First Internet Bancorp (INBK) Business
This page reproduces the company's own Item 1 Business text from the linked SEC filing. It is filer text, not grepcent analysis, scoring, or investment advice.
Informational only - not investment advice. See Disclaimer.
Item 1. Business
When we refer to “First Internet Bancorp,” the “Company,” “we,” “us” and “our” in the remainder of this Annual Report on Form 10-K, we mean First Internet Bancorp and its consolidated subsidiaries, unless the context indicates otherwise. References to “First Internet Bank” or the “Bank” refer to First Internet Bank of Indiana, an Indiana chartered bank and wholly-owned subsidiary of the Company.
Overview
First Internet Bancorp is a bank holding company headquartered in Fishers, Indiana that conducts its primary business activities through its wholly-owned subsidiary, First Internet Bank of Indiana, an Indiana chartered bank. The Bank was the first state-chartered, Federal Deposit Insurance Corporation (“FDIC”) insured Internet bank and commenced banking operations in 1999. First Internet Bancorp was incorporated under the laws of the State of Indiana on September 15, 2005. On March 21, 2006, we consummated a plan of exchange by which we acquired all of the outstanding shares of the Bank.
The Bank has three wholly-owned subsidiaries: First Internet Public Finance Corp., an Indiana corporation that provides a range of public and municipal finance lending and leasing products to governmental entities throughout the United States and acquires securities issued by state and local governments and other municipalities; JKH Realty Services, LLC, a Delaware limited liability company that manages other real estate owned properties as needed; and SPF15, Inc., an Indiana corporation that owns real estate used primarily for the Bank’s principal office.
We offer a wide range of commercial, small business, consumer and municipal banking products and services. We conduct our consumer and small business deposit operations primarily through digital channels on a nationwide basis and have no traditional branch offices. Our consumer lending products are primarily originated on a nationwide basis through relationships with dealerships and financing partners.
Our commercial banking products and services are delivered through a relationship banking model or through strategic partnerships and include commercial and industrial (“C&I”) lending, construction and investor commercial real estate lending, single tenant lease financing, public finance, specialty finance, small business lending, and commercial deposits and treasury management. Our C&I team provides credit solutions such as lines of credit, term loans, owner-occupied commercial real estate loans and corporate credit cards on a regional basis to commercial borrowers primarily in the Midwest and Southwest regions of the United States. We offer construction, investor commercial real estate loans and single tenant lease financing on a nationwide basis. Our public finance team provides a range of public and municipal lending and leasing products to government entities on a nationwide basis. Our specialty finance team manages our healthcare, franchise finance and equipment finance portfolios and our commercial deposits and treasury management team works with the other commercial teams to provide deposit products and treasury management services to our commercial and municipal lending customers as well as pursues commercial deposit opportunities in business segments where we have no credit relationships.
We believe that we differentiate ourselves from larger financial institutions by providing a full suite of services to emerging small businesses and entrepreneurs on a nationwide basis. We ranked as the 7th largest Small Business Administration (“SBA”) 7(a) lender for the SBA’s 2025 fiscal year. We also offer a top-ranked small business checking account product to our country’s entrepreneurs.
We also offer payment, deposit, card and lending products and services through partnerships with financial technology companies and platforms (“fintechs”). With the rapid evolution of technology that enables small businesses to manage their finances digitally, fintechs are addressing a significantly growing marketplace. Fintechs have created robust digital offerings, unburdened by legacy technology architecture, to address growing customer expectations. Through partnerships with selected fintechs, we believe our ability to win and retain small business relationships will be significantly enhanced. Furthermore, we believe partnering with select fintechs will allow us to further diversify our revenue sources, acquire deposits and pursue additional asset generation capabilities.
As of December 31, 2025, the Company had consolidated assets of $5.6 billion, consolidated deposits of $4.8 billion and shareholders’ equity of $359.8 million.
1
Human Capital
As of December 31, 2025, we employed 355 people consisting of 354 full-time employees and 1 part-time employee. Our team members have been, and continue to be, our most valuable assets, helping to create a strong workplace culture that recognizes the unique contributions and perspectives of each individual.
We empower our employees to “Imagine More.” We seek the game-changers, innovators and dreamers – those who are driven to find a better way of doing things for customers and each other. Our employees are encouraged to think outside the box and look for innovative ways to improve efficiency, drive revenue and decrease costs. One example is our Eureka! program, which promotes the submission of unique ideas to a senior leadership panel for review and possible selection. This program enables our employees to serve as team leads and members of cross-functional teams that develop and implement ideas that drive our business while upskilling in the areas of influential leadership, collaboration, communication, critical thinking and change management.
We encourage community involvement and opportunities that support team members, both inside and outside the office. We commit time, talent and financial support to community initiatives that inspire passion among our team members and support the communities within which we live and work. We allow paid volunteer time and sponsor community initiatives such as Junior Achievement Biztown and Habitat for Humanity. Team members serve on non-profit and other Boards/committees, with organizations such as Indianapolis Neighborhood Housing Partnership (INHP), Indy Chamber, and the Indiana Department of Workforce Development, to assist in meeting the community’s most pressing needs. The result is a sense of pride and increased engagement within the Bank that serves as a catalyst for the greater good.
