international trade along the United States border with Mexico and elsewhere. Our international banking business includes providing letters of credit, making commercial and industrial loans, and providing foreign-exchange services. Each Subsidiary Bank also offers other related services, such as credit cards, safety deposit boxes, collections, escrow services, drive-up and walk-up facilities, and other customary banking services.

Each Subsidiary Bank makes available certain securities products through third-party providers and provides banking services during traditional and non-traditional banking hours through their ATM network and retail locations in shopping malls and other convenient places. Additionally, we offer IBC Bank Online, an Internet banking product that provides customers with online access to banking information and services 24 hours a day, as well as IBC Mobile Banking, which provides users with banking access from their mobile devices 24 hours a day. No material portion of our business may be deemed seasonal.

As of December 31, 2025, we and our Subsidiary Banks employed approximately 2,126 people full time and 193 persons part time. As of December 31, 2025, approximately 66% of our approximately 300-person officer management team have been with us for more than 15 years, and approximately 79% of those have been with us for more than 20 years.

​

Our mission is to develop a banking culture that builds genuine personal relationships with our customers and the communities we serve. The most significant component of that mission is to attract, develop, and maintain employees and officers of the highest quality, who are committed to their job, conduct themselves with the highest level of professionalism, devote themselves to their community, and relentlessly pursue perfection in their performance.

​

While senior management is certainly expected to lead by example, our objective is to instill our mission and cultural values throughout our entire organization. We are as dedicated to each other as “one team” moving in the same direction as we are to the communities we serve. We teach and train our employees to understand the reality of our customers’ everyday business, and to provide practical solutions based on extensive experience, ingenuity, continuity, balance, integrity, intelligence, and very strong work ethic and technical skills, including significant bilingual capabilities. Our team approach allows us to nurture excellence in our staff by developing superior valuation skills so that each of our staff members better understands the risks and returns of transactions better than our competitors. We provide extensive

4

Table of Contents

training for our employees in an effort to ensure that our customers receive superior customer service. We seek to develop superior skills at the transaction level, using a bottom-up approach to management. The use of pods, roundtables, and team huddles are fundamental to our approach.

​

We use compensation plans coupled with a complete evaluation program to reward and direct the development of our employees. Our compensation systems reflect the need to retain and develop a superior workforce, recognizing that unique and innovative programs need to be developed and maintained to retain highly qualified employees. We strive to provide pay, benefits, and services that help meet the varying needs of our employees. Compensation and benefits include market-competitive pay, retirement programs, broad-based bonuses, stock options, stock appreciation rights, health and welfare benefits, financial counseling, paid time off, and family leave.

​

We are committed to attracting, hiring, and retaining a diverse workforce that is representative of the communities in which we live and serve. Our employment practices are designed to promote workforce development, professional growth, and fair opportunities for all applicants and employees in all of our employment practices, including but not limited to, hiring, promoting, transferring, and compensating employees without regard to any characteristic protected by law. We also conduct training programs on equal employment opportunities and provide coaching and development initiatives that support merit-based advancement, strengthen employee engagement, and help all employees grow and contribute to our success. We are committed to fostering a workplace culture that attracts, develops, and retains talented employees, provides meaningful opportunities for career advancement, and supports community involvement.  In support of these efforts, we connect with and support community organizations, minority-and women-focused professional groups, and educational institutions to expand access to career pathways and build connections within the communities we serve.

​

We are also committed to maintaining a safe and healthy work environment, free from work-related injuries and illnesses and where every team member is treated with dignity and respect, without the fear of the threat of discrimination or harassment. As stated in our Board-approved Code of Ethics and Business Conduct, we expect all of our officers, directors, and employees to practice fair dealing, honesty, and integrity in every aspect of their interactions with other IBC employees, our customers, vendors, shareholders, suppliers, competitors, and government authorities, and the communities we serve.

​

None of our employees are represented by any collective bargaining unit or are parties to a collective bargaining agreement. We believe that we maintain positive employee relations.

​

Competition

We are one of the largest independent financial bank holding companies in the State of Texas.  Our primary market area in Texas is bordered on the east by the Galveston area, the northwest by Dallas, the southwest by Del Rio and to the southeast by Brownsville. Our primary market area also includes the State of Oklahoma. We compete for deposits and loans with other commercial banks, savings and loan associations, and credit unions in our primary market area. We have increased our market share in our primary market area in the past through strategic acquisitions.

We also compete against non-bank entities, which serve as an alternative to traditional financial institutions. The percentage of bank-related services being provided by non-bank entities has increased during the last several years, driven by technological advancements and evolving consumer preferences. If the regulatory environment becomes more accommodating to non-bank financial services providers, we may face heightened competitive challenges.

We do a large amount of business for customers domiciled in Mexico, with an emphasis in Northern Mexico. Deposits from persons and entities domiciled in Mexico comprise a large and stable portion of the deposit base of the Subsidiary Banks. These deposits comprised approximately 32%, 31% and 29% of the Subsidiary Banks’ total deposits for the three years ended December 31, 2025, 2024 and 2023, respectively. The imposition of tariffs and trade restrictions by the United States on Mexico may weaken the Mexican economy, potentially leading to lower deposit balances or increased withdrawals from our depositors domiciled in Mexico. In turn, a decline in our deposit base and liquidity could strain our ability to compete with other financial institutions that are less reliant on cross-border deposits. Similarly, in response to any increase in geopolitical tensions or strained U.S.-Mexico relations, depositors from Mexico may seek

5

Table of Contents

alternative financial institutions that are perceived as being more integrated within the Mexican financial industry, which could cause us to face increased competition.

Under the Financial Services Modernization Act of 1999, which is otherwise known as the Gramm-Leach-Bliley Act (GLBA), banks, securities firms and insurance companies may affiliate under an entity known as a financial holding company, which may then serve its customers varied financial needs through a single corporate structure. The GLBA significantly changed the competitive environment in which we and our Subsidiary Banks conduct business. The financial services industry will become even more competitive as further technological advances enable more companies to provide financial services. These technological advances may reduce the necessity of depository institutions and other financial intermediaries in the transfer of funds between parties. Additionally, as use of cryptocurrencies, blockchain technologies, and decentralized financial services gain broader regulatory approval, become more widely adopted by consumers, and become integrated into mainstream financial systems, we may be subject to additional competitive pressures from these alternative financial providers, which could reduce demand for the traditional banking services that we provide and attract customers away from traditional banking institutions like ours.

Supervision and Regulation

Banking is a complex, highly regulated industry. In addition to the generally applicable state and federal laws governing businesses and employers, we and our Subsidiary Banks are further extensively regulated by special federal and state laws governing financial institutions. These laws comprehensively regulate the operations of our Subsidiary Banks and include, among other matters:

​

Congress, state legislatures and applicable federal and state regulatory agencies are continually reviewing such statutes, regulations, and policies. Any change in such laws or policies applicable to us and our subsidiaries could have a material adverse effect on our business, financial condition, or results of operations. Recent challenges to the scope of agencies’ regulatory authority have increased uncertainty with respect to the implementation, scope, and timing of regulatory reforms. With few exceptions, state and federal banking laws have as their principal objective either the maintenance of the safety and soundness of the federal deposit insurance system or the protection of consumers, rather than the specific protection of our shareholders or creditors. Changes in the regulatory landscape that may accompany the recent change in presidential administration, including the potential restructuring or elimination of certain of the regulatory agencies that have historically regulated the banking industry, could create uncertainty regarding our compliance obligations and the rules by which our business operations will be governed.

Further, our earnings are affected by the fiscal and monetary policies of the FRB, which regulates the national money supply in order to mitigate recessionary and inflationary pressures. These monetary policies significantly influence the overall growth of bank loans, investments, and deposits, as well as the interest rates charged on loans or paid on time and savings deposits. The nature of future monetary policies and the effect of such policies on our future earnings and business cannot be predicted.

Interest Rate Reform Upon the Discontinuation of LIBOR

The discontinuation of the benchmark interest rate known as U.S.-dollar London Interbank Offered Rate (LIBOR) was completed on June 30, 2023. Prior to that date, we had various loans, derivative contracts, borrowings, and other financial instruments with attributes that were either directly or indirectly dependent on LIBOR. Our completion of the transition from LIBOR during the second quarter of 2023 did not have any adverse impacts on our business, financial condition, or results of operations, and each of the loan documents, financial instruments, and other agreements related to

6

Table of Contents

our LIBOR-based securities had fallback provisions that determined what reference rate would replace LIBOR upon its discontinuation. For example, on July 1, 2023, the interest-rate index on the capital and common securities issued by our four statutory business trusts transitioned from LIBOR to the Three-Month CME Term Secured Overnight Financing Rate with a spread adjustment of 26 basis points.