We focus on the employee experience and culture. We are a digital bank, but we strongly believe in the power of personal connection and collaboration, resulting in a relationship-rich culture that enables us to live and work to our very best potential. To that end, we promote and support the development of employee-led business resource groups, which currently include First Ladies, LIFT (a professional development group), and BELONG (a group engaged in celebrating and learning about our unique experiences, heritages, etc.). We also offer tuition reimbursement for professional development and a robust internal training program. In addition, we provide leadership training and coaching through certified HR coaches and a third‑party consultant to help employees develop their skills, leverage their strengths, lead effectively, advance their careers, and perform competently and confidently. The professional development program reimburses approved tuition costs, certification costs, registration fees for classes or relevant seminars, and costs of books and computer-based resources as required by class. The internal training program focuses on topics such as privacy, fair banking, skills-training and many industry specific topics and regulations.
Our focus on employees is evidenced by the number of “best workplace” awards we have been honored with over the years. And we remain committed to an entrepreneurial culture, employee growth and empowerment, robust training and support, and competitive compensation and benefits that will enable us to attract the top talent and continue to “Imagine More.”
Competition
The markets in which we compete to make loans, attract deposits and provide fee based financial services are highly competitive. For consumer banking activities, we compete with other digital banks and fintech companies, in addition to traditional banks, savings banks, credit unions, investment banks, insurance companies, securities brokerages and other financial institutions, as nearly all have some form of digital delivery for their consumer banking services.
For our C&I lending activities, we compete with super-regional, regional and community banks operating in the Midwest and Southwest regions of the United States. For our single tenant lease financing activities, we compete nationally with regional banks, community banks and credit unions, as well as life insurance companies and commercial mortgage-backed securities lenders. For our construction, investor commercial real estate, public finance and specialty finance activities, we compete nationally with superregional, regional and community banks. These competitors may have significantly greater financial resources and higher lending limits than we do and may also offer specialized products and services that we do not. For our small business lending activities, we compete on a national footprint with other participating SBA-approved lenders, including a large number of superregional, regional and community banks, as well as non-bank lenders. These competitors have resources and/or lending limits that differ greatly from one another.
Regulation and Supervision
The U.S. banking industry is highly regulated under federal and state law and this regulatory environment has a material effect on the operations and financial condition of the Company and its subsidiaries. As a result, the Company’s
2
growth and earnings performance may be affected not only by management decisions and general economic conditions, but also by the requirements of federal and state statutes and by the regulations and policies of various bank regulatory agencies, including the Indiana Department of Financial Institutions (the “DFI”), the Board of Governors of the Federal Reserve System (the “Federal Reserve”), the FDIC and the Consumer Financial Protection Bureau (“CFPB”). Furthermore, taxation laws administered by the Internal Revenue Service and state taxing authorities, accounting rules developed by the Financial Accounting Standards Board (the “FASB”), securities laws administered by the SEC and state securities authorities, and anti-money laundering laws enforced by the U.S. Department of the Treasury (“U.S. Treasury”) also have an impact on the Company’s business. This regulatory framework is intended for the protection of depositors, borrowers and other customers, as well as the FDIC deposit insurance fund and the U.S. banking system, rather than the Company’s shareholders or creditors.
Banking statutes and regulations are subject to ongoing review and revision by federal and state legislatures and regulatory agencies. Future changes in laws, regulations or regulatory policies, including changes in the ways laws and regulations are interpreted or enforced, could affect us in significant and unpredictable ways that may have a material impact on our business.
Federal and state banking laws and regulations affect, among other things, the scope of the Company’s business; the kinds and amounts of investments the Company and Bank may make; the fees and charges that may be imposed for bank products and services; required capital levels relative to assets; the nature and amount of collateral for loans; the ability to merge, consolidate, and acquire; dealings with the Company’s and Bank’s insiders and affiliates; and the Company’s payment of dividends. The cost of compliance with these legal and regulatory requirements has increased over time and could increase further in the future in response to changing laws and regulations or regulatory expectations, or as the Company grows and passes certain asset size thresholds at which additional requirements begin to apply.
The supervisory framework for U.S. banking organizations subjects banks and their holding companies to regular examination by their respective regulatory agencies, which results in examination reports and ratings that are in most cases not publicly available and that can impact the conduct and growth of their business. These examinations consider not only compliance with applicable laws and regulations, but also capital levels, asset quality and risk, management ability and performance, earnings, liquidity, and various other factors. Regulatory agencies may impose restrictions and limitations on the operations of a regulated entity where the agencies determine, among other things, that such operations are unsafe or unsound, fail to comply with applicable law, or are otherwise inconsistent with laws and regulations. These regulatory agencies have broad enforcement power over regulated entities, including the ability to impose substantial fines and other adverse consequences for violations of law and regulations.
Following is a summary of the material elements of the supervisory and regulatory framework applicable to the Company and Bank. It does not describe all of the statutes, regulations, and regulatory policies that apply, and the descriptions in this summary are qualified in their entirety by reference to the particular statutory and regulatory provisions involved.
Holding Company Regulation
General. The Company is registered as a bank holding company under the Bank Holding Company Act of 1956 (the “BHCA”). It is subject to regulation, supervision, examination and enforcement by the Federal Reserve. Under the BHCA, the Company is required to file with the Federal Reserve periodic reports of its operations and such additional information regarding the Company and Bank as the Federal Reserve may require. In addition, the Federal Reserve has the authority to issue orders to bank holding companies to cease and desist from unsafe or unsound banking practices and from violations of conditions imposed by, or violations of agreements with, the Federal Reserve. The Federal Reserve is also empowered to assess civil money penalties against companies or individuals who violate Federal Reserve orders or regulations, to order termination of nonbanking activities of bank holding companies and to order termination of ownership and control of a nonbanking subsidiary by a bank holding company.
Capital Requirements. The Company and the Bank are required under federal law to maintain certain minimum capital levels based on ratios of capital to total assets and capital to risk-weighted assets. The required capital ratios are minimums, and the federal banking agencies may determine that a banking organization, based on its size, complexity or risk profile, must maintain a higher level of capital in order to operate in a safe and sound manner. Risks such as concentration of credit risks and the risk arising from non-traditional activities, as well as the institution’s exposure to a decline in the economic value of its capital due to changes in interest rates, and an institution’s ability to manage those risks are important factors that are to be taken into account by the federal banking agencies in assessing an institution’s overall capital adequacy. The following is a brief description of the relevant provisions of these capital rules and their potential impact on our capital levels.
3
The Company and the Bank are subject to the following risk-based capital ratios: a common equity Tier 1 (“CET1”) risk-based capital ratio, a Tier 1 risk-based capital ratio, which includes CET1 and additional Tier 1 capital, and a total risk-based capital ratio, which includes Tier 1 and Tier 2 capital. CET1 is primarily comprised of the sum of common stock instruments and related surplus net of treasury stock, retained earnings, and certain qualifying minority interests, less certain adjustments and deductions, including with respect to goodwill, intangible assets, mortgage servicing assets and deferred tax assets subject to temporary timing differences. Additional Tier 1 capital is primarily comprised of noncumulative perpetual preferred stock, tier 1 minority interests and grandfathered trust preferred securities. Tier 2 capital consists of instruments disqualified from Tier 1 capital, including qualifying subordinated debt, other preferred stock and certain hybrid capital instruments, and a limited amount of allowance for credit loss up to a maximum of 1.25% of risk-weighted assets, subject to certain eligibility criteria. The capital rules also define the risk-weights assigned to assets and off-balance sheet items to determine the risk-weighted asset components of the risk-based capital rules, including, for example, certain “high volatility” commercial real estate, past due assets, structured securities and equity holdings.
The leverage capital ratio, which serves as a minimum capital standard, is the ratio of Tier 1 capital to quarterly average total assets net of goodwill, certain other intangible assets, and certain required deduction items. The required minimum leverage ratio for all banks and bank holding companies is 4%.
In addition, the capital rules also require a capital conservation buffer of CET1 capital of 2.5% above each of the minimum capital ratio requirements (CET1, Tier 1, and total risk-based capital), which is designed to absorb losses during periods of economic stress. These buffer requirements must be met for a bank or bank holding company to be able to pay dividends, engage in share buybacks or make discretionary bonus payments to executive management without restriction.
The Federal Deposit Insurance Corporation Improvement Act of 1991 (“FDICIA”), among other things, requires the federal bank regulatory agencies to take “prompt corrective action” regarding depository institutions that do not meet minimum capital requirements. FDICIA establishes five regulatory capital tiers: “well capitalized,” “adequately capitalized,” “undercapitalized,” “significantly undercapitalized,” and “critically undercapitalized.” A depository institution’s capital tier will depend upon how its capital levels compare to various relevant capital measures and certain other factors, as established by regulation. FDICIA generally prohibits a depository institution from making any capital distribution (including payment of a dividend) or paying any management fee to its holding company if the depository institution would thereafter be undercapitalized. FDICIA imposes progressively more restrictive restraints on operations, management and capital distributions, depending on the category in which an institution is classified. Undercapitalized depository institutions are subject to restrictions on borrowing from the Federal Reserve System. In addition, undercapitalized depository institutions may not accept brokered deposits absent a waiver from the FDIC, are subject to growth limitations and are required to submit capital restoration plans for regulatory approval. A depository institution’s holding company must guarantee any required capital restoration plan, up to an amount equal to the lesser of 5 percent of the depository institution’s assets at the time it becomes undercapitalized or the amount of the capital deficiency when the institution fails to comply with the plan. Federal banking agencies may not accept a capital plan without determining, among other things, that the plan is based on realistic assumptions and is likely to succeed in restoring the depository institution’s capital. If a depository institution fails to submit an acceptable plan, it is treated as if it is significantly undercapitalized. The Bank was well capitalized at December 31, 2025, and brokered deposits are not restricted.
To be well-capitalized, the Bank must maintain at least the following capital ratios:
i.5.0% leverage ratio.
ii.6.5% CET1 to risk-weighted assets;
iii.8.0% Tier 1 capital to risk-weighted assets; and
iv.10.0% Total capital to risk-weighted assets;
The Federal Reserve has different requirements than those imposed under the current capital rules applicable to banks. For purposes of the Federal Reserve’s Regulation Y, including determining whether a bank holding company meets the requirements to be a financial holding company, bank holding companies, such as the Company, must maintain a Tier 1 risk-based capital ratio of 6.0% or greater and a total risk-based capital ratio of 10.0% or greater to be well-capitalized. If the Federal Reserve were to apply the same or a very similar well-capitalized standard to bank holding companies as that applicable to the Bank, the Company’s capital ratios as of December 31, 2025 would exceed such revised well-capitalized standard. Also, the Federal Reserve may require bank holding companies, including the Company, to maintain capital ratios substantially in excess of mandated minimum levels, depending upon general economic conditions and a bank holding company’s particular condition, risk profile and growth plans.