The Dodd-Frank Act

The “Dodd-Frank Wall Street Reform and Consumer Protection Act” (Dodd-Frank Act), which was enacted in 2010, represented a sweeping overhaul of many aspects of the regulation of the financial services industry. The Dodd-Frank Act created far-reaching changes across the financial regulatory landscape by addressing areas like systemic risk, capital adequacy, deposit insurance assessments, consumer financial protection, interchange fees, derivatives, lending limits, mortgage-lending practices, investment-advisor registration, and changes among the bank regulatory agencies. Some of the most notable reforms under the Dodd-Frank Act have included:

Many provisions of the Dodd-Frank Act became effective upon enactment, while others were subject to further study, SEC rulemaking and discretion afforded to federal regulators. Some provisions have only recently taken effect or will take effect in the future, making it difficult to anticipate the overall financial impact on us, our customers, or the financial industry in general. Provisions in the legislation that affect deposit insurance assessments, payment of interest on demand deposits and interchange fees are likely to increase the costs associated with deposits, as well as place limitations on certain revenues those deposits may generate. Provisions that require revisions to our capital requirements could require us to seek other sources of capital in the future.

7

Table of Contents

FRB Approvals

As a registered bank holding company, we are subject to supervision by, among others, the FRB. As such, we are required to file with the FRB annual reports and other information regarding our business operations and those of our Subsidiary Banks. We are also subject to periodic examination by the FRB. Under the BHCA, a bank holding company is prohibited from acquiring direct or indirect control of any company that is not a bank or bank holding company, and must engage only in the business of banking, managing, or controlling banks and furnishing services to or performing services for its subsidiary banks, except where the FRB has determined the ownership to be so closely related to banking, managing, or controlling banks as to be a proper incident thereto.

The BHCA and the Change in Bank Control Act of 1978 require that either FRB approval must be obtained or notice must be furnished to the FRB and not disapproved prior to any person or company acquiring “control” of a bank holding company, subject to exception for certain transactions. Control is conclusively presumed to exist if any person acquires 25% or more of the voting securities of a bank holding company; control is a rebuttable presumption between 10% and 25% ownership. Ownership by affiliated persons, or persons acting in concert, is typically aggregated for these purposes. The FRB revised its control rules under the BHCA by expanding the number of presumptions used to determine whether control exists. Effective April 1, 2020, the FRB’s rule amended Regulation Y, the implementing regulation for the BHCA, to provide additional transparency regarding control determinations by implementing a tiered framework establishing factors and thresholds that are indicative of control. To date, the rule has not, and we do not anticipate that it will, have a significant detrimental effect on us given that it is generally consistent with the FRB’s historical practices in making control determinations.

As a bank holding company, we are required to obtain approval prior to merging or consolidating with any other bank holding company, acquiring all or substantially all of the assets of any bank, or acquiring ownership or control of shares of a bank or bank holding company if, after the acquisition, we would directly or indirectly own or control 5% or more of the voting shares of such bank or bank holding company.  In approving acquisitions or the addition of activities, one of the issues the FRB considers is whether the acquisition or the additional activities can reasonably be expected to produce benefits to the public, such as greater convenience, increased competition, or gains in efficiency, that outweigh such possible adverse effects as undue concentration of resources, decreased or unfair competition, conflicts of interest, or unsound banking practices.

Anti-Money Laundering

Combating money laundering and terrorist financing is a major focus of financial institution regulatory policy. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (PATRIOT Act), substantially expanded the responsibilities of U.S. financial institutions with respect to countering money laundering and terrorist activities. The implementing regulations impose obligations on financial institutions to maintain a risk-based anti-money laundering (AML) program that includes appropriate policies, procedures, and controls to detect, prevent and report money laundering and terrorist financing and to verify the identity of their customers. The PATRIOT Act also requires the bank regulatory agencies to consider the record of a bank or bank holding company in combating money laundering activities in their evaluation of bank and bank holding company merger or acquisition transactions. AML regulations are continually evolving. In May 2018, regulatory updates were imposed that require U.S. financial institutions to ascertain and document the beneficial owners of legal entity customers opening new accounts. Those 2018 requirements were supplemented by the Anti-Money Laundering Act of 2020 (AMLA) and, as part of the AMLA, the Corporate Transparency Act (CTA).

The AMLA streamlines and modernizes certain provisions of the Currency and Foreign Transactions Reporting Act of 1970, as amended (Bank Secrecy Act), by, for example, requiring most legal entities to register their beneficial-ownership information into a national registry maintained by the Financial Crimes Enforcement Network (FinCEN); modernizing and expanding the statutory definition of “financial institution” to include antiquities dealers and entities whose services involve cryptocurrency and other non-cash currency substitutes;  enhancing the type and severity of fines and penalties that violators of the AMLA, the Bank Secrecy Act, and the PATRIOT Act may face; and enhancing whistleblower protections and awards.  Certain implementing regulations that FinCEN has proposed in connection with the AMLA are still being finalized. For example, in June 2024, FinCEN issued a Notice of Proposed Rulemaking (NPR)

8

Table of Contents

proposing to amend the Bank Secrecy Act’s AML program requirements to mandate effective, risk-based, and reasonably designated AML and countering the financing of terrorism (CFT) programs, including formalized risk-assessment processes and alignment with government-wide AML/CFT priorities. The proposal is still under consideration by FinCEN, and no final rule has been issued.

In September 2022, FinCEN finalized its regime for reporting beneficial-ownership information (BOI) under the CTA, which took effect on January 1, 2024.  The CTA aims to combat money laundering, securities and tax fraud, terrorism financing, human and drug trafficking, counterfeiting, and other corrupt, nefarious activities by preventing bad actors from concealing their ownership of U.S. entities to advance their illicit operations. As originally contemplated, the CTA’s reporting rule would have required corporations, limited liability companies, and similar entities operating in the U.S. to identify and report certain information concerning their beneficial owners, meaning the individuals who ultimately own or control them. Although FinCEN originally set a deadline of January 1, 2025, for entities to file BOI reports, on March 26, 2025, FinCEN issued an Interim Final Rule that removed the requirement for U.S. companies and U.S. persons to report BOI to FinCEN under the CTA, meaning only foreign entities formed outside the U.S. that are registered to do business in the U.S. are currently subject to the CTA’s BOI reporting obligations. On February 20, 2024, the CTA’s access rule, which implements the CTA’s access and safeguard provisions, took effect, under which a reporting company’s BOI is deemed confidential but can be disclosed by FinCEN to six categories of recipients, including financial institutions that are subject to customer due diligence obligations and have received the reporting company’s consent to access its BOI.  As a result of the Interim Final Rule, while the CTA’s access rule remains in effect, its practical applicability is limited to BOI submitted to FinCEN by foreign reporting companies that continue to have reporting obligations under the CTA. Overall, the status of the CTA and related BOI reporting requirements remains in flux due to ongoing litigation and regulatory developments concerning the constitutionality and implementation of the CTA. Legislation to repeal the CTA has also been brought before Congress, and it is unclear the extent to which the CTA will be enforced.  The Interim Final Rule stated that FinCEN was accepting comments to the Interim Final rule through May 27, 2025, would evaluate the rule Interim Final Rule’s exemptions to BOI reporting in light of the comments received, and expected to issue a final rule addressing BOI requirements under the CTA during 2025. However, as of December 2025, FinCEN was still in the process of reviewing comments to the Interim Final Rule, and no final rule has been issued by FinCEN to date. Although we are not currently subject to the CTA’s BOI reporting requirements as a result of the Interim Final Rule, we will continue to monitor FinCEN’s guidance, and any final rules or other regulatory developments relating to the CTA and will assess the applicability of any resulting reporting obligations.

We have a program in place to monitor and enforce our policies on money laundering, corruption, and bribery, as well as policies that prohibit the use of Company assets to finance or otherwise aid alleged terrorist groups. Failure of a financial institution to maintain and implement adequate programs to combat money laundering and terrorist financing, or to comply with all the relevant laws or regulations, could have serious legal and reputational consequences for the institution.

Nonresident Alien Deposits

In 2013, the Internal Revenue Service (IRS) published a rule requiring U.S. banks to report on the interest they pay to nonresident alien individuals. The IRS shares that information with tax authorities in other countries with whom the United States has an agreement regarding the exchange of tax information.

Foreign Account Tax Compliance Act

On July 1, 2014, the Foreign Account Tax Compliance Act (FATCA) became effective. FATCA aims to curb offshore tax evasion by foreign financial institutions by requiring such institutions to identify any U.S. account holders. Moreover, FATCA requires U.S. withholding agents, including U.S. banks, to withhold a tax (30%) on U.S.-sourced income payable to foreign financial institutions that do not agree to report certain information to the IRS regarding their U.S. accounts, as well as on payments to nonfinancial foreign entities that do not provide information on their U.S. account owners to withholding agents.

9

Table of Contents

Office of Foreign Assets Control Regulation

The United States has imposed economic sanctions that affect transactions with designated foreign countries, nationals, and others. The Office of Foreign Assets Control of the U.S. Department of the Treasury (OFAC) publishes lists of specially designated countries and enforces economic and trade sanctions based on U.S. foreign policy and national security goals against targeted foreign countries and regimes, terrorists, transnational criminal organizations, international cartels and narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. The OFAC-administered sanctions take many forms, including restrictions on trade or investment and the blocking of certain assets related to the designated foreign countries and nationals. Blocked assets, which may include bank deposits, cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Failure to comply with the OFAC sanctions could have serious legal and reputational consequences.

Gramm-Leach-Bliley Act

The GLBA eliminates the barriers to affiliations among banks, securities firms, insurance companies and other financial service providers. The GLBA provides for a new type of financial holding company structure under which affiliations among these entities may occur. Under the GLBA, a financial holding company may engage in a broad list of financial activities and any non-financial activity that the FRB determines is complementary to a financial activity and poses no substantial risk to the safety and soundness of depository institutions or the financial system. In addition, the GLBA permits certain non-banking financial and financially related activities to be conducted by financial subsidiaries of banks.