4
Activities, Acquisitions, and Changes in Control. Bank holding companies generally are limited to the business of banking, managing or controlling banks, and other activities that the Federal Reserve determines to be closely related to banking, or managing or controlling banks as to be a proper incident thereto. Bank holding companies are prohibited from acquiring or obtaining control of more than five percent (5%) of any class of voting interests of any company that engages in activities other than those activities permissible for bank holding companies. Examples of activities that the Federal Reserve has determined to be permissible are making, acquiring, brokering, or servicing loans; leasing personal property; providing certain investment or financial advice; performing certain data processing services; acting as agent or broker in selling credit life insurance and other insurance products in certain locations; securities brokerage; and performing certain insurance underwriting activities. The BHC Act does not place domestic geographic limits on permissible non-banking activities of bank holding companies. Even with respect to permissible activities, however, the Federal Reserve has the power to order a holding company or its subsidiaries to terminate any activity or its control of any subsidiary when the Federal Reserve has reasonable cause to believe that continuation of such activity or control of such subsidiary would pose a serious risk to the financial safety, soundness or stability of any bank subsidiary of that holding company.
The BHCA requires a bank holding company to obtain approval from the Federal Reserve before (i) acquiring or holding more than a 5% voting interest in any bank or bank holding company, (ii) acquiring all or substantially all of the assets of another bank or bank holding company or (iii) merging or consolidating with another bank holding company. In reviewing a proposed covered acquisition, among other factors, the Federal Reserve considers (1) the financial and managerial resources of the companies involved, including pro forma capital ratios; (2) the risk to the stability of the United States banking or financial system; (3) the convenience and needs of the communities to be served, including performance under the CRA; and (4) the effectiveness of the companies in combating money laundering. The Federal Reserve also reviews any indebtedness to be incurred by a bank holding company in connection with a proposed acquisition to ensure that the bank holding company can service such indebtedness without adversely affecting its ability to serve as a source of strength to its bank subsidiaries. Well capitalized and well managed bank holding companies are permitted to acquire control of banks in any state, subject to federal regulatory approval, without regard to whether such a transaction is prohibited by the laws of any state. However, a bank holding company may not, following an interstate acquisition, control more than 10% of nationwide insured deposits or 30% of deposits within any state in which the acquiring bank operates. Federal banking regulators are also required to take into account compliance with the CRA in evaluating any proposal for interstate bank acquisitions.
Federal law restricts the amount of voting stock of a bank holding company or a bank that a person may acquire without the prior approval of banking regulators. Under the Change in Bank Control Act and the regulations thereunder, a person or group must give advance notice to and obtain approval from the Federal Reserve before acquiring control of any bank holding company, such as the Company. The Change in Bank Control Act creates a rebuttable presumption of control if a member or group acquires a certain percentage or more of any class of a bank holding company’s voting stock. As a result, a person or entity generally must provide prior notice to the Federal Reserve before acquiring the power to vote 10% or more of our outstanding common stock. The overall effect of such laws is to make it more difficult to acquire a bank holding company by tender offer or similar means than it might be to acquire control of another type of corporation. Consequently, shareholders of the Company may be less likely to benefit from the rapid increases in stock prices that may result from tender offers or similar efforts to acquire control of other companies. Investors should be aware of these requirements when acquiring shares of our stock.
Holding Company Dividends. The Company’s ability to pay dividends to shareholders will be impacted both by general corporate law considerations and policies of the Federal Reserve applicable to bank holding companies. It may also be impacted by the ability of the Bank to pay dividends to the Company, discussed under “Bank Regulation—Dividends” below. As an Indiana corporation, the Company is subject to the Indiana Business Corporation Law, as amended, which prohibits the Company from paying a dividend if, after giving effect to the dividend, the Company would not be able to pay its debts as they become due in the usual course of business, or if the Company’s total assets would be less than the sum of its total liabilities plus the amount that would be needed, if the corporation were to be dissolved at the time of the distribution, to satisfy the preferential rights upon dissolution of shareholders whose preferential rights are superior to those receiving the distribution.
The Federal Reserve has indicated that the board of directors of a bank holding company should eliminate, defer or significantly reduce dividends to shareholders if: (i) the company’s net income available to shareholders for the past four quarters, net of dividends previously paid during that period, is not sufficient to fully fund the dividends; (ii) the prospective rate of earnings retention is inconsistent with the Company’s capital needs and overall current and prospective financial condition; or (iii) the company will not meet, or is in danger of not meeting, its minimum regulatory capital adequacy ratios. The Federal Reserve possesses enforcement powers to prevent or remedy actions that represent unsafe or unsound practices or violations of applicable statutes or regulations. Among those powers is the ability to restrict the payment of dividends. In addition, under the Basel III Rule, institutions that seek the freedom to pay dividends have to maintain 2.50% in Common Equity Tier 1 Capital attributable to the capital conservation buffer. See “Capital Requirements” section above.
5
Source of Strength. Under the Dodd-Frank Act, we are required to serve as a source of financial and managerial strength for the Bank and to commit resources to support it in circumstances where we might not otherwise do so, in the event of the financial distress of the Bank. This provision codified the longstanding policy of the Federal Reserve. In addition, any capital loans by a bank holding company to any of its depository subsidiaries are subordinate to the payment of deposits and to certain other indebtedness. In the event of a bank holding company’s bankruptcy, any commitment by the bank holding company to a federal bank regulatory agency to maintain the capital of a depository subsidiary will be assumed by the bankruptcy trustee and entitled to a priority of payment.
Employee Incentive Compensation. Under regulatory guidance applying to all banking organizations, incentive compensation policies must be consistent with safety and soundness principles. Under this guidance, banking organizations must review their compensation programs to ensure that they: (i) provide employees with incentives that appropriately balance risk and reward and that do not encourage imprudent risk, (ii) are compatible with effective controls and risk management, and (iii) are supported by strong corporate governance, including active and effective oversight by the banking organization's board of directors. Monitoring methods and processes used by a banking organization should be commensurate with the size and complexity of the organization and its use of incentive compensation.
Bank Regulation
General. The Bank is an Indiana-chartered bank formed pursuant to the Indiana Financial Institutions Act (the “IFIA”). As such, the Bank is regularly examined by and subject to regulations promulgated by the DFI and the FDIC as its primary federal bank regulator. The Bank is not a member of the Federal Reserve System.
Business Activities. The Bank derives its lending and investment powers from the IFIA, the Federal Deposit Insurance Act (the “FDIA”) and related regulations.
Loans-to-One Borrower Limitations. Generally, the Bank’s total loans or extensions of credit to a single borrower, including the borrower’s related entities, outstanding at one time, and not fully secured, cannot exceed 15% of the Bank’s unimpaired capital and surplus. If the loans or extensions of credit are fully secured by readily marketable collateral, the Bank may lend up to an additional 10% of its unimpaired capital and surplus.
Community Reinvestment Act. Under the CRA, as implemented by FDIC regulations, the Bank has a continuing and affirmative obligation, consistent with safe and sound banking practices, to help meet the credit needs of its entire community, including low and moderate-income neighborhoods. The CRA does not establish specific lending requirements or programs for financial institutions nor does it limit an institution’s discretion to develop the types of products and services that it believes are best suited to its particular community, consistent with the CRA. The CRA requires the FDIC, in connection with its examinations of the Bank, to assess the Bank’s record of meeting the credit needs of its entire community and to take that record into account in evaluating certain applications for regulatory approvals that we may file with the FDIC.
Due to its online-driven model and nationwide banking platform, the Bank has opted to operate under a CRA Strategic Plan, which sets forth certain guidelines the Bank must meet. The Bank’s current CRA Strategic Plan covers the time period of January 1, 2024 through December 31, 2026. The Bank received a “Satisfactory” CRA rating in its most recent CRA examination. Failure of an institution to receive at least a “Satisfactory” rating could inhibit such institution or its holding company from engaging in certain activities or pursuing acquisitions of other financial institutions.
Transactions with Affiliates. The authority of the Bank, like other FDIC-insured institutions, to engage in transactions with its “affiliates” is limited by Sections 23A and 23B of the Federal Reserve Act and the Federal Reserve’s Regulation W. An “affiliate” for this purpose is defined generally as any company that owns or controls the Bank or is under common ownership or control with the Bank, but excludes a company controlled by a bank. In general, transactions between the Bank and its affiliates must be on terms that are consistent with safe and sound banking practices and at least as favorable to the Bank as comparable transactions between the Bank and non-affiliates. In addition, covered transactions with affiliates are restricted individually to 10% and in the aggregate to 20% of the Bank’s capital. Collateral ranging from 100% to 130% of the loan amount depending on the quality of the collateral must be provided for an affiliate to secure a loan or other extension of credit from the Bank. The Company is an “affiliate” of the Bank for purposes of Regulation W and Sections 23A and 23B of the Federal Reserve Act.
Loans to and Other Transactions with Insiders. The Bank’s authority to extend credit to its directors, executive officers and principal shareholders, as well as to entities controlled by such persons (“Related Interests”), is governed by Sections 22(g) and 22(h) of the Federal Reserve Act and Regulation O of the Federal Reserve. Among other things, these
6
provisions require that extensions of credit to insiders: (1) be made on terms that are substantially the same as, and follow credit underwriting procedures that are not less stringent than, those prevailing for comparable transactions with unaffiliated persons and that do not involve more than the normal risk of repayment or present other unfavorable features; and (2) not exceed certain limitations on the amount of credit extended to such persons, individually and in the aggregate, which limits are based, in part, on the amount of the Bank’s capital. In addition, extensions of credit in excess of certain limits must be approved in advance by the Bank’s Board of Directors. Further, provisions of the Dodd-Frank Act require that any sale or purchase of an asset by the Bank with an insider must be on market terms, and if the transaction represents more than 10% of the Bank’s capital stock and surplus, it must be approved in advance by a majority of the disinterested directors of the Bank. We believe the Bank is in compliance with these provisions.
Enforcement. The DFI and the FDIC share primary regulatory enforcement responsibility over the Bank and its institution-affiliated parties, including directors, officers and employees. This enforcement authority includes, among other things, the ability to appoint a conservator or receiver for the Bank, to assess civil money penalties, to issue cease and desist orders, to seek judicial enforcement of administrative orders and to remove directors and officers from office and bar them from further participation in banking. In general, these enforcement actions may be initiated in response to alleged violations of laws, regulations and administrative orders, as well as in response to alleged unsafe or unsound banking practices or conditions.