Under the GLBA, a bank holding company may become certified as a financial holding company by filing a declaration with the FRB, together with a certification that each of its subsidiary banks is well capitalized, is well managed, and has at least a satisfactory rating under the Community Reinvestment Act of 1977 (CRA). We elected and were approved by the FRB to become a financial holding company under the GLBA in 2000 and the election was made effective by the FRB as of March 13, 2000. During the second quarter of 2000, IBC established an insurance agency subsidiary and acquired two insurance agencies.

The investments that may be made under the GLBA are substantially broader in scope than the investment activities otherwise permissible for bank holding companies and are referred to as “merchant banking investments” in “portfolio companies.” The FRB and the Secretary of the Treasury have regulations governing the scope of permissible merchant banking investments. Before making a merchant banking investment, a financial holding company must either be or have a registered securities firm or a qualified insurance affiliate. The merchant banking investments may be made by the financial holding company or any of its subsidiaries, other than a depository institution or a subsidiary of a depository institution. The regulations place restrictions on the ability of a financial holding company to become involved in the routine management or operation of any portfolio company. The regulation also generally limits the ownership period of merchant banking investments to no more than ten years.

The FRB, the Office of the Comptroller of the Currency (OCC), and the FDIC have rules governing the regulatory capital treatment of equity investments in non-financial companies held by banks, bank holding companies and financial holding companies. The rules apply a graduated capital charge on covered equity investments, which would increase as the proportion of such investments to Tier 1 capital increases.

On September 8, 2016, the FRB published a report to Congress in which it recommended the repeal of the merchant banking authority granted to financial holding companies under the GLBA. Specifically, the FRB recommended that Congress repeal the statutory merchant banking authority and the grandfathering exemption for certain companies that became financial holding companies after 1999. The FRB also noted in its report that it is considering regulatory measures that would limit what it termed “safety and soundness risks of merchant banking investments.”  Following this report, on September 30, 2016, the FRB published an NPR proposing to, among other things, amend the risk-based capital requirements to increase the requirements associated with a subset of merchant banking investments; specifically, merchant banking investments in companies engaged in physical commodities activities. The changes proposed in the NPR were significantly narrower than the FRB’s recommendations regarding merchant banking investments in its report to Congress.

10

Table of Contents

To date, a final rule implementing the changes put forth in the NPR has not been issued and it is uncertain what action, if any, will be taken regarding the FRB’s report.

Financial Privacy and Data Protection

In accordance with the GLBA, the federal banking regulators adopted rules that limit the ability of banks and other financial institutions to disclose nonpublic information about consumers to nonaffiliated third parties. Pursuant to these rules, financial institutions must provide disclosure of privacy policies to consumers and allow consumers to prevent disclosure of certain personal information to a nonaffiliated third party in some instances.

Additional regulations were adopted to implement the provisions of the Fair Access to Credit Transactions Act (FACTA), which requires certain disclosures and consents to share certain information among bank affiliates. These privacy provisions affect how customer information is transmitted through diversified financial companies and conveyed to outside vendors. These privacy provisions also have the effect of increasing the length of the waiting period, after privacy disclosures are provided to new customers before information can be shared among different affiliated companies for the purpose of cross-selling products and services between those affiliated companies. On December 4, 2015, the Fixing America’s Surface Transportation Act (FAST Act) was signed into law. Part of the FAST Act amended the GLBA by providing financial institutions with an exception to the general requirement that those institutions deliver annual privacy notices.

In late 2022, the CFPB issued an outline of proposed rules related to Section 1033 of Dodd-Frank, which requires the CFPB to implement regulations providing for the sharing of consumer financial information between financial institutions and consumer-authorized data recipients. In October 2023, the CFPB proposed a “Personal Financial Data Rights” rule (PFDR Rule), which aims to promote open, decentralized banking, protect consumers’ financial data from misuse, and foster competition in the banking industry. The CFPB published the final PFDR Rule in October 2024, which requires financial institutions to make financial data regarding consumers’ transactions and accounts more accessible for consumers and authorized third parties acting on their behalf; implement authorization procedures for third parties seeking to access consumer data, including requiring third parties to commit to data limitations and compliance with the GLBA Safeguards Framework; establish operational, performance, and security standards related to data access; and advance fair, open, and inclusive industry standards to facilitate an open banking system. Depository institutions with less than $10 billion in assets were originally required to comply with the final PFDR Rule by April 2028. However, in August 2025, the CFPB issued an Advanced Notice of Proposed Rulemaking announcing potential amendments to the PFDR Rule and its plans to extend the compliance dates for the final rule, and in October 2025, a federal district court stayed the compliance dates of the PFDR Rule and enjoined its enforcement pending the CFPB’s regulatory reconsideration. As a result, the ultimate requirements and compliance dates under the PFDR Rule remain subject to change. We will continue to monitor the CFPB’s rulemaking, guidance, and other regulatory developments relating to the PFDR Rule and assess potential compliance obligations.

Nasdaq Listing Standards

Shares of our common stock are listed and trade on The Nasdaq Stock Market (Nasdaq) under the symbol “IBOC.” As such, we must comply with the quantitative and qualitative listing standards of Nasdaq. In addition to other matters, the Nasdaq listing standards address disclosure requirements and establish standards relating to board independence and other corporate governance matters.

Interstate Banking and Branching

The Riegle-Neal Interstate Banking and Branching Efficiency Act of 1994 (Interstate Banking Act) rewrote federal law governing the interstate expansion of banks in the United States. Under the Interstate Banking Act, adequately capitalized, well-managed bank holding companies with FRB approval may acquire banks located in any other state in the United States, provided that the target bank meets the minimum age established by the state in which the target bank is located (five years in Texas). The Interstate Banking Act imposes an anti-concentration limit, which prohibits interstate acquisitions that would give a bank holding company control of more than 10% of all deposits nationwide or 30% of any one state’s deposits, or such higher or lower percentage established by the host state. The anti-concentration limit

11

Table of Contents

applicable in each of Texas and Oklahoma is 20% of all federally insured deposits in the state. The Interstate Banking Act further expanded interstate banking by allowing banks to establish de novo branches in any state that opted in to the Interstate Banking Act’s branching provisions.  However, the opt-in concept was eliminated by the Dodd-Frank Act, which permits de novo interstate branching if, under the laws of the state where the new branch is to be established, a state bank chartered in that state would be permitted to establish a branch.

FRB Enforcement Powers

The FRB has certain divestiture and other powers over bank holding companies and non-banking subsidiaries where their actions would constitute a serious threat to the safety, soundness, or stability of a subsidiary bank. These powers may be exercised through the issuance of cease-and-desist orders or other actions. In the event a Subsidiary Bank experiences either a significant loan loss or rapid growth of loans or deposits, we may be compelled by the FRB to invest additional capital in the Subsidiary Bank. Further, we would be required to guarantee performance of the capital restoration plan of any undercapitalized Subsidiary Bank.

The FRB is also empowered to assess civil money penalties against companies or individuals who violate the BHCA in amounts up to $25,000 per day, order termination of non-banking activities of non-banking subsidiaries and order termination of ownership and control of a non-banking subsidiary. Under certain circumstances the Texas Banking Commissioner may bring enforcement proceedings against a bank holding company in Texas.

Company Dividends

Our holding company is regarded as a legal entity separate and distinct from our Subsidiary Banks and is subject to regulatory policies and requirements relating to the payment of dividends, including requirements to maintain adequate capital above regulatory minimums. The ability of our holding company to pay dividends is largely dependent on the amount of cash derived from dividends declared by our Subsidiary Banks.  The payment of dividends by any bank or bank holding company is affected by the requirement to maintain adequate capital. Under FRB policy, bank holding companies should pay cash dividends on common stock only out of income available over the past year and only if the prospective rate of earnings retention is consistent with the organization’s expected capital needs and financial condition. The policy provides that bank holding companies should not maintain a level of cash dividends that undermines the bank holding company’s ability to serve as a source of strength to its banking subsidiaries. The FRB has historically discouraged dividend payment ratios that are at the maximum allowable levels unless both asset quality and capital are strong.

The ability of the Subsidiary Banks to pay dividends is also restricted under Texas and Oklahoma law. A Texas bank generally may not pay a dividend reducing its capital and surplus without the prior approval of the Texas Banking Commissioner.  An Oklahoma bank generally may not pay a dividend reducing its capital and surplus without the prior approval of the Oklahoma Department of Banking.  The FDIC has the right to prohibit the payment of dividends by a bank where the payment is deemed to be an unsafe and unsound banking practice.

At December 31, 2025, there was an aggregate of approximately $1,644,000,000 available for the payment of dividends to our holding company by our Subsidiary Banks under the capital rules applicable as of December 31, 2025, assuming that each of such banks continues to be classified as “well capitalized.”  Further, we could expend the entire $1,644,000,000 and continue to be classified as “well capitalized” under the capital rules applicable as of December 31, 2025.