Standards for Safety and Soundness. Pursuant to the FDIA, the federal banking agencies have adopted a set of guidelines prescribing safety and soundness standards. These guidelines establish general standards relating to internal controls and information systems, internal audit systems, loan documentation, credit underwriting, interest rate risk exposure, asset growth, asset quality, earnings standards, compensation, fees and benefits. In general, the guidelines require appropriate systems and practices to identify and manage the risks and exposures specified in the guidelines. We believe we are in compliance with the safety and soundness guidelines.
Dividends. The ability of the Bank to pay dividends is limited by state and federal laws and regulations, including the requirement for the Bank to obtain the prior approval of the DFI before paying a dividend that, together with other dividends it has paid during a calendar year, would exceed the sum of its net income for the year to date combined with its retained net income for the previous two years. The ability of the Bank to pay dividends is further affected by the requirement to maintain adequate capital pursuant to applicable capital adequacy guidelines and regulations, and it is generally prohibited from paying any dividends if, following payment thereof, it would be undercapitalized. Notwithstanding the availability of funds for dividends, the FDIC and the DFI may prohibit the payment of dividends by the Bank if either or both determine such payment would constitute an unsafe or unsound practice. In addition, under the Basel III Rule, institutions that seek the freedom to pay dividends have to maintain 2.5% in Common Equity Tier 1 Capital attributable to the capital conservation buffer.
Insurance of Deposit Accounts. The Bank is a member of the Deposit Insurance Fund (“DIF”), which is administered by the FDIC. All deposit accounts at the Bank are insured by the FDIC up to a maximum of $250,000 per depositor, per insured bank, for each account ownership category. Under the FDIA, the FDIC may terminate deposit insurance upon a finding that the institution has engaged in unsafe and unsound practices, is in an unsafe or unsound condition to continue operations or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC.
Liquidity. The Bank is required to maintain a sufficient amount of liquid assets to ensure its safe and sound operation. To fund its operations, the Bank historically has relied upon deposits, Federal Home Loan Bank of Indianapolis (“FHLB”) borrowings, Fed Funds lines with correspondent banks and brokered deposits. The FDIA and FDIC regulations limit the ability of banks to accept, renew, or roll over brokered deposits unless the institution is well capitalized. The FDIC may grant a waiver to permit a less than well capitalized bank to hold brokered deposits, but limitations on the rates paid on such deposits will apply, and the bank may also be required to pay a higher deposit insurance assessment on such deposits. The Bank believes it has sufficient liquidity to meet its funding obligations for at least the next twelve months. Additionally, as of December 31, 2025, the Bank had access to $1.6 billion in unused borrowing capacity at the Federal Reserve and FHLB.
Federal Home Loan Bank System. The Bank is a member of the FHLB, which is one of the regional Federal Home Loan Banks comprising the Federal Home Loan Bank System. Each Federal Home Loan Bank serves as a central credit facility primarily for its member institutions. The Bank, as a member of the FHLB, is required to acquire and hold shares of FHLB capital stock. While the required percentage of stock ownership is subject to change by the FHLB, the Bank is following this requirement with an investment in FHLB stock at December 31, 2025 of $28.4 million. Any advances from the FHLB must be secured by specified types of collateral, and long-term advances may be used for the purpose of providing funds to make residential mortgage or commercial loans and to purchase investments. Long-term advances may also be used to help alleviate interest rate risk for asset and liability management purposes. The Bank receives dividends on its FHLB stock.
7
Federal Reserve System. Although the Bank is not a member of the Federal Reserve System, it is subject to provisions of the Federal Reserve Act and the Federal Reserve’s regulations under which depository institutions may be required to maintain reserves against their deposit accounts and certain other liabilities. In March 2020, the Federal Reserve announced that the banking system had ample reserves and, as reserve requirements no longer played a significant role in this regime, it reduced all reserve tranches to zero percent, thereby freeing banks from the reserve maintenance requirement. This action permits the Bank to loan or invest funds that were previously unavailable. The Federal Reserve has indicated that it currently has no plans to reimpose reserve requirements but that it may impose such a requirement in the future if conditions warrant.
Anti-Money Laundering and the Bank Secrecy Act. Under the Bank Secrecy Act (the “BSA”), a financial institution is required to have systems in place to detect and report transactions of a certain size and nature. Financial institutions are generally required to report to the U.S. Treasury any cash transactions involving more than $10,000. In addition, financial institutions are required to file suspicious activity reports for transactions that involve more than $5,000 and which the financial institution knows, suspects or has reason to suspect involves illegal funds, is designed to evade the requirements of the BSA or has no lawful purpose. The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (the “USA PATRIOT Act”), which amended the BSA, is designed to deny terrorists and others the ability to obtain anonymous access to the U.S. financial system. The USA PATRIOT Act has significant implications for financial institutions and businesses of other types involved in the transfer of money. The USA PATRIOT Act, in conjunction with the implementation of various federal regulatory agency regulations, has caused financial institutions, such as the Bank, to adopt and implement additional policies or amend existing policies and procedures with respect to, among other things, anti-money laundering compliance, suspicious activity, currency transaction reporting, customer identity verification and customer risk analysis. Bank regulators regularly examine institutions for compliance with these obligations, and may impose “cease and desist” orders and civil money penalty sanctions on institutions determined to be in violation of these obligations.
In January 2021, the Anti-Money Laundering Act of 2020 (the “AMLA”), which amends the BSA, was enacted. The AMLA was intended to comprehensively reform and modernize U.S. anti-money laundering laws. Among other things, the AMLA attempted to codify a risk-based approach to anti-money laundering compliance for financial institutions; required the development of standards by the U.S. Treasury for evaluating technology and internal processes for BSA compliance; and expanded enforcement- and investigation-related authority, including a significant expansion in the available sanctions for certain BSA violations and enhanced whistleblower provisions permitting monetary awards to persons who provide information that leads to successful enforcement of certain violations.
The United States has imposed economic sanctions that affect transactions with designated foreign countries, nationals and others. These sanctions, which are administered by the U.S. Treasury Office of Foreign Assets Control (“OFAC”), take many different forms. Generally, however, they contain one or more of the following elements: (1) restrictions on trade with or investment in a sanctioned country, including prohibitions against direct or indirect imports from and exports to a sanctioned country and prohibitions on “U.S. persons” engaging in financial transactions relating to making investments in, or providing investment-related advice or assistance to, a sanctioned country; and (2) blocking of assets in which the government or specially designated nationals of the sanctioned country have an interest by prohibiting transfers of property subject to U.S. jurisdiction (including property in the possession or control of U.S. persons). Blocked assets (for example, property and bank deposits) cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Failure to comply with these sanctions can give rise to serious legal and reputational consequences.
Consumer Protection Laws. The Bank is subject to a number of federal and state laws designed to protect consumers and prohibit unfair or deceptive business practices. These laws include the Equal Credit Opportunity Act, Fair Housing Act, Homeowners Protection Act, Fair Credit Reporting Act, as amended by the Fair and Accurate Credit Transactions Act of 2003 (the “FACT Act”), the Gramm-Leach-Bliley Act (the “GLBA”), the Truth in Lending Act, the CRA, the Home Mortgage Disclosure Act, the Real Estate Settlement Procedures Act, the National Flood Insurance Act, the Service Members Civil Relief Act, the Expedited Funds Availability Act, the Electronic Fund Transfer Act, the Truth in Savings Act, the Right to Financial Privacy Act, laws relating to unfair, deceptive and abusive acts and practices, and various state laws such as usury laws, or laws which are counterparts and/or extensions of the foregoing federal laws. These laws and regulations mandate certain disclosure requirements and regulate the manner in which financial institutions must interact with customers when taking deposits, making loans, collecting loans and providing other services. Failure to comply with consumer protection laws and regulations can subject financial institutions to enforcement actions, fines and other penalties.
Customer Information Security. The federal banking agencies have adopted final guidelines establishing standards for safeguarding nonpublic personal information about customers. These guidelines implement provisions of the GLBA. Specifically, the Information Security Guidelines established by the GLBA require each financial institution, under the supervision and ongoing oversight of its board of directors or an appropriate committee thereof, to develop, implement and maintain a comprehensive written information security program designed to ensure the security and confidentiality of customer
8
information (as defined under the GLBA), to protect against anticipated threats or hazards to the security or integrity of such information and to protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. The federal banking regulators have issued guidance for banks on response programs for unauthorized access to customer information. This guidance, among other things, requires notice to be sent to customers whose “sensitive information” has been compromised if misuse of this information is “reasonably possible.”
Identity Theft Red Flags. Rules implementing Section 114 of the FACT Act require each financial institution or creditor to develop and implement a written Identity Theft Prevention Program to detect, prevent and mitigate identity theft in connection with the opening of certain accounts or certain existing accounts. In addition, the federal banking agencies issued guidelines to assist financial institutions and creditors in the formulation and maintenance of an Identity Theft Prevention Program that satisfies the requirements of the rules. Rules implementing Section 114 of the FACT Act also require credit and debit card issuers to assess the validity of notifications of changes of address under certain circumstances. Additionally, the federal banking agencies issued joint rules under Section 315 of the FACT Act that provide guidance regarding reasonable policies and procedures that a user of consumer reports must employ when a consumer reporting agency sends the user a notice of address discrepancy. Failure to comply with these rules can subject financial institutions to enforcement actions, fines and other penalties.
Privacy. The GLBA requires financial institutions to implement policies and procedures regarding the disclosure of nonpublic personal information about consumers to nonaffiliated third parties. In general, the statute requires financial institutions to explain to consumers their policies and procedures regarding the disclosure of such nonpublic personal information and, except as otherwise required or permitted by law, financial institutions are prohibited from disclosing such information except as provided in their policies and procedures. The Bank is required to provide notice to its customers on an annual basis disclosing its policies and procedures on the sharing of nonpublic personal information. From time to time, Congress and state legislatures consider additional legislation relating to privacy and other aspects of consumer information that could have an impact on our business, financial condition or results of operations.
A number of U.S. states have also enacted data privacy and security laws and regulations that govern the collection, use, disclosure, transfer, storage, disposal and protection of personal information, such as social security numbers, financial information and other information. These laws and regulations may be more restrictive and not preempted by U.S. federal laws. For example, several U.S. territories and all 50 states now have data breach laws that require timely notification to individuals, and at times regulators, the media or credit reporting agencies, if a company has experienced the unauthorized access or acquisition of personal information. Other state laws include the California Consumer Privacy Act (“CCPA”), which took effect on January 1, 2020. The CCPA, among other things, contains new disclosure obligations for businesses that collect personal information about California residents and affords those individuals numerous rights relating to their personal information that may affect our ability to use personal information or share it with our business partners.