Source of Strength Doctrine

FRB policy has historically required bank holding companies to act as a source of financial and managerial strength to their subsidiary banks. The Dodd-Frank Act codified this policy as a statutory requirement. Under this requirement, we are expected to commit resources to support our Subsidiary Banks, including at times when we may not be in a financial position to provide such resources. Any capital loans by a bank holding company to any of its subsidiary banks are subordinate in right of payment to deposits and to certain other indebtedness of such subsidiary banks. In the event of a bank holding company’s bankruptcy, any commitment by the bank holding company to a federal bank regulatory agency to maintain the capital of a subsidiary bank will be assumed by the bankruptcy trustee and entitled to priority of

12

Table of Contents

payment. In addition to the foregoing requirements, the Dodd-Frank Act’s provisions authorize the FRB and other federal banking regulators to require a company that directly or indirectly controls a bank to submit reports that are designed both to assess the ability of such company to comply with its “source of strength” obligations and to enforce the company’s compliance with these obligations.

The Dodd-Frank Act requires the federal banking agencies to jointly issue rules implementing the “source of strength” doctrine, but as of December 31, 2025, the FRB and other federal banking regulators have not yet issued such rules.

Deposit Insurance

All the Subsidiary Banks are examined by the FDIC, which currently insures the deposits of each Subsidiary Bank up to the applicable limits provided by law. The FDIC may terminate deposit insurance upon a finding that an institution has engaged in unsafe and unsound practices, is in an unsafe or uninsured condition to continue operations, or has violated any applicable law, regulation, rule, or order of condition imposed by the FDIC.

The FDIC uses a risk-based assessment system that imposes premiums based upon a matrix that considers a bank’s capital level and supervisory rating.

Our FDIC deposit insurance expense totaled $7,151,000, $6,865,000, and $6,285,000 in 2025, 2024 and 2023, respectively.

The FDIC requires insured depository institutions with at least two million deposit accounts to comply with specific recordkeeping standards and deposit insurance calculation requirements. The institutions also are required to ensure that their information technology (IT) systems are capable of calculating the amount of insured money for most depositors within 24 hours of a failure.

In October 2022, the FDIC adopted a final rule to increase the initial base deposit insurance assessment rate schedules uniformly by two basis points beginning with the first quarterly assessment period of 2023. The increased assessment is intended to improve the likelihood that the DIF ratio reaches the statutory minimum of 1.35% by September 30, 2028, the statutory deadline prescribed under the FDIC’s amended restoration plan, and to support the DIF’s growth to a reserve ratio of 2%, the minimum reserve ratio that the FDIC determined would be necessary to withstand a future banking crisis comparable to past crises.

In November 2023, the FDIC issued a final rule to impose a special assessment meant to recover the losses to the DIF of roughly $16.3 billion that resulted from the FDIC invoking the systemic-risk exception in order to cover all of the uninsured deposits of two banks that failed in March 2023. The assessment base for the special assessment is equal to an insured depository institution’s estimated uninsured deposits reported for the quarter ended December 31, 2022, minus the first $5 billion in estimated insured deposits. The special assessment is collected by the FDIC at a quarterly rate of 3.36 basis points over a total of eight anticipated quarterly assessment periods, with the FDIC collecting the first quarterly assessment on June 28, 2024. Banks with total assets under $5 billion will not be subject to the special assessment. Under the final rule, the estimated loss pursuant to the systemic-risk determination will be periodically adjusted, and the FDIC may cease collection early, extend the collection period, and impose a final shortfall special assessment on a one-time basis. None of our Subsidiary Banks are subject to the special assessment.

Capital Adequacy

Our holding company and our Subsidiary Banks are required to meet certain minimum regulatory capital guidelines. The FRB has historically utilized a system based upon risk-based capital guidelines under a two-tier capital framework to evaluate the capital adequacy of bank holding companies. Tier 1 capital generally consists of common stockholders’ equity, retained earnings, a limited amount of qualifying perpetual preferred stock, qualifying trust preferred securities and non-controlling interests in the equity accounts of consolidated subsidiaries, less goodwill and certain intangibles.  Tier 2 capital generally consists of certain hybrid capital instruments and perpetual debt, mandatory

13

Table of Contents

convertible debt securities and a limited amount of subordinated debt, qualifying preferred stock, loan loss allowance, and unrealized holding gains on certain equity securities.

The federal authorities’ risk-based capital guidelines utilize total capital to risk-weighted assets and Tier 1 capital elements. In this way, the guidelines make regulatory capital requirements more sensitive to differences in risk profiles among banking organizations, consider off-balance-sheet exposure in assessing capital adequacy and encourage the holding of liquid, low-risk assets. At least one half of the minimum total capital is required to be comprised of Core Capital or Tier 1 capital elements. Our Tier 1 capital is comprised of common shareholders’ equity and permissible amounts related to the trust preferred securities. The deductible core deposit intangibles and goodwill booked in connection with all our financial institution acquisitions are deducted from the sum of core capital elements when determining our capital ratios.

In addition, the FRB has established minimum leverage ratio guidelines for bank holding companies. These guidelines provide for a minimum leverage ratio of Tier 1 capital to adjusted average quarterly assets (leverage ratio) equal to 3% for bank holding companies that meet certain specified criteria, including having the highest regulatory rating. All other bank holding companies will generally be required to maintain a leverage ratio of at least 4% - 5%.  Our leverage ratio at December 31, 2025 was 19.86%.

The guidelines also provide that bank holding companies experiencing internal growth or making acquisitions will be expected to maintain strong capital positions substantially above the minimum supervisory levels without significant reliance on intangible assets.  Each of our Subsidiary Banks is subject to similar capital requirements adopted by the FDIC and had a leverage ratio in excess of 5% as of December 31, 2025.

The federal bank regulatory agencies adopted regulations that mandate a five-tier scheme of capital requirements and corresponding supervisory actions to implement the prompt corrective action provisions of the Federal Deposit Insurance Act, as amended (FDIA). The regulations include requirements for the capital categories that will serve as benchmarks for mandatory supervisory actions. Under the current regulations, as revised to reflect the Basel III capital rules discussed below, the highest of the five categories is a well-capitalized institution with a total risk-based capital ratio of at least 10%, a Tier 1 risk-based capital ratio of at least 8%, a Common Equity Tier 1 capital ratio of at least 6.5%, and a Tier 1 leverage ratio of at least 5%. An institution is prohibited from declaring any dividends, making any other capital distribution, or paying a management fee if its capital ratios drop below the levels for an adequately capitalized institution, which under the current framework are 8%, 6%, 4.5%, and 4%, respectively. The corresponding provisions of the Federal Deposit Insurance Corporation Improvement Act (FDICIA) mandate corrective actions be taken if a bank is undercapitalized. Based on our capital ratios as of December 31, 2025, our holding company and each of the Subsidiary Banks were classified as “well capitalized” under the applicable regulations.

The risk-based standards that apply to bank holding companies and banks incorporate market and interest rate risk components. Applicable banking institutions are required to adjust their risk-based capital ratio to reflect market risk. Under the market risk capital guidelines, capital is allocated to support the amount of market risk related to a financial institution’s ongoing trading activities. Financial institutions are allowed to issue qualifying unsecured subordinated debt (Tier 3 capital) to meet a part of their market risks. We do not have any Tier 3 capital and did not need Tier 3 capital to offset market risks. The Dodd-Frank Act directs the banking agencies to issue capital requirements for banking institutions that are countercyclical. These require a higher level of capital to be maintained in times of economic expansion and a lower level of capital during times of economic contraction.

Basel III

In July 2013, the FRB and the FDIC published the Basel III capital rules, which implemented a comprehensive capital framework for U.S. banking organizations known as “Basel III” along with certain provisions of the Dodd-Frank Act. The Basel III framework was developed by the Basel Committee on Banking Supervision, a college of central bankers and other financial regulators from the United States and other advanced economies, to strengthen international capital standards. Basel III requires bank holding companies and their subsidiary banks to maintain substantially more capital, with a greater emphasis on common equity.

14

Table of Contents

The Basel III final capital framework, among other things, (i) establishes a minimum ratio for “Common Equity Tier 1” capital (CET1), (ii) specifies that Tier 1 capital consists of CET1 and “Additional Tier 1 capital” instruments meeting specified requirements, (iii) defines CET1 narrowly by requiring that most adjustments to regulatory capital measures be made to CET1 and not to the other components of capital and (iv) expands the scope of the adjustments as compared to pre-Basel III regulations.

Basel III also provides for a “countercyclical capital buffer,” generally to be imposed when national regulators determine that excess aggregate credit growth becomes associated with a buildup of systemic risk. The capital conservation buffer is designed to absorb losses during periods of economic stress. Banking institutions with a ratio of CET1 to risk-weighted assets above the minimum requirement, but below the conservation buffer, will face constraints on dividends, equity repurchases, and compensation based on the amount of the shortfall and the institution’s “eligible retained income” (meaning, four quarter trailing income, net of distributions and tax effects not reflected in net income).

The Basel III capital rules require most components of “Accumulated Other Comprehensive Income (Loss)” (AOCI) to be recognized in CET1, factoring into the calculation of CET1 all net unrealized gains (losses) on available for sale securities. The Basel III definition of CET1 also establishes the expectation that the majority of CET1 should be voting shares. Basel III strengthens the risk sensitivity of the regulatory capital treatment for various risk exposures, including a category of exposure created by Basel III known as “High Volatility Commercial Real Estate,” which has a risk weight of 150% and generally includes nonresidential real estate acquisition development or construction financing.