A second law called the California Privacy Rights Act (“CPRA”), which went into effect in 2023, expands the scope of the CCPA, imposes new restrictions on behavioral advertising, and establishes a new California Privacy Protection Agency which will enforce the law and issue regulations. Similar laws were enacted in Virginia and Colorado, and other states have considered and are actively considering legislation along the same lines. We will continue to monitor and assess the impact of these state laws, which may impose substantial penalties for violations, impose significant costs for investigation and compliance, allow private class-action litigation and carry significant potential liability for our business.
Cybersecurity. Federal regulators have indicated that financial institutions should design multiple layers of security controls to establish lines of defense and ensure that their risk management processes also address the risk posed by compromised customer credentials, including security measures to reliably authenticate customers accessing digital-based services of the financial institution. Federal regulators have also indicated that a financial institution’s management is expected to maintain sufficient business continuity planning processes to ensure the rapid recovery, resumption, and maintenance of the institution’s operations after a cyber-attack involving destructive malware. A financial institution is also expected to develop appropriate processes to enable recovery of data and business operations and address rebuilding network capabilities and restoring data if the institution or its critical service providers fall victim to this type of cyber-attack. If we fail to observe the regulatory guidance, we could be subject to various regulatory sanctions, including financial penalties.
The federal banking agencies published a final rule establishing computer-security incident notification requirements that require a banking organization to notify its primary federal regulator of any “computer security incident” that rises to the level of a “notification incident” as soon as possible and no later than 36 hours after determining that such an incident has occurred. The rule also requires a bank service provider to notify each affected banking organization customer as soon as
9
possible when the service provider determines it has experienced a computer security incident that has caused, or is reasonably likely to cause, a material service disruption or degradation for four or more hours.
State regulators have also been increasingly active in implementing privacy and cybersecurity standards and regulations. For example, several states have adopted regulations requiring certain financial institutions to implement cybersecurity programs and providing detailed requirements with respect to these programs, including data encryption requirements. Many states have also recently implemented or modified their data breach notification and data privacy requirements. We expect this trend of increased activity and changes at the state level to continue.
The SEC has enacted laws requiring public companies to disclose material cybersecurity risks and incidents along with cybersecurity protections and governance processes. These SEC guidelines, and any other regulatory guidance, are in addition to notification and disclosure requirements under state and federal banking law and regulations. See Part I, Item 1C.
Cybersecurity of this Annual Report on Form 10-K for additional information.
In support of our digital banking platform, we rely heavily on electronic communications and information systems to conduct our operations and store sensitive data. We employ an in-depth approach that leverages people, processes, and technology to manage and maintain cybersecurity controls. In addition, we employ a variety of preventative and detective tools to monitor, block, and provide alerts regarding suspicious activity, as well as to report on any suspected advanced persistent threats. Notwithstanding the strength of our defensive measures, the threat from cyber-attacks is severe, attacks are sophisticated and increasing in volume, and attackers respond rapidly to changes in defensive measures.
We continually strive to enhance our cyber and information security in order to be resilient against emerging threats and improve our ability to detect and respond to attempts to gain unauthorized access to our data and systems. We regularly conduct cybersecurity risk assessments, regularly engage with the Board or appropriate committees on cybersecurity matters, routinely update our incident response plans based on emerging threats, periodically practice implementation of incident response plans across applicable departments, and train officers and employees to detect and report suspicious activity. Although to date we have not experienced any material losses relating to cyber-attacks or other information security breaches, our systems and those of our customers and third-party service providers are under constant threat, and it is possible that we could experience a significant event in the future due to the rapidly evolving nature and sophistication of these threats.
Climate-Related Risk Management and Regulation. In recent years, the federal banking agencies and the SEC have increased their focus on climate-related risks impacting the operation of banks, the communities they serve and the financial system as a whole. Proposals related to climate-related financial and other risks impacting banks are being considered at both the federal and state level. While our branchless business model and diversified customer base mitigates our exposure to climate-related risks, we will continue to monitor these developments and the steps that will need to be taken to address any new requirements.
Additional Matters. The earnings of financial institutions are also affected by general economic conditions and prevailing interest rates, both domestic and foreign, and by the monetary and fiscal policies of the United States Government and its various agencies, particularly the Federal Reserve. The Federal Reserve regulates the supply of credit in order to influence general economic conditions, primarily through open market operations in United States Government obligations, varying the discount rate on financial institution borrowings, varying reserve requirements against financial institution deposits, and restricting certain borrowings by financial institutions and their subsidiaries. The monetary policies of the Federal Reserve have had a significant effect on the operating results of the Bank in the past and are expected to continue to do so in the future.
Additional legislation and administrative actions affecting the banking industry may be considered by the United States Congress, state legislatures and various regulatory agencies, including those referred to above. It cannot be predicted with certainty whether such legislation or administrative action will be enacted or the extent to which the banking industry, the Company or the Bank would be affected.
Available Information
The Company makes available its Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and all amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), free of charge on its website at www.firstinternetbancorp.com as soon as reasonably practicable after it electronically files such material with, or furnishes it to, the SEC. In addition, the SEC maintains an internet site at www.sec.gov that contains reports, proxy and information statements, and other information
10
regarding issuers that file electronically with the SEC. References to the Company’s website address in this Annual Report on Form 10-K are provided as a convenience only and are not incorporated by reference.