Further, the Basel III capital rules establish calculations for risk-weighted assets using alternatives to credit ratings that are based on either the weighted average of the underlying collateral or a formula based on subordination position and delinquencies or the use of a 1,250% risk rating, which is be the default rating that a banking organization must apply to a securitization exposure if it does not meet certain requisite due diligence standards and does not demonstrate a comprehensive understanding of the exposure. Securitized structures, such as private label mortgage-backed securities, may be risk weighted based on a gross-up approach considering underlying assets, or they default to the 1,250% risk weight.

On the quality of capital side, the Basel III capital rules emphasize CET1 capital, the most loss absorbing form of capital, and implement strict eligibility criteria for regulatory capital instruments. The rules also improve the methodologies for calculating risk-weighted assets to enhance risk sensitivity. At the time that Basel III was implemented, the banking agencies made a number of changes in the final capital rules, in particular, to address concerns about regulatory burden on community banks. For example, the final rules are significantly different from the proposed rules in terms of risk weighting for residential mortgages and the regulatory capital treatment of certain unrealized gains and losses on trust preferred securities for common banking organizations.

A key provision of the Basel III capital rules permitted banks to make a one-time irrevocable election to opt out of the Basel III requirement to recognize most items of AOCI in regulatory capital. For institutions like ours that chose to make the AOCI opt-out election, most AOCI items are not included in the calculation of CET1; institutions that do not opt out must include most AOCI items included in CET1 calculation, which affects the institution’s legal lending limit calculation. If a top-tier banking organization makes the AOCI opt-out election, all consolidated banking subsidiary organizations under it must make the same election.

The Basel III capital rules require the following minimum capital ratios to be met:

15

Table of Contents

The Basel III capital rules prescribe a standardized approach for risk weightings that expand the risk-weighting categories from four categories (0%, 20%, 50% and 100%), to a much larger and more risk-sensitive number of categories, depending on the nature of the assets, generally ranging from 0% for U.S. government and agency securities to 600% for certain equity exposures, resulting in higher risk weights for a variety of asset categories. Specific changes to the rules impacting our determination of risk-weighted assets include, among other things:

In addition, the Basel III capital rules provide more advantageous risk weights for derivatives and repurchase-style transactions cleared through a qualifying central counterparty and increase the scope of eligible guarantors and eligible collateral for purposes of credit risk mitigation.

In December 2017, the Basel Committee on Banking Supervision unveiled its final set of standards and reforms to the Basel III regulatory capital framework, commonly called “Basel III endgame” or “Basel IV.”  The Basel IV standards make changes to the capital framework first introduced as “Basel III” in 2010 and aim to reduce excessive variability in banks’ calculations of risk-weighted assets and risk-weighted capital ratios.  Implementation of Basel IV across the Basel Committee’s member jurisdictions began on January 1, 2023, and will continue over a five-year transition period by regulators in individual countries, including the U.S. federal bank regulatory agencies. Although U.S. regulators originally targeted implementation of Basel IV to begin on July 1, 2025, subject to a three-year transition period with full compliance expected by July 1, 2028, the federal banking agencies indicated in September 2025 that they intend to unveil a re-proposal of the Basel IV capital rules by early 2026. Accordingly, the previously established implementation dates for Basel IV are no longer definitive, and the timing, scope, and final form of the re-proposed Basel IV framework remains uncertain.

Basel III Prompt Corrective Action

The FDIA requires the federal banking agencies to take “prompt corrective action” in respect of depository institutions that do not meet minimum capital requirements. The FDIA establishes the following five capital tiers: (i) “well capitalized;” (ii) “adequately capitalized;” (iii) “undercapitalized;” (iv) “significantly undercapitalized;” and (v) “critically undercapitalized.” A depository institution’s capital tier depends upon how its capital levels compare to various relevant capital measures and certain other factors, as established by regulation. The relevant capital measures, which reflect the standards for assessing capital adequacy under the Basel III capital rules that became effective on January 1, 2015 and were phased in through January 1, 2019, are the total capital ratio, the CET1 capital ratio, the Tier 1 capital ratio, and the leverage ratio. A bank will be considered:

16

Table of Contents

​

An institution may be downgraded to, or deemed to be in, a capital category that is lower than indicated by its capital ratios if it is determined to be in an unsafe or unsound condition or if it receives an unsatisfactory examination rating with respect to certain matters. A bank’s capital category is determined solely for the purpose of applying prompt corrective action regulations, and the capital category may not constitute an accurate representation of the bank’s overall financial condition or prospects for other purposes.

The FDIA generally prohibits a depository institution from making any capital distributions (including payment of a dividend) or paying any management fee to its parent holding company if the depository institution would thereafter be “undercapitalized.” “Undercapitalized” institutions are subject to growth limitations and are required to submit a capital restoration plan. The agencies may not accept such a plan without determining, among other things, that the plan is based on realistic assumptions and is likely to succeed in restoring the depository institution’s capital. In addition, for a capital restoration plan to be acceptable, the depository institution’s parent holding company must guarantee that the institution will comply with such capital restoration plan. The bank holding company must also provide appropriate assurances of performance. The aggregate liability of the parent holding company is limited to the lesser of (i) an amount equal to 5.0% of the depository institution’s total assets at the time it became undercapitalized, and (ii) the amount which is necessary (or would have been necessary) to bring the institution into compliance with all capital standards applicable with respect to such institution as of the time it fails to comply with the plan. If a depository institution fails to submit an acceptable plan, it is treated as if it is “significantly undercapitalized.”

The appropriate federal banking agency may, under certain circumstances, reclassify a well-capitalized insured depository institution as adequately capitalized. The FDIA provides that an institution may be reclassified if the appropriate federal banking agency determines (after notice and opportunity for hearing) that the institution is in an unsafe or unsound condition or deems the institution to be engaging in an unsafe or unsound practice.

As of December 31, 2025, each of our Subsidiary Banks are “well capitalized” based on the aforementioned ratios pursuant to the Basel III capital rules.

Liquidity Requirements

Historically, regulation and monitoring of bank and bank holding company liquidity has been addressed as a supervisory matter, without required formulaic measures. The Basel III final framework requires banks and bank holding companies to measure their liquidity against specific liquidity tests that, although similar in some respects to liquidity measures historically applied by banks and regulators for management and supervisory purposes, going forward will be required by regulation.

The Basel III liquidity coverage ratio uses international liquidity standards that serve to reconcile the differences of the liquidity standards of countries. The Basel Committee is expected to address the net stable funding ratio in the future. These new standards are subject to further rulemaking, and their terms may well change before implementation. The federal bank regulatory agencies also issued a proposed rule that would implement qualitative liquidity requirements, including a liquidity coverage ratio (LCR), consistent with liquidity standards adopted by the Basel Committee, for certain banking organizations with more than $250 billion in total assets or subsidiary depository institutions of internationally active banking organizations with $10 billion or more in total consolidated assets. The FRB issued a separate proposed rule at the same time to apply a modified version of the LCR to certain depository institution holding companies with assets greater than $50 billion. The final version of the rule defines banks with between $50 billion and $250 billion in assets as “modified LCR companies,” which will be subjected to less rigorous requirements regarding the high-quality liquid assets calculations.

17

Table of Contents

In July 2018, following the enactment of the Economic Growth, Regulatory Relief and Consumer Protection Act of 2018, the FRB stated that it would no longer require bank holding companies with less than $100 billion in total consolidated assets to comply with the modified version of the LCR. In November 2019, the federal banking regulators adopted final rules to revise their liquidity requirements so that banking organizations that are not globally systemic important banks, have less than $250 billion in total consolidated assets, and have less than $75 billion in each of off-balance sheet exposures, nonbank assets, cross-jurisdictional activity, and short-term wholesale funding are generally not subject to any LCR or net stable funding ratio requirements.

FASB CECL Accounting Standard

In June 2016, the Financial Accounting Standards Board (FASB) issued Accounting Standards Update No. 2016-13, Financial Instruments – Credit Losses (Topic 326): Measurement of Credit Losses on Financial Instruments, which amended the credit-loss accounting standards for financial assets and implemented the Current Expected Credit Losses (CECL) methodology.  Among other things, the update required that the expected credit losses on financial instruments held as of the end of the period being reported be measured based on historical experience, current conditions, and reasonable and supportable forecasts. Pursuant to rules issued by the federal bank regulatory agencies in February 2019 and March 2020, banking organizations were given the option to phase in the adoption of CECL over a three-year transition period through December 31, 2022 or over a five-year transition period through December 31, 2024.  The impact of the adoption of the updated accounting standards was to be recorded as a cumulative-effect adjustment to retained earnings as of the beginning of the first reporting period in which the guidance was adopted.  Rather than electing a phase-in option, we immediately recognized the capital impact upon adopting the CECL accounting standards on January 1, 2020, which resulted in an increase in our allowance for probable loan losses and a one-time cumulative-effect adjustment to retained earnings upon adoption.

Inflation Reduction Act of 2022

In August 2022, the Inflation Reduction Act of 2022 (IRA) was enacted. Among other things, the IRA imposes a 1% tax on the fair market value of stock repurchased after December 31, 2022 by publicly traded U.S. corporations. With certain exceptions, the value of stock repurchased is determined net of stock issued in the year, including shares issued pursuant to compensatory arrangements. Final regulations implementing the stock repurchase excise tax were issued by the Treasury Department and the IRS and became effective in November 2025.

State Enforcement Powers

The Banking Commissioners of Texas and Oklahoma may determine to close a Texas or Oklahoma state bank, respectively, if such Commissioner finds that the interests of depositors and creditors of the state bank are jeopardized through its current or imminent insolvency and that it is in the best interest of such depositors and creditors that the bank be closed. The Texas Department of Banking and Oklahoma State Banking Department have broad enforcement powers over our Subsidiary Banks, as applicable, including the power to impose orders, remove officers and directors, impose fines, and appoint supervisors and conservators.

Depositor Preference

Because our holding company is a legal entity separate and distinct from our Subsidiary Banks, our holding company has the right to participate in the distribution of assets of any Subsidiary Bank upon the subsidiary’s liquidation or reorganization, but it will be subject to the prior claims of the subsidiary’s creditors. In the event of a liquidation or other resolution of an insured depository institution like any of our Subsidiary Banks, the claims of depositors and other general or subordinated creditors of the bank are entitled to a priority of payment over the claims of holders of any obligation of the bank to its shareholders, including any depository institution holding company (like us) or any shareholder or creditor thereof.

18

Table of Contents

Community Reinvestment Act

Under the CRA, the FDIC is required to assess the record of each Subsidiary Bank to determine if the bank meets the credit needs of its entire community, including low- and moderate-income neighborhoods served by the bank, and to take that record into account in its evaluation of any application made by the bank for, among other things, approval of the acquisition or establishment of a branch or other deposit facility, an office relocation, a merger, or the acquisition of shares of capital stock of another financial institution. In May 2022, the federal bank regulators, including the FDIC, issued an NPR intended to revise the CRA’s implementing regulations in order to advance the CRA’s core purpose and adapt the CRA’s regulatory framework to reflect the modern banking industry. The focus of the revised rules, according to the regulators, is to (i) expand access to credit, investment, and basic banking services in low- and moderate-income communities, (ii) adapt to increased provision and use of Internet and mobile banking products and services, (iii) provide greater clarity, consistency, and transparency, (iv) tailor CRA evaluations and data collection to bank size and type, and (v) maintain a unified approach.

In October 2023, the federal regulators adopted a joint final rule to strengthen and modernize the CRA regulations, (the 2023 CRA Rule), which was consistent with the 2022 proposed rule.  Under the 2023 CRA Rule, most of the CRA changes would only affect “large” banks with assets of more than $2 billion while allowing small and mid-sized banks to elect to be evaluated based on certain of the new rules. Although updates to the CRA’s implementing regulations were necessary to address the changes in the banking industry and the increase in online and mobile banking, the changes under the 2023 CRA Rule included significant increases in data collection, testing, and evaluation metrics related to geography and assessment areas. The final 2023 CRA Rule was set to take effect on April 1, 2024, with staggered compliance dates of January 1, 2026 and January 1, 2027.  However, on March 29, 2024, a federal court enjoined the enforcement of the 2023 CRA Rule, and its implementation and effective dates are stayed while the injunction remains in effect and pending the outcome of the litigation. On July 16, 2025, the OCC, the FRB, and the FDIC issued a joint NPR proposing to rescind the 2023 CRA Rule and replace it with regulations substantively identical to those in effect on March 29, 2024, as originally adopted by the agencies in 1995 and reinstated by the OCC in 2021.  As a result, the previous CRA regulations continue to govern.

Proposed legislation was introduced in September 2022 that would have further revised the CRA by adding several new substantive and procedural requirements. If enacted, the legislation would have broadened the types of legal violations that affect CRA scores, require banks to form community advisory committees in each market they serve (based on metropolitan statistical areas), required proof of impact for community service and charity efforts to receive CRA credit, and required large banks to collect and report even more information related to borrower demographics. The proposed legislation would have also required regulators to consider a bank’s partnerships with non-depository lenders and “small-dollar” first-lien mortgages as part of CRA examinations. Like the October 2023 final regulatory revisions, the proposed legislation focused on applying fair-lending concepts to CRA obligations and examinations. Ultimately, however, the proposed legislation did not advance through the legislative process and was never passed.  Nevertheless, we will continue to monitor other legislative initiatives and their potential effect on the CRA regulations.

The FDIC prepares a written evaluation of an institution’s record of meeting the credit needs of its entire community and assigns a rating. Federal banking agencies make public a rating of a bank’s performance under the CRA. The Subsidiary Banks conduct an award-winning financial literacy program in their communities as part of their community outreach.

All of our Subsidiary Banks received a “Satisfactory” CRA rating in their most recently completed examinations. Financial institutions are evaluated under different CRA examinations procedures based upon their asset size classification, which asset thresholds are updated annually and were updated as of January 1, 2026. “Large bank” now means a bank with total assets equal to or greater than $1.649 billion for December 31 of both of the prior two calendar years, “small bank” means a bank with assets of less than $1.649 billion as of December 31 of either of the prior two calendar years, and “intermediate small bank” means a bank with assets of at least $412 million as of December 31 of both of the prior two calendar years and less than $1.649 billion as of December 31 of either of the prior two calendar years. Two of our Subsidiary Banks are considered “intermediate small banks” and IBC, IBC Brownsville and IBC Oklahoma are considered “large banks” under the new asset thresholds.

19

Table of Contents

Consumer Laws

In addition to the laws and regulations discussed herein, the Subsidiary Banks are also subject to numerous consumer laws and regulations that are designed to protect consumers in transactions with banks. These laws and regulations mandate certain disclosure requirements and regulate the manner in which financial institutions must deal with customers when taking deposits or making loans to such customers. The Subsidiary Banks must comply with the applicable provisions of these consumer finance protection laws and regulations as part of their ongoing customer relations. The Dodd-Frank Act established comprehensive new rules regulating mortgage activities and created the CFPB with direct supervisory authority to enforce certain consumer finance protection laws over banks with assets of $10 billion or more and certain nonbank entities.

The CFPB’s broad authority to issue, interpret, and enforce almost all federal consumer protection laws, and its issuance of applicable disclosure forms, may impact each of the Subsidiary Banks’ consumer compliance programs. The applicable consumer financial protection laws include, in part, the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Fair Debt Collection Procedures Act, the Truth in Lending Act, the Home Mortgage Disclosure Act, the Real Estate Settlement Practices Act, various state law counterparts, and the Consumer Financial Protection Act of 2010, which is part of the Dodd-Frank-Act. The CFPB also has broad authority, among other matters, to declare acts or practices to be “unfair, deceptive, or abusive,” and to develop and require new consumer disclosures. The CFPB has issued and continues to issue numerous regulations under which IBC and the Subsidiary Banks will continue to incur additional expenses in connection with ongoing compliance obligations. Significant recent CFPB developments that may affect operations and compliance costs include:

​

​

​

​

​

​

In light of the current political climate in Washington, DC and changes in CFPB leadership in recent years, we cannot predict what additional actions may be taken by the CFPB with respect to its previous regulations, rulings, and decisions and any impact on our operations. In October 2022, the United States Court of Appeals for the Fifth Circuit held that the mechanism for funding the CFPB was an unconstitutional violation of the Appropriations Clause. In 2024, the United States Supreme Court overturned the Fifth Circuit Court’s ruling and held that the mechanism for funding the CFPB is constitutional. While that ruling maintained the existence of the CFPB, it is unclear how active the CFPB will be under the current administration, what authority it will maintain given the significant legal challenges it has had and continues to face, and what, if any, priorities it will have under its new leadership. While the current administration signaled an intention to de-fund and ultimately shutter the CFPB, at least one court in late 2025 ordered the administration to continue to seek funding for and operating the CFPB. Several states have also joined a lawsuit to prevent the defunding of the CFPB. It is

20

Table of Contents

unclear to what extent the administration will be successful in defunding or otherwise terminating the CFPB. The new administration has appointed the Director of the Office of Management and Budget as acting director of the CFPB.

​

Military Lending Act

In 2015, the Department of Defense issued final amendments to the rule that implements the federal Military Lending Act. Under the amended rule, the Department of Defense expanded the definition of “consumer credit” to include a much broader range of credit products, including some credit products offered by depository institutions. The rule requires lenders to provide certain protections to borrowers who are covered under the rule. For instance, lenders must cap the Military Annual Percentage Rule for covered credit products provided to covered borrowers at 36%. Lenders must also provide certain disclosures and other protections to covered borrowers. Although a lender can use any method to determine a borrower’s military status, the lender can obtain a safe harbor by verifying the borrower’s military status either through the Department of Defense Manpower Data Center or by using a consumer credit report that contains military status.

Electronic Banking and Cybersecurity

The Federal Financial Institutions Examination Council (FFIEC) issued guidance in 2005 entitled “Authentication in an Internet Banking Environment” (2005 Guidance), followed by a 2011 supplement thereto (2011 Supplement). Together, the 2005 Guidance and the 2011 Supplement provided a risk-management framework for financial institutions offering Internet-based products and services to their customers and established the FDIC’s supervisory expectations regarding customer authentication, layered security, and other controls in an increasingly hostile online environment. In 2021, the FFIEC issued new guidance entitled “Authentication and Access to Financial Institution Services and Systems” (the 2021 Guidance), which replaced the 2005 Guidance and the 2011 Supplement. The 2021 Guidance addresses changes in the types and accessibility of online and mobile banking products and services, the increased use of new and emerging payment services, and the resulting risks associated with the cybersecurity-threat landscape. The primary objective of the 2021 Guidance is to provide effective risk management principles and practices related to identification, authentication, and access for consumer and business customers, employees, third parties, applications and devices that access and utilize digital banking services and information systems. The 2021 Guidance supports the use of multi-factor authentication in nearly every facet of banking services and highlights the importance of banks’ Internet and cybersecurity risk assessment in addressing and preventing unauthorized access to accounts, services and information and other cyber-crime.  In late 2022, the FFIEC published an update to its 2018 Cybersecurity Resource Guide for Financial Institutions, which includes cyber-attack and ransomware resources and guidance, and focuses on responding to cyber incidents and monitoring vendors and service providers.

In 2011, the Texas Banking Commissioner and the U.S. Secret Service formed the Bankers Electronic Crimes Task Force and issued guidance entitled “Best Practices for Banks: Reducing the Risks of Corporate Account Takeovers.” This guidance sets forth nineteen best practices to reduce the risk of corporate account takeover thefts. Our Subsidiary Banks are required to comply with these guidelines and best practices.

The National Institute of Standards and Technology (NIST) released a preliminary Framework for Improving Critical Infrastructure Cybersecurity (NIST Cybersecurity Framework) in 2014, and an update to that framework in 2018. In February 2024, the NIST Cybersecurity Framework 2.0 was released, which updated the original framework by expanding its scope to help organizations of all sizes and across sectors manage and mitigate cybersecurity risks and by emphasizing the importance of governance and supply chains in managing cybersecurity risks. Our Subsidiary Banks are expected to incorporate the NIST Cybersecurity Framework into their infrastructures and risk-management systems, which are also governed by FFIEC guidelines.

In 2016, the federal banking agencies proposed enhanced cyber-risk management standards for large, interconnected entities and their service providers.  The proposal established enhanced standards to increase the operational resilience of those entities and reduce the impact on the financial system in case of a cyber event experienced by any of them. The standards address cyber-risk governance, cyber-risk management, internal dependency management, external dependency management, incident response, cyber resilience, and situational awareness. The enhanced standards would be implemented in a tiered manner, imposing more stringent standards on the systems of those entities that are critical to the functioning of the financial sector. In 2021, the federal banking agencies adopted a rule governing computer security

21

Table of Contents

incidents and, in part, the rule requires notification by a regulated institution to its primary federal regulator in the event of certain cybersecurity-related incidents.

In February 2018, the SEC published interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents. The SEC guidelines, and any other regulatory guidance, are in addition to notification and disclosure requirements under state and federal banking laws and regulations. In July 2023, the SEC issued a final rule that, consistent with its rule proposal from March 2022, requires disclosure of material cybersecurity incidents and annual disclosure of material information concerning cybersecurity risk management, strategy, and governance. Under the final rule, registrants are required to disclose the occurrence of and key details about a material cybersecurity incident within four business days of determining that the incident is material and must provide periodic updates as to the status of the incident in subsequent filings.

In October 2023, President Joe Biden issued an Executive Order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI), which set new standards for AI safety and security, established guidelines and processes for the equitable use of AI, called on Congress to pass bipartisan data-privacy legislation, and directed federal agencies to take various actions to advance the safety, security, and trustworthiness of AI systems and to mitigate AI risks. Several of the directives in the EO involved the financial-services industry. For example, the EO directed the Secretary of the Treasury to prepare a public report advising financial institutions on best practices for managing AI-specific cybersecurity risks, and encouraged regulatory agencies to consider rulemaking to address the risks to financial stability and other risks that may result from using AI. Although President Trump ultimately rescinded President Biden’s AI EO on January 20, 2025, the prior EO demonstrates the types of executive actions related to AI that may impact the banking industry in the future.  On January 23, 2025, President Trump issued an EO entitled Removing Barriers to American Leadership in Artificial Intelligence, which encourages the development of AI systems that are void of ideological bias or social agendas and promotes American AI innovation. Although the EO does not include specific directives that impact the financial-services industry, the EO may encourage the development of AI technologies within the financial sector and cause financial institutions to evaluate whether existing AI systems adhere to the EO’s directive to be free from ideological bias or engineered social agendas. On December 11, 2025, President Trump issued an EO entitled Ensuring a National Policy Framework for Artificial Intelligence, which directs the development of a national policy framework for AI that is intended to be minimally burdensome, replace state-by-state regulatory regimes, and promote AI innovation and leadership in the United States. While the EO does not specifically impose requirements on financial institutions, it may inform future regulatory actions and policy developments related to the use of AI in the financial services industry, which could affect future compliance obligations.

Increasingly, state regulators are implementing additional privacy and cybersecurity standards and regulations. Recently, several states adopted regulations requiring certain financial institutions to implement cybersecurity programs and provide detailed requirements for such programs, including data encryption requirements. Many states have also recently implemented or modified their data breach notification and data privacy requirements. Effective January 1, 2020, Texas amended its data breach notification law, limiting the time frame for notifying individuals whose data has been compromised and requiring notice to the Texas Attorney General in certain circumstances.  In May 2023, Texas further amended its data breach notification law to revise the timing and method of notifying the Texas Attorney General of a cybersecurity breach. Pursuant to the amendment, notification of a breach must be submitted electronically to the Texas Attorney General using a form accessible from the Attorney General’s website, and the Attorney General must be notified as soon as practicable, but not later than 30 days following discovery of the breach. We expect state-level activity to continue in this area and will continue monitoring legislative developments in Texas and Oklahoma.

Affiliate Transactions

Our holding company and Subsidiary Banks are “affiliates” within the meaning of Section 23A of the Federal Reserve Act (FRA), which sets forth certain restrictions on (i) loans and extensions of credit between a bank subsidiary and affiliates, (ii) investments in an affiliate’s stock or other securities, and (iii) acceptance of such stock or other securities as collateral for loans. These restrictions prevent a bank holding company from borrowing from any of its bank subsidiaries unless the loans are secured by specific obligations. Further, such secured loans and investments by a bank subsidiary are limited in amount, as to a bank holding company or any other affiliate, to 10% of such bank subsidiary’s capital and surplus and, as to the bank holding company and its affiliates, to an aggregate of 20% of such bank subsidiary’s capital and surplus.

22

Table of Contents

Certain restrictions do not apply to 80% or more owned sister banks of bank holding companies. Each Subsidiary Bank is wholly-owned by our holding company.

Section 23B of the FRA requires that the terms of affiliate transactions be comparable to terms of similar non-affiliate transactions. Among other things, the Dodd-Frank Act expands the limitations on affiliate transactions by expanding the definitions of “affiliate” and of “covered transactions,” which include debt obligations of an affiliate utilized as collateral. The Dodd-Frank Act also requires that the 10% of capital limit on covered transactions begin to apply to non-bank financial subsidiaries. “Covered transactions” are defined to include a loan or extension of credit, as well as a purchase of securities issued by an affiliate, a purchase of assets (unless otherwise exempted by the FRB) from the affiliate, the acceptance of securities issued by the affiliate as collateral for a loan, and the issuance of a guarantee, acceptance or letter of credit on behalf of an affiliate. While the Dodd-Frank Act’s changes to Sections 23A and 23B of the FRA became effective in 2012, the FRB has not amended Regulation W to reflect those changes. However, in March 2021, the FRB staff provided guidance (in the form of a memorandum and answers to frequently asked questions developed by the staff) indicating that Sections 23A and 23B of the FRA should be interpreted as having been amended by the Dodd-Frank Act and that the FRB is in the process of revising Regulation W to reflect the Dodd-Frank Act’s changes. Although no further amendments to Regulation W have been published to date, we will continue to monitor guidance and communication from the FRB for any future updates.

Insider Loans

The restrictions on loans to directors, executive officers, principal shareholders, and their related interests contained in the FRA and Regulation O apply to all insured institutions and their subsidiaries and holding companies. In general, any such extensions of credit must (i) not exceed certain dollar limitations, (ii) be made on substantially the same terms, including interest rates and collateral, as those prevailing at the time for comparable transactions with third parties, and (iii) not involve more than the normal risk of repayment or present other unfavorable features.  Additional restrictions are imposed on extensions of credit to executive officers. Certain extensions of credit also require the approval of a bank’s board of directors. There is also an aggregate limitation on all loans to insiders and their related interests. These loans cannot exceed the institution’s total unimpaired capital and surplus, and the FDIC may determine that a lesser amount is appropriate. Insiders are subject to enforcement actions for knowingly accepting loans in violation of applicable restrictions.

Mortgage Lending

The CFPB and other federal regulatory agencies have issued various amendments and updated interpretive rules over the past decade to clarify and enhance mortgage-lending regulations, especially regarding mortgage servicing standards, consumer protections, and disclosure requirements. Key updates over the years have included:  (i) the CFPB making multiple revisions to Regulation X and Regulation Z that have addressed force-placed insurance, early intervention, loss-mitigation requirements, and periodic statement requirements (ii) the CFPB issuing a final interpretive rule amending the mortgage servicing rules, clarifying the interaction of the Fair Debt Collection Practices Act (FDCPA), and addressing the insufficiency of hazard insurance; (iii) the CFPB, FRB, and OCC finalizing amendments to the official interpretations that implement special appraisal requirements for “higher-risk mortgages” or “higher-priced mortgages”; (iv) the CFPB modifying the TILA-RESPA Integrated Disclosure Rule implemented in Regulations X and Z to create tolerances for the total of payments and to provide guidance on sharing the integrated disclosures with various parties involved in the mortgage origination process; and (v) the CFPB issuing an interim final rule to give servicers more flexibility regarding when to communicate about foreclosure prevention options with borrowers who have requested a cease in communication under federal debt collection law and how to respond and communicate with potential successors in interest.

The CFPB and other federal regulators continue to issue guidance and regulatory updates that affect mortgage lending, including updated guidelines and proposed regulatory revisions that signal an ongoing focus on redlining and discrimination in mortgage lending, revisions to the CRA and greater oversight of property appraisals, and related algorithms and machine learning tools that can be used in the appraisal process. The CFPB recently issued a proposed rule that would remove regulations regarding disparate impact under the Equal Credit Opportunity Act and would instead leave such determinations solely to the courts to interpret and apply.  It is unclear whether or to what extent this rule will be implemented.

23

Table of Contents

Powers

As a result of the FDICIA, the authority of the FDIC over state-chartered banks was expanded. The FDICIA limits state chartered banks to only those principal activities permissible for national banks, except for other activities specifically approved by the FDIC. The Texas Banking Act includes a parity provision which establishes procedures for state banks to notify the Texas Banking Commissioner if the bank intends to conduct any activity permitted for a national bank that is otherwise denied to a state bank. The Texas Banking Commissioner has 30 days to prohibit the activity. Also, the Texas Finance Code includes a “super parity” provision with procedures for state banks to notify the Texas Banking Commissioner if the bank intends to conduct any activity permitted for any depository institution in the United States. The Texas Banking Commissioner has 30 days after receiving such notice to prohibit the activity. Similarly, under the Oklahoma Banking Code, Oklahoma state banks have the authority to exercise such incidental powers as may be necessary or desirable to carry on the banking business including, but not limited to, powers conferred upon national banks, unless otherwise prohibited or limited by the Oklahoma Banking Commissioner or the Oklahoma State Banking Board.  Additionally, upon approval of the Oklahoma Banking Commissioner, and subject to all applicable federal and state laws, the operating subsidiaries or financial subsidiaries of an Oklahoma state bank may exercise any power and engage in any activity that is permitted for an operating subsidiary or financial subsidiary of a national bank, unless otherwise prohibited or limited by the Oklahoma Banking Commissioner or Oklahoma State Banking Board.

Incentive Compensation

In June 2010, the FRB, OCC, and FDIC issued the Interagency Guidance on Sound Incentive Compensation Policies, a comprehensive final guidance on incentive compensation policies intended to ensure that the incentive compensation policies of banking organizations do not undermine the safety and soundness of such organizations by encouraging excessive risk taking. The guidance, which covers all employees that have the ability to materially affect the risk profile of an organization, either individually or as part of a group, is based upon the key principles that a banking organization’s incentive compensation arrangements should (i) provide incentives that do not encourage risk-taking beyond the organization’s ability to effectively identify and manage risks, (ii) be compatible with effective internal controls and risk management, and (iii) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors.

As part of its regular, risk-focused examination process, the FRB reviews the incentive compensation arrangements of banking organizations. These reviews are tailored to each organization based on the scope and complexity of the organization’s activities and the prevalence of incentive compensation arrangements. The findings of the supervisory initiatives are included in reports of examination. Deficiencies are incorporated into the organization’s supervisory ratings, which can affect the organization’s ability to make acquisitions and take other actions. Enforcement actions may be taken against a banking organization if its incentive compensation arrangements, or related risk-management control or governance processes, pose a risk to the organization’s safety and soundness and the organization is not taking prompt and effective measures to correct the deficiencies.

The Dodd-Frank Act requires the federal banking agencies and the SEC to jointly prescribe regulations or guidelines that require financial institutions with $1 billion or more in assets to disclose to the appropriate federal regulator, the structure of all incentive-based compensation arrangements sufficient to determine whether the compensation structure provides an executive officer, employee, director, or principal shareholder (collectively, “covered persons”) with excessive compensation, fees, or benefits, or could lead to material financial loss to the financial institutions. In April 2011 and June 2016, the SEC and the federal banking agencies issued joint notices of proposed rulemaking that would prohibit a covered financial institution from establishing or maintaining any incentive-based compensation arrangements for covered persons that expose the financial institution to inappropriate risks by providing the covered person with excessive compensation that could lead to a material financial loss.  A compensation arrangement would be considered too risky unless it appropriately balanced risk and reward, was compatible with effective risk management and controls, and was supported by effective governance. Compensation, fees, and benefits would be deemed excessive if the amounts paid were unreasonable or disproportionate to the value of the services performed by a covered person, taking into account an array of factors. The proposal would apply to financial institutions with more than $1 billion in assets. The rule also included heightened standards for financial institutions with $50 billion or more in total consolidated assets, requiring at least 50% of incentive-based payments for designated executives to be deferred for a minimum of three years. In addition to the

24

Table of Contents

provisions of the 2011 proposed rule, the 2016 proposed rule specified that an incentive-based compensation arrangement would only be deemed to have appropriately balanced risk and reward if it included financial and non-financial measures of performance, was designed to allow non-financial measures of performance to override financial measures of performance, and was subject to adjustment to reflect actual losses, inappropriate risks taken, compliance deficiencies, or other measures or aspects of financial and non-financial performance. As with the 2011 proposed rule, no final rule was adopted in connection with the 2016 rule proposal.

In June 2023, the SEC included incentive-based compensation arrangements on its spring 2024 rulemaking agenda, signaling that a third round of proposed rulemaking on incentive-based compensation arrangements may occur. However, the SEC has not yet issued a new proposal. In May 2024, the OCC, the FDIC, the Federal Housing Finance Agency (FHFA), and the National Credit Union Administration (NCUA) re-proposed the 2016 proposed rule on incentive-based compensation arrangements. Once a final rule is developed, Section 956 of the Dodd-Frank Act requires the interagency rule to be approved by the FDIC, the OCC, the FHFA, the NCUA, the FRB, and the SEC. Given that the SEC and the FRB declined to join the other agencies in re-proposing the 2016 proposed rule, the likelihood of a final rule on incentive-based compensation arrangements being finalized and implemented remains uncertain.

Regulation Z was amended in 2011 to restrict incentive compensation programs with regard to residential mortgage programs. Such limitations affect mortgage brokers as well as loan officers in the subsidiary banks. Compensation may be tied to volume, but not to terms or conditions of the transaction other than the amount of credit extended. Further amendments to Regulation Z relating to mortgage loan originator compensation were adopted on January 20, 2013, by the CFPB in accordance with the Dodd-Frank Act.

In October 2022, the SEC adopted a final rule directing national securities exchanges and associations, including Nasdaq, to implement listing standards that required listed companies to adopt policies mandating the recovery or “clawback” of excess incentive-based compensation earned by a current or former executive officer during the three fiscal years preceding the date the listed company is required to prepare an accounting restatement, including to correct an error that would result in a material misstatement if the error were corrected in the current period or left uncorrected in the current period. Nasdaq implemented the required listing standards under Rule 5608 of its listing rules, which became effective on October 2, 2023. Nasdaq-listed companies were required to adopt a compliant policy no later than December 1, 2023. Prior to that date, we amended and restated our Compensation Clawback Policy to meet the standards set forth in Rule 5608 and to be effective as of October 2, 2023. A copy of our clawback policy is attached as Exhibit 97 hereto.

The scope and content of the U.S. regulators’ policies on executive compensation are continuing to develop and are likely to continue evolving. It cannot be determined at this time whether compliance with such policies will adversely affect our ability to hire, retain, and motivate our key employees.

Legislative and Regulatory Initiatives

From time to time, various legislative and regulatory initiatives are introduced in Congress and state legislatures, as well as by regulatory agencies. Such initiatives may include proposals to expand or contract the powers of bank holding companies and depository institutions or proposals to substantially change the financial institution regulatory system. Such legislation could change banking statutes and our operating environment in substantial and unpredictable ways. Such changes could have a material effect on our business, including increasing our cost of doing business, affecting our compensation structure, or limiting or expanding permissible activities. We cannot predict whether any such changes will be adopted, and we cannot determine the ultimate effect that potential legislation, if enacted, or implementing regulations with respect thereto, would have upon our financial condition or results of our operations. The same uncertainty exists with respect to regulations authorized or required under the Dodd-Frank Act, but that have not yet been proposed or finalized. There is also the possibility that the Dodd-Frank Act or other federal laws may be revised by Congress in the future because certain bills have been introduced into Congress from time to time that would amend certain provisions of the Dodd-Frank Act, or other federal legislation relating to financial institutions. Similarly, it is possible that the legislatures of the State of Texas or the State of Oklahoma would amend applicable state laws relating to us or our Subsidiary Banks.